last executing test programs:

12m53.068411671s ago: executing program 4 (id=1547):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000300)="6ee7eabcdc447e0a630e39c96e4b335c", 0x3f, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0, 0x6040000}, 0x1c) (fail_nth: 3)

12m52.750446795s ago: executing program 4 (id=1548):
socket$kcm(0x10, 0x3, 0x10)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='1', 0x1)

12m52.561624917s ago: executing program 4 (id=1551):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x38, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40096101, &(0x7f00000000c0))

12m52.301950033s ago: executing program 4 (id=1552):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x5b5}]})
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x1000000d)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeed, 0x10010, r2, 0xd73cb000)
r3 = dup(r0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
mount$fuseblk(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x1151000, 0x0)
mount$fuseblk(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1813caa, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4800000000010104000000000000000002000000240001801400018008000100e00000ea14740108000200e00000010c0002800500010000000000100005800a000100482e323435000000ea1928f20628b1df1cae3f7d8c924a54114626156b923522f01807861f5c7130cabe5727f4af7d991c1d52291e830afff0b348b2fa8fe56f1a05f252650bc2dd75d1879007719ed2"], 0x48}}, 0x0)
write$UHID_INPUT(r3, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, r1, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000000c0)='ext4_allocate_blocks\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r7, 0x0)
r8 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r8, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x42, 0x200000}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x404c800}, 0x0)
sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r7, 0x0, 0x0, 0x400000000000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

12m51.44009935s ago: executing program 4 (id=1558):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@local})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0, 0x1})
r3 = epoll_create1(0x0)
epoll_wait(r3, &(0x7f0000002a80)=[{}], 0x1, 0xfffeffff)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xea5, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000080)={0x9d32f4b220c65367})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f00000000c0)={&(0x7f00000002c0)={{@my=0x0, 0x4}, {@local, 0x80000001}, 0x400, "982cbf5250a16070f462a33e81487dc2c89a71670d229a4958c91e934bf250b89ac9eb14f62abbceaa2758e59adbb3713426bfa62100d3cfb9fc3e2a1115a1c4c3e1fcb0811f30fe8a04c5a366bac1fe2ba60d3dc986fabef91bea03b79aa38665585ff12f61ddc9e602bb8e451e172e317ad7fa1308662d371cf74cd9d62fb3173f6ded9926ef88aa62e0af52fdc97cf474500c4364bd747d83e242c4de11c30f7f8507b60dac9ffa855914a4f010a793e5a463ca1431db2098d45f83805250f07edaca08852a27ab7df82a65b5347c7f0d70473a6faa22a2c151583ed7d6b204c3a8fca9434b6c537f45511e1647cf34fc9af714f395b3ee99c950afd12ccad67a71a01a83a8e8d585b5a6b8f34ceb8a4253596f57ca4a4ecd8d194ef11d3592e389de788da42dde388f36c4e02e422851971f6d4c5673d986c047ab8e32b937594bc35b281cc0cdffd1876f5848a9a4a36335e584495e6a7be7c09fec288447e204c2e2e87717d2b425fc93d23459384ae3b1242050e044b1c2cd303dc6c59facc0ff3c66a44c0fbb95dbf237870ac88764be9d3491e5e46402f099b7cdcf9836670875ed0fdf96bbd3350e82da2e5ae5a1f8345e98bf3edafa8db44ee7aa0372eaebf9635a467c4570c2a779fcea3c543760329bb41a7c72f3dca444c2897bb7dda830b9fdd934483d90d7463f83185ee689f89b4960508f8130eb6cfa7e2ec8b7cc518312005d7825258801c46b5245ec6795248813b3bfac6e04039081da5a9c9a80637866f78039e7fde0b0362a09f827e98602028a0159a00f6a1e8c73c3ab00b73b3b0895a5bcb5aa5c4b6b0d9668ffdb9f3b11f2b213daf1088508fbf545c3a5d9e6ec9debc4648268879aec54059e0b3bb296ab1ea775b42d9b206e2f759e80ce47a9c5de8d753f6463856cc0ad94cff563e27621d137a0b61983bb49a795bc283956894b1ec4efc55dda0c62bc61c76f09fae24e5676bb73db392089477ec21b61534d84f912bbe5c8bea4167a5018317f5292561c9f76bfb969d7d67b26e9ddfe95cace6fbc5898b91396bf1c9a1cae3ce01cf8264f53e7c5c58bce6b9328f320a274f47f92d87f529ee2f9dce9a7711be65fe0f8787578809e365bca178f40a1813ebf5011233880108f4aa2d70a2a861a2849d878bed392b5fad306a26b35f25681cf5277b6573a53890dbabff34dee29a15ff56c86a0e422e67e36838384871197a759cccd3df30f4a4f4fb41a702334b92a0512569f9e197d75337e2baf6990ce3a556c56e26fc471054fe2ebd641212f86263804721e9bdeb88308bdecb531e247a8408fe85fbd261e7f8c190587a4d2710bbeb01749a5bd10249f4a3f87dcaf074ae948f0cd1483033b6b9f13fba50510522a4f81ab686b6515b7b7bd7d8f0e28320fd7fdc982f13c95195b7ac3e2f9ccbe09732500"}, 0x418, 0x800})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000780)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="200e0200001e2314ad810aa0f601a0e9640a6645484a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

12m51.321511716s ago: executing program 4 (id=1560):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write(r3, &(0x7f00000003c0)="01", 0x1)
splice(r3, &(0x7f0000000040), r2, 0x0, 0x800000000ff, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0xdddd0000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0xd, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xdddd0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0xd000, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x2000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26, 0x8}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x286}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x48, 0x32, 0x9, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x48}}, 0x20048084)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r9, &(0x7f0000004340)=[{{&(0x7f0000000300)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000000700)=[{&(0x7f00000044c0)=""/214, 0xd6}, {&(0x7f0000000540)=""/124, 0x7c}, {&(0x7f0000000a80)=""/10, 0xa}, {&(0x7f00000005c0)=""/197, 0xc5}, {&(0x7f00000043c0)=""/4, 0x4}], 0x5}, 0x1000}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000ac0)=[{&(0x7f00000007c0)=""/96, 0x60}, {&(0x7f0000000840)=""/78, 0x4e}, {&(0x7f00000008c0)}, {&(0x7f0000000900)=""/91, 0x5b}, {&(0x7f0000000980)=""/2, 0x2}, {&(0x7f0000002200)=""/4096, 0x1000}, {&(0x7f00000009c0)=""/165, 0xa5}, {&(0x7f0000000380)=""/14, 0xe}], 0x8, &(0x7f0000000b00)=""/187, 0xbb}, 0x4}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000bc0)=""/142, 0x8e}, {&(0x7f0000004400)=""/148, 0x94}, {&(0x7f0000000d40)=""/248, 0xf8}], 0x3}, 0x7fff}, {{&(0x7f0000000e80)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000f00)=""/128, 0x80}, {&(0x7f0000000f80)=""/36, 0x24}, {&(0x7f0000002000)=""/73, 0x49}, {&(0x7f0000002080)=""/253, 0xfd}, {&(0x7f0000003200)=""/4096, 0x1000}, {&(0x7f0000004200)=""/118, 0x76}], 0x6, &(0x7f0000004280)=""/140, 0x8c}, 0xd1}], 0x4, 0x22, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f00000000c0)={0x40000})
r10 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x2100, 0x0)
r11 = socket$inet6(0xa, 0x3, 0x1d)
bind$inet6(r11, &(0x7f0000000000)={0xa, 0x0, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
bind$inet6(r11, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect$inet6(r11, &(0x7f0000000040)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @empty=0x18}}, 0x1c)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r10, 0xc018620c, &(0x7f0000000080))
sendmsg$unix(0xffffffffffffffff, 0x0, 0x2010)
r12 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0)
syz_usb_control_io(r12, 0x0, 0x0)

12m51.064278618s ago: executing program 32 (id=1560):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write(r3, &(0x7f00000003c0)="01", 0x1)
splice(r3, &(0x7f0000000040), r2, 0x0, 0x800000000ff, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0xdddd0000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0xd, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xdddd0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0xd000, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x2000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26, 0x8}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x286}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x48, 0x32, 0x9, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x48}}, 0x20048084)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r9, &(0x7f0000004340)=[{{&(0x7f0000000300)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000000700)=[{&(0x7f00000044c0)=""/214, 0xd6}, {&(0x7f0000000540)=""/124, 0x7c}, {&(0x7f0000000a80)=""/10, 0xa}, {&(0x7f00000005c0)=""/197, 0xc5}, {&(0x7f00000043c0)=""/4, 0x4}], 0x5}, 0x1000}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000ac0)=[{&(0x7f00000007c0)=""/96, 0x60}, {&(0x7f0000000840)=""/78, 0x4e}, {&(0x7f00000008c0)}, {&(0x7f0000000900)=""/91, 0x5b}, {&(0x7f0000000980)=""/2, 0x2}, {&(0x7f0000002200)=""/4096, 0x1000}, {&(0x7f00000009c0)=""/165, 0xa5}, {&(0x7f0000000380)=""/14, 0xe}], 0x8, &(0x7f0000000b00)=""/187, 0xbb}, 0x4}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000bc0)=""/142, 0x8e}, {&(0x7f0000004400)=""/148, 0x94}, {&(0x7f0000000d40)=""/248, 0xf8}], 0x3}, 0x7fff}, {{&(0x7f0000000e80)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000f00)=""/128, 0x80}, {&(0x7f0000000f80)=""/36, 0x24}, {&(0x7f0000002000)=""/73, 0x49}, {&(0x7f0000002080)=""/253, 0xfd}, {&(0x7f0000003200)=""/4096, 0x1000}, {&(0x7f0000004200)=""/118, 0x76}], 0x6, &(0x7f0000004280)=""/140, 0x8c}, 0xd1}], 0x4, 0x22, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f00000000c0)={0x40000})
r10 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x2100, 0x0)
r11 = socket$inet6(0xa, 0x3, 0x1d)
bind$inet6(r11, &(0x7f0000000000)={0xa, 0x0, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
bind$inet6(r11, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
connect$inet6(r11, &(0x7f0000000040)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @empty=0x18}}, 0x1c)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r10, 0xc018620c, &(0x7f0000000080))
sendmsg$unix(0xffffffffffffffff, 0x0, 0x2010)
r12 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0)
syz_usb_control_io(r12, 0x0, 0x0)

1m52.870457983s ago: executing program 1 (id=4265):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r4 = syz_open_dev$vim2m(&(0x7f0000001380), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000040)={0x12, 0x1, 0x0, "0304ac81d1607d09838ff3cfaf4dbdc1d4f6b02537916d26a489b762298d6b3e", 0x30385056})
io_uring_enter(r1, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002222000000962313b3ba7819c392d7eb2a8fe0070800be0093000000001b09037a315bc7b83395ae31523b17426f94d4010000000000000038c3d4c7670346c2a4115a274d", @ANYBLOB="0b61038f0cb683380ebf88c0bbe9bcd7"], 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

1m49.485581793s ago: executing program 1 (id=4285):
eventfd(0xff7ffff7)
unshare(0x24060400)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x2, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x40, 0x1, 0x24, 0xd, 0x4000001, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0xffffb8f1, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x80000131, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x1, 0xfffffffc, 0x6, 0x0, 0x0, 0x5, 0x2f, 0x1782000, 0x314, 0x78, 0xea4, 0x5fa, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x0, 0x1, 0xff, 0x6, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x200004, 0x1b, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x4, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0xffffffff, 0xbc45, 0x48c93690, 0x80, 0x3], [0x7, 0x418, 0x4, 0x5, 0xfffffffe, 0x2, 0x8d2, 0x9, 0x5, 0x7fff, 0xfffffffc, 0x5, 0xb, 0x4, 0x5, 0x5, 0x42080, 0x1ef, 0x4, 0x8, 0x86, 0x3, 0x1, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0xa, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x2a9, 0x5, 0x7, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x2, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x3, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xcea, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x0, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x80000005, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x7f, 0xffffffff, 0x80000000, 0x5, 0x4, 0x4c8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x0, 0x47, 0xb2, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x8, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000080), &(0x7f0000000140)=0x8)
socket$xdp(0x2c, 0x3, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1m49.254079301s ago: executing program 1 (id=4286):
syz_open_dev$loop(&(0x7f0000000340), 0x1, 0x40800)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005"], 0x80}}, 0x0)
sendmmsg(r1, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)={0x70, 0x2, 0x6, 0x1, 0x6000000, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x70}}, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000240), 0x4, 0x2)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r3, 0x40047459, 0x0)
ioctl$FBIOGET_FSCREENINFO(r2, 0x4602, &(0x7f0000000280))
syz_emit_ethernet(0x3e, &(0x7f0000001480)=ANY=[@ANYBLOB="a16aefc158b6ffffffffffff17043a73dbde0800450000300064000000019078ac1f0001ac1414aa05009078e00000e045b004470000000000110000ac14d221483281cb6b85ccfe3dec3e80632cd94c533a777d0d3e017719457f8976362e4735771d32c32ed03c93e7603689c8f5cb573f629cd1ba54102dd1b9d8229e2a0eebe72d5b7af6ad73ca86f0b1581ebe5dc9ee984a31ae22eaac6f0195df2baef77bcd6b0f6050bc508dc1a188a6c32f7bc607c69b21aa7e68c0774ac9417460058d1a30e298ddbe3230b2fb68a0351f5f38e67f0e"], 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x38, 0x701, 0x70bd2a, 0x0, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x10004891}, 0x10)
r7 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x1}, &(0x7f0000010080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000010300)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r7, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)}], 0x0, 0x1}, 0x20)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r6)
r8 = socket$kcm(0x10, 0x2, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000300)={0xfffffff9, 0x180, 0x3, 0x0, 0xe29e})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000004e80)=@setlink={0x58, 0x13, 0x1, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2006, 0x300}, [@IFLA_IFNAME={0x14, 0x3, 'batadv0\x00'}, @IFLA_AF_SPEC={0x24, 0x1a, 0x0, 0x1, [@AF_INET6={0x20, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x4}, @IFLA_INET6_TOKEN={0x14, 0x7, @remote}]}]}]}, 0x58}}, 0x0)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x1010, 0x453, 0x400, 0x70bd2c, 0x25dfdbfd, "f4a00b58b3983acd8565c48d5985c8fef5a8a1fcab4dcf7938965f9ca87766fe0d0ed2b642acfd9ede47bc0e68723eb6b9607e396b2ca8b78306f546518cb984e8528a99cccc7f36be9fd717612016925320ec6ebcc94eba729b474917f5b48d5d6b2cfead9793a9aa47156d186fa57ab7a8f823e5aa078b5e16fced9485840ad02651628bbbe9c9529f188730245439fd316f0e082ea805a79a6b82658559576ddc45cd31ed05fa601f8f94020759dee4f8907b4d89ac09cc6176e6bb0322d216fe18e5186f138744f979956e6f8bf70e7320d97455f0d609472adc10d43323a4cb62fc6ca9703607dc0d46b9df4c6abcbe4e20b1e7414ed52b94ef7487f46e65002bfa4e0557316d6630ffc7b986def4b35777b84516ed7cb41426fb5df2991a3634656792ef82919840c9961f05c6aa6e9832222e20af57606ea52f381d6a2418e98a012091315925f07efb12a75de0643c480496055e5e5bd6528326b8df8870bd16f182f77ad49a3e1b5e406b1f1692ff0e80fe4d32cc1ffdb7a63a2620916286a05203b4cc1721efaaf9569747e188de51afd88ce1ef566968af0fa33daa3e952adfa5407f20dd87881ccea70a220f745b2ec8a9598bb942266c1d7f393f939a8b5f4da73919347fb60e208428cd3fd0f6413b7efe2495c8b1f1b1a94f24469ef2265e8d8112edfcde43f25214905ea1cdc5a78bd06ef056b71eda919510e64ceccd2b4b4e8e61f5862af353e7aa760f9d00e6a18403b4da00a7a5993ba177000594275559b214728ca0d6c7fe7f0655957422a21cf2ceac1f7540ae750eb1a95bc8ec387560fd78d4bf5f751ee6329bc1c1f0235366bc8d8c1196c29bfeebbdefe13e638bc422e930d84b24ae882a6d6863c1fb30113337e792c53f792ee94841ba7d9c2c79892e6529e4f1e081109bf2cdfaba38d30c674037b2db809a6c22aa1e2e0f4b80c66dca89c6a1f65d96ac51f42e5fb31a68269e7ed15b05764e0e21f2c17153a0a0275a96129836e237b77f3567d905501622143c932b544e1fa15cb22a05d19e3c1cf8d645eaa6819455a620ce63341b7d6f62639c49bff0d62cd3bbcaa1ebf0fd8558be77b8768da0619975793418b00448b18a4dc669e5c25b270c146de57e7c4a4870339da7afc150755b84fd5ea1ddf08260d3fa6ccae202c23fe558a9f9001465ffc1aa6b345dd25b43093a0da1f5edec5bb3cddb1f122ce9c6182290ba96bc54469774b74f55627535f72bdf40d949e58ecae43fe5bc8fd4fa53438dc851fdcd06978beae7c61b6a6fdb2cf48ce72f5d9e464f16f86a9a9c125f2c135dc38b6352de0fbbe4d7b42640238d6da75619f1f141a52a661aad9ed3eba8334e598385dfe9f17298755d8e1f40f43e729d57cd95bd332a9968d70982ea33f0263fc01b6bd3da0cdd2d7051353e0cf42708a5cc08798295e516bf344c614d8412a2068c300ba76bcf65325a9c64242ca53224f2753eb1f709282cc1e61db34e4c30bb56d10e7593a9b6b99d638b13917a462e3bf91a82c1ed4db377d3e905104b9dbb3374b3e88bca6cafc869cbb6c69a4fb8333f9056bb518049a0868f58c96f967b17e0af9a78522faf2dcf689d2545949763fadfd3152e4f5bf69d8a51def4b265e9bc55c864453a5104f79d70365b7471720eb50d9a9b9121e457a8508cf105bceebc13653648932c5b8d35b393d0ea509cf915790ea6a1c79564a4ae51909087f13d16f02d54d383115fcf1bb9678540164a1f621f5be0b6170bbc6c6dc7a10381b2879db43a355ba4043d2206fd8d80f7cd46547578ffd78e80448a8cbb95d22e92a970df2c9168b362ab1568ec3941845d8c111ebadd86241c0eb7c4cdcc8dba050d75932ec0a86129c02203646e44f7e9fd63c4b34a136bc8695cb1ce973f0480e4c1045643f4d445371e208ebaff1fd0be73d961f7406a930bb6a6c41fa776abf806e45cb31abf19bba709cdb7470565a619803bae56bb413c4e1ba28fdc0896978682d67fc4b67b9ae8f2bbe534c6bdb6c2924647fc91e95046693670da7033b92042f76eec65ee91b5f181dff118a18aef8448757cf374b0c66d298c3f96346dccc8630917fc8c9084ee2ad97515bb2255d5e9e3a87d64a25ce40b645346aed6094ae5774b26f338b0f955f6fea1c7029d951fd4d26d04305180ca88f1d3d6dd01394c2d2518b20eb231e3d586c46f38d3d6fada303b9e0bdf63c170be216e4fffa994176ca665104c2a62259a227738380ffc06ca2a4c5cb04843258ab0cbc40940f1239c48aad45e84b97364477e0379a61b1577403693bb30c39447302b782a423e9351dcceb7375cd8e9121db55cf0100d887501dccd09f439890d1913db3ac237f44bba4755cec962d0cbd622195974cf8af698a080aa34907618a979a6418dfef510665c9f17e1b8eea41a018a7572c2400e73f5475b2588fdf6d2c73c0341b3f7a24b5b11d60c02c1f039750883fb18bf00b487dd6e79a090c3316b84869a0f3be8a01ad5d8b8587cd661fbbc70a4db075ba2cf44c5a2fe11e4bbb52c39e5284b305fa3b7c3216a1a25eae84feca8da13c38abd606042c26ac6c3da5f6627aa7eeb8f0bbac546e901860840d16e5b8a4b2f7862d17d13cb65a64da915ec724457abce686e63aed6c31c57f61f3a823fc9b21c8d3461191a8ca1f6f1eee3a63883c8daec4bfba76a0519a5bd3c97e420c5b86eea857b052866a4172b2aef1fd1b5ea9ec1fed16e637d80f716769fed0d4a601323a3079d60a1d54cbae41eafb7c35f3ccfbea138ef9096e968ec7fa3843f60a3711346dc0060654f12086fd126dc00282e9c5029dccf025c79e0bd3eef0ab3e488aa2d789bdfca87d0fc8a597bdd767b4f6fd02a5ed55681e82d17cce20cccd1f0613e0f2933ed0a1a1cfe6813c86d4a3485364782f0298646a4b1815ba53fa4106a25edaea9b15958b5184fb1f2104f1b424f8a1c387f82e52f344f0b53fb5032689ed1ab3c4835df491b54d2d57222b013cbd309ca076e4f47aa0b4716c5affeb9ef2d36c796f335f75886b065e1642a3f6644eea151112fc4c5de8068bf67e5cbafbd17282787f4bce52bfc8d6b1d7e37afde2ac2891c4f6339eb259bdf36fa72471493ed2e4bbc20b79111a9930ae78228c011c4e9534f348a39c52f0495cf8aef65cd36c1c162922fbe36d61b2e5aa96f1fc5127e1aab03187c5a9bdedcf5389189b2eae81637b3a3f4333ac5fa3a57738f4967b6eca02a715ae4717516fcfaa461a0777fd02729bb16c2f27329710742f7fecd4dee958f8ec1a8213b62918faabe4479c3f1c34ae66479fef19ab6e67627af9fe32761dbb0310fb2a7972d8abbef1be06aeb066cc9448bf3f316250a21f74e829d43f24feef65b2e78416675b6cae5ee85bc9b882cd35677766967c2db59485bb27e42219f339a73f09fc58a8229afb5652b7195ec705c6cf7cb21aa1299bf9e31675862176f762b05cdeffc4a7b43d11033313bd67e43d06948a55e201ed7b044246af6a2f75ac3c6203f489b434db3bbda4232dac2bd8e09f0e1cb32596ae6db7efdf9765083ef4406b4d6ae9785692aaa459b22ea3144399fdbc7a7f40732e1ff8dd6a1b03f934ee89e41f4d3311eb371d1bfda291e43ae45d59d3393f23760e7bca7cd3f552295e43cb7e34358631c60f70561b49ea94a69ffe1b8868e47d53cd28088d66f2de27945e35e12077926b424ec352c0e852ef707feb419c5716152181e38ac5158c5e478641a4a2a3b8db860f0b701bec879acc69cbd38ba0f74cc614c0a8778961c87d38caf8a03f9b50a335b715126aac30ce114159e612f374b5ba6e5f8c357bc2933bf7cbdd507d410b174b6ea45e84eb5e0bacf54454a3f5f7adc461d9508806802948c56e66da37a1cc37d535c3c27f160a68d8ae49fc4eb9f07115b2a7df5efbc91894a82916ecf3be32473ddee0cc33d64b4d95a0e86790d7e874785117b341122db3be1357e9e1f4468b25ad29d356ac70205981a7203a55bf89f5922d97dd0c40300cab4f8c279ec6504167051f08eabd6a956d67ec8630f82bb4f7c853fa2906b6a70765d0cf07575bb1034281dd1b872a879bd66c7de9546199e849c2af1ab6055904542887cd334fb9ec48136ecba5c1818782a2248eeb26023fa2b0a3c705b01b17d00381648b183866a30d26d4ab45f29e72117e5e48d8004cd41f1969c04317fcb1a3eb725eb71ebb76ee23454b6ca3f734bc660a06b1219bd29b52b9684b443cb07dae8a6af9d950b71e72addeed4b298ece69bbcf617c64ddced7ce2cf3d3f49ca36808c776dc72248179ace2a48e9b3f9c73253539a9fe2bcfcbf88e0f8aa6a41b7b4e4fdca18ee5a20923141b3ec265ae995c23bc37621f3dd7e060a4fb854f5b436801eb52d6212ba49021e6de7a533f6bcf03ce9f35a7706c63c435c138080c36386fab400891c60074985739d5276ebe39226b54e5e1dc75ec58ca4c62d2e3786b8bf655d4cca71c8243f538cf12dfe2f4913891e33a9bdeecffeb47b34d82128a9a350096d642aecf4f7e94886bad3b99e1e20b169e376b5cc5cbcd8509b45031a119c0632c448f04ab5c9a3e01d335cf0d13dc9b19be6474e9fe105cc2cabb718a22adb926af052e8ce3fc3b7976926f22e2833b1934574da68f2ce68a220420d0e1cc28a59bd019281306c779526dc66843bc5834b7bd7168c0050bdc4ab3ce93d9983ed989cb68fdd2543eacabb93fb0192d398575cb51e88272190a176ac131598009e1253830c90efee7d3f95bc47db49322351ce4bd24da0ff56756edae06319d8001db46b7b169d6b99f98e42ebcd7fc67bbd2d83e28567a81bf195304b448188ec94888e60cb24be3931d4927f58188736ca9a36cb25090785b3a6ea954d2afa6f233769c579548bf9fd3c31aa65f2cc8fad06ba585f6860a692ab492e5a2f55d986b52e2874d6793e1879db4a34af20a25db6f4509f460fe5689a0791eb6f024ae788a1a366b75930ef759a6978c524069da660adea80bdc4efaeb1d876b4926483008f293992d9ef7f8705cf8e12ea037bef5905c300fc87b64c4bc8d770f3336680d08ee0cb749b84244ba7fc5757ada3c3333b4420f04ac4b2624398969e4580813aa4f33bbf0d763d32a32adce6dc8b8f35534ad039b9b3c02134b4a26b7b3beb9d761b3654f91da7c22e7b02fc94fcdd3d4b73c108ac51ae723fb5e66e209c505fc496718e030586576c0ebaa27bca138e99b08478b4ee6754b135857a9af1139d54390dae3b7c7097277f41857176ea74ac228cd50bbc60c22b5f667ce8efb45040cbfcbad692763d6fe4a98d72a0e47abacc3b04a8759f329aaf91fbea1326db33a42c373ce498e41b1a09a3ab08d6579f57e2eb3251181f3db9823388308a9b589732067897a84dcff9271d76da39ccebe511e3743583a2166b9445af4c6b3a0fce66e019bb133c1d05a0218f1aaece6f6fe698a1473b3cedd1d7e9c19df5ac027b08d888b4eba5916bcc48318af55ca296c1a3612eb94a40c0ed663f998c22b783b647cee09026a56f7926b7f6120229776bf418a4599100c7fef09431b36c1b70b6abd368e5a974d1897fc57c526ee8ebb7012f79b1996d040f58b5ce4e201f889f02b849aaaf30fa68a9cc693de6eaf4396324a95650fb415741a326e1658b4a8d25ce9aff4c90ab25e239167297d5a77418ac6bc2c181f16c9622fa2f4446de8b74357c081e8ab237c8c58549f1003cacb1ebe3cf2e32451479c7e3719cd1f4e2dbe96f83c3843086", [""]}, 0x1010}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
fsetxattr$security_evm(r2, &(0x7f0000001580), &(0x7f00000015c0)=@md5={0x1, "57495e9e36f2c73b063610c88d8c4eb4"}, 0x11, 0x3)

