last executing test programs:

28m19.681104998s ago: executing program 4 (id=2786):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c3", 0x0, 0xb})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000c00)=0xc, 0x6, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x80, 0x0, 0x10, 0x70bd29, 0x25dfdbff, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'virt_wifi0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_vlan\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

28m19.143198853s ago: executing program 4 (id=2789):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8), 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x9, 0x8001, 0x0, 0xc, 0x0, 0xfffffdfffffffffe, 0xfa11, 0xffffffff}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3, 0x80000})
r6 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})
r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f00000002c0)={0xa, 0x4e22, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000300)="426b7988685fed0d2f2e1bfcd4931e4aed587c09ebdbdb5970effeadb4219d6aac3c50c47d80a57270fea84218", 0x2d}, {&(0x7f00000012c0)="394e201dd46c98e8e3b77a04f04e9a54c926883bdd43968a3b89ca03dda59ceed8e6135e54b041fea5335499b0c4ae03097f53c54e0a9b857d7d5d720561d88859dee98a09f492837c7b35004352ed7f5cfceab9174fd366cd39277385793823652147b2b52fd51b99d5594866d0624a2791ba0e9f79250a2604caecdc6338f116e1af711ce515ca6fef41b887c668be00f1d1cad97663798bdee18a1416e61f4d2ab1d613a0bbd931fd07cd568c9d320551e9d35ec701cfe22dfe2800214b805dcf133a7dc32d32d35d973134645954637bc073c5e9ca86cca575033fad72832383666b05592f856fa6586ec6bd27bad1ad2221c296b5f2d555663da2dbf19877b92c7c647229184e237b60248f7855cfec477cedb35505cfbe7e3255b49f46a127975f2412a5dc24b50e797c897fde8c7069faa5cd2a5a20dd92d8ca235d5109014c546c6768d077eb6ea8991161b3ca96bd677e778d0dc36623bfc5b80f441eddcbea36bc656881b2432974d0cc14f01170aca0d701a02c759fe49e2c7bd8bbca9172e39a1beb9ea99d054f07b1a694a773627da999543ebf33d2c14c4237b03b51bfc4297f1cd18bbcc0a3e47aeb03d75b4356fc670a58f64aeefa2e0d0b2dd6a562508f8b3571850dca5409b5c050efe6ee19d6adbcdbac6bf15383f596a86bd2222f30b37feb8d547047350368650cef3fcb5354630817f15f018d1bc474489ad6812da5a28c0ad198c82d1ccb842a689e916d9701b92a11aa334921f49071272cff792d5d727e3bf6c279e1e2b11aafffbf121fd40b3fb1e20c9ad46c37097a54d680269b4a1f8b47fa688e098d59c6c9d512dad8cf202e86d677ba9a02eab492d4176071c43d6b140e5f0dd86ba619a82ecd46a0f14cb520cf10bfa5fa0470c45de2d5a7d4810e4fa94d3084570f90df7c7e209868fc1ba26728900a847d327d56102c15cf74c07724aecc9f339af5690e978f4d56f8fe4239db08df0d4b8a10732c1701dfb13fb1be5c78359de7e544db7699b2393b72ea2d8cfacca2006102d42fa01cab1d64f3b7bb41f5877a36ac9892a93f5dcc1868872d54509316e303df872c86600fe447ec9fc021165e1cf89e82fd87cf8a32d1b913ae7a9a9764e662bea06b5f505b450e8d9e847051e4ec15ca00f902e7817ba334fd05661886b559ef988f7a63ae78a03455a61a5a2a3dea8b73fbf0b15d2d22eb0105c3bad62a3bfe2a28fc4a8052154ecc89874967a1462a1c2f2f4370c0c8aea5ae0002063ebbd3a96a5600c531aa4eef4c1564ff1592873df6846659d973069f3986a364fd46e44f9784d6a4b5b4c8dc5aa142e5b0f4e31ef07cf334862f34f3eb7dff852b2574ff10ff9922721206eff9f17df82be875cd44767e96dedd3a3534002e5ac8dff761385bd741c1f2df338f731562dfab6d84dfdcdfef2640faf3f231d939fad618ae7bca1a8dbb4c01195828ee5a3a004691847cabfddf76faaaedf8bcc06c8829b86f0ddd5586da6fd4fe6a80867ebc107b7c18cb41aec8032346f04273131dc949eb875658c9b0a69d621256575108ae52a0a76cc3af06bbf9c9efb430ab6b8f2dff05c14a255a3fb685302b596798d300e4530df4b49c36435dfbae76671a73878eae6b39333aaa9157c9b002c650dba7b5aa08e3d2cc7fbb275590b9d596b822881510ad534101102c934c6d390f20bd1fb8b25d7a2d6f63de4555d4bac85555e32ee70743e53d0d5e9197a8b3f86b15f15db4b9f183d1abeafd6142550dbd1ca1c585ce3f2c0ebe8c44900dd647ff90ca34777aa8ea82eab70da593b8efd88354549d5614d50d9a278c2643489265650474c95cc79755e126a4b3ffce6717487136bc5dbc3bef2f48d5dd009ce322dcf2ab7fc88313d53c76fecb825aae5d2c26997dbff86a0af8abc127ef0ba5c608a7b89fbfdff705f73078f55936d93534b3b08cb4af4ec6dd0f270badce2e6917fd8a3892043809ba501d9412bb26383f5f34ae5203413abbb3aedf9a8c311a6d8a762fe6dc6737aff7704f655bb5e86a2219588083062126d68180cda36009b41339723dd03e4207d3e66977a8383a49b96a380473c9f9f9ea28adf61ae4e48584269fa8d0f28bec0d6098d56386a2d66cf122e66440731dc14efc76d4dd4ab3a1081f5f4246cb474430a88e54bb969714a1d92d2e71c6dd8bfaf356889c0ec8ff4789238649c8f81826115168bd9176649e963c6fcd874ed2a39cdee743345bbfefcc9a3af67124307630a5e094455b38c9ec41ba624665b08c61aa2ec8323d090689a3fff35dfc2985fa22c5235442d3c1455b0ce1105e201ed32f597d6abab15fae6b2ba9f9b4d5cbe87836f8e7d824dadfbf6d730d0724d1a313cecca1b4572a755d1b076581acf621f2b7557a06f4e1cef996830599c14ec8a16e090889128fdc07873fffeb158bb22b38338d09bad484989810f5c838ff40d00f7c381e9cc65feda1a90d56f4989f14108e6c7333ef60d2e27a83e3b5bd635e253e2d578074d5f5b2e3fc9b735107d10d8c00d3c9b1b672a04456f7da909de19d7579b64fc6fe535a9dd4a523e0cfad1eddf1f1f7e64fcd09c356278aafcec54ad4d283d3195788c04079714b34e6f1eba45fd62145be0bc649b5fd68c18407ede0240f8fb043952b3c4cfe72561f1a9a064b8692a65c9d780d8d848950c842b42b8859b69c1e0cf261c33702d31da19671c5dbf06dbc6ba71ad9418ab2cc855b58d5d983a4a362d243b08306f054fec12cf8c84dd4ea6ec725ff1042d3e62d977e5e21be94a1aef09c7b3512b6a7fe7aa33dbc3a9e438c564d1c0f132038815aa14b8b93f26788d1a1cb46e5cd11fbf647bb97524b19622edc65c005d3332b452bfbf7e963d53d3a19297b530423be140ea95070d8f558fbd40ad21df31fab321741130d3cee87b1e34b2ade44074619d8bf322088cb711d5497bfced0d6ea9103627618968f1fbf94af64882284314becaa3f75f6ffbcc9335e3bc048aabace365800df40a400529191f92d104fd9c2847738b169de7207f11ad7f965ada7b6a8cf4bcd1bcae2e64105a5ab9ba1300046a1edf74cd88dda79b095da9eb104e4cbcd85cbbc07f762183e09b7ba58ad19a0b30ea270e65dc419a96010679a82c6f36902ced678e961252129953df6ab51ecc131e304efad9001fa9b53e5e6017ce45dee1be9096e364f01f1dafb986e7a417a706672b1d5fcdea9ef1789e0e0c898fc13c2c8a83469935d11b727c5eb81bf32f0d8b85c6cc03fb3eac91ba591c81c98bbe04de07c97fbc01f5ecf1f58dfc020fbe791d48698a6ab832a1e1417c252f65cf97f756c1b2aab8b586de4e778fd7695657868719943776522eb81aa7079442bb34aebb2a0c5cfd28dc81ab847cf0a22b296b34444a8896c8acbf1ec4f3b3ac7feafbc3910db973db7c813cb85a89ac6321de9d3a63c6990547960eb05d2ca75064fd598cd54ebfcc9c1909da944a2efca89c8ce401715a6ca3cc1458d3db043bee606119a11181cb72f813489127afba92b74f1f7efaaab7a5d80aad7da4577cd0111e20f5338fc6e70867d7342c04e5cd854b18910918ca3a780f4c74f1afe1409d58418ac62afe06c87a20cc1604ae8ac36705969a4a0e59d545d6adfe1f0857a674d093c74c6a1711a1f3406d8d35923da37cab30ad33f965179fa2a4bb3ee4f19a62863ec91503c1a0b5f7de949a812e1a34881ebb05f8b99291374f460f83bb5a28bc3becb6945aa96b819c9b404a9a3e787aa98ecc5ac734dcf88e2175fa01d642890d368b092110bc40e6e5a4fca21d98da79a650d8db2a4cfe71eb25cc13ca96856a1f1b3d9ababd8b0113f6c060b9ecc2c90ab44747b5fd40245822f6e8a1a60d21143b71a1584c9057562ac9d590d03b4e8118164d738dd585d4717730e5a33fd9555461b8e80f179c73cc4a68eeb5cbfe9139b20756b4940c78b0a64cfb6c9c81a4946fc549a957b5dbd6ffa66999dc20d72177aef4d9575c32f20609698967b9339dddb49a6492b10c4f47528f84e03d7c7ab8772960492f5f4bc63921086cca4e5cfd805cbba749ab126a0241584d153041a311ce2a45b91ac1151474b37a693a2d724771be94564cd1954a876e13fae87e70fd772b351d4a902e5253ae247c9f6bce405530df084caa83427b50bd314fd86c5aad35dbb6b68dac5373d043833f2d2f1752ba2457c842ac432d6ecdfbbc3dd34831b241cdbc58a58b8ab639bfe1d735f2dc32ede25f718e3b3cfc3ea3e9b0ea90664bf04cc741169d669e99af1a0da95305de1771e8f640147b4979c8deacfa6079453bbeece8b993f5c4047bcb3d42bbd1fb0eb2f9115d33210cedf6fe5850842e1d745bf1ca4750c01abb6dec5a299af786010716d5a95518e8840260d975d8620818fa2dec60557374b860046383205e6d9c5e051cc11151b211858488d50cccd1ad573afbafc243dc2e6813370a1d329a304a5795947c1a1b4db4678402c82e1facb35ea4780a2b1b2550550f8012f0b798b252ecddc1cf0eeed1a098d0d5eff7e58a47219c2da4f19f7656539a1d109514704137abb687fbeefe9927e6c1b889f97a675c0e066be9aabab250887cb3c35eed1e06e2d3f4056fc88c4cae7acfc4c10f584983547db5f9752ee2e1fb4cb732e5e1c3f3343631083ffff2e8c39ff4400297b51a1aaaf0b388d40c37b51df4465fb5bd597370b89d0f20028508a9221f66d5fffa0ed93e2df2326ff9b8c0ce74da86cb9fd830fb693c760297ad28cd1be5788e068ef848b1d966d2926de779949cb668454f1b3f7359a9b66ae9e4e26a051ebb59cc7dee43b619e45e1ea61497893e2aa2195c2ffcf5999ae60ef699f6734c6d9f0e0581c481524548ad2cb0d0b902a5f6f79f0b58a1db0d76b98349e6e80e19260eda3bc92d3e9e193d81973180aca123ed75e216cfc7f9656847565e2f41564c207a0265191c0b6f68704cd0464bfca695648fd48329235e0fa7e8d0a98d4c5946822871ff244a9cf3ab9edd0db9eb8bfeb52af7394d9b4d8f31286de9638e17670479c4376d2f0a3b8db45c184543f8378968fc7fc6b75469676fc202a86b38e439ba788ee665f5513b97046ee8642b26fb17d217b32cf06004b10b3c2b9d690666caaa733a1f55ad7b304f04dbc89271d87211907661330ba313388175700c4b132fab3e86ec724cd4e39563266bee8ad96be5320e6a687c3c2a708953758b7234078dd94fb335dd8507910d48e5b2b7e68994355ac81dbab535ab0ea562fb7a7c477b5d055e2dc5171f97fbf4df2a77c0ebb14db603aae60f3eee7c8c4c6377b9a45a29f6d21697f277a0a5b4e5d2663bc7c6dcad2ec38d882d002eeac406c1a099d02982b9465eb7309b23866b0e284560fa229805107cfb8129143f460920f044a14d8ce7a85e2445a8bf211f44af52e3685d6f53e0c2b5872ec364534a64212423aed05f24082cc65cd0099b4f2ce99972f4cb84e0c525fca66cb86bb8a8ece48cf10aa5284d1737a6fd001ed19f477f0aaa7612e2e5a1cb32d6b9f5e34d728c0af59cae16510fe962ee3ecef37cf3a02edb411bf51b6ee45a7b63106ac7b9075e17920813393aa0f4f754f34dbc7d9d43f3dbe7605eaaa0ed199b5f64bb009852fb07ed25f53459c26176fab216a9ffa11513703812a78124a6a75e9ba85604a1cb320422410aa6b81c973e65cf97b6a9f3b4ecd11d21e8eaed1353e3e7e800491911f5cbf04e58d602c4e1cb95dcf93bbb370972d998ae18a94cac6", 0xff8}], 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="5c01000029000000370000003b280000000000000d47274ea056d3fceb1c80c8468cebc511f85cd7ac01ae8bef3f5b74cd23e5ecbe10d6fda1c62e1c1455b98a74f68889c53f30a5058346a7dd3d42dda8c4824597585210a8b1775d6107e70a9fdd3882ab23d6cb66f0bc1acf1177db0c1ec1b4967a32d377c2f0541466d20b2735332df9e4755ef9b1f0134926817ea45ed2094bdf9b48718108e133184db8ee9a5c8e23dd13d2d1228d95c4af8c9186cdb47e17335c536553e380185cd1cf64cf44b1295d965044b36b035aa805e6b7b301b8212a099d7158fe9b6eaba6614c2f633c2c60bca617c35a3d13fa08135f9578b65c05c47ed4856410964de89f9319a1d7877143ad4155c544c6b9741d0f2a9ae1238daed337d310b4b5d8a4267551839cfe7c36b867894a9b33c5c347e1fb4b84ec6dc9948c41f4a06288d160c8c30e6452a8050200030502fc0001090000000000000000000000006400000029000000390000001b0a010700000000fe80000000000000000000000000000a00000000000000000000ffff0a010102fe800000000000000000000000000015fe8000000000000000000000000000bbfe80000000000000000000000000001e10000000290000004300000000000000100000002900000034000000090000002400000029000000360000001d010000000000000106000000000000c20400000fff00002400000029000000390000006c02000d00"/552], 0x228}}], 0x1, 0x8800)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x800000)
ioctl$KVM_SET_SREGS(r10, 0x4138ae84, &(0x7f0000000100)={{0x100000, 0x100000, 0x10, 0x1, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2000, 0xf, 0xf6, 0x0, 0x0, 0x1, 0xff, 0x8, 0x0, 0x5}, {0x50000, 0xdddd7002, 0x0, 0x80, 0xf9, 0x0, 0xff, 0x0, 0x2, 0x0, 0x4}, {0x5000, 0x2, 0xf, 0x41, 0x0, 0x2, 0x1, 0x0, 0x0, 0x3}, {0x4000, 0xdddd1000, 0x8, 0x21, 0x3, 0x10, 0xc0, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x100000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0xdddd1000, 0xffffffff, 0xa, 0x0, 0x2, 0xfd, 0x0, 0x7, 0x3a, 0xa}, {0xeeef0000, 0x2, 0x0, 0x2, 0x7, 0x6, 0x7, 0x0, 0xfa, 0x0, 0xfe, 0x5}, {0x0, 0x400}, {}, 0xddf8ffdb, 0x0, 0x0, 0x100, 0x7, 0x4000, 0xffff1000, [0x400000000000000, 0x10000000020, 0x2]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_TRANSLATE(r10, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50})
r11 = fsmount(r7, 0x0, 0x6)
r12 = syz_usb_connect$printer(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r9], 0x0)
syz_usb_control_io(r12, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r13 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
poll(&(0x7f0000000240)=[{r13, 0x10}], 0x1, 0x1)
fchdir(r11)