1m48.584832655s ago: executing program 1 (id=4288):
r0 = socket(0x21, 0x2, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x1a, 0x4)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
mount$fuseblk(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x1151000, 0x0)

1m48.406115179s ago: executing program 1 (id=4290):
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0xffff, 0x0, @private1, 0x200000}, 0x1c)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xffe) (fail_nth: 2)

1m47.970393235s ago: executing program 1 (id=4294):
r0 = socket(0x10, 0x3, 0x0)
unshare(0x6a040000)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000140)=0xec62, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$sw_sync(0xffffff9c, 0x0, 0x80, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f00000000c0)={0x6, "89698ab74a98235749a9a89924cc7208716bde2e9da33997943b7e3eafdabafb"})
syz_emit_ethernet(0x46, &(0x7f0000002e80)=ANY=[], 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000001440)={'veth1_to_bond\x00', &(0x7f00000005c0)=@ethtool_dump={0x3e, 0x1, 0x900000a}})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
quotactl_fd$Q_SYNC(r4, 0x80000305, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x18, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b70300001eb100008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

1m47.076442789s ago: executing program 33 (id=4294):
r0 = socket(0x10, 0x3, 0x0)
unshare(0x6a040000)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000140)=0xec62, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$sw_sync(0xffffff9c, 0x0, 0x80, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f00000000c0)={0x6, "89698ab74a98235749a9a89924cc7208716bde2e9da33997943b7e3eafdabafb"})
syz_emit_ethernet(0x46, &(0x7f0000002e80)=ANY=[], 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000001440)={'veth1_to_bond\x00', &(0x7f00000005c0)=@ethtool_dump={0x3e, 0x1, 0x900000a}})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
quotactl_fd$Q_SYNC(r4, 0x80000305, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x18, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b70300001eb100008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

9.303870301s ago: executing program 3 (id=4735):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000005002"])

9.053466037s ago: executing program 3 (id=4739):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10061, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0={0xfc, 0x0, '\x00', 0x1}, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r3], 0x4c}}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.894910424s ago: executing program 3 (id=4741):
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x300, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v'], 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00')

8.580969374s ago: executing program 3 (id=4745):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000040)={0x3, 'bond0\x00', {0x5}, 0x5})
ioperm(0x0, 0x3, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r6, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f0000000200)=""/43, 0x2b}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/19, 0x13}], 0x4}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008", @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r7}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20)
pipe2(0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007000000cfa7502043269fe738"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

6.630445878s ago: executing program 2 (id=4753):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x6b, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000000)={0x3ff, 0x4, 0x0, 0x7, 0x0, 0x1, 0x7fffffff, 0x3f8}, 0x0, 0x0)
listen(r0, 0x0)
shutdown(r0, 0x0)

6.472258574s ago: executing program 2 (id=4756):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, 0x0, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f00000000c0)={0x77359400}, 0x8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_setup(0x5b06, &(0x7f00000003c0)={0x0, 0xef71, 0x800, 0x2, 0x2f1}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000440))
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
unshare(0x20020680)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}, 0x48005)
readv(r4, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
readahead(0xffffffffffffffff, 0x8000, 0xffffffffffffffff)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)

6.314363708s ago: executing program 5 (id=4757):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="d800000018008111e00212ba0d8105040a601100ff0f040b067c55a1bc0009001e0010990400000004000500fe808178a8001500030001400200000901ac040098027f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee", 0xb0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0x80085617, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r5, 0x0, 0x0)
write$vhost_msg_v2(r5, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000040)=""/115, 0x73, 0x0, 0x3, 0x3}}, 0x48)
r6 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r6}, &(0x7f0000000080))
read$FUSE(r4, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

5.494977743s ago: executing program 0 (id=4758):
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000001a00), 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000040)=ANY=[])
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000040)=0xc54, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x6d8c, &(0x7f0000000300)={0x0, 0x37b4, 0x10100, 0x0, 0x2da}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0xf28, 0x4000, 0x0, 0x0, 0x0)
userfaultfd(0x80801)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

5.492389653s ago: executing program 2 (id=4759):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$FUSE(r6, &(0x7f0000006800)={0x2020}, 0x2020)
read$FUSE(r6, &(0x7f00000040c0)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000400)=ANY=[@ANYBLOB])
ioctl$KVM_RUN(r7, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r8 = socket$inet6(0xa, 0x80002, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x2, 0x12, 0x68, 0x9, 0x6, 0x0, 0x70bd2b, 0x25dfdbfd, [@sadb_spirange={0x2, 0x10, 0x4d2, 0x4d5}, @sadb_ident={0x2, 0xb, 0x7ff, 0x0, 0x1}]}, 0x30}}, 0x4)
ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f0000000300)={{0x1, @name="c42a6838d28443227483ec8fe343db49cbeecd991aef557d83b98b12db1f5b3d"}, 0x8, 0x4, 0x47})
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)

5.379732951s ago: executing program 6 (id=4760):
r0 = socket(0x840000000002, 0x3, 0x100)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000000100)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0c000000000000000700000010000000000000000200000007000000180000000000000008000000", @ANYBLOB='B'], 0x34}}], 0x1, 0x24004810)

5.257239865s ago: executing program 6 (id=4761):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000090400"/20, @ANYRES32=r2, @ANYBLOB="020000000000000024001280110001006272696467655f736c617665000000000c00058005002b"], 0x44}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

4.985868389s ago: executing program 6 (id=4762):
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="02000000040000000400000006"], 0x48)
r0 = fsopen(&(0x7f00000001c0)='mqueue\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = syz_io_uring_setup(0x4ea1, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xf22}}, './file0/file0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
io_uring_enter(r1, 0x4c40, 0xb30c, 0x20, &(0x7f0000000140)={[0x7]}, 0x8)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002400)={0x40, 0x3c, 0x107, 0x0, 0x4000, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0x14, 0x7, 0x0, 0x0, @ipv6=@empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000280007010000000800000900"], 0x20}}, 0x40080c0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x18, r7, 0x30d, 0xfffffffc, 0x0, {}, [@TIPC_NLA_MON={0x4}]}, 0x72}}, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4008040}, 0x40010)

4.094562255s ago: executing program 5 (id=4763):
r0 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000b95000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe7e, 0x0, 0x0}, &(0x7f0000000180)=0x3b)

3.786892145s ago: executing program 0 (id=4764):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
syz_open_procfs(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0xffffff81}]})
r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4004, r3, 0x2})
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc2c45512, &(0x7f00000004c0)={{0xa, 0x1, 0x0, 0x9, 'syz0\x00', 0x6}, 0x0, [0x3, 0x8, 0xffffffff, 0x0, 0x9, 0x59, 0x8, 0x6, 0x4, 0x10001, 0x8000, 0x4, 0x825, 0xdb4f, 0x10001, 0x8, 0x1, 0x3, 0xe, 0xa, 0x6, 0xe4bf, 0x9, 0x1, 0x0, 0x80, 0xffff, 0xb, 0x6, 0xffffff88, 0x7fff, 0x10001, 0x7, 0xb9, 0x2, 0x7, 0x4, 0x54ff, 0x1, 0xbd7, 0x1, 0x25d5, 0x5e, 0x3, 0x6, 0x8, 0x6, 0xfff, 0x1, 0x443e, 0x4e, 0xffffffff, 0x9, 0xaf, 0x101, 0x4015d9a8, 0x1, 0x30, 0x3, 0x66, 0x4, 0x9, 0x10001, 0x7, 0x7, 0x7e03, 0x4a96, 0xb65a, 0x1, 0x0, 0x4, 0x400, 0xc, 0x7, 0x8, 0x80, 0x6, 0x8, 0x8, 0x6, 0x8, 0x40, 0x0, 0x6, 0x2, 0x19d, 0x6, 0x41b, 0x8, 0xb831, 0x4, 0x5, 0x5, 0xf0000000, 0x5a, 0x1ff, 0x6, 0xa, 0x3, 0xb, 0x0, 0xc4f2, 0x1, 0x2, 0x10, 0x7, 0x506, 0x5082f72a, 0x0, 0x8, 0x8, 0x5, 0x4ba1, 0x8, 0x3, 0x992, 0x4, 0x5, 0x8, 0x1, 0x9, 0x4, 0x0, 0x3, 0x8001, 0xffffffff, 0x3, 0x80]})
socket$igmp(0x2, 0x3, 0x2)
r5 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0)
r6 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r6, 0x7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket(0x28, 0x5, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x6, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000040)={0x3, 0x980914, 0x3})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=0x0}})
close_range(r1, 0xffffffffffffffff, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES16=0x0, @ANYBLOB], 0x44}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$kcm(0x29, 0x0, 0x0)

3.741662924s ago: executing program 5 (id=4765):
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

3.642554104s ago: executing program 5 (id=4766):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
pipe(0x0)
socket$inet_sctp(0x2, 0x400000000001, 0x84)
ioperm(0x0, 0x8, 0x4)
r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=<r3=>0x0)
syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0)
r5 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7})
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)

3.333847153s ago: executing program 6 (id=4767):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0xfffffffd)
ioctl$int_in(r0, 0x5452, &(0x7f0000000340)=0xf)
accept4(r0, 0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r1, 0x5)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r2, &(0x7f0000002980), 0x400000000000239, 0x0)
accept4(r1, 0x0, 0x0, 0x800)
close_range(r1, 0xffffffffffffffff, 0x0)

2.974227399s ago: executing program 2 (id=4768):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESOCT, @ANYRESHEX=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0xce56fe61a68fc369, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400004, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x2, 0x0, 0x2, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x11, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0xc05c5340, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ff5000/0xb000)=nil, 0xb000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/5, 0x5}, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

2.622523143s ago: executing program 0 (id=4769):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)

2.543291034s ago: executing program 5 (id=4770):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x700, 0x0, 0x0, 0x2)

2.481285025s ago: executing program 5 (id=4771):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
times(0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$chown(0x4, r3, 0xee00, 0x0)
keyctl$setperm(0x5, r3, 0x1100100)
keyctl$chown(0x6, r3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000001040)={{0x12, 0x1, 0x200, 0x29, 0x63, 0x90, 0x10, 0x1a86, 0x752d, 0x2d4d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x1, 0xe9, 0x11, 0xbd, 0x0, [], [{{0x9, 0x5, 0xc, 0x3, 0x10, 0x3, 0xf, 0x2}}]}}]}}]}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x0, @local}, 0x2}}, 0x26)
syz_open_dev$evdev(0x0, 0x0, 0x0)

2.407064973s ago: executing program 0 (id=4772):
syz_open_dev$vbi(0x0, 0x0, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="02c820180014000100020e040003"], 0x1d)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

2.406374023s ago: executing program 6 (id=4773):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", "05e2e505", "12000700"}, 0x38)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58)

2.198584579s ago: executing program 0 (id=4774):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0)

2.198311923s ago: executing program 6 (id=4775):
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r2, 0xa, 0x10}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

1.980044682s ago: executing program 0 (id=4776):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000940)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f000000000000000000000000000020e6e349a6c7f1289e13bf09d33884ce394a86a5b438daeaf9ceadc27b63172391113f5e533880017f548f0e1f98a8f6b48450aea0f0453207f0b31f"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000a00)}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000a80)=@deltfilter={0x27c, 0x2d, 0x4, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0xffe0}, {0x4, 0xfff2}, {0xe, 0x4}}, [@filter_kind_options=@f_matchall={{0xd}, {0x248, 0x2, [@TCA_MATCHALL_ACT={0x244, 0x2, [@m_tunnel_key={0x6c, 0x3, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}]}, {0x34, 0x6, "58533c89d57f8bf9ea6fb3385dbd4c95805238f9a69df77bd8b5ed3530cca9ed4005f9dcf19d67a497a68bdad22a80b7"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_skbmod={0xd4, 0x10, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x6016, 0x8, 0x10000000, 0x3, 0xd173}, 0xc}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0xf, 0x5fb, 0x1, 0x101, 0x67c}, 0x6}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3}]}, {0x46, 0x6, "30e933f09f3c98d1eb928ad2f390406c5e1ee2b4cee10ae8d97fe5f6d1a406795c3aac540da34c1d2840e1f1599fad629bcf6ef05e2ff74efe644a99f5dc1b081345"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_mpls={0x100, 0x6, 0x0, 0x0, {{0x9}, {0x24, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0xe}, @TCA_MPLS_TTL={0x5, 0x7, 0x80}, @TCA_MPLS_TTL={0x5, 0x7, 0xc}, @TCA_MPLS_TTL={0x5, 0x7, 0x40}]}, {0xb3, 0x6, "886182583d6f7f010c103cffe4d8d59cfd682c80e79a8ba0119bf01d7fb260238d18a13abbb98d44485bbac589922dcf73738ed478bc36aad2e973a30b06a1ea4d0301908f6fb0edad4e3ae0ee1aab8d94cf34d392a7445069ec7e792cfb7bbdef83c4dbc6f4d1fad55f877edbd1052665298793b8c0a3ad33a4d27c7158b8322ad7f8e8325143f0db6f7c5ddbc61e504ade7438dd9ddb2f161766558b00eed910744dce6900a0e2e1dcf54907478a"}, {0xc, 0x7, {0x5a0237ab023b10a8}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x27c}, 0x1, 0x0, 0x0, 0x4808}, 0x880)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r5, 0x4068aea3, &(0x7f0000000180)={0xa4, 0x0, 0x1})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
preadv(r6, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x3, 0x1)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x9, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000200000000000000f800000065600900f0ffffff852000040300000018520000100000000000000000000000950000000000000095000000000000009500000000000000"], &(0x7f0000000640)='syzkaller\x00', 0xfffffff6, 0x71, &(0x7f0000000680)=""/113, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0x9, 0x2a211361, 0x2}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000007c0)=[{0x4, 0x1, 0x10, 0x9}, {0x0, 0x5, 0x2, 0x3}, {0x0, 0x5, 0xd, 0x6}, {0x3, 0x1, 0xf}, {0x2, 0x2, 0x3, 0x1}, {0x1, 0x4, 0xc, 0x4}, {0x1, 0x3, 0x3, 0x4}], 0x10, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)

1.168114363s ago: executing program 2 (id=4777):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16, @ANYRES8=r0, @ANYRESOCT=r0, @ANYBLOB="1800c70007001001d4"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8080)
r1 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x0, 0x28b})
io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
dup(r3)
socket$inet(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x2}, 0x1c)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

270.529084ms ago: executing program 3 (id=4778):
msgsnd(0x0, &(0x7f0000000140)={0x2}, 0x8, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0x1000)

61.296838ms ago: executing program 3 (id=4779):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xe, 0x5}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x40)

0s ago: executing program 2 (id=4780):
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50)
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r1 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x800)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250)

kernel console output (not intermixed with test programs):

, SerialNumber=3
[ 1133.668244][ T3083] usb 6-1: Product: syz
[ 1133.672552][ T3083] usb 6-1: Manufacturer: syz
[ 1133.677148][ T3083] usb 6-1: SerialNumber: syz
[ 1133.708879][ T3083] usb 6-1: config 0 descriptor??
[ 1133.719479][ T3083] empeg 6-1:0.0: empeg converter detected
[ 1133.725291][ T3083] usb 6-1: active config #0 != 1 ??
[ 1133.802277][ T5900] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1133.811599][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1133.838964][T21198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4365'.
[ 1133.847888][T21198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4365'.
[ 1133.857232][ T5900] usb 1-1: Product: syz
[ 1133.889977][ T5900] usb 1-1: Manufacturer: syz
[ 1133.905802][ T5900] usb 1-1: SerialNumber: syz
[ 1133.927154][ T5900] usb 1-1: config 0 descriptor??
[ 1133.956358][ T5900] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 094
[ 1134.257389][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4367'.
[ 1134.275215][T21210] fuse: Unknown parameter 'n_»8Ñ­ï’Úró'
[ 1134.288746][ T3083] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[ 1134.391195][ T5900]  (null): failure reading functionality
[ 1134.579762][    T9] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 1134.610374][ T3083] usb 7-1: config 65 has an invalid interface number: 95 but max is 0
[ 1134.628964][ T5900] i2c i2c-1: failure reading functionality
[ 1134.660007][ T5900] i2c i2c-1: connected i2c-tiny-usb device
[ 1134.671980][ T3083] usb 7-1: config 65 has no interface number 0
[ 1134.711035][ T3083] usb 7-1: string descriptor 0 read error: -22
[ 1134.722476][ T3083] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6
[ 1134.758646][    T9] usb 4-1: device descriptor read/64, error -71
[ 1134.762052][ T3083] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.879828][ T3083] usbtest 7-1:65.95: Linux gadget zero
[ 1134.896497][ T3083] usbtest 7-1:65.95: low-speed {control in/out} tests (+alt)
[ 1135.008630][    T9] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 1135.050424][ T5900] usb 6-1: USB disconnect, device number 8
[ 1135.159877][T21202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.190344][T21217] fuse: Unknown parameter 'rootmo`e'
[ 1135.198733][    T9] usb 4-1: device descriptor read/64, error -71
[ 1135.198874][T21202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1135.227603][T21202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1135.248382][   T47] usb 7-1: USB disconnect, device number 4
[ 1135.339515][    T9] usb usb4-port1: attempt power cycle
[ 1135.739986][    T9] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 1135.804332][    T9] usb 4-1: device descriptor read/8, error -71
[ 1136.138477][    T9] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1136.182169][    T9] usb 4-1: device descriptor read/8, error -71
[ 1136.199675][T21227] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4370'.
[ 1136.228638][  T975] usb 1-1: USB disconnect, device number 94
[ 1136.296431][    T9] usb usb4-port1: unable to enumerate USB device
[ 1136.696980][T21225] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4371'.
[ 1137.157000][T21243] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4377'.
[ 1137.176007][ T5890] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[ 1137.199485][T21243] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4377'.
[ 1137.339132][ T5890] usb 3-1: Using ep0 maxpacket: 16
[ 1137.349053][ T5890] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1137.361973][ T5890] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1137.435493][T21249] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4379'.
[ 1137.443680][ T5890] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1137.548132][ T5890] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1137.566402][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.613862][ T5890] usb 3-1: Product: syz
[ 1137.652656][ T5890] usb 3-1: Manufacturer: syz
[ 1137.672577][T21256] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1137.707477][ T5890] usb 3-1: SerialNumber: syz
[ 1137.708852][ T3083] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1137.849091][ T3083] usb 6-1: device descriptor read/64, error -71
[ 1137.875639][T21259] FAULT_INJECTION: forcing a failure.
[ 1137.875639][T21259] name failslab, interval 1, probability 0, space 0, times 0
[ 1137.892100][T21259] CPU: 1 UID: 0 PID: 21259 Comm: syz.6.4382 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1137.892126][T21259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1137.892137][T21259] Call Trace:
[ 1137.892145][T21259]  <TASK>
[ 1137.892152][T21259]  dump_stack_lvl+0x241/0x360
[ 1137.892171][T21259]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1137.892185][T21259]  ? __pfx__printk+0x10/0x10
[ 1137.892201][T21259]  ? __pfx___might_resched+0x10/0x10
[ 1137.892217][T21259]  should_fail_ex+0x424/0x570
[ 1137.892246][T21259]  should_failslab+0xac/0x100
[ 1137.892266][T21259]  kmem_cache_alloc_noprof+0x78/0x390
[ 1137.892283][T21259]  ? __anon_vma_prepare+0xc4/0x4a0
[ 1137.892305][T21259]  __anon_vma_prepare+0xc4/0x4a0
[ 1137.892316][T21259]  ? __kasan_slab_alloc+0x66/0x80
[ 1137.892329][T21259]  ? kmem_cache_alloc_noprof+0x1e1/0x390
[ 1137.892338][T21259]  ? __pmd_alloc+0x118/0x440
[ 1137.892350][T21259]  handle_pte_fault+0x518f/0x61c0
[ 1137.892371][T21259]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[ 1137.892402][T21259]  ? __pfx_handle_pte_fault+0x10/0x10
[ 1137.892423][T21259]  ? __lruvec_stat_mod_folio+0x7d/0x300
[ 1137.892446][T21259]  ? __lock_acquire+0xad5/0xd80
[ 1137.892464][T21259]  ? do_raw_spin_lock+0x151/0x370
[ 1137.892480][T21259]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1137.892494][T21259]  ? _raw_spin_unlock+0x28/0x50
[ 1137.892506][T21259]  ? __pmd_alloc+0x37f/0x440
[ 1137.892526][T21259]  ? __pfx___pmd_alloc+0x10/0x10
[ 1137.892555][T21259]  handle_mm_fault+0x1129/0x1bf0
[ 1137.892600][T21259]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1137.892620][T21259]  ? __pfx_find_vma+0x10/0x10
[ 1137.892631][T21259]  ? vma_is_secretmem+0xd/0x50
[ 1137.892640][T21259]  ? check_vma_flags+0x462/0x590
[ 1137.892653][T21259]  __get_user_pages+0x1adc/0x4180
[ 1137.892705][T21259]  ? __pfx___get_user_pages+0x10/0x10
[ 1137.892732][T21259]  ? down_read+0x813/0xa50
[ 1137.892764][T21259]  get_user_pages_remote+0x339/0xb70
[ 1137.892792][T21259]  ? __pfx_get_user_pages_remote+0x10/0x10
[ 1137.892808][T21259]  ? mmap_read_lock_maybe_expand+0xc5/0x3d0
[ 1137.892824][T21259]  get_arg_page+0x129/0x370
[ 1137.892846][T21259]  ? __pfx_get_arg_page+0x10/0x10
[ 1137.892878][T21259]  ? __might_fault+0xaa/0x120
[ 1137.892900][T21259]  copy_string_kernel+0x176/0x240
[ 1137.892920][T21259]  do_execveat_common+0x3fc/0x710
[ 1137.892938][T21259]  __ia32_compat_sys_execveat+0xca/0xe0
[ 1137.892953][T21259]  __do_fast_syscall_32+0xb4/0x110
[ 1137.892964][T21259]  ? exc_page_fault+0x5f8/0x920
[ 1137.892977][T21259]  do_fast_syscall_32+0x34/0x80
[ 1137.892995][T21259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1137.893015][T21259] RIP: 0023:0xf70dd539
[ 1137.893030][T21259] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1137.893044][T21259] RSP: 002b:00000000f50cd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000166
[ 1137.893063][T21259] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[ 1137.893070][T21259] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000001000
[ 1137.893076][T21259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1137.893082][T21259] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1137.893087][T21259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1137.893102][T21259]  </TASK>
[ 1138.251136][ T5890] usb 3-1: 0:2 : does not exist
[ 1138.276440][ T5890] usb 3-1: USB disconnect, device number 125
[ 1138.349323][ T3083] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1138.422525][   T30] audit: type=1400 audit(1745441220.916:1340): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=21262 comm="syz.6.4384"
[ 1138.484477][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1138.487332][ T3083] usb 6-1: device descriptor read/64, error -71
[ 1138.621695][ T3083] usb usb6-port1: attempt power cycle
[ 1138.696684][T21274] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4385'.
[ 1138.774080][T21276] netlink: 'syz.3.4389': attribute type 10 has an invalid length.
[ 1138.826515][T21276] team0: Device veth1_macvtap failed to register rx_handler
[ 1138.958697][ T3083] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1138.989937][ T3083] usb 6-1: device descriptor read/8, error -71
[ 1139.112934][T21284] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4392'.
[ 1139.248680][ T3083] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1139.354881][ T3083] usb 6-1: device descriptor read/8, error -71
[ 1139.469365][ T3083] usb usb6-port1: unable to enumerate USB device
[ 1139.476112][ T5891] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1139.608787][ T5891] usb 7-1: device descriptor read/64, error -71
[ 1139.675738][T21296] FAULT_INJECTION: forcing a failure.
[ 1139.675738][T21296] name failslab, interval 1, probability 0, space 0, times 0
[ 1139.693546][T21296] CPU: 1 UID: 0 PID: 21296 Comm: syz.0.4395 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1139.693572][T21296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1139.693583][T21296] Call Trace:
[ 1139.693590][T21296]  <TASK>
[ 1139.693598][T21296]  dump_stack_lvl+0x241/0x360
[ 1139.693629][T21296]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1139.693660][T21296]  ? __pfx__printk+0x10/0x10
[ 1139.693684][T21296]  ? dev_prep_valid_name+0x20c/0x860
[ 1139.693705][T21296]  ? __pfx___might_resched+0x10/0x10
[ 1139.693728][T21296]  should_fail_ex+0x424/0x570
[ 1139.693757][T21296]  should_failslab+0xac/0x100
[ 1139.693778][T21296]  __kmalloc_cache_noprof+0x73/0x370
[ 1139.693795][T21296]  ? register_netdevice+0x59a/0x1b80
[ 1139.693817][T21296]  register_netdevice+0x59a/0x1b80
[ 1139.693850][T21296]  ? __pfx_register_netdevice+0x10/0x10
[ 1139.693876][T21296]  ? ip_tunnel_newlink+0x246/0x920
[ 1139.693898][T21296]  ip_tunnel_newlink+0x26f/0x920
[ 1139.693921][T21296]  ? __pfx_ip_tunnel_newlink+0x10/0x10
[ 1139.693938][T21296]  ? __asan_memset+0x23/0x50
[ 1139.693958][T21296]  ? ipgre_netlink_parms+0x667/0x9a0
[ 1139.693985][T21296]  erspan_newlink+0x550/0xa20
[ 1139.694006][T21296]  ? rcu_is_watching+0x15/0xb0
[ 1139.694028][T21296]  ? __pfx_erspan_newlink+0x10/0x10
[ 1139.694049][T21296]  ? __pfx_validate_linkmsg+0x10/0x10
[ 1139.694076][T21296]  ? rtnl_create_link+0x95b/0xc90
[ 1139.694096][T21296]  ? __pfx_erspan_newlink+0x10/0x10
[ 1139.694121][T21296]  rtnl_newlink_create+0x39b/0xcb0
[ 1139.694145][T21296]  ? __mutex_lock+0x380/0x10c0
[ 1139.694166][T21296]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1139.694191][T21296]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1139.694217][T21296]  ? __pfx___mutex_lock+0x10/0x10
[ 1139.694245][T21296]  ? ns_capable+0x8a/0xf0
[ 1139.694265][T21296]  rtnl_newlink+0x18b0/0x1fe0
[ 1139.694287][T21296]  ? stack_depot_save_flags+0x44/0x940
[ 1139.694326][T21296]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1139.694343][T21296]  ? __netlink_deliver_tap+0x561/0x7f0
[ 1139.694362][T21296]  ? netlink_deliver_tap+0x19d/0x1b0
[ 1139.694379][T21296]  ? netlink_unicast+0x7c6/0x9a0
[ 1139.694394][T21296]  ? netlink_sendmsg+0x8c3/0xcd0
[ 1139.694411][T21296]  ? __sock_sendmsg+0x221/0x270
[ 1139.694427][T21296]  ? ____sys_sendmsg+0x523/0x860
[ 1139.694448][T21296]  ? __sys_sendmsg+0x271/0x360
[ 1139.694468][T21296]  ? __do_fast_syscall_32+0xb4/0x110
[ 1139.694484][T21296]  ? do_fast_syscall_32+0x34/0x80
[ 1139.694499][T21296]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1139.694544][T21296]  ? kasan_quarantine_put+0xdc/0x230
[ 1139.694562][T21296]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1139.694581][T21296]  ? nlmon_xmit+0xaf/0x100
[ 1139.694607][T21296]  ? __local_bh_enable_ip+0x168/0x200
[ 1139.694644][T21296]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1139.694667][T21296]  ? aa_get_newest_label+0x101/0x6f0
[ 1139.694692][T21296]  ? __lock_acquire+0xad5/0xd80
[ 1139.694735][T21296]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1139.694757][T21296]  rtnetlink_rcv_msg+0x80f/0xd70
[ 1139.694775][T21296]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[ 1139.694798][T21296]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1139.694825][T21296]  ? ref_tracker_free+0x63e/0x7e0
[ 1139.694848][T21296]  netlink_rcv_skb+0x208/0x480
[ 1139.694867][T21296]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1139.694888][T21296]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1139.694924][T21296]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1139.694945][T21296]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1139.694966][T21296]  netlink_unicast+0x7f8/0x9a0
[ 1139.694984][T21296]  ? __pfx_netlink_unicast+0x10/0x10
[ 1139.694996][T21296]  ? skb_put+0x114/0x1f0
[ 1139.695012][T21296]  netlink_sendmsg+0x8c3/0xcd0
[ 1139.695030][T21296]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1139.695044][T21296]  ? aa_sock_msg_perm+0x91/0x160
[ 1139.695059][T21296]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1139.695069][T21296]  __sock_sendmsg+0x221/0x270
[ 1139.695083][T21296]  ____sys_sendmsg+0x523/0x860
[ 1139.695102][T21296]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1139.695125][T21296]  __sys_sendmsg+0x271/0x360
[ 1139.695142][T21296]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1139.695183][T21296]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1139.695193][T21296]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1139.695203][T21296]  __do_fast_syscall_32+0xb4/0x110
[ 1139.695213][T21296]  ? exc_page_fault+0x5f8/0x920
[ 1139.695226][T21296]  do_fast_syscall_32+0x34/0x80
[ 1139.695236][T21296]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1139.695261][T21296] RIP: 0023:0xf7f72539
[ 1139.695271][T21296] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1139.695279][T21296] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1139.695291][T21296] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1139.695298][T21296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1139.695303][T21296] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1139.695309][T21296] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1139.695315][T21296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1139.695329][T21296]  </TASK>
[ 1140.628736][ T5891] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1140.759445][ T5891] usb 7-1: device descriptor read/64, error -71
[ 1140.862936][T21308] FAULT_INJECTION: forcing a failure.
[ 1140.862936][T21308] name failslab, interval 1, probability 0, space 0, times 0
[ 1140.878933][ T5891] usb usb7-port1: attempt power cycle
[ 1140.896185][T21308] CPU: 0 UID: 0 PID: 21308 Comm: syz.2.4399 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1140.896209][T21308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1140.896220][T21308] Call Trace:
[ 1140.896227][T21308]  <TASK>
[ 1140.896235][T21308]  dump_stack_lvl+0x241/0x360
[ 1140.896266][T21308]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1140.896289][T21308]  ? __pfx__printk+0x10/0x10
[ 1140.896325][T21308]  ? __pfx___might_resched+0x10/0x10
[ 1140.896346][T21308]  should_fail_ex+0x424/0x570
[ 1140.896376][T21308]  should_failslab+0xac/0x100
[ 1140.896396][T21308]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[ 1140.896415][T21308]  ? __alloc_skb+0x1c2/0x480
[ 1140.896435][T21308]  ? __dev_queue_xmit+0x1780/0x3f60
[ 1140.896455][T21308]  __alloc_skb+0x1c2/0x480
[ 1140.896477][T21308]  ? __do_fast_syscall_32+0xb4/0x110
[ 1140.896499][T21308]  ? __pfx___alloc_skb+0x10/0x10
[ 1140.896527][T21308]  ? netlink_ack_tlv_len+0x6e/0x200
[ 1140.896548][T21308]  netlink_ack+0x147/0xa70
[ 1140.896568][T21308]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[ 1140.896605][T21308]  netlink_rcv_skb+0x296/0x480
[ 1140.896626][T21308]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1140.896651][T21308]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1140.896693][T21308]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1140.896719][T21308]  genl_rcv+0x28/0x40
[ 1140.896742][T21308]  netlink_unicast+0x7f8/0x9a0
[ 1140.896769][T21308]  ? __pfx_netlink_unicast+0x10/0x10
[ 1140.896790][T21308]  ? skb_put+0x114/0x1f0
[ 1140.896816][T21308]  netlink_sendmsg+0x8c3/0xcd0
[ 1140.896849][T21308]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1140.896874][T21308]  ? aa_sock_msg_perm+0x91/0x160
[ 1140.896901][T21308]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1140.896920][T21308]  __sock_sendmsg+0x221/0x270
[ 1140.896943][T21308]  ____sys_sendmsg+0x523/0x860
[ 1140.896976][T21308]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1140.897017][T21308]  __sys_sendmsg+0x271/0x360
[ 1140.897047][T21308]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1140.897122][T21308]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1140.897140][T21308]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1140.897160][T21308]  __do_fast_syscall_32+0xb4/0x110
[ 1140.897177][T21308]  ? exc_page_fault+0x5f8/0x920
[ 1140.897197][T21308]  do_fast_syscall_32+0x34/0x80
[ 1140.897214][T21308]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1140.897233][T21308] RIP: 0023:0xf7f02539
[ 1140.897248][T21308] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1140.897262][T21308] RSP: 002b:00000000f500555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1140.897281][T21308] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[ 1140.897299][T21308] RDX: 000000000004c090 RSI: 0000000000000000 RDI: 0000000000000000
[ 1140.897310][T21308] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1140.897320][T21308] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1140.897330][T21308] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1140.897357][T21308]  </TASK>
[ 1141.192146][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1141.218849][ T5891] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1141.253009][ T5891] usb 7-1: device descriptor read/8, error -71
[ 1142.348635][ T5891] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1142.383754][ T5891] usb 7-1: device descriptor read/8, error -71
[ 1142.511241][ T5891] usb usb7-port1: unable to enumerate USB device
[ 1143.017389][T21325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4403'.
[ 1144.278665][    T9] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1144.327152][T21359] usb usb8: usbfs: process 21359 (syz.5.4411) did not claim interface 0 before use
[ 1144.489096][    T9] usb 1-1: config 0 has no interfaces?
[ 1144.498975][ T5891] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1144.529224][    T9] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1144.552149][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1144.570982][    T9] usb 1-1: Product: syz
[ 1144.584168][    T9] usb 1-1: Manufacturer: syz
[ 1144.593586][    T9] usb 1-1: SerialNumber: syz
[ 1144.613387][    T9] usb 1-1: config 0 descriptor??
[ 1144.629256][ T5891] usb 7-1: device descriptor read/64, error -71
[ 1144.767955][T21366] fuse: Bad value for 'fd'
[ 1144.873239][T21354] loop6: detected capacity change from 0 to 64
[ 1144.878665][ T5891] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1144.988869][T21354] Invalid logical block size (4)
[ 1145.039326][ T5891] usb 7-1: device descriptor read/64, error -71
[ 1145.126186][T21354] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1145.183070][ T5891] usb usb7-port1: attempt power cycle
[ 1145.288911][    T9] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1145.439304][    T9] usb 4-1: Using ep0 maxpacket: 8
[ 1145.446290][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1145.457738][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1145.469929][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1145.482474][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1145.495366][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1145.512984][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1145.522828][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1145.534451][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1145.546280][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1145.549311][ T5891] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1145.557533][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1145.583992][ T5891] usb 7-1: device descriptor read/8, error -71
[ 1145.675193][ T5890] usb 3-1: new full-speed USB device number 126 using dummy_hcd
[ 1145.861501][    T9] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1145.872072][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1145.884074][    T9] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1145.898445][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1145.908870][ T5891] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1145.909924][    T9] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1145.937079][ T5890] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1145.939444][ T5891] usb 7-1: device descriptor read/8, error -71
[ 1145.954373][ T5890] usb 3-1: not running at top speed; connect to a high speed hub
[ 1145.973249][ T5890] usb 3-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1145.988670][ T5900] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1146.002408][ T5890] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1146.014930][    T9] usb 4-1: string descriptor 0 read error: -22
[ 1146.021394][    T9] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1146.036056][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.045835][ T5890] usb 3-1: New USB device found, idVendor=0486, idProduct=0186, bcdDevice= 0.40
[ 1146.056842][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.068062][    T9] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1146.069062][ T5891] usb usb7-port1: unable to enumerate USB device