28m15.77151543s ago: executing program 4 (id=2807):
socket(0x1d, 0x6, 0x3)
socket$inet(0x2, 0x2, 0x7d)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$nullb(0xffffff9c, &(0x7f0000000180), 0xe4600, 0x0)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x500)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x5, 0xf, 0x0, 0x2, 0x8, 0x8, 0xb31a, 0x3}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8bcb650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c1da009444a131f4da58ae36556dd38ea6c029607462029add0924000000000267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6711f234db5aaa13f382ad796bd667c9e00000009873931d2873103", "0f9dafb4", "ec3fff03ff0000c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r3, 0x5421, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
writev(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000240)={0x2, 0x4e21, @multicast1}, 0x10)
close(r3)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
syz_emit_ethernet(0x2c, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000008902450c001e0064000004029078e0000001e0cb5a180fff1ffee614"], 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)

28m14.236587808s ago: executing program 4 (id=2814):
unshare(0x2a060400)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000a00)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffc}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x5c}}, 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018011000100666c6f775f6f66666c6f616400000000100002800900010073797a30000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
close(r2)
r3 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r3, 0x114, 0x5, &(0x7f0000000100)=""/102400, &(0x7f00000000c0)=0x19000)
socket$qrtr(0x2a, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x4c, 0x5, 0xa, 0x2915024094f4014f, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0xe8}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$fou(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x1c, r11, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r10, 0x0)

28m14.084532301s ago: executing program 4 (id=2815):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3103000000f1000000de0800000008000300", @ANYRES32=r2], 0x24}, 0x7ffffffe}, 0x0)

28m13.767164753s ago: executing program 4 (id=2816):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKTRACESETUP(r2, 0xc0401273, &(0x7f0000000680)={'\x00', 0x3, 0x10, 0x1005308, 0xfffffffffffffffb, 0x5, <r3=>0xffffffffffffffff})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49})
write$sndseq(r4, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x2c200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r2, 0xc0401273, &(0x7f0000000140)={'\x00', 0x7ff, 0x6000000, 0x8, 0x50, 0x5, r3})
r7 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r8, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000000}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x1}]}]}, 0xfc}}, 0x0)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r9)
sendmsg$TIPC_NL_BEARER_ENABLE(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, r11, 0x1, 0x0, 0x3, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x44, @dev={0xfe, 0x80, '\x00', 0x16}, 0xff8}}, {0x20, 0x2, @in6={0xa, 0x0, 0xfffffffc, @mcast2}}}}]}]}, 0x6c}}, 0x0)

27m58.474906815s ago: executing program 32 (id=2816):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKTRACESETUP(r2, 0xc0401273, &(0x7f0000000680)={'\x00', 0x3, 0x10, 0x1005308, 0xfffffffffffffffb, 0x5, <r3=>0xffffffffffffffff})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49})
write$sndseq(r4, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x2c200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r2, 0xc0401273, &(0x7f0000000140)={'\x00', 0x7ff, 0x6000000, 0x8, 0x50, 0x5, r3})
r7 = socket(0x1e, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r8, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000000}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x1}]}]}, 0xfc}}, 0x0)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r9)
sendmsg$TIPC_NL_BEARER_ENABLE(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, r11, 0x1, 0x0, 0x3, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x44, @dev={0xfe, 0x80, '\x00', 0x16}, 0xff8}}, {0x20, 0x2, @in6={0xa, 0x0, 0xfffffffc, @mcast2}}}}]}]}, 0x6c}}, 0x0)

5.136319688s ago: executing program 5 (id=9913):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001080002"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b7000000001a0000bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff00000000ae04020000000000be400300000000006504030001ed00007b130000000000004d44000000000000620a00fe000000007933000000000000b5030000000000009500000000000000023bc065b7a379d17cf9333379fc05000000912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554d1b583c587e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9a0200000000000000e3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb1d2cd871c5548930be3835f2554b4a28610643a98d9ec21ead2ed51b104d4d91af25b84550a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7076c15b463bebc72f526d8e4a9e231d512381e7a78afcb913466aae7f6df70252e79166d858fc152b659da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33d39000d06a59ff61622cfd9aa58fe8d485ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bde4cc3ed54d27f777e92b87496e6649cf728d236619074d6ebdf098bc908c423d228a40f9411fe7226a40409d6e37c4f46756d31cb46761bade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18de0ae564162a27afea62d84f3a10746443d64364f56e24e6d21053d901204a1deeed41556175cbd4041b7d301bcb72652d950ad31928b0b093778b68e2e9853c02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595bcf50ab32d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063b59261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfdce669e51731b2875353193f82ade69d0540059fe6c7fe7c00fb7502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abd47b64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022af46667cf25c5d3038816106dec28eaeb88343261a48a18f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfeff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c55318294270a1ad10d30fef7c24b78b29d83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead8eaf68b0c5dda0467d35a3807000000b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ea1e717d29135753208165b9cdbae037f315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d7012c1b45f6ada1ee7baa5b6a686b50f09b7f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac4d73a008364e0602a594817031fc2ff2c32a1989e00f52f8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e016820f78b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1b8f916b9671b7000000000040f4bee5ad2dea2d14e195265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879d4e7dc00624708042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b85343f9f36bcda9f64b7a5c5b2f5452f5b1de02e6f15c5640bf89d4a74d51dc233dee628c1dfbb5566b98478c174b34eb234481547e484c6af101396b6977dd668b401391c1dc54f2edccf1cabe6be9868d383eb937efdfd9ade018106f544f04fc07ad525497f65fbad3cf145396acf3b0d38e6b46e28d86880fd6f62c373000000000000000000005d194c27cd4d8f6727de79be80fb4493a0ee2e85f59c71dc84311c0f1fb6c87081c7be9355288610c32c2d8c18bf2027212182903687f48262aea54c5f8a315c9aa4a5af1aa2c4007d1baae38c270012b7eb9411ae451204dba30f8321b07a18db97c3e0cf6a15170e515b1cc463a67a5b2b23ec5662ccfa898b8d5075647bdfb390cde56efb8fd42df12c5c8f66bdc58449ec2b38bf12f5f0a49dcbcf4e6f11c47d23fa34793a0000a1cbb1e06e9a8d2449451d7a05ec0a0d3c9716f505ddeba488c60ebf44cac05c2739694359c925148137376dd3f1330ed0e9211f73ee279cc0b5c298422395ce438f48a39ff569375e609f9e904aacc3d8011326d5e4d654c74501cf16bbf72d3984f9b4ef000000003a8a3d49fc837001e4622e58e3a4ef6b55a8dd0680d951cdb6e54ed92a9a6a0e5e494b7b7b0ef4b4bafc5d964551b2a22bfd12b0761ef07a103e51e84917ee44f860b9785e264343f6a80e9318edecf73df6940856cd56c56eb3831445833c701044aaa49439a44a624267580b3c0980d7f87437bf498f6e1915450400000000000000564a02552c0a5fedbcf4da0db6ed03b9dbc224ee76d20aaf1ac74bcb7eb6f202209e64cc4d130dcf6ab3df8ae4911deb4bb5c7df97fc348d151e834be73915f854272f69d88123f666448b6a8e73322b04fffea9cc05e4129debf311c73b4d1a244b1e5b9943028745a0b6477686740ab877315e35624d791e6f71adb1acd3e22cf472ff7e048b16c11c84da9a3b16b92665912132a4dba680052919c20e191311d8092a09f3c609823fed1bd651ce1c34de105790ba2ca3afa26647f66efbf97b109e7226c74e32beb14ff3fd6918e255fc9b42f86b0188cf885afcc9bb77a7fc3ca7ec1015af494add960f8a11422ca005f24006867cd156e0350022943e301b2c07f4d37d07b05ac2fa1f1d5a0d6eb7e992b076bd77509c26034d2a740d578476410b413591884136259693effaf27e7bcfb58efa92625fb9bd68ecca42047f6e7d24b0446ea16a310073c163d1c6aa3ba1fe76b4e88d5f98cc05c6d033e2c28b4990892230d6b4e5c083a601a25145eb22f4f77313117f8147810d95c64fb78b0a000000000000000000000000e92ba8b066e4bd82bb6003d5da8791d838bcd6eefb13000000000000000000000000000000b652ff6fbad82da75114742bc6a27cba894ef490531be709a3a3c81b267dfafa55e6f855200b4e7518682c30f40808cd5bb8f00beb63b4989cc01d8e75a182337b9f9e08430ccec9bda0134d07a9f54b60033182f5d2bb61fd130d65e68bf148d26470060c707a8cf750ca954ee63c78cd975c7f565783383f02edcb7ce4a9ed0c511d18fe32352276d72eefe0d566f97ccae16b3492f60b96574aac4f1862fb6e4932c181dbf8c68ca16b765de9edba0bf5bfb9c4950d19c0bc31db02f374ce62141160436639d4b6cb0033a47ffdc54d55f1136743b1b26946f200000000000000007590ab8f29c7accd9d11786c4ca1271cd2293b572f14a3dfcaa3467f2783fc09e3eee3fa4b82b7b6ce904e05fa797a2f7ff63e4f874bd870821f6460904e05d7a3f8295a9a5fd21e3587b9d9e878c86ba9b66c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0xffffffffffffff7f)
accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt(0xffffffffffffffff, 0x6, 0x9, &(0x7f00000001c0)="6ac3", 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e40)=ANY=[@ANYBLOB="140000001000010000000000000000000000060000000000000003000000000040000000070000040900010073797a300000000068000000090a010400000000000000000700000408000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c24001280200001800a0001006d61746368000000100002800c000100697072616e6765000800034000000120034bb1e703000000000000001ab26fcc140000001000010000000000000000000084000a3ab534c45b682562837d840999de731200db46eac82285439565394223d354429fb938c11e023b15ec4d5636cc48c3115979735544c44e21ce6fb1fe9bdf59dcda58629eb70e7d88e2a0d669d993e2ff5c102a53d82931894564399083fa028fda0f624f7053d1e03f7e3d7977b44ea7120cb40838cd96897ecb0efdf85910acbfd2694a0bc7bea5ca85a2675d1998bcaa5a9c48a8009bafee31f51add2861ed87"], 0xb0}}, 0x20050800)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000700)={'veth0\x00', <r5=>0x0})
sendmsg$can_raw(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r5}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0)
getsockopt$sock_timeval(r2, 0x1, 0x43, 0x0, &(0x7f0000000380))
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000000c0), 0x40)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_procs(r8, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40701, 0x0)
sendfile(r9, r9, 0x0, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.88521377s ago: executing program 0 (id=9916):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
recvmsg$can_j1939(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000003bc0)=""/111, 0x6f}, {&(0x7f0000000600)=""/4095, 0xfff}], 0x2}, 0x10000) (fail_nth: 6)
sendmmsg$alg(r1, &(0x7f00000001c0)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001880)="2cbddd39dad9edc182feabcec21043acf4901b5df84f6709085697efcd0fcbfd23a6ee947703d4caecd6891f8ef08b05deb5c46024483e03e2f5b82ceb60e8c70a3daccd2cc4d80d591400b3b86e89d92e93a7f80fa9422943323f143a75765e287ff71a12b15aa80efc2142c9193a1a", 0x70}], 0x1, 0x0, 0x0, 0x15}], 0x1, 0x4000000)
sendmsg$AUDIT_USER(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x3ed, 0x400, 0x70bd27, 0x25dfdbfb, "b3dd5a"}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x40000c1)

4.319976563s ago: executing program 0 (id=9917):
r0 = memfd_create(&(0x7f0000000500)='\x00'/12, 0x4)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x2982, 0x0)
ioctl$TIOCNXCL(r1, 0x540d)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x59096000)
ftruncate(r0, 0x1000000)

4.254510975s ago: executing program 0 (id=9918):
socket(0x1d, 0x6, 0x3)
socket$inet(0x2, 0x2, 0x7d)
openat$nullb(0xffffff9c, &(0x7f0000000180), 0xe4600, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x500)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x5, 0xf, 0x0, 0x2, 0x8, 0x8, 0xb31a, 0x3}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8bcb650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c1da009444a131f4da58ae36556dd38ea6c029607462029add0924000000000267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6711f234db5aaa13f382ad796bd667c9e00000009873931d2873103", "0f9dafb4", "ec3fff03ff0000c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r1, 0x5421, &(0x7f0000000140)=0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x12)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000240)={0x2, 0x4e21, @multicast1}, 0x10)
close(r1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
syz_emit_ethernet(0x2c, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000008902450c001e0064000004029078e0000001e0cb5a180fff1ffee614"], 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)

4.014654445s ago: executing program 5 (id=9919):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000a80)=[r2, 0x0], 0x2, 0x80800})
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x4, 0x4)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setpgid(r3, r3)
unshare(0x2c020400)
r4 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x16f}, 0x8)
close(r4)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e22, 0x8, @loopback, 0x1800}, 0x1c)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x4e4c01, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xc9)
bind$inet(r6, 0x0, 0x0)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x4e20, 0xd, @remote, 0x1}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6a33180000481100fe800000000000000000d500000000bbff0200000000000000000000000000014e204e20004890780300000000000000dc521c259b538a2bf2a113dc2eeec0a072edf20b6d59027fd646c088088f51e72eb2f7e7b219c2c3b85e4508546e551af9e59631718ba089833ae2d3d5c225d60b7133442fb286013518b35e6bdb06c02f76e103459789303870e0459b53b34fc5c9e4f43b568c6148d9aaab0849c8440bf972bd7fc5"], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x10}, 0x18)
openat$vnet(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)
setpgid(0x0, r3)
wait4(r3, 0x0, 0x2, 0x0)

3.731385695s ago: executing program 2 (id=9923):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x900}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x9}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x48}}, 0x0)

3.617311706s ago: executing program 0 (id=9924):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0xffd4, &(0x7f0000000380)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x80000001}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@call={0x85, 0x0, 0x0, 0xb}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000004}, 0x94)

3.49620208s ago: executing program 2 (id=9926):
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
socket(0x2, 0x3, 0xff)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)

3.367397327s ago: executing program 0 (id=9927):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xec, 0xcb, 0xc0, 0x10, 0x506, 0x11f8, 0xb628, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x52, 0x0, 0x0, 0x9a, 0x66, 0xd4}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000a00)={0x18, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$rfkill(0xffffff9c, &(0x7f0000000740), 0x80000, 0x0)
openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000200)={0x18, &(0x7f0000000000)={0x0, 0x23, 0xc7, {0xc7, 0x21, "5f012c6fe8b7a7e6ac425efcee86a336e82f8cb7d9aacb0111a31f6510e5b918c3fb18d3f632e0f4d42073636a772173bd12e2f7883b8dfeca64eec99fd970fb0fa69a80abfcc309219a7962c25395f0ce05403b8773615e8089b816dfc51174b65d7f424fb196c83040285247008ac5bcbba2d68431b0fba199c4dc33f661742b1c81763cc5d0a6a657f5fda1f3da57678d348b1e9bbdf5b523e1595fce8fc6d87cca03df746ead6ea34bbacd7e759a5be14543c5e7bb93f5f21c31a040ee6263877cf6a4"}}, &(0x7f0000000100)={0x0, 0x3, 0x1a, @string={0x1a, 0x3, "d3903e545ce1ebbee33b8976f603f4e1cd985f9b08dc7810"}}, &(0x7f0000000140)={0x0, 0xf, 0x35, {0x5, 0xf, 0x35, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x0, 0xa1, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0xa, 0x7, 0x646}, @ss_container_id={0x14, 0x10, 0x4, 0xec, "a1297a7c4653f9010e90182f67b40f82"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4d, 0x3, 0x3, 0xfe00, 0x5}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x2, 0x5, 0xf2, "92e4ead6", "0b94fb32"}}, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x10, 0x3, 0x4e, 0x4, 0xed, 0x4, 0x1}}}, &(0x7f00000006c0)={0x44, &(0x7f0000000300)={0x40, 0x16, 0xa3, "6e305509038650c3374e22a4ad0b248061eb4097fad0e1ba2b3934e6a4f189203e70e6d120c432d51c57ba39d7d07e6daac5e96a3bd93661c1b865fd36d6e2e3f22a4aa5e6a71e9b89e010fb51682f8f3dc4ee10905a538fad59258bdab901810e8d314ee4d7b512eda91442f416032e8121f3a8fb924d741ec14010226294a7a9826f6dc50d410d663402edf653531ea5c29cd00985bc7aa5e0b4312ea4d83c84b1ce"}, &(0x7f0000000240)={0x0, 0xa, 0x1}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x4}, 0x0, &(0x7f00000003c0)={0x20, 0x0, 0x8, {0x800, 0x4, [0xf00f]}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0xb}, &(0x7f0000000480)={0x40, 0xb, 0x2, "c107"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x100}, &(0x7f0000000500)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}}, &(0x7f0000000540)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}}, &(0x7f0000000580)={0x40, 0x19, 0x2, "35e2"}, &(0x7f00000005c0)={0x40, 0x1a, 0x2, 0xb892}, &(0x7f0000000600)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000640)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000000680)={0x40, 0x21, 0x1, 0x6}})

3.354631805s ago: executing program 1 (id=9928):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x100)
fallocate(r0, 0x3, 0x2, 0x8000c62)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket(0x22, 0x2, 0x3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000006080)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_COALESCE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fbdbdf256400000008000300", @ANYRES32=r6], 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x4084) (fail_nth: 1)
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x68, r5, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x68}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x4004851)
getsockopt$packet_buf(r3, 0x107, 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x6a040000)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x4, 0x83, 0x5, 0x4, 0x6f, @remote, @mcast2={0xff, 0x3}, 0x8000, 0x80, 0x4, 0x3}})
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r9=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r9, <r10=>0xffffffffffffffff})
ppoll(&(0x7f0000000000)=[{r10}], 0x1, 0x0, 0x0, 0x0)
r11 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r11, 0x1, 0x2, &(0x7f00000000c0)=0x6, 0x4)

3.181726194s ago: executing program 2 (id=9930):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x100)
fallocate(r0, 0x3, 0x2, 0x8000c62)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket(0x22, 0x2, 0x3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000006080)={'wlan1\x00'})
sendmsg$NL80211_CMD_GET_COALESCE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fbdbdf256400000008000300", @ANYRES16=r2], 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x4084)
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x68, r5, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x68}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000140)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r8, 0xc02064a5, &(0x7f0000000280)={r7, 0x0, 0x0, 0x0, 0x0})
getsockopt$packet_buf(r3, 0x107, 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x6a040000)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x4, 0x83, 0x5, 0x4, 0x6f, @remote, @mcast2={0xff, 0x3}, 0x8000, 0x80, 0x4, 0x3}})
r10 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r10, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r11=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r11})

2.384109167s ago: executing program 5 (id=9931):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x14d802, 0x0) (async)
ioctl$FS_IOC_RESVSP(r0, 0x402c5839, &(0x7f00000004c0)={0x20, 0x3, 0x9, 0x8})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x1}, {0x100, 0x9, 0x6, 0x4}, {0x5, 0x7, 0x7, 0x2}, {0x240, 0xfc, 0xf, 0x2}, {0x9, 0x1, 0xd, 0x1}, {0x100, 0x4, 0xf9, 0x9}]}, 0x8)

2.231794304s ago: executing program 1 (id=9933):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
connect$inet6(r0, 0x0, 0x0)

2.111380199s ago: executing program 5 (id=9934):
r0 = socket$inet6(0xa, 0x3, 0x5)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
dup2(r1, r0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x80105013, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000400)=ANY=[], 0x8)
sendmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000340)=@l2tp6={0xa, 0x500, 0x80000, @dev, 0x0, 0x1}, 0x80, 0x0}, 0x5b4}], 0x1, 0x4840)

1.999459237s ago: executing program 1 (id=9935):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x258, 0x0, 0x8000000002000000}]})

1.881312653s ago: executing program 5 (id=9936):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000000)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778)