[ 1146.093403][ T5890] usb 3-1: Product: syz
[ 1146.097593][ T5890] usb 3-1: Manufacturer: 夵䋋멕鎃僸헤谿ㅖ♈摆ږ៞缡耠뺖㢰�탗߄笰衞涂쿥�旷뼂Š婱¾놿კ欤縡쉔뢞ꗧ꺪砒�관鲓霋팖㿊ᱧ�⯔꫺찗�⎘줧娯䈩�脌㑢�꧅幄�୦㿪幹ﶫꦈ�驼੢쳊븞
[ 1146.122724][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1146.133138][ T5900] usb 6-1: device descriptor read/64, error -71
[ 1146.139756][ T5890] usb 3-1: SerialNumber: syz
[ 1146.365615][ T5890] usbhid 3-1:1.0: can't add hid device: -71
[ 1146.373083][ T5890] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[ 1146.384997][ T5890] usb 3-1: USB disconnect, device number 126
[ 1146.391759][ T5900] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1146.421285][  T975] usb 4-1: USB disconnect, device number 113
[ 1146.528626][ T5900] usb 6-1: device descriptor read/64, error -71
[ 1146.638848][ T5900] usb usb6-port1: attempt power cycle
[ 1146.851525][ T5890] usb 1-1: USB disconnect, device number 95
[ 1146.988680][ T5900] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1147.011368][ T5900] usb 6-1: device descriptor read/8, error -71
[ 1147.263808][ T5900] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1147.299310][ T5900] usb 6-1: device descriptor read/8, error -71
[ 1147.373900][T21408] syzkaller1: entered promiscuous mode
[ 1147.380720][T21408] syzkaller1: entered allmulticast mode
[ 1147.406370][   T30] audit: type=1326 audit(1745441229.896:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.429391][ T5900] usb usb6-port1: unable to enumerate USB device
[ 1147.491682][   T30] audit: type=1326 audit(1745441229.896:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.595142][   T30] audit: type=1326 audit(1745441229.906:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=424 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.656951][   T30] audit: type=1326 audit(1745441229.906:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.717468][   T30] audit: type=1326 audit(1745441229.906:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.796243][   T30] audit: type=1326 audit(1745441229.906:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.888729][   T30] audit: type=1326 audit(1745441229.906:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1147.996748][   T30] audit: type=1326 audit(1745441229.906:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1148.034927][   T30] audit: type=1326 audit(1745441229.906:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1148.276175][   T30] audit: type=1326 audit(1745441229.906:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21406 comm="syz.6.4425" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1148.388636][ T5900] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1148.573687][ T5900] usb 7-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[ 1148.583359][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.591579][ T5900] usb 7-1: Product: syz
[ 1148.596102][ T5900] usb 7-1: Manufacturer: syz
[ 1148.606326][ T5900] usb 7-1: SerialNumber: syz
[ 1148.631649][ T5900] usb 7-1: config 0 descriptor??
[ 1148.644497][ T5900] gspca_main: sonixb-2.14.0 probing 0c45:608f
[ 1148.734565][ T3083] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 1149.359989][ T5900] sonixb 7-1:0.0: Error reading register 00: -110
[ 1149.368649][ T3083] usb 4-1: Using ep0 maxpacket: 8
[ 1149.376311][ T3083] usb 4-1: config 0 has no interfaces?
[ 1149.398640][ T3083] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1149.412423][   T47] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1149.420466][ T3083] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.468350][ T3083] usb 4-1: config 0 descriptor??
[ 1149.497459][T21421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1149.510319][T21433] FAULT_INJECTION: forcing a failure.
[ 1149.510319][T21433] name failslab, interval 1, probability 0, space 0, times 0
[ 1149.527304][T21421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1149.579562][   T47] usb 6-1: Using ep0 maxpacket: 8
[ 1149.616554][   T47] usb 6-1: config 0 has no interfaces?
[ 1149.635113][   T47] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1149.646645][T21433] CPU: 1 UID: 0 PID: 21433 Comm: syz.2.4434 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1149.646675][T21433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1149.646686][T21433] Call Trace:
[ 1149.646694][T21433]  <TASK>
[ 1149.646702][T21433]  dump_stack_lvl+0x241/0x360
[ 1149.646734][T21433]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.646756][T21433]  ? __pfx__printk+0x10/0x10
[ 1149.646783][T21433]  ? __pfx___might_resched+0x10/0x10
[ 1149.646806][T21433]  should_fail_ex+0x424/0x570
[ 1149.646838][T21433]  should_failslab+0xac/0x100
[ 1149.646858][T21433]  __kmalloc_cache_noprof+0x73/0x370
[ 1149.646875][T21433]  ? nf_tables_delflowtable+0x1274/0x1b40
[ 1149.646906][T21433]  nf_tables_delflowtable+0x1274/0x1b40
[ 1149.646950][T21433]  ? __pfx_nf_tables_delflowtable+0x10/0x10
[ 1149.646989][T21433]  ? __nla_parse+0x40/0x60
[ 1149.647010][T21433]  nfnetlink_rcv+0x12eb/0x28f0
[ 1149.647070][T21433]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1149.647114][T21433]  ? skb_clone+0x240/0x390
[ 1149.647130][T21433]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1149.647144][T21433]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1149.647156][T21433]  netlink_unicast+0x7f8/0x9a0
[ 1149.647171][T21433]  ? __pfx_netlink_unicast+0x10/0x10
[ 1149.647185][T21433]  ? skb_put+0x114/0x1f0
[ 1149.647210][T21433]  netlink_sendmsg+0x8c3/0xcd0
[ 1149.647241][T21433]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1149.647263][T21433]  ? aa_sock_msg_perm+0x91/0x160
[ 1149.647289][T21433]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1149.647307][T21433]  __sock_sendmsg+0x221/0x270
[ 1149.647329][T21433]  ____sys_sendmsg+0x523/0x860
[ 1149.647363][T21433]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1149.647403][T21433]  __sys_sendmsg+0x271/0x360
[ 1149.647422][T21433]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1149.647463][T21433]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1149.647473][T21433]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1149.647484][T21433]  __do_fast_syscall_32+0xb4/0x110
[ 1149.647495][T21433]  ? exc_page_fault+0x5f8/0x920
[ 1149.647507][T21433]  do_fast_syscall_32+0x34/0x80
[ 1149.647517][T21433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1149.647529][T21433] RIP: 0023:0xf7f02539
[ 1149.647539][T21433] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1149.647547][T21433] RSP: 002b:00000000f502655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1149.647559][T21433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1149.647566][T21433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1149.647571][T21433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1149.647577][T21433] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1149.647583][T21433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1149.647597][T21433]  </TASK>
[ 1149.929653][T21425] FAULT_INJECTION: forcing a failure.
[ 1149.929653][T21425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1149.980549][   T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.993797][T21425] CPU: 1 UID: 0 PID: 21425 Comm: syz.3.4432 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1149.993821][T21425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1149.993831][T21425] Call Trace:
[ 1149.993838][T21425]  <TASK>
[ 1149.993846][T21425]  dump_stack_lvl+0x241/0x360
[ 1149.993875][T21425]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.993897][T21425]  ? __pfx__printk+0x10/0x10
[ 1149.993927][T21425]  should_fail_ex+0x424/0x570
[ 1149.993954][T21425]  _copy_to_user+0x31/0xb0
[ 1149.993978][T21425]  simple_read_from_buffer+0xc4/0x170
[ 1149.994007][T21425]  proc_fail_nth_read+0x1ef/0x260
[ 1149.994028][T21425]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1149.994048][T21425]  ? rw_verify_area+0x246/0x630
[ 1149.994070][T21425]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1149.994088][T21425]  vfs_read+0x21f/0xb90
[ 1149.994114][T21425]  ? __pfx___mutex_lock+0x10/0x10
[ 1149.994134][T21425]  ? __pfx_vfs_read+0x10/0x10
[ 1149.994158][T21425]  ? __fget_files+0x2a/0x420
[ 1149.994177][T21425]  ? __fget_files+0x39d/0x420
[ 1149.994191][T21425]  ? __fget_files+0x2a/0x420
[ 1149.994217][T21425]  ksys_read+0x19d/0x2d0
[ 1149.994255][T21425]  ? __pfx_ksys_read+0x10/0x10
[ 1149.994281][T21425]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1149.994297][T21425]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1149.994318][T21425]  __do_fast_syscall_32+0xb4/0x110
[ 1149.994335][T21425]  ? exc_page_fault+0x5f8/0x920
[ 1149.994356][T21425]  do_fast_syscall_32+0x34/0x80
[ 1149.994375][T21425]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1149.994395][T21425] RIP: 0023:0xf70fd539
[ 1149.994410][T21425] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1149.994424][T21425] RSP: 002b:00000000f50ed590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1149.994444][T21425] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ed620
[ 1149.994456][T21425] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000
[ 1149.994467][T21425] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1149.994476][T21425] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1149.994487][T21425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1149.994518][T21425]  </TASK>
[ 1149.995619][   T47] usb 6-1: config 0 descriptor??
[ 1150.255495][ T5900] usb 4-1: USB disconnect, device number 114
[ 1150.280832][   T47] usb 7-1: USB disconnect, device number 13
[ 1151.088633][ T5890] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 1151.277134][ T5890] usb 4-1: config 0 has no interfaces?
[ 1151.449237][ T5890] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1151.484979][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1151.507517][ T5890] usb 4-1: Product: syz
[ 1151.527102][ T5890] usb 4-1: Manufacturer: syz
[ 1151.545273][ T5890] usb 4-1: SerialNumber: syz
[ 1151.563664][ T5890] usb 4-1: config 0 descriptor??
[ 1151.621983][T21466] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1151.681805][T21462] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4445'.
[ 1151.770327][T21462] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4445'.
[ 1152.187728][ T5890] usb 6-1: USB disconnect, device number 17
[ 1152.260505][T21476] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4446'.
[ 1152.314428][T21476] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4446'.
[ 1152.429055][  T975] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[ 1152.598842][  T975] usb 1-1: device descriptor read/64, error -71
[ 1152.674312][T21487] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4449'.
[ 1152.683565][T21487] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4449'.
[ 1152.848848][  T975] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[ 1152.999036][  T975] usb 1-1: device descriptor read/64, error -71
[ 1153.119027][  T975] usb usb1-port1: attempt power cycle
[ 1153.272333][T21502] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1153.418792][   T47] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1153.482485][  T975] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[ 1153.510460][  T975] usb 1-1: device descriptor read/8, error -71
[ 1153.551026][T21505] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4457'.
[ 1153.568747][   T47] usb 7-1: device descriptor read/64, error -71
[ 1153.582705][T21505] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4457'.
[ 1153.694823][ T5890] usb 4-1: USB disconnect, device number 115
[ 1153.714652][T21509] fuse: Bad value for 'group_id'
[ 1153.720939][T21509] fuse: Bad value for 'group_id'
[ 1153.768837][  T975] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1153.790746][  T975] usb 1-1: device descriptor read/8, error -71
[ 1153.810129][   T47] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1153.817196][T21511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4459'.
[ 1153.827231][T21511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4459'.
[ 1153.910582][  T975] usb usb1-port1: unable to enumerate USB device
[ 1153.938819][   T47] usb 7-1: device descriptor read/64, error -71
[ 1154.076067][   T47] usb usb7-port1: attempt power cycle
[ 1154.371632][ T5891] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 1154.488794][   T47] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1154.509709][   T47] usb 7-1: device descriptor read/8, error -71
[ 1154.660581][ T5891] usb 4-1: config 0 has no interfaces?
[ 1154.679581][ T5891] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1154.689748][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.704684][ T5891] usb 4-1: Product: syz
[ 1154.720619][ T5891] usb 4-1: Manufacturer: syz
[ 1154.725241][ T5891] usb 4-1: SerialNumber: syz
[ 1154.775018][ T5891] usb 4-1: config 0 descriptor??
[ 1154.814081][   T47] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[ 1154.842201][   T47] usb 7-1: device descriptor read/8, error -71
[ 1154.951252][   T47] usb usb7-port1: unable to enumerate USB device
[ 1155.008722][T13155] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1155.180511][T13155] usb 6-1: Using ep0 maxpacket: 8
[ 1155.188112][T21541] macvlan0: entered promiscuous mode
[ 1155.194189][T21541] 8021q: adding VLAN 0 to HW filter on device macvlan0
[ 1155.275391][T13155] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1155.292262][T13155] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1155.322800][T13155] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1155.380009][T13155] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1155.407552][T13155] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1155.420800][   T47] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[ 1155.474182][T13155] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1155.523746][T13155] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.628636][ T3083] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1155.680213][   T47] usb 3-1: config 0 has no interfaces?
[ 1155.757375][T13155] usb 6-1: usb_control_msg returned -32
[ 1155.763279][T13155] usbtmc 6-1:16.0: can't read capabilities
[ 1155.796347][   T47] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1155.805649][ T3083] usb 1-1: Using ep0 maxpacket: 16
[ 1155.811600][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.822996][ T3083] usb 1-1: config 0 has an invalid interface number: 68 but max is 0
[ 1155.844702][ T3083] usb 1-1: config 0 has no interface number 0
[ 1155.870044][ T3083] usb 1-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid maxpacket 254, setting to 64
[ 1155.887167][   T47] usb 3-1: Product: syz
[ 1155.905314][   T47] usb 3-1: Manufacturer: syz
[ 1155.922477][ T3083] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[ 1155.931983][ T3083] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.940079][ T3083] usb 1-1: Product: syz
[ 1155.946241][   T47] usb 3-1: SerialNumber: syz
[ 1155.951373][ T3083] usb 1-1: Manufacturer: syz
[ 1155.965325][ T3083] usb 1-1: SerialNumber: syz
[ 1155.988735][   T47] usb 3-1: config 0 descriptor??
[ 1156.019071][ T3083] usb 1-1: config 0 descriptor??
[ 1156.098969][ T3083] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1156.815534][T21542] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1156.832425][T21555] netlink: 'syz.6.4471': attribute type 27 has an invalid length.
[ 1157.026249][ T5916] usb 4-1: USB disconnect, device number 116
[ 1157.143559][   T68] usb 1-1: Failed to submit usb control message: -110
[ 1157.159051][   T68] usb 1-1: unable to send the bmi data to the device: -110
[ 1157.179179][   T68] usb 1-1: unable to get target info from device
[ 1157.186040][   T68] usb 1-1: could not get target info (-110)
[ 1157.193005][   T68] usb 1-1: could not probe fw (-110)
[ 1157.408686][ T5916] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 1157.589994][ T5916] usb 4-1: Using ep0 maxpacket: 16
[ 1157.605373][ T5916] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[ 1157.617732][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1157.635959][ T5916] usb 4-1: Product: syz
[ 1157.644327][ T5916] usb 4-1: Manufacturer: syz
[ 1157.684828][ T5916] usb 4-1: SerialNumber: syz
[ 1157.706853][ T5916] usb 4-1: config 0 descriptor??
[ 1157.728808][T21555] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1157.733441][ T5916] ums-onetouch 4-1:0.0: USB Mass Storage device detected
[ 1157.736503][T21555] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1157.989528][T21558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.998104][T21558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1158.051967][T13155] usb 1-1: USB disconnect, device number 100
[ 1158.159490][T14633] usb 3-1: USB disconnect, device number 127
[ 1158.797283][T21555] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1158.867913][T21555] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1159.467250][T21555] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.481549][T21555] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.491203][T21555] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.500911][T21555] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.607991][ T5893] usb 4-1: USB disconnect, device number 117
[ 1159.958176][T21582] __nla_validate_parse: 5 callbacks suppressed
[ 1159.958196][T21582] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4477'.
[ 1160.225346][T21591] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4480'.
[ 1160.248555][T21591] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4480'.
[ 1160.411922][T21599] FAULT_INJECTION: forcing a failure.
[ 1160.411922][T21599] name failslab, interval 1, probability 0, space 0, times 0
[ 1160.439208][ T5900] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[ 1160.488352][T21599] CPU: 0 UID: 0 PID: 21599 Comm: syz.3.4481 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1160.488380][T21599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1160.488391][T21599] Call Trace:
[ 1160.488399][T21599]  <TASK>
[ 1160.488408][T21599]  dump_stack_lvl+0x241/0x360
[ 1160.488438][T21599]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1160.488455][T21599]  ? __pfx__printk+0x10/0x10
[ 1160.488470][T21599]  ? __pfx___might_resched+0x10/0x10
[ 1160.488482][T21599]  should_fail_ex+0x424/0x570
[ 1160.488500][T21599]  should_failslab+0xac/0x100
[ 1160.488521][T21599]  __kvmalloc_node_noprof+0x170/0x5a0
[ 1160.488538][T21599]  ? nf_tables_commit+0xc64/0x9160
[ 1160.488558][T21599]  ? nf_tables_commit+0x90d/0x9160
[ 1160.488581][T21599]  nf_tables_commit+0xc64/0x9160
[ 1160.488622][T21599]  ? __pfx___folio_put+0x10/0x10
[ 1160.488656][T21599]  ? __pfx_nf_tables_commit+0x10/0x10
[ 1160.488676][T21599]  ? free_large_kmalloc+0x143/0x1e0
[ 1160.488695][T21599]  ? kfree+0x216/0x430
[ 1160.488708][T21599]  ? nf_tables_newrule+0x23cf/0x2980
[ 1160.488727][T21599]  ? nft_trans_rule_add+0x30f/0x430
[ 1160.488755][T21599]  ? nf_tables_newrule+0x2464/0x2980
[ 1160.488779][T21599]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1160.488800][T21599]  ? __nla_parse+0x40/0x60
[ 1160.488822][T21599]  nfnetlink_rcv+0x1ccf/0x28f0
[ 1160.488882][T21599]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1160.488928][T21599]  ? skb_clone+0x240/0x390
[ 1160.488944][T21599]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1160.488962][T21599]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1160.488984][T21599]  netlink_unicast+0x7f8/0x9a0
[ 1160.489012][T21599]  ? __pfx_netlink_unicast+0x10/0x10
[ 1160.489033][T21599]  ? skb_put+0x114/0x1f0
[ 1160.489053][T21599]  netlink_sendmsg+0x8c3/0xcd0
[ 1160.489072][T21599]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1160.489082][T21599]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1160.489094][T21599]  ? aa_sock_msg_perm+0x91/0x160
[ 1160.489114][T21599]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1160.489133][T21599]  __sock_sendmsg+0x221/0x270
[ 1160.489157][T21599]  ____sys_sendmsg+0x523/0x860
[ 1160.489190][T21599]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1160.489214][T21599]  __sys_sendmsg+0x271/0x360
[ 1160.489230][T21599]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1160.489288][T21599]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1160.489305][T21599]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1160.489332][T21599]  __do_fast_syscall_32+0xb4/0x110
[ 1160.489345][T21599]  ? exc_page_fault+0x5f8/0x920
[ 1160.489357][T21599]  do_fast_syscall_32+0x34/0x80
[ 1160.489368][T21599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1160.489379][T21599] RIP: 0023:0xf70fd539
[ 1160.489389][T21599] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1160.489397][T21599] RSP: 002b:00000000f50ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1160.489415][T21599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1160.489427][T21599] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1160.489438][T21599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1160.489448][T21599] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1160.489458][T21599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1160.489486][T21599]  </TASK>
[ 1160.808564][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1161.136545][T21547] usbtmc 6-1:16.0: usb_control_msg returned -110
[ 1161.231553][    T9] usb 6-1: USB disconnect, device number 18
[ 1161.252751][ T5900] usb 7-1: config 0 has no interfaces?
[ 1161.278625][ T5900] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1161.294248][ T5900] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.314321][ T5900] usb 7-1: Product: syz
[ 1161.319829][ T5900] usb 7-1: Manufacturer: syz
[ 1161.324693][ T5900] usb 7-1: SerialNumber: syz
[ 1161.438667][  T975] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1161.469486][ T5900] usb 7-1: config 0 descriptor??
[ 1161.610714][  T975] usb 1-1: config 0 has no interfaces?
[ 1161.617614][  T975] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1161.617650][  T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.617670][  T975] usb 1-1: Product: syz
[ 1161.617685][  T975] usb 1-1: Manufacturer: syz
[ 1161.617699][  T975] usb 1-1: SerialNumber: syz
[ 1161.620625][  T975] usb 1-1: config 0 descriptor??
[ 1162.014373][T21606] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1162.248845][  T975] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 1162.428759][  T975] usb 3-1: device descriptor read/64, error -71
[ 1162.679058][  T975] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 1162.788800][ T5893] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1162.848647][  T975] usb 3-1: device descriptor read/64, error -71
[ 1162.964442][  T975] usb usb3-port1: attempt power cycle
[ 1163.027363][ T5893] usb 6-1: config 0 has no interfaces?
[ 1163.045590][ T5893] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1163.045621][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1163.045642][ T5893] usb 6-1: Product: syz
[ 1163.045657][ T5893] usb 6-1: Manufacturer: syz
[ 1163.045671][ T5893] usb 6-1: SerialNumber: syz
[ 1163.063356][ T5893] usb 6-1: config 0 descriptor??
[ 1163.256267][ T5893] usb 7-1: USB disconnect, device number 18
[ 1163.308995][  T975] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[ 1163.339324][  T975] usb 3-1: device descriptor read/8, error -71
[ 1163.598721][  T975] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[ 1163.622166][  T975] usb 3-1: device descriptor read/8, error -71
[ 1163.732503][  T975] usb usb3-port1: unable to enumerate USB device
[ 1163.950637][ T5893] usb 1-1: USB disconnect, device number 101
[ 1164.531799][T21662] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4499'.
[ 1165.345068][T21675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4501'.
[ 1165.358682][T21675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4501'.
[ 1165.671412][ T5893] usb 6-1: USB disconnect, device number 19
[ 1166.038636][ T5916] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[ 1166.193066][ T5916] usb 7-1: Using ep0 maxpacket: 16
[ 1166.204276][ T5916] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1166.221077][ T5916] usb 7-1: config 0 has no interface number 0
[ 1166.239938][ T5916] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1166.307123][ T5916] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 49152, setting to 1024
[ 1166.392981][ T5916] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1166.420960][ T5916] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1166.455296][ T5916] usb 7-1: Product: syz
[ 1166.475572][ T5916] usb 7-1: SerialNumber: syz
[ 1166.515012][ T5916] usb 7-1: config 0 descriptor??
[ 1166.556980][ T5916] cm109 7-1:0.8: invalid payload size 1024, expected 4
[ 1166.582489][ T5916] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input70
[ 1166.665685][   T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1166.680755][   T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1166.689723][   T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1166.700119][   T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1166.709667][   T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1166.747464][T21694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4509'.
[ 1166.765000][    C0] cm109 7-1:0.8: cm109_urb_irq_callback: urb status -71
[ 1166.768569][   T30] kauditd_printk_skb: 56 callbacks suppressed
[ 1166.768585][   T30] audit: type=1326 audit(1745441249.246:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1166.867608][   T30] audit: type=1326 audit(1745441249.246:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1166.889719][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1166.897290][   T30] audit: type=1326 audit(1745441249.246:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1166.897991][T21695] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4509'.
[ 1166.919678][   T30] audit: type=1326 audit(1745441249.246:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1166.919744][   T30] audit: type=1326 audit(1745441249.246:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1166.973326][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.017395][T12801] : (slave syz_tun): Releasing backup interface
[ 1167.032742][   T30] audit: type=1326 audit(1745441249.246:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1167.054850][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.062437][   T30] audit: type=1326 audit(1745441249.316:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1167.099573][T21701] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4510'.
[ 1167.109032][   T30] audit: type=1326 audit(1745441249.316:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1167.131786][   T30] audit: type=1326 audit(1745441249.346:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1167.194815][   T30] audit: type=1326 audit(1745441249.346:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21693 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02539 code=0x7ffc0000
[ 1167.628812][ T5900] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 1167.679456][T21698] chnl_net:caif_netlink_parms(): no params data found
[ 1167.768727][ T5891] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1167.860511][ T5900] usb 4-1: config 0 has an invalid interface number: 246 but max is 0
[ 1167.884707][ T5900] usb 4-1: config 0 has no interface number 0
[ 1167.901834][ T5900] usb 4-1: New USB device found, idVendor=28a7, idProduct=71ab, bcdDevice=df.39
[ 1167.920384][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1167.936680][ T5900] usb 4-1: Product: syz
[ 1167.949181][ T5900] usb 4-1: Manufacturer: syz
[ 1167.987026][ T5900] usb 4-1: SerialNumber: syz
[ 1168.010568][ T5900] usb 4-1: config 0 descriptor??
[ 1168.018947][ T5900] cdc_wdm 4-1:0.246: More than one union descriptor, skipping ...
[ 1168.026888][ T5900] cdc_wdm 4-1:0.246: probe with driver cdc_wdm failed with error -22
[ 1168.106445][ T5891] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1168.118273][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.130661][ T5891] usb 1-1: Product: syz
[ 1168.134853][ T5891] usb 1-1: Manufacturer: syz
[ 1168.258826][ T5891] usb 1-1: SerialNumber: syz
[ 1168.298377][T14633] usb 4-1: USB disconnect, device number 118
[ 1168.384313][ T5891] usb 1-1: config 0 descriptor??
[ 1168.396565][ T5891] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 102
[ 1168.498640][ T5900] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[ 1168.654084][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1168.654232][ T3083] usb 7-1: USB disconnect, device number 19
[ 1168.661059][    C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1168.684163][T21698] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1168.702024][T21682] ALSA: mixer_oss: invalid OSS volume ''
[ 1168.820375][ T5843] Bluetooth: hci4: command tx timeout
[ 1168.829524][T21698] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1168.845081][T21698] bridge_slave_0: entered allmulticast mode
[ 1168.853581][T21698] bridge_slave_0: entered promiscuous mode
[ 1168.862745][T21698] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1168.870645][T21698] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1168.877849][T21698] bridge_slave_1: entered allmulticast mode
[ 1168.892635][ T5900] usb 3-1: config 0 has no interfaces?
[ 1168.899258][T21698] bridge_slave_1: entered promiscuous mode
[ 1168.934492][ T5891]  (null): failure reading functionality
[ 1168.943834][ T5900] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1168.953595][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.962583][ T5900] usb 3-1: Product: syz
[ 1168.967528][ T5891] i2c i2c-1: failure reading functionality
[ 1168.968152][ T5900] usb 3-1: Manufacturer: syz
[ 1168.976379][ T3083] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1168.980227][ T5900] usb 3-1: SerialNumber: syz
[ 1169.037271][ T5891] i2c i2c-1: connected i2c-tiny-usb device
[ 1169.152403][ T5900] usb 3-1: config 0 descriptor??
[ 1169.160454][T21698] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1169.667018][T21698] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1169.996413][T21698] team0: Port device team_slave_0 added
[ 1170.012345][T21698] team0: Port device team_slave_1 added
[ 1170.111348][T21698] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1170.122957][T21698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1170.163479][T21698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1170.188616][ T3083] usb 4-1: new full-speed USB device number 119 using dummy_hcd
[ 1170.198145][T21725] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1170.217588][T21698] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1170.229765][T21698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1170.258944][T21698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1170.335656][T21743] trusted_key: encrypted_key: insufficient parameters specified
[ 1170.352283][T21698] hsr_slave_0: entered promiscuous mode
[ 1170.359677][T21698] hsr_slave_1: entered promiscuous mode
[ 1170.366790][T21698] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1170.375182][ T3083] usb 4-1: config 150 has an invalid interface number: 204 but max is 1
[ 1170.383999][ T3083] usb 4-1: config 150 has no interface number 0
[ 1170.390628][T21698] Cannot create hsr debugfs directory
[ 1170.396094][ T3083] usb 4-1: config 150 interface 204 has no altsetting 0
[ 1170.411591][ T3083] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[ 1170.420892][ T3083] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1170.433168][ T3083] usb 4-1: Product: syz
[ 1170.437387][ T3083] usb 4-1: Manufacturer: syz
[ 1170.442258][ T3083] usb 4-1: SerialNumber: syz
[ 1170.675013][ T3083] xr_serial 4-1:150.204: xr_serial converter detected
[ 1170.698693][ T3083] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[ 1170.712359][ T3083] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[ 1170.757538][ T3083] usb 4-1: USB disconnect, device number 119
[ 1170.772420][ T3083] xr_serial 4-1:150.204: device disconnected
[ 1170.889509][ T5843] Bluetooth: hci4: command tx timeout
[ 1171.364682][ T5900] usb 1-1: USB disconnect, device number 102
[ 1171.382472][ T3083] usb 3-1: USB disconnect, device number 6
[ 1171.731179][T21698] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1171.804537][T21698] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1171.877408][T21762] FAULT_INJECTION: forcing a failure.
[ 1171.877408][T21762] name failslab, interval 1, probability 0, space 0, times 0
[ 1171.895318][T21698] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1171.908863][T21762] CPU: 0 UID: 0 PID: 21762 Comm: syz.3.4528 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1171.908888][T21762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1171.908899][T21762] Call Trace:
[ 1171.908907][T21762]  <TASK>
[ 1171.908914][T21762]  dump_stack_lvl+0x241/0x360
[ 1171.908944][T21762]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1171.908966][T21762]  ? __pfx__printk+0x10/0x10
[ 1171.908993][T21762]  ? __pfx___might_resched+0x10/0x10
[ 1171.909013][T21762]  should_fail_ex+0x424/0x570
[ 1171.909042][T21762]  should_failslab+0xac/0x100
[ 1171.909062][T21762]  __kmalloc_cache_noprof+0x73/0x370
[ 1171.909078][T21762]  ? vhost_iotlb_alloc+0x55/0x180
[ 1171.909105][T21762]  vhost_iotlb_alloc+0x55/0x180
[ 1171.909130][T21762]  vhost_dev_ioctl+0x8c5/0xda0
[ 1171.909151][T21762]  ? vhost_net_ioctl+0x28d/0x14c0
[ 1171.909171][T21762]  ? __pfx___mutex_lock+0x10/0x10
[ 1171.909190][T21762]  ? __pfx_vhost_dev_ioctl+0x10/0x10
[ 1171.909219][T21762]  vhost_net_ioctl+0x29b/0x14c0
[ 1171.909247][T21762]  ? __pfx_vhost_net_ioctl+0x10/0x10
[ 1171.909269][T21762]  ? __fget_files+0x2a/0x420
[ 1171.909284][T21762]  ? __fget_files+0x2a/0x420
[ 1171.909303][T21762]  ? __fget_files+0x2a/0x420
[ 1171.909327][T21762]  __ia32_compat_sys_ioctl+0x561/0xc90
[ 1171.909352][T21762]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1171.909373][T21762]  ? __fget_files+0x2a/0x420
[ 1171.909395][T21762]  ? fput+0x9b/0xd0
[ 1171.909412][T21762]  ? ksys_write+0x275/0x2d0
[ 1171.909448][T21762]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1171.909465][T21762]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1171.909484][T21762]  __do_fast_syscall_32+0xb4/0x110
[ 1171.909501][T21762]  ? exc_page_fault+0x5f8/0x920
[ 1171.909522][T21762]  do_fast_syscall_32+0x34/0x80
[ 1171.909539][T21762]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1171.909559][T21762] RIP: 0023:0xf70fd539
[ 1171.909574][T21762] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1171.909590][T21762] RSP: 002b:00000000f50ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1171.909608][T21762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af03
[ 1171.909620][T21762] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1171.909631][T21762] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1171.909641][T21762] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1171.909652][T21762] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1171.909680][T21762]  </TASK>
[ 1171.915976][T21698] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1171.978710][ T3083] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1172.386726][ T3083] usb 3-1: config 0 has no interfaces?
[ 1172.401331][ T3083] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1172.417721][ T3083] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1172.433604][ T3083] usb 3-1: Product: syz
[ 1172.441243][ T3083] usb 3-1: Manufacturer: syz
[ 1172.445858][ T3083] usb 3-1: SerialNumber: syz
[ 1172.481903][ T3083] usb 3-1: config 0 descriptor??
[ 1172.541275][T21698] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1172.693492][T21698] 8021q: adding VLAN 0 to HW filter on device team0
[ 1172.708343][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1172.715564][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1172.729092][ T5891] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 1172.829066][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1172.836205][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1172.877446][T21759] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1172.902545][ T5891] usb 4-1: Using ep0 maxpacket: 16
[ 1172.930608][ T5891] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1172.957318][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1172.969097][ T5843] Bluetooth: hci4: command tx timeout
[ 1173.000391][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1173.060761][ T5891] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1173.103724][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1173.132901][ T5891] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1173.238293][T21698] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1173.256961][ T5891] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1173.272080][ T5891] usb 4-1: Manufacturer: syz
[ 1173.289611][ T5891] usb 4-1: config 0 descriptor??
[ 1173.404316][ T3083] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1173.648703][ T3083] usb 1-1: Using ep0 maxpacket: 16
[ 1173.656209][ T3083] usb 1-1: config 0 has no interfaces?
[ 1173.667438][ T3083] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1173.685819][ T3083] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.715946][ T3083] usb 1-1: Product: syz
[ 1173.723912][T21698] veth0_vlan: entered promiscuous mode
[ 1173.740156][ T3083] usb 1-1: Manufacturer: syz
[ 1173.752473][ T3083] usb 1-1: SerialNumber: syz
[ 1173.775640][ T5891] rc_core: IR keymap rc-hauppauge not found
[ 1173.781871][ T5891] Registered IR keymap rc-empty
[ 1173.789252][T21698] veth1_vlan: entered promiscuous mode
[ 1173.799958][ T3083] usb 1-1: config 0 descriptor??
[ 1173.808754][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.861635][T21787] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[ 1173.913714][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.965622][ T5891] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1174.042123][ T5891] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input71
[ 1174.069721][T21698] veth0_macvtap: entered promiscuous mode
[ 1174.131089][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.157064][T21698] veth1_macvtap: entered promiscuous mode
[ 1174.198655][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.211433][T21698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1174.254546][T21698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1174.264774][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.272035][T21698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1174.282631][T21698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1174.294035][T21698] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1174.301756][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.317178][T21698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1174.327684][T21698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1174.346352][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.356876][T21698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1174.367436][T21698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1174.379001][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.386939][T21698] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1174.409408][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.433381][T21698] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.442339][T21698] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.451854][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.462568][T21698] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.478846][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.486033][T21698] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.516885][ T5891] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.570135][ T5891] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1174.578734][ T5891] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1174.593728][ T5891] usb 4-1: USB disconnect, device number 120
[ 1174.604361][    T9] usb 1-1: USB disconnect, device number 103
[ 1174.668820][  T975] usb 3-1: USB disconnect, device number 7
[ 1174.690499][T21800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4538'.
[ 1174.723044][T21800] batadv1: left allmulticast mode
[ 1174.753168][T21800] batadv1: left promiscuous mode
[ 1174.758357][T21800] bridge0: port 3(batadv1) entered disabled state
[ 1174.847283][T21800] bridge_slave_1: left allmulticast mode
[ 1174.855962][T21800] bridge_slave_1: left promiscuous mode
[ 1174.868115][T21800] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1174.878361][T21800] bridge_slave_0: left allmulticast mode
[ 1174.902623][T21800] bridge_slave_0: left promiscuous mode
[ 1174.914596][T21800] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1175.035015][T21801] bond0: (slave bond_slave_0): Releasing backup interface
[ 1175.046194][T21801] bond_slave_0: left promiscuous mode
[ 1175.052535][ T5843] Bluetooth: hci4: command tx timeout
[ 1175.070061][T21801] bond0: (slave bond_slave_1): Releasing backup interface
[ 1175.090900][T21801] bond_slave_1: left promiscuous mode
[ 1175.134821][T21801] team0: Port device team_slave_0 removed
[ 1175.159160][T21801] team0: Port device team_slave_1 removed
[ 1175.188396][T21801] team0: Port device macvlan2 removed
[ 1175.207329][T21801] bond1: (slave ip6gretap1): Removing an active aggregator
[ 1175.217568][T21801] bond1: (slave ip6gretap1): Releasing backup interface
[ 1175.225678][T21801] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 2e:c1:70:86:06:6b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1175.262058][T21801] bond1: (slave veth3): Releasing backup interface
[ 1175.379565][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1175.428434][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1175.561028][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1175.594999][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1176.088826][T14633] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1176.105483][T21828] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[ 1176.145858][T21828] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1176.154962][T21828] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1176.172723][T21828] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1176.259752][T14633] usb 1-1: Using ep0 maxpacket: 16
[ 1176.301998][T14633] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1176.310728][T21840] xt_ecn: cannot match TCP bits for non-tcp packets
[ 1176.323731][T14633] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1176.630839][T14633] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1176.725228][T14633] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1176.768230][T21850] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4550'.
[ 1176.792077][T14633] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.940548][T14633] usb 1-1: config 0 descriptor??
[ 1176.980457][T21848] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4551'.
[ 1177.098872][ T5891] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1177.276873][ T5891] usb 6-1: config 0 has no interfaces?
[ 1177.293940][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.302283][ T5891] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1177.324006][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.330887][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1177.344024][ T5891] usb 6-1: Product: syz
[ 1177.348269][ T5891] usb 6-1: Manufacturer: syz
[ 1177.353508][ T5891] usb 6-1: SerialNumber: syz
[ 1177.377336][ T5891] usb 6-1: config 0 descriptor??
[ 1177.451336][T14633] HID 045e:07da: Invalid code 65791 type 1
[ 1177.464806][T14633] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.003B/input/input72
[ 1177.483755][T14633] microsoft 0003:045E:07DA.003B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 1177.576114][T21861] syzkaller1: entered promiscuous mode
[ 1177.582416][T21861] syzkaller1: entered allmulticast mode
[ 1177.671295][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 1177.671309][   T30] audit: type=1326 audit(1745441260.166:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1177.736135][   T30] audit: type=1326 audit(1745441260.166:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1177.787801][   T30] audit: type=1326 audit(1745441260.166:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1177.816991][T21846] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1178.036309][   T30] audit: type=1326 audit(1745441260.166:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.213306][   T30] audit: type=1326 audit(1745441260.166:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.275204][   T30] audit: type=1326 audit(1745441260.316:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.328101][   T30] audit: type=1326 audit(1745441260.316:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.352035][   T30] audit: type=1326 audit(1745441260.336:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=230 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.374707][   T30] audit: type=1326 audit(1745441260.336:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.398356][   T30] audit: type=1326 audit(1745441260.336:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21819 comm="syz.0.4544" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7ffc0000