1.693878622s ago: executing program 1 (id=9938):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000600))
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000001800)=[{{&(0x7f0000000780)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000800)=""/20, 0xfffffffffffffcdc}, {&(0x7f0000000900)=""/112, 0x70}, {&(0x7f0000000980)=""/57, 0x39}, {&(0x7f00000009c0)=""/95, 0x5f}, {&(0x7f0000000a40)=""/177, 0xb1}], 0x5, &(0x7f0000000b40)=""/141, 0x8d}, 0xddb}, {{&(0x7f0000000c00)=@nl=@proc, 0x80, &(0x7f0000001200)=[{&(0x7f0000000c80)=""/219, 0xdb}, {&(0x7f0000000d80)=""/252, 0xfc}, {&(0x7f0000000e80)=""/12, 0xc}, {&(0x7f0000000ec0)=""/249, 0xf9}, {&(0x7f0000000fc0)=""/221, 0xdd}, {&(0x7f00000010c0)=""/101, 0x65}, {&(0x7f0000001140)=""/175, 0xaf}], 0x7, &(0x7f0000001240)=""/247, 0xf7}, 0x6}, {{&(0x7f0000001340)=@rc, 0x80, &(0x7f0000001540)=[{&(0x7f00000013c0)=""/173, 0xad}, {&(0x7f0000001480)=""/16, 0x10}, {&(0x7f0000001500)=""/44, 0x2c}], 0x3, &(0x7f0000001580)=""/33, 0x21}, 0x70d4}, {{&(0x7f00000015c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000001700)=[{&(0x7f0000001640)=""/161, 0xa1}], 0x1, &(0x7f0000001740)=""/142, 0x8e}, 0x68d2}], 0x4, 0x40000002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f00000014c0), 0x6540, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000002300)={&(0x7f00000022c0)={0x30, 0x2, 0x3, 0x801, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x1, 0x2}}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x26}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000081}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f00000000c0)={<r7=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet6_opts(r6, 0x29, 0x39, &(0x7f0000000000)=@fragment={0x3b, 0x0, 0x1, 0x0, 0x0, 0x6, 0x68}, 0x8)
signalfd4(r5, &(0x7f00000001c0)={[0x5, 0x4]}, 0x8, 0x101000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001880)={0x38, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x1, 0x47}}}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x38}}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000700)={0xc2, 0x0, 0x800d, 0x1, 0x8, 0x1, 0x9, 0x6, r7}, &(0x7f0000000740)=0x20)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r11, 0x84, 0x9, &(0x7f0000000840)={r7, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0xfffff64a}}, 0x3, 0x2, 0x614, 0x5, 0xd, 0x7, 0x4}, 0x9c)
writev(r2, &(0x7f00000005c0)=[{&(0x7f00000002c0)="580000001400192340834b80040d8c560a0677bc45ff819a00000000000058000b480400945f64009400050028925a01000000080000008000f0fffeffe809000000fff5dd000000100001000c081000418e00000004fcff570d6db17986dc19ba4cca55aef29569f6e48d4828b40dce3e7a1d4f0c843857fece3b208fe575411df5c2d8196932c6c29b037fc0251249c9740efbb54cea041bb2ebf7fce4a24552c3d31a53e1a5ef622d158d5d79888223b67324b3e7b94a88d715227f65b8ab6d7b4d79b6e0000a947c72a5114af2f26550508e8579deab84f39f9beec0f06691682c84041fb93f7f782acab777a7bf4a44b907fad449aad39072759835155642bee6dd1a710f9f081cd00b79a3bc31586f56c048d073124459829be0fd116c374b15a7c37ebb41746dc42ba2c0cb83a719683a36e38b0660738c481d17cdc852fd53f2cb177b768085ade6fc05d5ae9259e9a8f53efa3911e63997da5018f5b4578ad56af6d9e160b0f437a2b4debe1220a3a395bcbd54f0ba65c1b4b7a9fd0e4a39e00c53fed8458f974ff3ecc4b9ca96339ab5cb05853efebf3531088f102ea772ab3adb88920ab6886d181cb00ed57c00e3afc77f723c4d9fc136d14c66035c49a1f1fbf572be69ca738144c332efc7646d2c4a8bc6e304177933bd7f6e6111fd1427d48b023dc3de7f850522b708e8748b23964f2f4e56893ff702dbb1013ceaa7e84d957b457e71", 0x20b}, {&(0x7f0000000500)="d5947317b0eeb96d2e339d336a7781f6738f77035cb95e9a11edac70c3e083f2995738743b13a676c87924", 0x2b}, {&(0x7f0000000640)="2d78d7291f82912cd1e952371daf94ac335f72d7832a177024a1e76296f8b82eb96b7323ee26e2a68f2b0957e64ef494ebc452b06d50bf2ed0db2d9560b6745be04da515eb4b1324df1822c0fba0dfedff4d23273257cbf1ce1380531fb3271e9a8a8816fdc2a82e4fc4f52752e8b8a91dd60e013d56fe310db1ed429dc148d1d81834a088869242bee30ef1b74bd7d3fc3a43e0c7b2afec76b7f5be9ac29950017e4e", 0xa3}], 0x3)
bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sm3)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)

1.638223194s ago: executing program 3 (id=9939):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000035c0), r1)
sendmmsg$alg(r1, &(0x7f0000003380)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)="6e6b22c2e4e78b140e7eb28ed712a15589ffca9a09da92b374edb846dc58ca1f8dcc58c1fbe85fe86cf9e6e9fa54d3b5d51a41f3a952347d9e0809408e4e72924c40e16d48adc5532b2e4eca4160fe0c4716637778fd40b81112b8580c61cdf3b4cf9b3bb662a832384073a6a6986274fff950409e4213f90d39a798c3da1aec0c42c959e2fe6f26320ee39ca21f9235045d79d0ce1d5f0c1cadac8f19aff6601aa47ec574c9ebc03e27d41d7bcf46836ab93c44d6fd8f20d89e94b417947e20e282c22e799f3711a314a3c0", 0xcc}, {&(0x7f00000003c0)="9491849c857fc6d99e53a0f5874d42bbdc15bc761d7f245b2e970a36c4c427f016c260fb60d8e3a030c9906b6fd2152d8654a58d574d8892d8bf5dac505d3900aff74d8c1f7ee5ea99a2f4f9797aeeace5e275c0a1482c3bd555a5015eec95ba7eb84979853316de3cfac9db5e0ed94370c5871505a3b4ccad9457873aac15f28a070b598165deff2fe26e200064aa", 0x8f}, {&(0x7f0000000480)="6be7688258eb70d3e560b33bf7c5d4ac4b2344c7307e7606cebb3c4b5a6f55045fcbc59c9896833e1b10629d530f98bb64c2ee90ea0a517543be1ee19ec91b23d92b2166e8d49841b3d08e3a30ef06beab140ff2c35366bfca72f9d5a8fcb4f4198b4aa30ca7d427ab06f268f8400260e1a6d83a7e192ee150897a3797be79cc91d1e7572d0014d8b89a3cb10077c803a97734e6cecea5d8d4c2cf620959126652f3cb66e597314f1d1a7383bd474fa1f868e80fa1a63143ece4772fc110c7dcd4cd1248ea26dd46cdc98c4565ebda4f5966b07e530b9b42e475e72b9f9c11f37c250c5fb2d54652bade70547265469f215295f4ab71", 0xf6}, {&(0x7f0000001680)="6ce261f529ce3e69f0f30ead94fdf71205ffb702c405f043140c5f5d8c2c3d0b061752a0050d1f2d2719eb6fecb8b6911f0f456f46537417d016358b475b9eb10fe55bd89dd10b9c563d367fc40d007ee0ab10318750a41fa6a0e5abfa0cddef0724a4d65ae7cb729af68ba732711892371cfcae455a2a8cb606b40ecf44c9cc83e54d452a3b89d6aaa44b3cc4ed2c9acaccc3d645629f04b73a1dc185", 0x9d}, {&(0x7f0000004840)="37eb8356ccd03a39e45c90ebd2fa7d82029d76324f90510738e9c3ac7583a697d406072b079e3083be5b4cfcbb1f5b", 0x2f}], 0x5, &(0x7f0000000580)=[@assoc={0x10, 0x117, 0x4, 0xf}, @assoc={0x10, 0x117, 0x4, 0x5}, @op={0x10, 0x117, 0x3, 0x1}], 0x30, 0x1}], 0x1, 0x24002894)

1.516351454s ago: executing program 2 (id=9940):
timer_create(0x2, 0x0, &(0x7f0000000000)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
timer_settime(r0, 0x1, &(0x7f0000000740)={{0x0, 0x989680}, {r1, r2+60000000}}, 0x0)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000340)={{0x77359400}, {0x0, 0x9}}, 0x0) (fail_nth: 11)

1.189481335s ago: executing program 3 (id=9941):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x700, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x7}, [@RTA_GATEWAY={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x17}}, @RTA_MULTIPATH={0xc, 0x9, {0x8, 0x0, 0xdf, r2}}]}, 0x3c}}, 0x0)

1.181246572s ago: executing program 5 (id=9942):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

1.061088331s ago: executing program 2 (id=9943):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e538d439b6fc1a7d8be5c1d0", @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180004801300050062726f6164636173742d6c696e6b0000"], 0x2c}}, 0x0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)

1.060355167s ago: executing program 3 (id=9944):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket(0x1, 0x3, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000280)=0xb, 0x4)
recvmmsg(r1, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2, 0x0) (fail_nth: 11)
shutdown(r1, 0x0)

634.053342ms ago: executing program 3 (id=9945):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
connect$inet6(r0, 0x0, 0x0)

629.822548ms ago: executing program 1 (id=9946):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x3, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e22, 0x0, @local}}}, 0x104)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5f, 0x0)
r2 = socket$inet(0x2, 0x3, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newlink={0x10c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0xd8, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc8, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x8}}, @IFLA_VLAN_INGRESS_QOS={0x4c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x84, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0xffffffff}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffff85, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0xfff}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3ff, 0xfff}}]}, @IFLA_VLAN_EGRESS_QOS={0x40, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0x43, 0x1, {0x0, 0xffffffc0}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x9, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x81, 0x6}}]}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xfffffffffffffce2, 0x1, {0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xf4, 0x7}}]}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x10c}}, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000100)=0x3, 0x4)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYRESDEC=r2], 0x18)
socket$nl_route(0x10, 0x3, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x8100, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'geneve0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r6}, 0x14)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2}}}}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000080)={@link_local, @local, @val={@val={0x88a8, 0x7}, {0x8100, 0x4}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0xe0, @multicast2}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0x6, 0x7ff, {0x6, 0x4, 0x0, 0x3d, 0x6, 0x64, 0x2, 0x9, 0x8, 0x5ccf, @rand_addr=0x64010102, @local, {[@noop]}}, "44e849840d494bb9"}}}}}, 0x0)

627.469617ms ago: executing program 2 (id=9947):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$video(0x0, 0x485, 0x40000)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r3, &(0x7f0000000240)=[{0x0}], 0x1, 0x7000, 0x0, 0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604dd31800140600fe800000000000000000000000000029fe8000000000000000000000000000aa00004001b4215d6a27a98008951cf385aa6bacc35a63a8ee0d35667996fc131b3483f5c56947492db15a42f08bbb7a2c6afccc685e33d244e9f2", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200009078"], 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r4, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x16, 0x16, 0x0, 0x8000}})
syz_open_procfs$userns(0x0, &(0x7f0000000540))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x2000000, 0x4004}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x200, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

473.283407ms ago: executing program 3 (id=9948):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x258, 0x0, 0x8000000002000000}]})

465.969763ms ago: executing program 0 (id=9949):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth0_to_bond\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0x32b}}}]}, 0x38}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r5=>0x0})
recvmsg$can_bcm(r4, &(0x7f0000000cc0)={&(0x7f0000000400)=@sco={0x1f, @fixed}, 0x80, 0x0}, 0x100)
connect$can_bcm(r4, &(0x7f0000000140)={0x1d, r5}, 0x10)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {0x3, 0xfff9}, {0x1, 0xc}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x80100, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x1, 0xb}, {0xd, 0x5}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x8021}, 0x4008000)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x413, 0x70bd29, 0x25dfdbfc, {{@in=@empty, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x21}, {@in=@multicast2, 0x800, 0x32}, @in=@multicast1, {0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8, 0x80004, 0x81}, {0x3, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80020}, 0x0, 0xfffffffd, 0x2, 0x4, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x40}}]}, 0x138}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)

327.788709ms ago: executing program 1 (id=9950):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x103002, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000200)={0x8, 'veth1_virt_wifi\x00', {'ip6_vti0\x00'}, 0x3ff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$btrfs_control(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r4 = syz_io_uring_setup(0x99af, &(0x7f0000000140)={0x0, 0x5883, 0x10040, 0xffffffff, 0x2a, 0x0, r3}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
epoll_create(0x7)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 3 (id=9951):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, <r2=>r0})
r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={<r4=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000300)={r4, <r5=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000100)={r5, <r6=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c64d2, &(0x7f0000000080)={r6})

kernel console output (not intermixed with test programs):

7.561652][ T5887] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1967.607505][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1967.647366][ T5547] kvm: pic: level sensitive irq not supported
[ 1967.647466][ T5547] kvm: pic: non byte read
[ 1967.649321][ T5887] usb 4-1: config 0 descriptor??
[ 1967.723470][ T5547] kvm: pic: level sensitive irq not supported
[ 1967.723537][ T5547] kvm: pic: non byte read
[ 1968.029634][ T5561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1968.116802][ T5561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1968.154731][ T5887] ath6kl: Unsupported hardware version: 0x0
[ 1968.162516][ T5887] ath6kl: Failed to init ath6kl core: -22
[ 1968.169276][ T5887] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22
[ 1968.217767][ T5561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1968.273153][ T3509] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1968.284788][ T5561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1968.343497][ T5561] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.9494'.
[ 1968.463673][ T5537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1968.506730][ T5537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1968.538719][ T5564] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '
'
[ 1968.547605][ T5561] netlink: zone id is out of range
[ 1968.552806][ T5561] netlink: zone id is out of range
[ 1968.566098][ T5566] netlink: 'syz.0.9496': attribute type 20 has an invalid length.
[ 1968.574212][ T5561] netlink: zone id is out of range
[ 1968.579579][ T5561] netlink: set zone limit has 8 unknown bytes
[ 1968.615016][ T3509] usb 2-1: device descriptor read/all, error -61
[ 1968.744936][ T3509] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1968.986254][ T3509] usb 2-1: device descriptor read/64, error -71
[ 1969.113643][ T3509] usb usb2-port1: attempt power cycle
[ 1969.151664][ T5572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9498'.
[ 1969.466705][ T3509] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1969.527845][ T3509] usb 2-1: device descriptor read/8, error -71
[ 1969.586658][T24622] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1969.599721][T24622] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1969.662000][T24622] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1969.672583][T24622] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1969.681024][T24622] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1969.703202][T30211] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1969.711834][T30211] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1969.721706][T30211] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1969.754349][T30211] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1969.775079][T30211] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1969.793042][ T3509] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1969.830112][ T3509] usb 2-1: device descriptor read/8, error -71
[ 1969.840980][ T5583] openvswitch: netlink: Message has 8 unknown bytes.
[ 1969.936375][T25131] usb 4-1: USB disconnect, device number 22
[ 1969.967248][ T3509] usb usb2-port1: unable to enumerate USB device
[ 1970.221582][ T5588] can: request_module (can-proto-3) failed.
[ 1970.310162][ T5584] chnl_net:caif_netlink_parms(): no params data found
[ 1970.351924][   T30] audit: type=1326 audit(1764731242.321:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.5.9505" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x0
[ 1970.532634][T25131] usb 1-1: new full-speed USB device number 127 using dummy_hcd
[ 1970.632544][ T5584] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1970.648351][ T5584] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1970.657638][ T5584] bridge_slave_0: entered allmulticast mode
[ 1970.674210][ T5584] bridge_slave_0: entered promiscuous mode
[ 1970.697273][ T5584] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1970.705866][ T5584] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1970.715495][ T5584] bridge_slave_1: entered allmulticast mode
[ 1970.726665][T25131] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1970.737205][T25131] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1970.750247][T25131] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89
[ 1970.763991][ T5584] bridge_slave_1: entered promiscuous mode
[ 1970.769952][T25131] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1970.790885][T25131] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1970.822891][T25131] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.ff
[ 1970.832425][T25131] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1970.852687][T25131] usb 1-1: Manufacturer: syz
[ 1970.859172][ T5584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1970.871274][T25131] usb 1-1: config 0 descriptor??
[ 1970.890362][ T5584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1971.045140][ T5584] team0: Port device team_slave_0 added
[ 1971.100467][ T5597] fuse: Bad value for 'fd'
[ 1971.118974][ T5584] team0: Port device team_slave_1 added
[ 1971.232771][ T5584] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1971.250930][ T5584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1971.254005][T13828] usb 1-1: USB disconnect, device number 127
[ 1971.329295][ T5584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1971.378382][ T5627] fuse: Unknown parameter 'mGN�8o�ad'
[ 1971.451504][ T5584] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1971.463164][ T5584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1971.489170][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1971.505260][ T5584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1971.704192][T25131] IPVS: starting estimator thread 0...
[ 1971.803526][ T5635] IPVS: using max 33 ests per chain, 79200 per kthread
[ 1971.843677][T30211] Bluetooth: hci4: command tx timeout
[ 1971.982051][ T5647] netlink: 'syz.1.9514': attribute type 10 has an invalid length.
[ 1972.042016][ T5584] hsr_slave_0: entered promiscuous mode
[ 1972.087704][ T5584] hsr_slave_1: entered promiscuous mode
[ 1972.088254][ T5584] debugfs: 'hsr0' already exists in 'hsr'
[ 1972.088274][ T5584] Cannot create hsr debugfs directory
[ 1972.395500][ T5647] geneve1: entered promiscuous mode
[ 1972.517068][ T5647] team0: Port device geneve1 added
[ 1972.763420][ T5645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9513'.
[ 1972.794535][ T5659] syzkaller0: entered promiscuous mode
[ 1972.800051][ T5659] syzkaller0: entered allmulticast mode
[ 1973.427956][ T5584] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1973.684981][ T5584] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1973.826843][ T5584] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1973.913290][T30211] Bluetooth: hci4: command tx timeout
[ 1973.946070][ T5681] netlink: 240 bytes leftover after parsing attributes in process `syz.1.9523'.
[ 1973.961165][ T5681] netlink: 240 bytes leftover after parsing attributes in process `syz.1.9523'.
[ 1974.027225][ T5584] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1974.301248][ T5584] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1974.331163][ T5584] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1974.356941][ T5584] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1974.394456][ T5584] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1975.154170][ T5706] fuse: Unknown parameter 'mGN�8o�ad'
[ 1975.389102][ T5887] IPVS: starting estimator thread 0...
[ 1975.403117][ T5584] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1975.458761][ T5584] 8021q: adding VLAN 0 to HW filter on device team0
[ 1975.483200][ T5712] IPVS: using max 48 ests per chain, 115200 per kthread
[ 1975.685309][ T3451] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1975.692471][ T3451] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1975.779691][ T1068] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1975.786908][ T1068] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1975.994420][T30211] Bluetooth: hci4: command tx timeout
[ 1976.012794][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.019356][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1976.107087][ T5584] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1976.283513][ T5887] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 1976.399625][ T5584] veth0_vlan: entered promiscuous mode
[ 1976.417156][ T5584] veth1_vlan: entered promiscuous mode
[ 1976.458578][ T5725] FAULT_INJECTION: forcing a failure.
[ 1976.458578][ T5725] name failslab, interval 1, probability 0, space 0, times 0
[ 1976.475303][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1976.490673][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1976.491643][ T5725] CPU: 1 UID: 0 PID: 5725 Comm: syz.0.9533 Not tainted syzkaller #0 PREEMPT(full) 
[ 1976.491667][ T5725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1976.491678][ T5725] Call Trace:
[ 1976.491686][ T5725]  <TASK>
[ 1976.491695][ T5725]  dump_stack_lvl+0x189/0x250
[ 1976.491719][ T5725]  ? __pfx____ratelimit+0x10/0x10
[ 1976.491744][ T5725]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1976.491762][ T5725]  ? __pfx__printk+0x10/0x10
[ 1976.491790][ T5725]  ? __pfx___might_resched+0x10/0x10
[ 1976.491813][ T5725]  should_fail_ex+0x414/0x560
[ 1976.491838][ T5725]  should_failslab+0xa8/0x100
[ 1976.491859][ T5725]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1976.491883][ T5725]  ? __anon_vma_prepare+0xcb/0x4a0
[ 1976.491913][ T5725]  __anon_vma_prepare+0xcb/0x4a0
[ 1976.491942][ T5725]  __vmf_anon_prepare+0xe1/0x1b0
[ 1976.491966][ T5725]  do_huge_pmd_anonymous_page+0x1a0/0xb60
[ 1976.491996][ T5725]  __handle_mm_fault+0x1139/0x53a0
[ 1976.492034][ T5725]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1976.492076][ T5725]  ? __pfx___might_resched+0x10/0x10
[ 1976.492099][ T5725]  handle_mm_fault+0x40a/0x8e0
[ 1976.492132][ T5725]  __get_user_pages+0x165c/0x2a00
[ 1976.492192][ T5725]  populate_vma_page_range+0x29f/0x3a0
[ 1976.492217][ T5725]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1976.492242][ T5725]  ? down_read+0x274/0x2e0
[ 1976.492259][ T5725]  ? __mm_populate+0x160/0x380
[ 1976.492282][ T5725]  __mm_populate+0x24c/0x380
[ 1976.492305][ T5725]  ? __pfx___mm_populate+0x10/0x10
[ 1976.492336][ T5725]  do_mlock+0x612/0x720
[ 1976.492365][ T5725]  ? __pfx_do_mlock+0x10/0x10
[ 1976.492384][ T5725]  ? fput+0xa0/0xd0
[ 1976.492405][ T5725]  ? ksys_write+0x22a/0x250
[ 1976.492427][ T5725]  ? exc_page_fault+0x82/0x100
[ 1976.492452][ T5725]  ? __pfx_ksys_write+0x10/0x10
[ 1976.492478][ T5725]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1976.492500][ T5725]  __ia32_sys_mlock+0x5f/0x70
[ 1976.492520][ T5725]  __do_fast_syscall_32+0xb6/0x300
[ 1976.492538][ T5725]  ? lockdep_hardirqs_on+0x98/0x140
[ 1976.492567][ T5725]  do_fast_syscall_32+0x34/0x80
[ 1976.492584][ T5725]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1976.492605][ T5725] RIP: 0023:0xf7f52539
[ 1976.492621][ T5725] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1976.492636][ T5725] RSP: 002b:00000000f542555c EFLAGS: 00000206 ORIG_RAX: 0000000000000096
[ 1976.492656][ T5725] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1976.492668][ T5725] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1976.492680][ T5725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1976.492691][ T5725] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1976.492702][ T5725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1976.492731][ T5725]  </TASK>
[ 1976.695663][ T5584] veth0_macvtap: entered promiscuous mode
[ 1976.840600][ T5730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9534'.
[ 1976.854306][ T5887] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1976.864697][ T5887] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1976.907651][ T5887] usb 6-1: Manufacturer: syz
[ 1976.928670][ T5887] usb 6-1: config 0 descriptor??
[ 1977.168062][ T5887] uclogic 0003:256C:006D.0049: failed retrieving Huion firmware version: -71
[ 1977.195116][ T5887] uclogic 0003:256C:006D.0049: failed probing parameters: -71
[ 1977.209318][ T5887] uclogic 0003:256C:006D.0049: probe with driver uclogic failed with error -71
[ 1977.240264][ T5887] usb 6-1: USB disconnect, device number 120
[ 1977.364742][ T5584] veth1_macvtap: entered promiscuous mode
[ 1977.465595][ T5742] tipc: Enabled bearer <eth:macvlan1>, priority 10
[ 1977.568207][ T5584] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1977.607788][ T5584] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1977.632056][  T359] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.672893][  T359] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.719447][  T359] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.754489][  T359] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.775517][ T5750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9539'.
[ 1977.777292][ T5744] can: request_module (can-proto-3) failed.
[ 1977.834045][ T5750] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9539'.
[ 1978.084294][T30211] Bluetooth: hci4: command tx timeout
[ 1978.299456][T24708] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1978.355172][T24708] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1978.461577][T24708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1978.470877][T24708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1979.128869][ T5771] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9544'.
[ 1979.164301][ T5771] fuse: Bad value for 'fd'
[ 1979.206456][ T5773] netlink: 'syz.5.9545': attribute type 10 has an invalid length.
[ 1979.220602][ T5773] mac80211_hwsim hwsim56 wlan1: entered promiscuous mode