[ 1178.718674][T14633] usb 1-1: reset high-speed USB device number 104 using dummy_hcd
[ 1179.398669][ T5900] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 1179.508631][ T5891] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1179.548719][ T5900] usb 3-1: Using ep0 maxpacket: 32
[ 1179.555702][ T5900] usb 3-1: config 4 has an invalid interface number: 194 but max is 0
[ 1179.566299][ T5900] usb 3-1: config 4 has no interface number 0
[ 1179.572564][ T5900] usb 3-1: config 4 interface 194 altsetting 7 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[ 1179.583573][ T5900] usb 3-1: config 4 interface 194 altsetting 7 endpoint 0x4 has an invalid bInterval 0, changing to 7
[ 1179.612173][  T975] usb 6-1: USB disconnect, device number 20
[ 1179.621523][ T5900] usb 3-1: config 4 interface 194 altsetting 7 endpoint 0x4 has invalid maxpacket 25352, setting to 1024
[ 1179.633113][ T5900] usb 3-1: config 4 interface 194 has no altsetting 0
[ 1179.648035][ T5900] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=a1.41
[ 1179.667714][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.676018][ T5900] usb 3-1: Product: syz
[ 1179.683965][ T5900] usb 3-1: Manufacturer: syz
[ 1179.689475][ T5891] usb 4-1: Using ep0 maxpacket: 16
[ 1179.693179][ T5900] usb 3-1: SerialNumber: syz
[ 1179.700840][ T5891] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1179.712448][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.722001][ T5891] usb 4-1: Product: syz
[ 1179.727825][ T5891] usb 4-1: Manufacturer: syz
[ 1179.733224][ T5891] usb 4-1: SerialNumber: syz
[ 1179.746592][ T5891] r8152-cfgselector 4-1: Unknown version 0x0000
[ 1179.753510][ T5891] r8152-cfgselector 4-1: config 0 descriptor??
[ 1179.768793][T14633] usb 1-1: device descriptor read/64, error -71
[ 1179.969377][T21876] input: syz0 as /devices/virtual/input/input73
[ 1180.018330][ T5891] r8152-cfgselector 4-1: Unknown version 0x7810
[ 1180.025016][T14633] usb 1-1: reset high-speed USB device number 104 using dummy_hcd
[ 1180.037557][ T5891] r8152-cfgselector 4-1: bad CDC descriptors
[ 1180.049156][  T975] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1180.111436][ T5900] usb 3-1: probing VID:PID(0424:012C)   
[ 1180.129578][ T5900] usb 3-1: vub300 testing UNKNOWN EndPoint(0) 03
[ 1180.135954][ T5900] usb 3-1: vub300 ignoring EndPoint(0) 03
[ 1180.162903][ T5900] usb 3-1: vub300 testing UNKNOWN EndPoint(1) 04
[ 1180.170602][ T5900] usb 3-1: vub300 ignoring EndPoint(1) 04
[ 1180.176506][ T5900] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[ 1180.202049][ T5900] vub300 3-1:4.194: probe with driver vub300 failed with error -22
[ 1180.221271][ T5900] usb 3-1: USB disconnect, device number 8
[ 1180.230836][T14633] usb 1-1: device firmware changed
[ 1180.235386][  T975] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1180.255159][  T975] usb 6-1: can't read configurations, error -61
[ 1180.255368][T13155] usb 1-1: USB disconnect, device number 104
[ 1180.398794][  T975] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1180.448891][T13155] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1180.537046][T21900] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4564'.
[ 1180.550597][  T975] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1180.561733][  T975] usb 6-1: can't read configurations, error -61
[ 1180.569846][  T975] usb usb6-port1: attempt power cycle
[ 1180.598676][T13155] usb 1-1: Using ep0 maxpacket: 16
[ 1180.598871][ T5900] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1180.605938][T13155] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1180.620389][T13155] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1180.630841][T13155] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1180.640058][T13155] usb 1-1: config 1 has no interface number 1
[ 1180.646185][T13155] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1180.659134][T13155] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1180.672481][T13155] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1180.681935][T13155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.695508][T13155] usb 1-1: Product: syz
[ 1180.699700][T13155] usb 1-1: Manufacturer: syz
[ 1180.704292][T13155] usb 1-1: SerialNumber: syz
[ 1180.758599][ T5900] usb 3-1: Using ep0 maxpacket: 16
[ 1180.765765][ T5900] usb 3-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config
[ 1180.776272][ T5900] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1180.787596][ T5900] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1180.797376][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.807032][ T5900] usb 3-1: Product: syz
[ 1180.811384][ T5900] usb 3-1: Manufacturer: syz
[ 1180.815989][ T5900] usb 3-1: SerialNumber: syz
[ 1180.823437][ T5900] usb 3-1: config 0 descriptor??
[ 1180.908756][  T975] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1180.922210][T13155] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1180.932296][T13155] usb 1-1: found format II with max.bitrate = 0, frame size=0
[ 1180.940621][T13155] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1180.944181][  T975] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1180.955819][  T975] usb 6-1: can't read configurations, error -61
[ 1180.973545][T13155] usb 1-1: USB disconnect, device number 105
[ 1181.088717][  T975] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1181.142518][  T975] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1181.151306][  T975] usb 6-1: can't read configurations, error -61
[ 1181.167445][  T975] usb usb6-port1: unable to enumerate USB device
[ 1181.180214][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1181.845055][T13155] usb 3-1: USB disconnect, device number 9
[ 1182.172773][  T975] r8152-cfgselector 4-1: USB disconnect, device number 121
[ 1183.118806][T13155] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1183.188738][ T5900] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1183.205849][T21930] netlink: 1272 bytes leftover after parsing attributes in process `syz.2.4577'.
[ 1183.282411][T13155] usb 4-1: config 0 has no interfaces?
[ 1183.294550][T13155] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1183.307717][T13155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.318256][T13155] usb 4-1: Product: syz
[ 1183.322911][T13155] usb 4-1: Manufacturer: syz
[ 1183.327580][T13155] usb 4-1: SerialNumber: syz
[ 1183.335797][T13155] usb 4-1: config 0 descriptor??
[ 1183.358425][ T5900] usb 6-1: Using ep0 maxpacket: 8
[ 1183.382174][ T5900] usb 6-1: config 52 has an invalid interface number: 101 but max is 0
[ 1183.391338][ T5900] usb 6-1: config 52 has no interface number 0
[ 1183.398036][ T5900] usb 6-1: config 52 interface 101 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 64
[ 1183.410811][ T5900] usb 6-1: config 52 interface 101 has no altsetting 0
[ 1183.420197][ T5900] usb 6-1: New USB device found, idVendor=10b8, idProduct=1e80, bcdDevice=13.2f
[ 1183.429461][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.437473][ T5900] usb 6-1: Product: syz
[ 1183.441957][ T5900] usb 6-1: Manufacturer: syz
[ 1183.446672][ T5900] usb 6-1: SerialNumber: syz
[ 1183.455082][T21921] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1183.561613][T21918] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1183.621163][T13155] usb 4-1: USB disconnect, device number 122
[ 1183.683309][T21921] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4573'.
[ 1183.838838][  T975] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 1183.883443][ T5900] dvb-usb: found a 'DiBcom STK7770P reference design' in cold state, will try to load a firmware
[ 1183.990284][ T5900] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1184.005269][  T975] usb 7-1: device descriptor read/64, error -71
[ 1184.014363][ T5900] dib0700: firmware download failed at 7 with -71
[ 1184.037026][T21951] dummy0: entered allmulticast mode
[ 1184.040105][ T5900] usb 6-1: USB disconnect, device number 25
[ 1184.265383][  T975] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1184.312319][T21959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4585'.
[ 1184.464521][  T975] usb 7-1: device descriptor read/64, error -71
[ 1184.579141][  T975] usb usb7-port1: attempt power cycle
[ 1184.622322][T21963] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1184.665355][T21963] team0: Device ip6gre1 is of different type
[ 1184.938755][  T975] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1184.959275][  T975] usb 7-1: device descriptor read/8, error -71
[ 1185.239503][T21976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4591'.
[ 1185.309375][  T975] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1185.344406][  T975] usb 7-1: device descriptor read/8, error -71
[ 1185.438987][ T5845] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1185.460039][  T975] usb usb7-port1: unable to enumerate USB device
[ 1185.598604][ T5845] usb 6-1: Using ep0 maxpacket: 16
[ 1185.609784][ T5845] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1185.627124][ T5845] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.651017][ T5845] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[ 1185.678693][ T5845] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1185.701264][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1185.728690][  T975] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 1185.738050][ T5845] usb 6-1: SerialNumber: syz
[ 1185.815336][ T5845] cdc_acm 6-1:1.0: skipping garbage
[ 1186.017955][  T975] usb 4-1: config 0 has no interfaces?
[ 1186.059464][  T975] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1186.064653][T13155] usb 6-1: USB disconnect, device number 26
[ 1186.070704][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1186.094729][  T975] usb 4-1: Product: syz
[ 1186.139502][T21992] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4599'.
[ 1186.178630][ T5845] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[ 1186.186352][  T975] usb 4-1: Manufacturer: syz
[ 1186.238613][  T975] usb 4-1: SerialNumber: syz
[ 1186.308477][  T975] usb 4-1: config 0 descriptor??
[ 1186.379871][ T5845] usb 3-1: Using ep0 maxpacket: 32
[ 1186.390152][ T5845] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1186.407846][ T5845] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1186.423883][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1186.435527][ T5845] usb 3-1: Product: syz
[ 1186.444377][ T5845] usb 3-1: Manufacturer: syz
[ 1186.449491][ T5845] usb 3-1: SerialNumber: syz
[ 1186.462938][ T5845] usb 3-1: config 0 descriptor??
[ 1186.470290][T21990] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1186.557173][T21986] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1186.814886][T22001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4598'.
[ 1186.880798][T13155] usb 3-1: USB disconnect, device number 10
[ 1187.385575][T22011] tun0: tun_chr_ioctl cmd 1074025675
[ 1187.399076][T22011] tun0: persist disabled
[ 1187.428097][T22017] tun0: tun_chr_ioctl cmd 1074025673
[ 1188.380831][ T5893] usb 4-1: USB disconnect, device number 123
[ 1188.456477][T22033] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4608'.
[ 1188.614797][T22037] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1188.798622][ T5893] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1188.962152][ T5893] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1188.989082][ T5893] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1189.001141][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.027886][ T5893] usb 4-1: Product: syz
[ 1189.042342][ T5893] usb 4-1: Manufacturer: syz
[ 1189.056219][ T5893] usb 4-1: SerialNumber: syz
[ 1189.087202][ T5893] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[ 1189.097075][ T5893] cdc_ncm 4-1:1.0: bind() failure
[ 1189.149040][ T5893] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1189.157710][ T5893] cdc_ncm 4-1:1.1: bind() failure
[ 1189.328690][    T9] usb 7-1: new full-speed USB device number 24 using dummy_hcd
[ 1189.378884][T13155] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1189.490916][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1189.502284][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1189.514122][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1189.526290][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1189.550082][T13155] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1189.565363][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1189.598837][    T9] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1189.608475][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1189.613952][T14633] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1189.628631][    T9] usb 7-1: Product: syz
[ 1189.632839][    T9] usb 7-1: Manufacturer: syz
[ 1189.636709][T13155] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1189.650035][T13155] usb 6-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[ 1189.661920][T13155] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.676612][    T9] usb 7-1: SerialNumber: syz
[ 1189.682077][T13155] usb 6-1: config 0 descriptor??
[ 1189.695350][    T9] usb 7-1: config 0 descriptor??
[ 1189.824649][T14633] usb 1-1: config 0 has no interfaces?
[ 1189.845698][T14633] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1189.881015][T14633] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.892757][T14633] usb 1-1: Product: syz
[ 1189.896997][T14633] usb 1-1: Manufacturer: syz
[ 1189.904990][T14633] usb 1-1: SerialNumber: syz
[ 1189.924064][T14633] usb 1-1: config 0 descriptor??
[ 1189.953351][T22054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1189.990834][T22054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1190.049093][    T9] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1190.055911][    T9] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1190.115383][T13155] petalynx 0003:18B1:0037.003C: unknown main item tag 0x0
[ 1190.136439][T13155] petalynx 0003:18B1:0037.003C: item fetching failed at offset 3/5
[ 1190.187963][T13155] petalynx 0003:18B1:0037.003C: parse failed
[ 1190.208455][T13155] petalynx 0003:18B1:0037.003C: probe with driver petalynx failed with error -22
[ 1190.223319][T22064] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[ 1190.249630][    T9] radio-si470x 7-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1190.258409][    T9] radio-si470x 7-1:0.0: si470x_get_scratch: si470x_get_report returned -32
[ 1190.277620][    T9] radio-si470x 7-1:0.0: probe with driver radio-si470x failed with error -5
[ 1190.324271][ T5845] usb 6-1: USB disconnect, device number 27
[ 1192.521817][T13155] usb 4-1: USB disconnect, device number 124
[ 1192.528613][  T975] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[ 1192.611705][T22083] FAULT_INJECTION: forcing a failure.
[ 1192.611705][T22083] name failslab, interval 1, probability 0, space 0, times 0
[ 1192.626267][T22083] CPU: 1 UID: 0 PID: 22083 Comm: syz.3.4626 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1192.626292][T22083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1192.626303][T22083] Call Trace:
[ 1192.626311][T22083]  <TASK>
[ 1192.626319][T22083]  dump_stack_lvl+0x241/0x360
[ 1192.626350][T22083]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1192.626373][T22083]  ? __pfx__printk+0x10/0x10
[ 1192.626394][T22083]  ? __lock_acquire+0xad5/0xd80
[ 1192.626428][T22083]  should_fail_ex+0x424/0x570
[ 1192.626458][T22083]  should_failslab+0xac/0x100
[ 1192.626478][T22083]  kmem_cache_alloc_noprof+0x78/0x390
[ 1192.626495][T22083]  ? skb_clone+0x20c/0x390
[ 1192.626516][T22083]  skb_clone+0x20c/0x390
[ 1192.626536][T22083]  __netlink_deliver_tap+0x3c4/0x7f0
[ 1192.626568][T22083]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1192.626587][T22083]  netlink_deliver_tap+0x19d/0x1b0
[ 1192.626608][T22083]  netlink_unicast+0x7c6/0x9a0
[ 1192.626636][T22083]  ? __pfx_netlink_unicast+0x10/0x10
[ 1192.626656][T22083]  ? skb_put+0x114/0x1f0
[ 1192.626684][T22083]  netlink_sendmsg+0x8c3/0xcd0
[ 1192.626717][T22083]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1192.626742][T22083]  ? aa_sock_msg_perm+0x91/0x160
[ 1192.626768][T22083]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1192.626791][T22083]  __sock_sendmsg+0x221/0x270
[ 1192.626813][T22083]  ____sys_sendmsg+0x523/0x860
[ 1192.626846][T22083]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1192.626887][T22083]  __sys_sendmsg+0x271/0x360
[ 1192.626916][T22083]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1192.626991][T22083]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1192.627008][T22083]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1192.627027][T22083]  __do_fast_syscall_32+0xb4/0x110
[ 1192.627045][T22083]  ? exc_page_fault+0x5f8/0x920
[ 1192.627064][T22083]  do_fast_syscall_32+0x34/0x80
[ 1192.627082][T22083]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1192.627101][T22083] RIP: 0023:0xf70fd539
[ 1192.627116][T22083] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1192.627130][T22083] RSP: 002b:00000000f50ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1192.627154][T22083] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040
[ 1192.627166][T22083] RDX: 0000000024044094 RSI: 0000000000000000 RDI: 0000000000000000
[ 1192.627176][T22083] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1192.627187][T22083] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1192.627197][T22083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1192.627224][T22083]  </TASK>
[ 1193.158317][  T975] usb 3-1: device descriptor read/all, error -71
[ 1193.248327][T22085] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1193.302946][    T9] usb 7-1: USB disconnect, device number 24
[ 1193.367573][T14633] usb 1-1: USB disconnect, device number 106
[ 1193.496128][T22096] netlink: 'syz.5.4631': attribute type 10 has an invalid length.
[ 1193.534648][T22096] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 1193.546835][T13155] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1193.560952][T22096] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 1193.584154][T22096] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 1193.716808][T13155] usb 4-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[ 1193.738585][T13155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.746671][T13155] usb 4-1: Product: syz
[ 1193.751906][T13155] usb 4-1: Manufacturer: syz
[ 1193.756576][T13155] usb 4-1: SerialNumber: syz
[ 1193.779227][T13155] usb 4-1: config 0 descriptor??
[ 1193.804074][T13155] gspca_main: sonixb-2.14.0 probing 0c45:608f
[ 1194.004218][  T975] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 1194.024492][T22087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1194.095591][T22087] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1194.109165][T22121] usb usb8: usbfs: process 22121 (syz.5.4637) did not claim interface 0 before use
[ 1194.168174][   T30] kauditd_printk_skb: 12 callbacks suppressed
[ 1194.168191][   T30] audit: type=1326 audit(1745441276.626:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.202560][   T30] audit: type=1326 audit(1745441276.626:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.232362][  T975] usb 3-1: device descriptor read/64, error -71
[ 1194.257318][   T30] audit: type=1326 audit(1745441276.626:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.337343][T13155] sonixb 4-1:0.0: Error reading register 00: -110
[ 1194.358896][  T975] usb usb3-port1: attempt power cycle
[ 1194.392051][T13155] usb 4-1: USB disconnect, device number 125
[ 1194.430501][   T30] audit: type=1326 audit(1745441276.626:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.513577][   T30] audit: type=1326 audit(1745441276.636:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.595051][   T30] audit: type=1326 audit(1745441276.636:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.680429][   T30] audit: type=1326 audit(1745441276.646:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1194.714110][  T975] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1194.906491][  T975] usb 3-1: device descriptor read/8, error -71
[ 1194.974083][   T30] audit: type=1326 audit(1745441276.646:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1195.097964][   T30] audit: type=1326 audit(1745441276.646:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1195.160772][  T975] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1195.197934][   T30] audit: type=1326 audit(1745441276.646:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22112 comm="syz.5.4637" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1195.212022][  T975] usb 3-1: device descriptor read/8, error -71
[ 1195.258633][T22143] trusted_key: encrypted_key: insufficient parameters specified
[ 1195.564949][  T975] usb usb3-port1: unable to enumerate USB device
[ 1196.495657][  T975] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1196.753915][  T975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1196.790201][  T975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1196.821102][  T975] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1196.878619][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.907904][  T975] usb 6-1: config 0 descriptor??
[ 1196.973746][T22169] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4651'.
[ 1197.267941][T22178] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1197.473354][T13155] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1197.628671][T13155] usb 3-1: Using ep0 maxpacket: 16
[ 1197.640378][T13155] usb 3-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[ 1197.658678][T13155] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping
[ 1197.686481][T13155] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1197.702259][T13155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.714810][T13155] usb 3-1: config 0 descriptor??