[ 1979.229810][ T5773] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1980.468849][ T5802] FAULT_INJECTION: forcing a failure.
[ 1980.468849][ T5802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1980.517295][ T5802] CPU: 1 UID: 0 PID: 5802 Comm: syz.3.9554 Not tainted syzkaller #0 PREEMPT(full) 
[ 1980.517322][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1980.517334][ T5802] Call Trace:
[ 1980.517341][ T5802]  <TASK>
[ 1980.517350][ T5802]  dump_stack_lvl+0x189/0x250
[ 1980.517374][ T5802]  ? __pfx____ratelimit+0x10/0x10
[ 1980.517397][ T5802]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1980.517409][ T5802]  ? __pfx__printk+0x10/0x10
[ 1980.517423][ T5802]  ? __might_fault+0xb0/0x130
[ 1980.517442][ T5802]  should_fail_ex+0x414/0x560
[ 1980.517459][ T5802]  _copy_from_user+0x2d/0xb0
[ 1980.517470][ T5802]  get_compat_msghdr+0xad/0x4a0
[ 1980.517489][ T5802]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1980.517504][ T5802]  ? ___sys_recvmsg+0x1c4/0x510
[ 1980.517513][ T5802]  ? kfree+0x4d/0x6b0
[ 1980.517529][ T5802]  ___sys_recvmsg+0x17f/0x510
[ 1980.517538][ T5802]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1980.517553][ T5802]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1980.517579][ T5802]  ? __fget_files+0x3a0/0x420
[ 1980.517602][ T5802]  do_recvmmsg+0x36a/0x770
[ 1980.517616][ T5802]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1980.517625][ T5802]  ? ksys_write+0x1cb/0x250
[ 1980.517649][ T5802]  ? __fget_files+0x3a0/0x420
[ 1980.517664][ T5802]  __sys_recvmmsg+0x19d/0x280
[ 1980.517675][ T5802]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1980.517684][ T5802]  ? __pfx_ksys_write+0x10/0x10
[ 1980.517700][ T5802]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1980.517713][ T5802]  __do_fast_syscall_32+0xb6/0x300
[ 1980.517724][ T5802]  ? lockdep_hardirqs_on+0x98/0x140
[ 1980.517740][ T5802]  do_fast_syscall_32+0x34/0x80
[ 1980.517750][ T5802]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1980.517763][ T5802] RIP: 0023:0xf700d539
[ 1980.517773][ T5802] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1980.517781][ T5802] RSP: 002b:00000000f53dc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1980.517793][ T5802] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800066c0
[ 1980.517801][ T5802] RDX: 0000000000000a0d RSI: 00000000000000fe RDI: 0000000000000000
[ 1980.517807][ T5802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1980.517813][ T5802] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1980.517819][ T5802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1980.517834][ T5802]  </TASK>
[ 1980.533113][T13828] usb 6-1: new high-speed USB device number 121 using dummy_hcd
[ 1980.542380][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1980.823520][ T5810] openvswitch: netlink: IP tunnel TTL not specified.
[ 1981.143529][ T5828] netlink: 'syz.0.9560': attribute type 1 has an invalid length.
[ 1981.243829][T13828] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1981.366740][T13828] usb 6-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00
[ 1981.436290][T13828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1981.476379][T13828] usb 6-1: config 0 descriptor??
[ 1981.582283][ T5838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9561'.
[ 1981.617005][ T5840] netlink: 14 bytes leftover after parsing attributes in process `syz.0.9563'.
[ 1981.626714][ T5838] veth0: entered promiscuous mode
[ 1981.639608][ T5838] veth0: left promiscuous mode
[ 1981.720535][ T5813] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1981.728149][ T5813] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1981.738448][ T5813] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1981.809511][ T5839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9562'.
[ 1981.821922][ T5839] fuse: Bad value for 'fd'
[ 1981.897870][T13828] ortek 0003:05A4:8003.004A: unknown main item tag 0x0
[ 1981.926012][T13828] ortek 0003:05A4:8003.004A: unknown main item tag 0x0
[ 1982.064927][T13828] ortek 0003:05A4:8003.004A: unknown main item tag 0x0
[ 1982.071922][T13828] ortek 0003:05A4:8003.004A: unknown main item tag 0x0
[ 1982.087638][T13828] ortek 0003:05A4:8003.004A: unknown main item tag 0x0
[ 1982.099398][ T5795] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9552'.
[ 1982.159275][T13828] ortek 0003:05A4:8003.004A: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.5-1/input0
[ 1982.227807][T13828] usb 6-1: USB disconnect, device number 121
[ 1982.639560][ T5852] fido_id[5852]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1982.732443][ T5860] openvswitch: netlink: IP tunnel TTL not specified.
[ 1982.963362][T30211] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1983.141990][ T5871] can: request_module (can-proto-3) failed.
[ 1983.845168][ T5891] FAULT_INJECTION: forcing a failure.
[ 1983.845168][ T5891] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1983.983031][ T5891] CPU: 0 UID: 0 PID: 5891 Comm: syz.3.9575 Not tainted syzkaller #0 PREEMPT(full) 
[ 1983.983057][ T5891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1983.983069][ T5891] Call Trace:
[ 1983.983077][ T5891]  <TASK>
[ 1983.983086][ T5891]  dump_stack_lvl+0x189/0x250
[ 1983.983112][ T5891]  ? __pfx____ratelimit+0x10/0x10
[ 1983.983136][ T5891]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1983.983155][ T5891]  ? __pfx__printk+0x10/0x10
[ 1983.983180][ T5891]  ? fs_reclaim_acquire+0x7d/0x100
[ 1983.983206][ T5891]  should_fail_ex+0x414/0x560
[ 1983.983231][ T5891]  prepare_alloc_pages+0x213/0x610
[ 1983.983255][ T5891]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1983.983275][ T5891]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1983.983302][ T5891]  ? policy_nodemask+0x27c/0x720
[ 1983.983322][ T5891]  alloc_pages_mpol+0x232/0x4a0
[ 1983.983342][ T5891]  vma_alloc_folio_noprof+0xe4/0x200
[ 1983.983363][ T5891]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1983.983393][ T5891]  folio_prealloc+0x30/0x180
[ 1983.983420][ T5891]  do_wp_page+0x1231/0x5810
[ 1983.983464][ T5891]  ? __pfx_do_wp_page+0x10/0x10
[ 1983.983483][ T5891]  ? do_raw_spin_lock+0x121/0x290
[ 1983.983506][ T5891]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1983.983538][ T5891]  __handle_mm_fault+0x1033/0x53a0
[ 1983.983577][ T5891]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1983.983622][ T5891]  ? follow_page_pte+0xd03/0x13e0
[ 1983.983654][ T5891]  handle_mm_fault+0x40a/0x8e0
[ 1983.983689][ T5891]  __get_user_pages+0x165c/0x2a00
[ 1983.983745][ T5891]  populate_vma_page_range+0x29f/0x3a0
[ 1983.983770][ T5891]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1983.983792][ T5891]  ? down_read+0x274/0x2e0
[ 1983.983806][ T5891]  ? __mm_populate+0x160/0x380
[ 1983.983830][ T5891]  __mm_populate+0x24c/0x380
[ 1983.983854][ T5891]  ? __pfx___mm_populate+0x10/0x10
[ 1983.983884][ T5891]  do_mlock+0x612/0x720
[ 1983.983914][ T5891]  ? __pfx_do_mlock+0x10/0x10
[ 1983.983933][ T5891]  ? fput+0xa0/0xd0
[ 1983.983953][ T5891]  ? ksys_write+0x22a/0x250
[ 1983.983975][ T5891]  ? exc_page_fault+0x82/0x100
[ 1983.983999][ T5891]  ? __pfx_ksys_write+0x10/0x10
[ 1983.984026][ T5891]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1983.984049][ T5891]  __ia32_sys_mlock+0x5f/0x70
[ 1983.984068][ T5891]  __do_fast_syscall_32+0xb6/0x300
[ 1983.984087][ T5891]  ? lockdep_hardirqs_on+0x98/0x140
[ 1983.984115][ T5891]  do_fast_syscall_32+0x34/0x80
[ 1983.984133][ T5891]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1983.984154][ T5891] RIP: 0023:0xf700d539
[ 1983.984171][ T5891] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1983.984187][ T5891] RSP: 002b:00000000f53dc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000096
[ 1983.984206][ T5891] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1983.984220][ T5891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1983.984231][ T5891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1983.984240][ T5891] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1983.984250][ T5891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1983.984276][ T5891]  </TASK>
[ 1985.033435][T30211] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1985.247989][ T5922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9581'.
[ 1985.261251][ T5922] fuse: Bad value for 'fd'
[ 1985.653213][ T2351] usb 6-1: new low-speed USB device number 122 using dummy_hcd
[ 1985.826100][ T2351] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 65535, setting to 8
[ 1985.853085][ T2351] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[ 1985.864716][ T2351] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1985.893706][ T5919] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1986.053265][ T5887] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1986.118981][ T2351] usb 6-1: string descriptor 0 read error: -71
[ 1986.140743][ T2351] hub 6-1:32.0: USB hub found
[ 1986.158693][ T2351] hub 6-1:32.0: config failed, can't read hub descriptor (err -22)
[ 1986.223325][ T5887] usb 4-1: Using ep0 maxpacket: 16
[ 1986.230889][ T5887] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 6
[ 1986.267481][ T5887] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1986.276822][ T2351] usb 6-1: USB disconnect, device number 122
[ 1986.293810][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1986.302070][ T5887] usb 4-1: Product: syz
[ 1986.307507][ T5887] usb 4-1: Manufacturer: syz
[ 1986.312301][ T5887] usb 4-1: SerialNumber: syz
[ 1986.346478][ T5887] usb 4-1: config 0 descriptor??
[ 1986.774017][ T5938] vlan2: entered promiscuous mode
[ 1986.779129][ T5938] hsr0: entered promiscuous mode
[ 1986.814712][ T5938] vlan2: entered allmulticast mode
[ 1986.819981][ T5938] hsr0: entered allmulticast mode
[ 1986.821845][ T5887] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 1986.858182][ T5938] hsr_slave_0: entered allmulticast mode
[ 1986.887582][ T5938] hsr_slave_1: entered allmulticast mode
[ 1986.897116][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1986.926796][ T5887] dvb-usb: AME DTV-5100 USB2.0 DVB-T error while loading driver (-23)
[ 1986.945532][ T5887] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -23
[ 1987.075360][ T5887] usb 4-1: USB disconnect, device number 23
[ 1987.113437][T30211] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1987.239961][ T5940] FAULT_INJECTION: forcing a failure.
[ 1987.239961][ T5940] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1987.256674][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: syz.5.9589 Not tainted syzkaller #0 PREEMPT(full) 
[ 1987.256701][ T5940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1987.256713][ T5940] Call Trace:
[ 1987.256721][ T5940]  <TASK>
[ 1987.256729][ T5940]  dump_stack_lvl+0x189/0x250
[ 1987.256754][ T5940]  ? __pfx____ratelimit+0x10/0x10
[ 1987.256778][ T5940]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1987.256797][ T5940]  ? __pfx__printk+0x10/0x10
[ 1987.256822][ T5940]  ? fs_reclaim_acquire+0x7d/0x100
[ 1987.256850][ T5940]  should_fail_ex+0x414/0x560
[ 1987.256878][ T5940]  prepare_alloc_pages+0x213/0x610
[ 1987.256905][ T5940]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1987.256929][ T5940]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1987.256958][ T5940]  ? policy_nodemask+0x27c/0x720
[ 1987.256983][ T5940]  alloc_pages_mpol+0x232/0x4a0
[ 1987.257008][ T5940]  vma_alloc_folio_noprof+0xe4/0x200
[ 1987.257031][ T5940]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1987.257064][ T5940]  folio_prealloc+0x30/0x180
[ 1987.257091][ T5940]  do_wp_page+0x1231/0x5810
[ 1987.257137][ T5940]  ? __pfx_do_wp_page+0x10/0x10
[ 1987.257155][ T5940]  ? do_raw_spin_lock+0x121/0x290
[ 1987.257181][ T5940]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1987.257215][ T5940]  __handle_mm_fault+0x1033/0x53a0
[ 1987.257255][ T5940]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1987.257293][ T5940]  ? follow_page_pte+0xd03/0x13e0
[ 1987.257331][ T5940]  handle_mm_fault+0x40a/0x8e0
[ 1987.257365][ T5940]  __get_user_pages+0x165c/0x2a00
[ 1987.257430][ T5940]  __gup_longterm_locked+0x3dc/0x1660
[ 1987.257473][ T5940]  ? gup_fast_fallback+0x1b86/0x22d0
[ 1987.257499][ T5940]  gup_fast_fallback+0x1d65/0x22d0
[ 1987.257559][ T5940]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1987.257582][ T5940]  ? rcu_is_watching+0x15/0xb0
[ 1987.257607][ T5940]  ? __kvmalloc_node_noprof+0x5ed/0x900
[ 1987.257624][ T5940]  ? is_valid_gup_args+0x11f/0x200
[ 1987.257648][ T5940]  ? pin_user_pages_fast+0x4d/0xb0
[ 1987.257674][ T5940]  io_pin_pages+0xba/0x1b0
[ 1987.257699][ T5940]  io_sqe_buffer_register+0x16f/0x20a0
[ 1987.257743][ T5940]  ? __pfx_io_sqe_buffer_register+0x10/0x10
[ 1987.257764][ T5940]  ? copy_compat_iovec_from_user+0xf8/0x140
[ 1987.257792][ T5940]  ? iovec_from_user+0x1ba/0x250
[ 1987.257814][ T5940]  io_sqe_buffers_register+0x3b9/0x8e0
[ 1987.257854][ T5940]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[ 1987.257881][ T5940]  ? __fget_files+0x3a0/0x420
[ 1987.257900][ T5940]  ? __fget_files+0x2a/0x420
[ 1987.257922][ T5940]  ? io_is_uring_fops+0xd/0x50
[ 1987.257944][ T5940]  __se_sys_io_uring_register+0x9d3/0x11d0
[ 1987.257975][ T5940]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[ 1987.257997][ T5940]  ? ksys_write+0x22a/0x250
[ 1987.258019][ T5940]  ? exc_page_fault+0x82/0x100
[ 1987.258044][ T5940]  ? __pfx_ksys_write+0x10/0x10
[ 1987.258071][ T5940]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1987.258091][ T5940]  ? lockdep_hardirqs_on+0x98/0x140
[ 1987.258119][ T5940]  __do_fast_syscall_32+0xb6/0x300
[ 1987.258139][ T5940]  ? lockdep_hardirqs_on+0x98/0x140
[ 1987.258168][ T5940]  do_fast_syscall_32+0x34/0x80
[ 1987.258186][ T5940]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1987.258207][ T5940] RIP: 0023:0xf7f25539
[ 1987.258223][ T5940] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1987.258238][ T5940] RSP: 002b:00000000f541655c EFLAGS: 00000206 ORIG_RAX: 00000000000001ab
[ 1987.258258][ T5940] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[ 1987.258271][ T5940] RDX: 00000000800002c0 RSI: 000000000000011a RDI: 0000000000000000
[ 1987.258283][ T5940] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1987.258295][ T5940] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1987.258306][ T5940] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1987.258337][ T5940]  </TASK>
[ 1987.917932][ T5948] vlan3: entered promiscuous mode
[ 1987.923249][ T5948] hsr0: entered promiscuous mode
[ 1987.928532][ T5948] vlan3: entered allmulticast mode
[ 1987.934089][ T5948] hsr0: entered allmulticast mode
[ 1987.939230][ T5948] hsr_slave_0: entered allmulticast mode
[ 1988.223530][T25131] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1988.323778][ T5961] syzkaller0: entered promiscuous mode
[ 1988.329405][ T5961] syzkaller0: entered allmulticast mode
[ 1988.405942][T25131] usb 2-1: Using ep0 maxpacket: 16
[ 1988.471477][T25131] usb 2-1: too many configurations: 232, using maximum allowed: 8
[ 1988.517742][T25131] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1988.532586][T25131] usb 2-1: can't read configurations, error -61
[ 1988.676746][T25131] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1988.753171][ T1211] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1988.833125][T25131] usb 2-1: Using ep0 maxpacket: 16
[ 1988.853213][T25131] usb 2-1: too many configurations: 232, using maximum allowed: 8
[ 1988.891095][T25131] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1988.934654][T25131] usb 2-1: can't read configurations, error -61
[ 1988.963032][ T1211] usb 4-1: Using ep0 maxpacket: 16
[ 1989.011496][ T1211] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1989.062062][ T1211] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1989.083270][T25131] usb usb2-port1: attempt power cycle
[ 1989.092488][ T1211] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1989.103294][ T1211] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1989.111319][ T1211] usb 4-1: Manufacturer: syz
[ 1989.141287][ T1211] usb 4-1: config 0 descriptor??
[ 1989.425679][T25131] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1989.466852][T25131] usb 2-1: Using ep0 maxpacket: 16
[ 1989.472689][T25131] usb 2-1: too many configurations: 232, using maximum allowed: 8
[ 1989.490495][T25131] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1989.498775][T25131] usb 2-1: can't read configurations, error -61
[ 1989.633150][T25131] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1989.664362][T25131] usb 2-1: Using ep0 maxpacket: 16
[ 1989.675118][T25131] usb 2-1: too many configurations: 232, using maximum allowed: 8
[ 1989.694365][T25131] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1989.709864][T25131] usb 2-1: can't read configurations, error -61
[ 1989.727391][T25131] usb usb2-port1: unable to enumerate USB device
[ 1990.363327][T13828] usb 3-1: new full-speed USB device number 119 using dummy_hcd
[ 1990.595195][T13828] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1990.606592][T13828] usb 3-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 1990.626911][T13828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1990.717166][T13828] usb 3-1: config 0 descriptor??
[ 1990.743621][ T5986] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1990.796597][T25131] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1991.553748][T25131] usb 1-1: Using ep0 maxpacket: 32
[ 1991.565654][T25131] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1991.591495][T13828] kye 0003:0458:500F.004B: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 1991.608422][ T1211] usb 4-1: USB disconnect, device number 24
[ 1991.638094][T13828] kye 0003:0458:500F.004B: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.2-1/input0
[ 1991.696583][T13828] kye 0003:0458:500F.004B: tablet-enabling feature report not found
[ 1991.728539][T13828] kye 0003:0458:500F.004B: tablet enabling failed
[ 1991.734716][T24600] usb 6-1: new high-speed USB device number 123 using dummy_hcd
[ 1991.745798][ T5999] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1991.781556][T25131] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1991.826818][T25131] usb 1-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1
[ 1991.846658][T25131] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1991.860244][ T2351] usb 3-1: USB disconnect, device number 119
[ 1991.911754][T25131] usb 1-1: config 0 descriptor??
[ 1991.922374][ T5997] fido_id[5997]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[ 1991.929283][T25131] usb 1-1: bad CDC descriptors
[ 1991.964501][T24600] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1991.996967][T24600] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1992.022023][T24600] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1992.041068][T24600] usb 6-1: Product: syz
[ 1992.060930][T24600] usb 6-1: Manufacturer: syz
[ 1992.072001][T24600] usb 6-1: SerialNumber: syz
[ 1992.092284][ T6001] syz_tun: left promiscuous mode
[ 1992.092691][T24600] usb 6-1: config 0 descriptor??
[ 1992.161453][ T6001] team0: Port device syz_tun removed
[ 1992.209076][ T6005] netlink: 'syz.1.9609': attribute type 10 has an invalid length.
[ 1992.258658][ T6005] netlink: 2 bytes leftover after parsing attributes in process `syz.1.9609'.
[ 1992.350866][ T6001] bridge_slave_0: left promiscuous mode
[ 1992.358588][T24600] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 1992.380232][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1992.380703][ T5027] udevd[5027]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1992.463965][ T6001] bridge_slave_1: left allmulticast mode
[ 1992.470719][ T6001] bridge_slave_1: left promiscuous mode
[ 1992.533992][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1992.543736][T25131] usb 6-1: USB disconnect, device number 123
[ 1992.662138][ T6001] bond0: (slave bond_slave_0): Releasing backup interface
[ 1992.717093][ T6001] team_slave_0: left promiscuous mode
[ 1992.772377][ T6001] team0: Port device team_slave_0 removed
[ 1992.797440][ T6001] team_slave_1: left promiscuous mode
[ 1992.828735][ T6001] team0: Port device team_slave_1 removed
[ 1992.856043][ T6001] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1993.021441][ T6005] bridge0: port 1(team0) entered blocking state
[ 1993.073080][ T6005] bridge0: port 1(team0) entered disabled state
[ 1993.085357][ T6005] team0: entered allmulticast mode
[ 1993.094897][ T5976] syz.0.9601 (5976): drop_caches: 3
[ 1993.100221][ T6005] geneve1: entered allmulticast mode
[ 1993.156214][ T6005] bridge0: port 1(team0) entered blocking state
[ 1993.162625][ T6005] bridge0: port 1(team0) entered listening state
[ 1993.227273][ T6009] bridge0: port 1(team0) entered disabled state
[ 1993.277547][ T6009] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9609'.
[ 1993.336689][ T6007] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9609'.
[ 1993.701085][ T6024] can: request_module (can-proto-3) failed.
[ 1994.249436][ T2905] usb 1-1: USB disconnect, device number 2
[ 1994.258506][ T6030] ip6t_REJECT: ECHOREPLY is not supported
[ 1994.425846][ T6036] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.9617'.
[ 1994.443749][ T6036] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 1994.474775][ T6044] netlink: 'syz.1.9618': attribute type 10 has an invalid length.
[ 1994.901108][ T6049] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9620'.
[ 1994.941222][ T6049] netlink: 'syz.5.9620': attribute type 10 has an invalid length.
[ 1994.950194][ T6049] netlink: 2 bytes leftover after parsing attributes in process `syz.5.9620'.
[ 1994.974765][ T6049] netlink: 32 bytes leftover after parsing attributes in process `syz.5.9620'.
[ 1994.993342][ T2905] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1995.083201][T24600] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1995.106598][ T6049] netlink: 32 bytes leftover after parsing attributes in process `syz.5.9620'.
[ 1995.256525][ T6056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1995.263235][ T2905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1995.281171][ T2905] usb 4-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00
[ 1995.293473][ T2905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1995.304137][ T2905] usb 4-1: config 0 descriptor??
[ 1995.309465][ T6056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9621'.
[ 1995.330310][T24600] usb 2-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98
[ 1995.353263][T24600] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1995.717222][T24600] usb 2-1: config 0 descriptor??
[ 1995.739152][T24600] pwc: Creative Labs Webcam Pro Ex detected.
[ 1995.753371][ T1211] usb 6-1: new low-speed USB device number 124 using dummy_hcd
[ 1995.905780][ T2905] ortek 0003:05A4:8003.004C: unknown main item tag 0x0
[ 1995.919705][ T2905] ortek 0003:05A4:8003.004C: unknown main item tag 0x0
[ 1995.932822][ T2905] ortek 0003:05A4:8003.004C: unknown main item tag 0x0
[ 1995.953243][ T1211] usb 6-1: Invalid ep0 maxpacket: 64
[ 1995.968806][ T2905] ortek 0003:05A4:8003.004C: unknown main item tag 0x0
[ 1995.995039][ T2905] ortek 0003:05A4:8003.004C: unknown main item tag 0x0
[ 1996.078804][ T2905] ortek 0003:05A4:8003.004C: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.3-1/input0
[ 1996.233210][ T1211] usb 6-1: new low-speed USB device number 125 using dummy_hcd
[ 1996.312722][ T2905] usb 4-1: USB disconnect, device number 25
[ 1996.433145][ T1211] usb 6-1: Invalid ep0 maxpacket: 64
[ 1996.438979][ T1211] usb usb6-port1: attempt power cycle
[ 1996.464148][T17076] usb 3-1: new full-speed USB device number 120 using dummy_hcd
[ 1996.580740][ T6058] fido_id[6058]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1996.625959][T17076] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1996.637778][T17076] usb 3-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 1996.651553][T17076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1996.696925][T17076] usb 3-1: config 0 descriptor??
[ 1996.727729][ T6060] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1996.783417][ T1211] usb 6-1: new low-speed USB device number 126 using dummy_hcd
[ 1996.863781][ T1211] usb 6-1: Invalid ep0 maxpacket: 64
[ 1997.003423][ T1211] usb 6-1: new low-speed USB device number 127 using dummy_hcd
[ 1997.042632][ T1211] usb 6-1: Invalid ep0 maxpacket: 64
[ 1997.048529][ T1211] usb usb6-port1: unable to enumerate USB device
[ 1997.177043][T17076] kye 0003:0458:500F.004D: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 1997.203556][T17076] kye 0003:0458:500F.004D: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.2-1/input0
[ 1997.235273][T17076] kye 0003:0458:500F.004D: tablet-enabling feature report not found
[ 1997.257668][T17076] kye 0003:0458:500F.004D: tablet enabling failed
[ 1997.382889][ T2905] usb 3-1: USB disconnect, device number 120
[ 1997.622234][ T6081] __nla_validate_parse: 1 callbacks suppressed
[ 1997.622255][ T6081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9629'.
[ 1998.132098][ T6088] fuse: Unknown parameter '�)�0x0000000000000005'
[ 1998.171957][T24600] pwc: Failed to set LED on/off time (-71)
[ 1998.214148][T24600] pwc: send_video_command error -71
[ 1998.227648][T24600] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1998.254872][T24600] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[ 1998.350073][T24600] usb 2-1: USB disconnect, device number 123
[ 1998.384524][ T6090] can: request_module (can-proto-3) failed.
[ 1998.609262][ T6097] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.9632'.
[ 1998.619347][ T6097] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 1998.626904][ T2351] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1998.783205][ T2351] usb 6-1: Using ep0 maxpacket: 8
[ 1998.790132][ T2351] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 1998.812197][ T2351] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1998.823500][ T2351] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1998.858533][ T2351] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[ 1998.923750][ T2351] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1998.934130][ T2351] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1998.943824][ T2351] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1998.973180][ T2351] usb 6-1: config 0 descriptor??
[ 1998.986174][ T6095] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1999.577296][ T6119] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9639'.
[ 1999.621136][ T6119] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9639'.
[ 1999.784140][ T3509] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1999.954946][ T3509] usb 4-1: config index 0 descriptor too short (expected 64548, got 36)
[ 1999.963934][ T2905] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1999.973504][ T3509] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 2000.232044][ T3509] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2000.246051][ T3509] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2000.261194][ T3509] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2000.275598][ T3509] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2000.288726][ T3509] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2000.310155][ T3509] usb 4-1: config 0 descriptor??