[ 1197.726527][T13155] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1197.953063][T22204] vivid-003: =================  START STATUS  =================
[ 1197.965097][T22204] vivid-003: RDS Tx I/O Mode: Controls
[ 1197.972431][  T975] uclogic 0003:256C:006D.003D: failed retrieving string descriptor #100: -71
[ 1197.983944][T22204] vivid-003: RDS Program ID: 32904
[ 1197.989706][  T975] uclogic 0003:256C:006D.003D: failed retrieving pen parameters: -71
[ 1197.998726][T22204] vivid-003: RDS Program Type: 3
[ 1198.003987][T22204] vivid-003: RDS PS Name: VIVID-TX
[ 1198.013500][  T975] uclogic 0003:256C:006D.003D: failed probing pen v1 parameters: -71
[ 1198.032957][  T975] uclogic 0003:256C:006D.003D: failed probing parameters: -71
[ 1198.042139][T22204] vivid-003: RDS Radio Text: This is a VIVID default Radio Text template text, change at will
[ 1198.057060][  T975] uclogic 0003:256C:006D.003D: probe with driver uclogic failed with error -71
[ 1198.071549][T22204] vivid-003: RDS Stereo: true
[ 1198.076275][T22204] vivid-003: RDS Artificial Head: false
[ 1198.082088][  T975] usb 6-1: USB disconnect, device number 28
[ 1198.093872][T22204] vivid-003: RDS Compressed: false
[ 1198.100336][T22204] vivid-003: RDS Dynamic PTY: false
[ 1198.114728][T22204] vivid-003: RDS Traffic Announcement: false
[ 1198.121056][T22204] vivid-003: RDS Traffic Program: true
[ 1198.126625][T22204] vivid-003: RDS Music: true
[ 1198.158825][T22204] vivid-003: ==================  END STATUS  ==================
[ 1198.228733][T13155] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1198.282967][T22217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1198.292302][T22217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1198.301601][T22216] netlink: 'syz.0.4664': attribute type 3 has an invalid length.
[ 1198.383542][T13155] usb 4-1: config 0 has no interfaces?
[ 1198.392472][T13155] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1198.404702][T13155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1198.416840][T13155] usb 4-1: Product: syz
[ 1198.421555][T13155] usb 4-1: Manufacturer: syz
[ 1198.427034][T13155] usb 4-1: SerialNumber: syz
[ 1198.434147][T13155] usb 4-1: config 0 descriptor??
[ 1198.768732][  T975] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1198.945162][  T975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1198.956185][  T975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1198.966165][  T975] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1198.979212][  T975] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1198.988280][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.000028][  T975] usb 6-1: config 0 descriptor??
[ 1199.068637][T13155] usb 7-1: new low-speed USB device number 25 using dummy_hcd
[ 1199.230464][T13155] usb 7-1: config 7 has an invalid interface number: 252 but max is 0
[ 1199.238936][T13155] usb 7-1: config 7 has no interface number 0
[ 1199.245104][T13155] usb 7-1: config 7 interface 252 altsetting 8 endpoint 0xF has an invalid bInterval 232, changing to 4
[ 1199.256379][T13155] usb 7-1: config 7 interface 252 altsetting 8 endpoint 0xF has invalid maxpacket 64, setting to 0
[ 1199.270521][T13155] usb 7-1: config 7 interface 252 has no altsetting 0
[ 1199.281006][T13155] usb 7-1: string descriptor 0 read error: -22
[ 1199.287348][T13155] usb 7-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[ 1199.297813][T13155] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1199.315733][T13155] idmouse 7-1:7.252: Unable to find bulk-in endpoint.
[ 1199.415067][T22237] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4670'.
[ 1199.431559][  T975] plantronics 0003:047F:FFFF.003E: No inputs registered, leaving
[ 1199.447103][  T975] plantronics 0003:047F:FFFF.003E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1199.592536][T13155] usb 7-1: USB disconnect, device number 25
[ 1199.715335][  T975] usb 6-1: USB disconnect, device number 29
[ 1200.254853][  T975] usb 3-1: USB disconnect, device number 15
[ 1200.555608][T22255] xt_CT: No such helper "syz1"
[ 1200.679148][  T975] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1200.795939][T22268] bridge0: entered promiscuous mode
[ 1200.803728][T22268] batadv0: entered promiscuous mode
[ 1200.951235][T22269] trusted_key: encrypted_key: insufficient parameters specified
[ 1200.978342][    T9] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1200.999634][  T975] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1201.007938][  T975] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1201.020614][ T5900] usb 4-1: USB disconnect, device number 126
[ 1201.032290][  T975] usb 3-1: config 220 contains an unexpected descriptor of type 0x1, skipping
[ 1201.064592][  T975] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1201.122364][  T975] usb 3-1: config 220 has no interface number 2
[ 1201.157329][T22271] netlink: 'syz.3.4685': attribute type 2 has an invalid length.
[ 1201.158938][  T975] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1201.203452][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1201.217559][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1201.234511][  T975] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1201.248154][  T975] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1201.255226][    T9] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[ 1201.280440][  T975] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1201.295657][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1201.311161][  T975] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1201.329698][  T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.340169][    T9] usb 7-1: config 0 descriptor??
[ 1201.345341][  T975] usb 3-1: Product: syz
[ 1201.353405][  T975] usb 3-1: Manufacturer: syz
[ 1201.358100][  T975] usb 3-1: SerialNumber: syz
[ 1201.399447][T13155] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1201.713368][  T975] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1201.720064][  T975] usb 3-1: No valid video chain found.
[ 1201.725718][  T975] usb 3-1: selecting invalid altsetting 0
[ 1201.768576][T13155] usb 6-1: Using ep0 maxpacket: 32
[ 1201.773341][  T975] usb 3-1: selecting invalid altsetting 0
[ 1201.788614][  T975] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[ 1201.801660][  T975] usb 3-1: USB disconnect, device number 16
[ 1201.818141][T13155] usb 6-1: config 0 has no interfaces?
[ 1201.841761][T13155] usb 6-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57
[ 1201.851382][T13155] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.859901][T13155] usb 6-1: Product: syz
[ 1201.970159][T13155] usb 6-1: Manufacturer: syz
[ 1201.974924][T13155] usb 6-1: SerialNumber: syz
[ 1201.985655][    T9] playstation 0003:054C:0DF2.003F: unknown main item tag 0x0
[ 1201.996763][T13155] usb 6-1: config 0 descriptor??
[ 1202.024489][    T9] playstation 0003:054C:0DF2.003F: unknown main item tag 0x0
[ 1202.038938][    T9] playstation 0003:054C:0DF2.003F: unknown main item tag 0x0
[ 1202.047296][    T9] playstation 0003:054C:0DF2.003F: unknown main item tag 0x0
[ 1202.058674][    T9] playstation 0003:054C:0DF2.003F: unknown main item tag 0x0
[ 1202.067931][    T9] playstation 0003:054C:0DF2.003F: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.6-1/input0
[ 1202.400909][T22259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1202.418944][T22259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1202.440173][    T9] playstation 0003:054C:0DF2.003F: Failed to retrieve feature with reportID 32: -71
[ 1202.453903][    T9] playstation 0003:054C:0DF2.003F: Failed to retrieve DualSense firmware info: -71
[ 1202.473714][    T9] playstation 0003:054C:0DF2.003F: Failed to get firmware info from DualSense
[ 1202.483379][    T9] playstation 0003:054C:0DF2.003F: Failed to create dualsense.
[ 1202.491786][ T5845] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1202.522343][    T9] playstation 0003:054C:0DF2.003F: probe with driver playstation failed with error -71
[ 1202.561001][    T9] usb 7-1: USB disconnect, device number 26
[ 1202.604840][T13155] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[ 1202.652230][ T5891] usb 6-1: USB disconnect, device number 30
[ 1202.658768][ T5845] usb 4-1: Using ep0 maxpacket: 16
[ 1202.665521][ T5845] usb 4-1: too many configurations: 123, using maximum allowed: 8
[ 1202.677262][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.690177][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.703301][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.721413][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.737032][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.749396][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.760446][T13155] usb 3-1: config 150 has an invalid interface number: 204 but max is 1
[ 1202.764720][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.769741][T13155] usb 3-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.787138][ T5845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1202.793932][T13155] usb 3-1: config 150 has 1 interface, different from the descriptor's value: 2
[ 1202.812034][ T5845] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1202.813633][T13155] usb 3-1: config 150 has no interface number 0
[ 1202.823069][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[ 1202.827887][T13155] usb 3-1: config 150 interface 204 has no altsetting 0
[ 1202.839749][ T5845] usb 4-1: SerialNumber: syz
[ 1202.845299][T13155] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[ 1202.851295][ T5845] usb 4-1: config 0 descriptor??
[ 1202.861517][T13155] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1202.861542][T13155] usb 3-1: Product: syz
[ 1202.874232][T13155] usb 3-1: Manufacturer: syz
[ 1202.879158][T13155] usb 3-1: SerialNumber: syz
[ 1202.881775][ T5845] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input75
[ 1203.275623][ T5198] bcm5974 4-1:0.0: could not read from device
[ 1203.277114][    T9] usb 4-1: USB disconnect, device number 127
[ 1203.307832][T22299] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4689'.
[ 1203.361115][ T5198] bcm5974 4-1:0.0: could not read from device
[ 1203.439091][ T5859] bcm5974 4-1:0.0: could not read from device
[ 1203.457568][ T5198] bcm5974 4-1:0.0: could not read from device
[ 1203.464689][ T5198] bcm5974 4-1:0.0: could not read from device
[ 1204.438611][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 1204.618986][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1204.652851][    T9] usb 4-1: config 66 interface 0 altsetting 16 bulk endpoint 0x7 has invalid maxpacket 16
[ 1204.709536][    T9] usb 4-1: config 66 interface 0 has no altsetting 0
[ 1204.832942][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[ 1204.850497][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.866082][    T9] usb 4-1: Product: syz
[ 1204.872816][    T9] usb 4-1: Manufacturer: syz
[ 1204.877807][    T9] usb 4-1: SerialNumber: syz
[ 1205.006611][T22312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1205.039017][T13155] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1205.108624][ T5891] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1205.206658][T13155] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1205.216915][T13155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1205.225698][T13155] usb 1-1: Product: syz
[ 1205.230169][T13155] usb 1-1: Manufacturer: syz
[ 1205.234851][T13155] usb 1-1: SerialNumber: syz
[ 1205.245122][T13155] usb 1-1: config 0 descriptor??
[ 1205.264132][ T5891] usb 7-1: Using ep0 maxpacket: 8
[ 1205.275041][ T5891] usb 7-1: config 0 has an invalid interface number: 141 but max is 12
[ 1205.284478][ T5891] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 1205.297331][ T5891] usb 7-1: config 0 has no interface number 0
[ 1205.303856][T14633] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1205.315806][ T5891] usb 7-1: too many endpoints for config 0 interface 141 altsetting 32: 177, using maximum allowed: 30
[ 1205.329576][T13155] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 107
[ 1205.339813][ T5891] usb 7-1: config 0 interface 141 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 177
[ 1205.393947][ T5845] usb 3-1: USB disconnect, device number 17
[ 1205.408003][ T5891] usb 7-1: config 0 interface 141 has no altsetting 0
[ 1205.426906][ T5891] usb 7-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 1205.437239][ T5891] usb 7-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[ 1205.455061][ T5891] usb 7-1: Product: syz
[ 1205.459774][ T5891] usb 7-1: Manufacturer: syz
[ 1205.464936][ T5891] usb 7-1: SerialNumber: syz
[ 1205.474737][T14633] usb 6-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[ 1205.486773][T14633] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1205.499141][T14633] usb 6-1: Product: syz
[ 1205.503385][T14633] usb 6-1: Manufacturer: syz
[ 1205.506192][    T9] ati_remote2 4-1:66.0: ati_remote2_probe(): interface 1 must have an endpoint
[ 1205.509309][ T5891] usb 7-1: config 0 descriptor??
[ 1205.523385][T14633] usb 6-1: SerialNumber: syz
[ 1205.599924][T14633] usb 6-1: config 0 descriptor??
[ 1205.617736][ T5891] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 1205.626333][T14633] gspca_main: sonixb-2.14.0 probing 0c45:608f
[ 1205.646226][    T9] usb 4-1: USB disconnect, device number 2
[ 1205.765469][T13155]  (null): failure reading functionality
[ 1205.782908][T13155] i2c i2c-1: failure reading functionality
[ 1205.799973][T13155] i2c i2c-1: connected i2c-tiny-usb device
[ 1205.831824][T22321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1205.846232][T22321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1205.950721][T14633] sonixb 6-1:0.0: Error reading register 00: -71
[ 1205.961977][T14633] usb 6-1: USB disconnect, device number 31
[ 1206.787460][ T5891] gspca_zc3xx: reg_w_i err -71
[ 1207.117784][T22336] trusted_key: encrypted_key: insufficient parameters specified
[ 1207.160191][    T9] usb 1-1: USB disconnect, device number 107
[ 1207.494104][ T5891] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 1207.621214][ T5891] gspca_zc3xx 7-1:0.141: probe with driver gspca_zc3xx failed with error -71
[ 1207.768936][ T5891] usb 7-1: USB disconnect, device number 27
[ 1208.089066][ T5845] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1208.116872][T22350] geneve2: entered promiscuous mode
[ 1208.122516][T22350] geneve2: entered allmulticast mode
[ 1208.265247][ T5845] usb 6-1: config 0 has no interfaces?
[ 1208.270959][ T5845] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1208.283108][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.308997][ T5845] usb 6-1: config 0 descriptor??
[ 1208.583512][T22340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1208.590037][ T5891] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1208.604489][T22340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1208.624204][    T9] usb 6-1: USB disconnect, device number 32
[ 1208.750923][ T5891] usb 7-1: Using ep0 maxpacket: 8
[ 1208.759770][ T5891] usb 7-1: config 6 has an invalid interface number: 2 but max is 0
[ 1208.767780][ T5891] usb 7-1: config 6 has no interface number 0
[ 1208.776888][ T5891] usb 7-1: config 6 interface 2 altsetting 255 endpoint 0xB has invalid wMaxPacketSize 0
[ 1208.787440][ T5891] usb 7-1: config 6 interface 2 altsetting 255 has an endpoint descriptor with address 0xE9, changing to 0x89
[ 1208.803121][ T5891] usb 7-1: config 6 interface 2 altsetting 255 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1208.816220][ T5891] usb 7-1: config 6 interface 2 has no altsetting 0
[ 1208.834512][ T5891] usb 7-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1208.847742][ T5891] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.857016][ T5891] usb 7-1: Product: syz
[ 1208.865429][ T5891] usb 7-1: Manufacturer: syz
[ 1208.871925][ T5891] usb 7-1: SerialNumber: syz
[ 1208.879349][T22357] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[ 1208.885973][T22357] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1208.894399][ T5891] hso 7-1:6.2: Failed to find INT IN ep
[ 1208.912392][T22357] vhci_hcd vhci_hcd.0: Device attached
[ 1208.942104][T13155] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1208.976774][T22360] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(13)
[ 1208.983403][T22360] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1209.006376][T22360] vhci_hcd vhci_hcd.0: Device attached
[ 1209.019256][T22357] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1209.086853][    T9] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1209.117450][T22357] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(15)
[ 1209.124098][T22357] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1209.126870][T13155] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1209.146535][T22352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1209.147661][T13155] usb 3-1: config 0 has no interfaces?
[ 1209.155167][ T5845] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[ 1209.192539][T13155] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1209.193376][T22357] vhci_hcd vhci_hcd.0: Device attached
[ 1209.206277][T13155] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1209.217210][T13155] usb 3-1: Product: syz
[ 1209.228065][T22352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1209.238610][    T9] usb 6-1: device descriptor read/64, error -71
[ 1209.242993][T13155] usb 3-1: Manufacturer: syz
[ 1209.259340][T13155] usb 3-1: SerialNumber: syz
[ 1209.266367][T13155] usb 3-1: config 0 descriptor??
[ 1209.362384][T22357] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(19)
[ 1209.369000][T22357] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1209.388907][T22357] vhci_hcd vhci_hcd.0: Device attached
[ 1209.479652][T22357] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1209.489434][T22357] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1209.506680][T22357] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1209.617983][    T9] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1209.655322][T22360] vhci_hcd vhci_hcd.0: port 0 already used
[ 1209.791371][T13155] usb 7-1: USB disconnect, device number 28
[ 1209.791705][T22370] vhci_hcd: connection closed
[ 1209.800874][T22365] vhci_hcd: connection closed
[ 1209.801483][ T3573] vhci_hcd: stop threads
[ 1209.806358][T22362] vhci_hcd: connection closed
[ 1209.818668][    T9] usb 6-1: device descriptor read/64, error -71
[ 1209.833006][T22358] vhci_hcd: connection reset by peer
[ 1209.863449][ T3573] vhci_hcd: release socket
[ 1209.927181][ T3573] vhci_hcd: disconnect device
[ 1209.935535][ T3573] vhci_hcd: stop threads
[ 1209.941388][ T3573] vhci_hcd: release socket
[ 1209.945900][ T3573] vhci_hcd: disconnect device
[ 1209.956707][ T3573] vhci_hcd: stop threads
[ 1209.966473][ T3573] vhci_hcd: release socket
[ 1209.970320][    T9] usb usb6-port1: attempt power cycle
[ 1209.986884][ T3573] vhci_hcd: disconnect device
[ 1209.997151][ T3573] vhci_hcd: stop threads
[ 1210.007156][ T3573] vhci_hcd: release socket
[ 1210.014814][ T3573] vhci_hcd: disconnect device
[ 1210.318774][    T9] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1210.346888][T22382] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1210.367781][    T9] usb 6-1: device descriptor read/8, error -71
[ 1210.675419][    T9] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1210.749768][    T9] usb 6-1: device descriptor read/8, error -71
[ 1210.889033][    T9] usb usb6-port1: unable to enumerate USB device
[ 1211.325940][T22402] program syz.0.4719 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1211.926274][  T975] usb 3-1: USB disconnect, device number 18
[ 1213.058683][T22421] netlink: 52 bytes leftover after parsing attributes in process `syz.6.4725'.
[ 1213.417041][ T5843] Bluetooth: hci3: unexpected event for opcode 0x080c
[ 1214.318662][ T5845] vhci_hcd: vhci_device speed not set
[ 1214.511642][T22411] ALSA: mixer_oss: invalid index 40000
[ 1214.535013][T13155] IPVS: starting estimator thread 0...
[ 1214.658692][T22439] IPVS: using max 52 ests per chain, 124800 per kthread
[ 1215.864430][T22472] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4741'.
[ 1215.942594][T22472] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4741'.
[ 1216.097191][T22477] nvme_fabrics: missing parameter 'transport=%s'
[ 1216.114928][T22477] nvme_fabrics: missing parameter 'nqn=%s'
[ 1216.149336][T22482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1216.217393][  T975] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 1216.228224][  T975] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 1216.354921][ T3573] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 1216.490410][ T3573] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 1216.634940][ T3573] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 1217.771198][T22502] kvm: kvm [22500]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111
[ 1220.641389][T22533] netlink: 'syz.6.4762': attribute type 7 has an invalid length.
[ 1220.811749][T22537] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4762'.
[ 1220.821776][T22537] ksmbd: Unknown IPC event: 0, ignore.
[ 1220.904757][T22533] : entered promiscuous mode
[ 1221.066814][T22547] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4764'.
[ 1222.501469][T22576] netlink: 'syz.2.4768': attribute type 4 has an invalid length.
[ 1223.118610][ T5891] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1223.278581][ T5891] usb 6-1: Using ep0 maxpacket: 16
[ 1223.288321][ T5891] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1223.322202][ T5891] usb 6-1: config 0 has no interface number 0
[ 1223.368226][ T5891] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[ 1223.407089][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1223.442216][ T5891] usb 6-1: Product: syz
[ 1223.446419][ T5891] usb 6-1: Manufacturer: syz
[ 1223.461686][ T5891] usb 6-1: SerialNumber: syz
[ 1223.479529][ T5891] usb 6-1: config 0 descriptor??
[ 1223.522473][ T5891] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1224.701768][T22599] 
[ 1224.704140][T22599] =====================================================
[ 1224.711074][T22599] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1224.718518][T22599] 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 Not tainted
[ 1224.725615][T22599] -----------------------------------------------------