[ 2000.543063][ T2905] usb 2-1: Using ep0 maxpacket: 16
[ 2000.571421][ T2905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2000.608870][ T2905] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2000.630593][ T2905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2000.671752][ T2905] usb 2-1: config 0 descriptor??
[ 2000.752196][ T6131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9644'.
[ 2000.788755][ T6131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9644'.
[ 2000.799667][ T6131] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9644'.
[ 2000.817283][ T6131] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9644'.
[ 2001.126148][T30211] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 2001.129337][ T2905] mcp2221 0003:04D8:00DD.004E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[ 2001.237769][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9645'.
[ 2001.416017][T13828] usb 6-1: USB disconnect, device number 2
[ 2001.997375][ T3509] usbhid 4-1:0.0: can't add hid device: -71
[ 2002.023229][ T3509] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2002.112809][ T3509] usb 4-1: USB disconnect, device number 26
[ 2002.278180][ T6148] syzkaller0: entered promiscuous mode
[ 2002.373303][ T6148] syzkaller0: entered allmulticast mode
[ 2002.735838][ T6158] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.9650'.
[ 2002.773034][ T6158] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2002.849352][ T1211] usb 2-1: USB disconnect, device number 124
[ 2003.041551][ T6179] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9658'.
[ 2003.688388][ T6177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9655'.
[ 2003.700919][ T6177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9655'.
[ 2004.132511][ T6190] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9660'.
[ 2004.295633][ T1211] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 2004.485006][ T1211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 2004.516287][ T1211] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 2004.600764][ T1211] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2004.695970][ T1211] usb 6-1: Product: syz
[ 2004.700182][ T1211] usb 6-1: Manufacturer: syz
[ 2004.728111][ T1211] usb 6-1: SerialNumber: syz
[ 2004.767956][ T1211] usb 6-1: config 0 descriptor??
[ 2005.313088][T24600] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 2005.525855][T24600] usb 3-1: config index 0 descriptor too short (expected 64548, got 36)
[ 2005.550265][T24600] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[ 2005.601233][T24600] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2005.621670][T24600] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2005.674695][T24600] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2005.787266][   T30] audit: type=1326 audit(1764731277.761:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2005.882947][   T30] audit: type=1326 audit(1764731277.781:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2005.969758][   T30] audit: type=1326 audit(1764731277.791:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.054044][T24600] usb 3-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2006.163077][   T30] audit: type=1326 audit(1764731277.791:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.173156][T24600] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2006.215666][   T30] audit: type=1326 audit(1764731277.791:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=332 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.273131][T13828] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 2006.313297][   T30] audit: type=1326 audit(1764731277.791:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.340507][T24600] usb 3-1: config 0 descriptor??
[ 2006.398280][   T30] audit: type=1326 audit(1764731277.791:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.446074][T13828] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[ 2006.485876][T13828] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2006.522964][T13828] usb 4-1: config 0 has no interface number 0
[ 2006.547893][   T30] audit: type=1326 audit(1764731277.791:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.573056][T13828] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2006.605763][T13828] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2006.645909][   T30] audit: type=1326 audit(1764731277.791:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=292 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.735510][T13828] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 2006.748222][T13828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2006.761973][   T30] audit: type=1326 audit(1764731277.791:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.3.9666" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d539 code=0x7ffc0000
[ 2006.785226][T13828] usb 4-1: Product: syz
[ 2006.789418][T13828] usb 4-1: Manufacturer: syz
[ 2006.796273][T13828] usb 4-1: SerialNumber: syz
[ 2006.804908][T13828] usb 4-1: config 0 descriptor??
[ 2006.814880][ T1211] usb 6-1: USB disconnect, device number 3
[ 2007.167447][T13828] usbtouchscreen 4-1:0.117: probe with driver usbtouchscreen failed with error -71
[ 2007.198900][T13828] usb 4-1: USB disconnect, device number 27
[ 2007.254202][ T6232] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9672'.
[ 2007.389940][ T6233] can: request_module (can-proto-3) failed.
[ 2007.613600][ T6242] netlink: 'syz.5.9674': attribute type 1 has an invalid length.
[ 2007.631319][T24600] usbhid 3-1:0.0: can't add hid device: -71
[ 2007.638619][T24600] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2007.653277][T24600] usb 3-1: USB disconnect, device number 121
[ 2007.670033][ T6242] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2007.780700][ T6247] fuse: Unknown parameter 'defau�	'
[ 2007.800851][ T6246] bond2: (slave veth5): Enslaving as an active interface with a down link
[ 2007.854437][ T6242] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2008.280325][ T6249] ipip0: entered promiscuous mode
[ 2008.363356][ T6249] ipip0: entered allmulticast mode
[ 2008.412686][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9675'.
[ 2008.424989][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9675'.
[ 2008.622059][ T6255] can: request_module (can-proto-3) failed.
[ 2008.825426][ T6265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9680'.
[ 2008.984449][ T6271] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.9679'.
[ 2008.993731][ T6271] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2009.398016][ T6281] loop5: detected capacity change from 0 to 7
[ 2009.469766][ T6281] Dev loop5: unable to read RDB block 7
[ 2009.477485][ T6281]  loop5: unable to read partition table
[ 2009.489299][ T6281] loop5: partition table beyond EOD, truncated
[ 2009.499549][ T6281] loop_reread_partitions: partition scan of loop5 (��) failed (rc=-5)
[ 2009.880427][ T6292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9687'.
[ 2009.961526][ T6295] bridge0: port 3(erspan0) entered blocking state
[ 2009.968424][ T6295] bridge0: port 3(erspan0) entered disabled state
[ 2010.011723][ T6295] erspan0: entered allmulticast mode
[ 2010.190611][ T6289] FAULT_INJECTION: forcing a failure.
[ 2010.190611][ T6289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2010.240524][ T6289] CPU: 0 UID: 0 PID: 6289 Comm: syz.2.9689 Not tainted syzkaller #0 PREEMPT(full) 
[ 2010.240551][ T6289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2010.240564][ T6289] Call Trace:
[ 2010.240574][ T6289]  <TASK>
[ 2010.240583][ T6289]  dump_stack_lvl+0x189/0x250
[ 2010.240610][ T6289]  ? __pfx____ratelimit+0x10/0x10
[ 2010.240634][ T6289]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2010.240650][ T6289]  ? __pfx__printk+0x10/0x10
[ 2010.240670][ T6289]  ? __might_fault+0xb0/0x130
[ 2010.240712][ T6289]  should_fail_ex+0x414/0x560
[ 2010.240741][ T6289]  _copy_from_user+0x2d/0xb0
[ 2010.240761][ T6289]  get_compat_msghdr+0xad/0x4a0
[ 2010.240793][ T6289]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 2010.240820][ T6289]  ? kstrtouint+0x6e/0xe0
[ 2010.240849][ T6289]  ___sys_sendmsg+0x193/0x2a0
[ 2010.240877][ T6289]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2010.240908][ T6289]  ? rcu_read_lock_any_held+0xb3/0x120
[ 2010.240951][ T6289]  ? __fget_files+0x2a/0x420
[ 2010.240970][ T6289]  ? __fget_files+0x3a0/0x420
[ 2010.240998][ T6289]  __sys_sendmsg+0x164/0x220
[ 2010.241024][ T6289]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2010.241054][ T6289]  ? __pfx_ksys_write+0x10/0x10
[ 2010.241081][ T6289]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 2010.241098][ T6289]  ? lockdep_hardirqs_on+0x98/0x140
[ 2010.241124][ T6289]  __do_fast_syscall_32+0xb6/0x300
[ 2010.241143][ T6289]  ? lockdep_hardirqs_on+0x98/0x140
[ 2010.241171][ T6289]  do_fast_syscall_32+0x34/0x80
[ 2010.241188][ T6289]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2010.241209][ T6289] RIP: 0023:0xf7f87539
[ 2010.241224][ T6289] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2010.241238][ T6289] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2010.241256][ T6289] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000280
[ 2010.241267][ T6289] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 2010.241277][ T6289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2010.241285][ T6289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2010.241296][ T6289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2010.241323][ T6289]  </TASK>
[ 2010.260942][ T6295] erspan0: entered promiscuous mode
[ 2010.811158][ T6298] erspan0: left allmulticast mode
[ 2010.827665][ T6298] erspan0: left promiscuous mode
[ 2010.833360][ T6298] bridge0: port 3(erspan0) entered disabled state
[ 2010.884588][ T6289] bridge0: port 3(erspan0) entered blocking state
[ 2010.893628][ T6289] bridge0: port 3(erspan0) entered disabled state
[ 2010.900366][ T6289] erspan0: entered allmulticast mode
[ 2010.930769][ T6289] erspan0: entered promiscuous mode
[ 2010.945931][ T6289] bridge0: port 3(erspan0) entered blocking state
[ 2010.947684][ T6308] fuse: Bad value for 'group_id'
[ 2010.952540][ T6289] bridge0: port 3(erspan0) entered forwarding state
[ 2010.966369][ T6308] fuse: Bad value for 'group_id'
[ 2010.977569][ T6294] erspan0: left allmulticast mode
[ 2010.982770][ T6294] erspan0: left promiscuous mode
[ 2010.987966][ T6294] bridge0: port 3(erspan0) entered disabled state
[ 2011.002345][ T6306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9692'.
[ 2011.116946][ T6312] can: request_module (can-proto-3) failed.
[ 2011.485710][ T6320] fuse: Unknown parameter '0x0000000000000004'
[ 2011.749730][ T6331] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9701'.
[ 2011.811551][ T6325] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.9699'.
[ 2011.821522][ T6325] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2012.083073][T13828] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[ 2012.123452][ T5887] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[ 2012.198838][ T6342] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9705'.
[ 2012.250245][T13828] usb 6-1: config 0 has an invalid interface number: 160 but max is 0
[ 2012.267828][T13828] usb 6-1: config 0 has no interface number 0
[ 2012.276913][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 2012.295301][T13828] usb 6-1: config 0 interface 160 has no altsetting 0
[ 2012.306979][ T5887] usb 1-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 2012.317919][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2012.330337][T13828] usb 6-1: New USB device found, idVendor=a6da, idProduct=1e78, bcdDevice=56.e4
[ 2012.342350][ T5887] usb 1-1: config 0 descriptor??
[ 2012.348004][T13828] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2012.356786][T13828] usb 6-1: Product: syz
[ 2012.361506][ T6335] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2012.371560][T13828] usb 6-1: Manufacturer: syz
[ 2012.376661][T13828] usb 6-1: SerialNumber: syz
[ 2012.388936][T13828] usb 6-1: config 0 descriptor??
[ 2012.405563][T13828] usb-storage 6-1:0.160: USB Mass Storage device detected
[ 2012.651167][ T6350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9706'.
[ 2012.728216][ T6352] syzkaller1: entered promiscuous mode
[ 2012.782634][ T6352] syzkaller1: entered allmulticast mode
[ 2012.834751][ T6357] netlink: 'syz.3.9708': attribute type 13 has an invalid length.
[ 2012.851273][ T6357] bond0: option fail_over_mac: unable to set because the bond device has slaves
[ 2012.875403][ T5887] kye 0003:0458:500F.004F: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 2012.909452][ T5887] kye 0003:0458:500F.004F: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.0-1/input0
[ 2012.947903][ T5887] kye 0003:0458:500F.004F: tablet-enabling feature report not found
[ 2012.975005][ T5887] kye 0003:0458:500F.004F: tablet enabling failed
[ 2013.099711][ T1211] usb 1-1: USB disconnect, device number 3
[ 2013.197377][ T6360] FAULT_INJECTION: forcing a failure.
[ 2013.197377][ T6360] name failslab, interval 1, probability 0, space 0, times 0
[ 2013.213508][ T6360] CPU: 0 UID: 0 PID: 6360 Comm: syz.3.9710 Not tainted syzkaller #0 PREEMPT(full) 
[ 2013.213536][ T6360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2013.213547][ T6360] Call Trace:
[ 2013.213555][ T6360]  <TASK>
[ 2013.213563][ T6360]  dump_stack_lvl+0x189/0x250
[ 2013.213587][ T6360]  ? __pfx____ratelimit+0x10/0x10
[ 2013.213611][ T6360]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2013.213630][ T6360]  ? __pfx__printk+0x10/0x10
[ 2013.213652][ T6360]  ? __lock_acquire+0x6b6/0x2cf0
[ 2013.213688][ T6360]  should_