[ 1224.732531][T22599] syz.2.4780/22599 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1224.740251][T22599] ffff8880282f9750 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4f0
[ 1224.748951][T22599] 
[ 1224.748951][T22599] and this task is already holding:
[ 1224.756297][T22599] ffff88805d42e028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xf8/0xaf0
[ 1224.766031][T22599] which would create a new lock dependency:
[ 1224.771901][T22599]  (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 1224.779987][T22599] 
[ 1224.779987][T22599] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1224.789428][T22599]  (&client->buffer_lock){..-.}-{3:3}
[ 1224.789453][T22599] 
[ 1224.789453][T22599] ... which became SOFTIRQ-irq-safe at:
[ 1224.802498][T22599]   lock_acquire+0x116/0x2f0
[ 1224.807089][T22599]   _raw_spin_lock+0x2e/0x40
[ 1224.811675][T22599]   evdev_pass_values+0xf8/0xaf0
[ 1224.816607][T22599]   evdev_events+0x1c2/0x300
[ 1224.821184][T22599]   input_pass_values+0x268/0x890
[ 1224.826202][T22599]   input_event_dispose+0x3bc/0x610
[ 1224.831394][T22599]   input_handle_event+0xa9c/0xc10
[ 1224.836498][T22599]   input_event+0x9f/0xe0
[ 1224.840815][T22599]   hidinput_hid_event+0x144d/0x1d90
[ 1224.846092][T22599]   hid_process_event+0x439/0x590
[ 1224.851369][T22599]   hid_report_raw_event+0xf27/0x17c0
[ 1224.856730][T22599]   hid_input_report+0x419/0x500
[ 1224.861653][T22599]   hid_irq_in+0x4a0/0x6d0
[ 1224.866072][T22599]   __usb_hcd_giveback_urb+0x42e/0x6e0
[ 1224.871529][T22599]   dummy_timer+0x84b/0x4670
[ 1224.876108][T22599]   __hrtimer_run_queues+0x5a6/0xd40
[ 1224.881386][T22599]   hrtimer_run_softirq+0x19a/0x2c0
[ 1224.886573][T22599]   handle_softirqs+0x2d6/0x9b0
[ 1224.891417][T22599]   __irq_exit_rcu+0xfb/0x220
[ 1224.896081][T22599]   irq_exit_rcu+0x9/0x30
[ 1224.900403][T22599]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1224.906115][T22599]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1224.912166][T22599]   _raw_spin_unlock_irqrestore+0xd9/0x140
[ 1224.917961][T22599]   __debug_object_init+0x284/0x480
[ 1224.923148][T22599]   hrtimer_setup_sleeper_on_stack+0x24/0x80
[ 1224.929121][T22599]   futex_setup_timer+0x48/0xd0
[ 1224.933957][T22599]   futex_wait+0xe8/0x370
[ 1224.938273][T22599]   do_futex+0x37c/0x5a0
[ 1224.942503][T22599]   __se_sys_futex_time32+0x406/0x490
[ 1224.947861][T22599]   __do_fast_syscall_32+0xb4/0x110
[ 1224.953046][T22599]   do_fast_syscall_32+0x34/0x80
[ 1224.957966][T22599]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1224.964367][T22599] 
[ 1224.964367][T22599] to a SOFTIRQ-irq-unsafe lock:
[ 1224.971363][T22599]  (tasklist_lock){.+.+}-{3:3}
[ 1224.971388][T22599] 
[ 1224.971388][T22599] ... which became SOFTIRQ-irq-unsafe at:
[ 1224.983984][T22599] ...
[ 1224.983992][T22599]   lock_acquire+0x116/0x2f0
[ 1224.991138][T22599]   _raw_read_lock+0x36/0x50
[ 1224.995735][T22599]   __do_wait+0x132/0x850
[ 1225.000064][T22599]   do_wait+0x1fe/0x510
[ 1225.004209][T22599]   kernel_wait+0xeb/0x240
[ 1225.008613][T22599]   call_usermodehelper_exec_work+0xbd/0x230
[ 1225.014588][T22599]   process_scheduled_works+0xac3/0x18e0
[ 1225.020215][T22599]   worker_thread+0x870/0xd50
[ 1225.024880][T22599]   kthread+0x7b7/0x940
[ 1225.029032][T22599]   ret_from_fork+0x4b/0x80
[ 1225.033523][T22599]   ret_from_fork_asm+0x1a/0x30
[ 1225.038358][T22599] 
[ 1225.038358][T22599] other info that might help us debug this:
[ 1225.038358][T22599] 
[ 1225.048574][T22599] Chain exists of:
[ 1225.048574][T22599]   &client->buffer_lock --> &new->fa_lock --> tasklist_lock
[ 1225.048574][T22599] 
[ 1225.061691][T22599]  Possible interrupt unsafe locking scenario:
[ 1225.061691][T22599] 
[ 1225.069991][T22599]        CPU0                    CPU1
[ 1225.075347][T22599]        ----                    ----
[ 1225.080701][T22599]   lock(tasklist_lock);
[ 1225.084932][T22599]                                local_irq_disable();
[ 1225.091671][T22599]                                lock(&client->buffer_lock);
[ 1225.099027][T22599]                                lock(&new->fa_lock);
[ 1225.105776][T22599]   <Interrupt>
[ 1225.109215][T22599]     lock(&client->buffer_lock);
[ 1225.114223][T22599] 
[ 1225.114223][T22599]  *** DEADLOCK ***
[ 1225.114223][T22599] 
[ 1225.122346][T22599] 7 locks held by syz.2.4780/22599:
[ 1225.127523][T22599]  #0: ffff88802a913118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1bb/0x5e0
[ 1225.136658][T22599]  #1: ffff88801efeb230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xc8/0x360
[ 1225.146747][T22599]  #2: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xd9/0x360
[ 1225.156412][T22599]  #3: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8e/0x890
[ 1225.165971][T22599]  #4: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x6f/0x300
[ 1225.175097][T22599]  #5: ffff88805d42e028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xf8/0xaf0
[ 1225.185270][T22599]  #6: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x54/0x4f0
[ 1225.194308][T22599] 
[ 1225.194308][T22599] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1225.204695][T22599] -> (&client->buffer_lock){..-.}-{3:3} {
[ 1225.210417][T22599]    IN-SOFTIRQ-W at:
[ 1225.214381][T22599]                     lock_acquire+0x116/0x2f0
[ 1225.220524][T22599]                     _raw_spin_lock+0x2e/0x40
[ 1225.226668][T22599]                     evdev_pass_values+0xf8/0xaf0
[ 1225.233164][T22599]                     evdev_events+0x1c2/0x300
[ 1225.239308][T22599]                     input_pass_values+0x268/0x890
[ 1225.245887][T22599]                     input_event_dispose+0x3bc/0x610
[ 1225.252638][T22599]                     input_handle_event+0xa9c/0xc10
[ 1225.259297][T22599]                     input_event+0x9f/0xe0
[ 1225.265175][T22599]                     hidinput_hid_event+0x144d/0x1d90
[ 1225.272011][T22599]                     hid_process_event+0x439/0x590
[ 1225.278587][T22599]                     hid_report_raw_event+0xf27/0x17c0
[ 1225.285509][T22599]                     hid_input_report+0x419/0x500
[ 1225.291996][T22599]                     hid_irq_in+0x4a0/0x6d0
[ 1225.297962][T22599]                     __usb_hcd_giveback_urb+0x42e/0x6e0
[ 1225.304966][T22599]                     dummy_timer+0x84b/0x4670
[ 1225.311105][T22599]                     __hrtimer_run_queues+0x5a6/0xd40
[ 1225.317934][T22599]                     hrtimer_run_softirq+0x19a/0x2c0
[ 1225.324681][T22599]                     handle_softirqs+0x2d6/0x9b0
[ 1225.331082][T22599]                     __irq_exit_rcu+0xfb/0x220
[ 1225.337306][T22599]                     irq_exit_rcu+0x9/0x30
[ 1225.343192][T22599]                     sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1225.350464][T22599]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1225.358077][T22599]                     _raw_spin_unlock_irqrestore+0xd9/0x140
[ 1225.365481][T22599]                     __debug_object_init+0x284/0x480
[ 1225.372232][T22599]                     hrtimer_setup_sleeper_on_stack+0x24/0x80
[ 1225.379761][T22599]                     futex_setup_timer+0x48/0xd0
[ 1225.386158][T22599]                     futex_wait+0xe8/0x370
[ 1225.392044][T22599]                     do_futex+0x37c/0x5a0
[ 1225.397833][T22599]                     __se_sys_futex_time32+0x406/0x490
[ 1225.404754][T22599]                     __do_fast_syscall_32+0xb4/0x110
[ 1225.411500][T22599]                     do_fast_syscall_32+0x34/0x80
[ 1225.417984][T22599]                     entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1225.425948][T22599]    INITIAL USE at:
[ 1225.429829][T22599]                    lock_acquire+0x116/0x2f0
[ 1225.435953][T22599]                    _raw_spin_lock+0x2e/0x40
[ 1225.442018][T22599]                    evdev_pass_values+0xf8/0xaf0
[ 1225.448420][T22599]                    evdev_events+0x1c2/0x300
[ 1225.454474][T22599]                    input_pass_values+0x268/0x890
[ 1225.460963][T22599]                    input_event_dispose+0x31b/0x610
[ 1225.467620][T22599]                    input_handle_event+0xa9c/0xc10
[ 1225.474192][T22599]                    input_inject_event+0x221/0x360
[ 1225.480762][T22599]                    evdev_write+0x409/0x5e0
[ 1225.486730][T22599]                    vfs_write+0x2bc/0xd10
[ 1225.492530][T22599]                    ksys_write+0x19d/0x2d0
[ 1225.498407][T22599]                    __do_fast_syscall_32+0xb4/0x110
[ 1225.505067][T22599]                    do_fast_syscall_32+0x34/0x80
[ 1225.511467][T22599]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1225.519345][T22599]  }
[ 1225.521825][T22599]  ... key      at: [<ffffffff9aab98c0>] evdev_open.__key.23+0x0/0x20
[ 1225.529966][T22599] 
[ 1225.529966][T22599] the dependencies between the lock to be acquired
[ 1225.529975][T22599]  and SOFTIRQ-irq-unsafe lock:
[ 1225.543447][T22599]   -> (tasklist_lock){.+.+}-{3:3} {
[ 1225.548736][T22599]      HARDIRQ-ON-R at:
[ 1225.552874][T22599]                         lock_acquire+0x116/0x2f0
[ 1225.559363][T22599]                         _raw_read_lock+0x36/0x50
[ 1225.565848][T22599]                         __do_wait+0x132/0x850
[ 1225.572070][T22599]                         do_wait+0x1fe/0x510
[ 1225.578126][T22599]                         kernel_wait+0xeb/0x240
[ 1225.584437][T22599]                         call_usermodehelper_exec_work+0xbd/0x230
[ 1225.592328][T22599]                         process_scheduled_works+0xac3/0x18e0
[ 1225.599947][T22599]                         worker_thread+0x870/0xd50
[ 1225.606515][T22599]                         kthread+0x7b7/0x940
[ 1225.612564][T22599]                         ret_from_fork+0x4b/0x80
[ 1225.619049][T22599]                         ret_from_fork_asm+0x1a/0x30
[ 1225.625792][T22599]      SOFTIRQ-ON-R at:
[ 1225.629931][T22599]                         lock_acquire+0x116/0x2f0
[ 1225.636416][T22599]                         _raw_read_lock+0x36/0x50
[ 1225.642905][T22599]                         __do_wait+0x132/0x850
[ 1225.649141][T22599]                         do_wait+0x1fe/0x510
[ 1225.655191][T22599]                         kernel_wait+0xeb/0x240
[ 1225.661513][T22599]                         call_usermodehelper_exec_work+0xbd/0x230
[ 1225.669394][T22599]                         process_scheduled_works+0xac3/0x18e0
[ 1225.676923][T22599]                         worker_thread+0x870/0xd50
[ 1225.683493][T22599]                         kthread+0x7b7/0x940
[ 1225.689548][T22599]                         ret_from_fork+0x4b/0x80
[ 1225.695944][T22599]                         ret_from_fork_asm+0x1a/0x30
[ 1225.702701][T22599]      INITIAL USE at:
[ 1225.706763][T22599]                        lock_acquire+0x116/0x2f0
[ 1225.713611][T22599]                        _raw_write_lock_irq+0xd3/0x120
[ 1225.720551][T22599]                        copy_process+0x221b/0x3d10
[ 1225.727134][T22599]                        kernel_clone+0x242/0x930
[ 1225.733544][T22599]                        user_mode_thread+0x148/0x1c0
[ 1225.740292][T22599]                        rest_init+0x23/0x300
[ 1225.746345][T22599]                        start_kernel+0x484/0x510
[ 1225.752754][T22599]                        x86_64_start_reservations+0x2a/0x30
[ 1225.760112][T22599]                        x86_64_start_kernel+0x66/0x70
[ 1225.766952][T22599]                        common_startup_64+0x13e/0x147
[ 1225.773790][T22599]      INITIAL READ USE at:
[ 1225.778277][T22599]                             lock_acquire+0x116/0x2f0
[ 1225.785112][T22599]                             _raw_read_lock+0x36/0x50
[ 1225.792214][T22599]                             __do_wait+0x132/0x850
[ 1225.798790][T22599]                             do_wait+0x1fe/0x510
[ 1225.805190][T22599]                             kernel_wait+0xeb/0x240
[ 1225.811849][T22599]                             call_usermodehelper_exec_work+0xbd/0x230
[ 1225.820082][T22599]                             process_scheduled_works+0xac3/0x18e0
[ 1225.827970][T22599]                             worker_thread+0x870/0xd50
[ 1225.834887][T22599]                             kthread+0x7b7/0x940
[ 1225.841286][T22599]                             ret_from_fork+0x4b/0x80
[ 1225.848028][T22599]                             ret_from_fork_asm+0x1a/0x30
[ 1225.855128][T22599]    }
[ 1225.857786][T22599]    ... key      at: [<ffffffff8ea0c058>] tasklist_lock+0x18/0x40
[ 1225.865667][T22599]    ... acquired at:
[ 1225.869627][T22599]    lock_acquire+0x116/0x2f0
[ 1225.874293][T22599]    _raw_read_lock+0x36/0x50
[ 1225.878958][T22599]    send_sigurg+0x141/0x430
[ 1225.883533][T22599]    sk_send_sigurg+0x6e/0x2f0
[ 1225.888282][T22599]    queue_oob+0x4b2/0x650
[ 1225.892700][T22599]    unix_stream_sendmsg+0xd47/0x1000
[ 1225.898075][T22599]    __sock_sendmsg+0x221/0x270
[ 1225.902922][T22599]    ____sys_sendmsg+0x523/0x860
[ 1225.907853][T22599]    __sys_sendmmsg+0x4a3/0x7b0
[ 1225.912689][T22599]    __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1225.918575][T22599]    __do_fast_syscall_32+0xb4/0x110
[ 1225.923849][T22599]    do_fast_syscall_32+0x34/0x80
[ 1225.928860][T22599]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1225.935349][T22599] 
[ 1225.937655][T22599]  -> (&f_owner->lock){....}-{3:3} {
[ 1225.942945][T22599]     INITIAL USE at:
[ 1225.946909][T22599]                      lock_acquire+0x116/0x2f0
[ 1225.953258][T22599]                      _raw_write_lock_irq+0xd3/0x120
[ 1225.960016][T22599]                      __f_setown+0x68/0x380
[ 1225.965982][T22599]                      fcntl_dirnotify+0x3f0/0x6b0
[ 1225.972465][T22599]                      do_fcntl+0x88d/0x1b20
[ 1225.978429][T22599]                      do_compat_fcntl64+0x58a/0xdc0
[ 1225.985086][T22599]                      __do_fast_syscall_32+0xb4/0x110
[ 1225.991928][T22599]                      do_fast_syscall_32+0x34/0x80
[ 1225.998497][T22599]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.006550][T22599]     INITIAL READ USE at:
[ 1226.010950][T22599]                           lock_acquire+0x116/0x2f0
[ 1226.017610][T22599]                           _raw_read_lock_irqsave+0xe0/0x130
[ 1226.025055][T22599]                           send_sigio+0x37/0x390
[ 1226.031451][T22599]                           dnotify_handle_event+0x153/0x460
[ 1226.038806][T22599]                           fsnotify+0x1f05/0x2310
[ 1226.045296][T22599]                           path_openat+0x16a2/0x35d0
[ 1226.052043][T22599]                           do_filp_open+0x284/0x4e0
[ 1226.058708][T22599]                           do_sys_openat2+0x12b/0x1d0
[ 1226.065543][T22599]                           __ia32_compat_sys_openat+0x241/0x290
[ 1226.073244][T22599]                           __do_fast_syscall_32+0xb4/0x110
[ 1226.080600][T22599]                           do_fast_syscall_32+0x34/0x80
[ 1226.087604][T22599]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.096086][T22599]   }
[ 1226.098655][T22599]   ... key      at: [<ffffffff9a7aac80>] file_f_owner_allocate.__key+0x0/0x20
[ 1226.107575][T22599]   ... acquired at:
[ 1226.111447][T22599]    lock_acquire+0x116/0x2f0
[ 1226.116110][T22599]    _raw_read_lock_irqsave+0xe0/0x130
[ 1226.121558][T22599]    send_sigio+0x37/0x390
[ 1226.125958][T22599]    kill_fasync+0x253/0x4f0
[ 1226.130536][T22599]    sock_wake_async+0x147/0x170
[ 1226.135458][T22599]    sk_wake_async+0x183/0x280
[ 1226.140205][T22599]    unix_release_sock+0x729/0xd10
[ 1226.145300][T22599]    unix_release+0x91/0xc0
[ 1226.149787][T22599]    sock_close+0xbc/0x240
[ 1226.154188][T22599]    __fput+0x3e9/0x9f0
[ 1226.158328][T22599]    task_work_run+0x251/0x310
[ 1226.163078][T22599]    do_exit+0xa11/0x27f0
[ 1226.167394][T22599]    do_group_exit+0x207/0x2c0
[ 1226.172145][T22599]    get_signal+0x1696/0x1730
[ 1226.176810][T22599]    arch_do_signal_or_restart+0x98/0x810
[ 1226.182519][T22599]    syscall_exit_to_user_mode+0xce/0x340
[ 1226.188220][T22599]    __do_fast_syscall_32+0xc1/0x110
[ 1226.193488][T22599]    do_fast_syscall_32+0x34/0x80
[ 1226.198494][T22599]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.204990][T22599] 
[ 1226.207297][T22599] -> (&new->fa_lock){....}-{3:3} {
[ 1226.212413][T22599]    INITIAL USE at:
[ 1226.216293][T22599]                    lock_acquire+0x116/0x2f0
[ 1226.222346][T22599]                    _raw_write_lock_irq+0xd3/0x120
[ 1226.228922][T22599]                    fasync_remove_entry+0xec/0x1b0
[ 1226.235494][T22599]                    sock_fasync+0x87/0x100
[ 1226.241369][T22599]                    __fput+0x81e/0x9f0
[ 1226.246906][T22599]                    task_work_run+0x251/0x310
[ 1226.253044][T22599]                    syscall_exit_to_user_mode+0x13f/0x340
[ 1226.260224][T22599]                    __do_fast_syscall_32+0xc1/0x110
[ 1226.266889][T22599]                    do_fast_syscall_32+0x34/0x80
[ 1226.273291][T22599]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.281171][T22599]    INITIAL READ USE at:
[ 1226.285482][T22599]                         lock_acquire+0x116/0x2f0
[ 1226.292004][T22599]                         _raw_read_lock_irqsave+0xe0/0x130
[ 1226.299275][T22599]                         kill_fasync+0x199/0x4f0
[ 1226.305675][T22599]                         sock_wake_async+0x147/0x170
[ 1226.312425][T22599]                         af_alg_wmem_wakeup+0x3c1/0x440
[ 1226.319430][T22599]                         skcipher_recvmsg+0x11e4/0x1250
[ 1226.326435][T22599]                         sock_recvmsg+0x22f/0x280
[ 1226.333114][T22599]                         __sys_recvfrom+0x204/0x380
[ 1226.339801][T22599]                         __ia32_compat_sys_socketcall+0x487/0x1460
[ 1226.347777][T22599]                         __do_fast_syscall_32+0xb4/0x110
[ 1226.354893][T22599]                         do_fast_syscall_32+0x34/0x80
[ 1226.361734][T22599]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.370060][T22599]  }
[ 1226.372550][T22599]  ... key      at: [<ffffffff9a7aaca0>] fasync_insert_entry.__key+0x0/0x20
[ 1226.381225][T22599]  ... acquired at:
[ 1226.385019][T22599]    lock_acquire+0x116/0x2f0
[ 1226.389701][T22599]    _raw_read_lock_irqsave+0xe0/0x130
[ 1226.395159][T22599]    kill_fasync+0x199/0x4f0
[ 1226.399741][T22599]    evdev_pass_values+0x5a2/0xaf0
[ 1226.404851][T22599]    evdev_events+0x1c2/0x300
[ 1226.409523][T22599]    input_pass_values+0x268/0x890
[ 1226.414628][T22599]    input_event_dispose+0x31b/0x610
[ 1226.419903][T22599]    input_handle_event+0xa9c/0xc10
[ 1226.425092][T22599]    input_inject_event+0x221/0x360
[ 1226.430278][T22599]    evdev_write+0x409/0x5e0
[ 1226.434858][T22599]    vfs_write+0x2bc/0xd10
[ 1226.439295][T22599]    ksys_write+0x19d/0x2d0
[ 1226.443790][T22599]    __do_fast_syscall_32+0xb4/0x110
[ 1226.449061][T22599]    do_fast_syscall_32+0x34/0x80
[ 1226.454084][T22599]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.460585][T22599] 
[ 1226.462896][T22599] 
[ 1226.462896][T22599] stack backtrace:
[ 1226.468784][T22599] CPU: 0 UID: 0 PID: 22599 Comm: syz.2.4780 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[ 1226.468803][T22599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1226.468812][T22599] Call Trace:
[ 1226.468818][T22599]  <TASK>
[ 1226.468824][T22599]  dump_stack_lvl+0x241/0x360
[ 1226.468845][T22599]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1226.468863][T22599]  ? __pfx__printk+0x10/0x10
[ 1226.468882][T22599]  validate_chain+0x22bb/0x24e0
[ 1226.468903][T22599]  __lock_acquire+0xad5/0xd80
[ 1226.468923][T22599]  lock_acquire+0x116/0x2f0
[ 1226.468938][T22599]  ? kill_fasync+0x199/0x4f0
[ 1226.468956][T22599]  _raw_read_lock_irqsave+0xe0/0x130
[ 1226.468975][T22599]  ? kill_fasync+0x199/0x4f0
[ 1226.468988][T22599]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[ 1226.469010][T22599]  kill_fasync+0x199/0x4f0
[ 1226.469023][T22599]  ? kill_fasync+0x54/0x4f0
[ 1226.469038][T22599]  evdev_pass_values+0x5a2/0xaf0
[ 1226.469059][T22599]  ? evdev_pass_values+0x611/0xaf0
[ 1226.469078][T22599]  evdev_events+0x1c2/0x300
[ 1226.469094][T22599]  ? evdev_events+0x6f/0x300
[ 1226.469112][T22599]  input_pass_values+0x268/0x890
[ 1226.469129][T22599]  ? input_pass_values+0x8e/0x890
[ 1226.469145][T22599]  ? do_raw_spin_lock+0x151/0x370
[ 1226.469161][T22599]  input_event_dispose+0x31b/0x610
[ 1226.469177][T22599]  input_handle_event+0xa9c/0xc10
[ 1226.469194][T22599]  ? __pfx_input_handle_event+0x10/0x10
[ 1226.469211][T22599]  input_inject_event+0x221/0x360
[ 1226.469225][T22599]  ? input_inject_event+0xd9/0x360
[ 1226.469241][T22599]  evdev_write+0x409/0x5e0
[ 1226.469260][T22599]  ? futex_hash+0x1e/0x1f0
[ 1226.469273][T22599]  ? __pfx_evdev_write+0x10/0x10
[ 1226.469291][T22599]  ? bpf_lsm_file_permission+0x9/0x10
[ 1226.469309][T22599]  ? rw_verify_area+0x246/0x630
[ 1226.469324][T22599]  ? __pfx_evdev_write+0x10/0x10
[ 1226.469342][T22599]  vfs_write+0x2bc/0xd10
[ 1226.469366][T22599]  ? __pfx_vfs_write+0x10/0x10
[ 1226.469382][T22599]  ? __fget_files+0x2a/0x420
[ 1226.469393][T22599]  ? __fget_files+0x2a/0x420
[ 1226.469405][T22599]  ? __fget_files+0x39d/0x420
[ 1226.469416][T22599]  ? __fget_files+0x2a/0x420
[ 1226.469430][T22599]  ksys_write+0x19d/0x2d0
[ 1226.469447][T22599]  ? __pfx_ksys_write+0x10/0x10
[ 1226.469464][T22599]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1226.469477][T22599]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1226.469490][T22599]  __do_fast_syscall_32+0xb4/0x110
[ 1226.469503][T22599]  ? ret_from_fork_asm+0x1a/0x30
[ 1226.469515][T22599]  ? lockdep_hardirqs_on+0x9d/0x150
[ 1226.469528][T22599]  do_fast_syscall_32+0x34/0x80
[ 1226.469542][T22599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1226.469557][T22599] RIP: 0023:0xf7f02539
[ 1226.469570][T22599] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1226.469582][T22599] RSP: 002b:00000000f502655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1226.469597][T22599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1226.469607][T22599] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000
[ 1226.469616][T22599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1226.469624][T22599] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1226.469632][T22599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1226.469645][T22599]  </TASK>
[ 1226.793040][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1226.916918][  T975] usb 6-1: USB disconnect, device number 37
[ 1227.766567][T22578] Set syz1 is full, maxelem 65536 reached
[ 1228.489004][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog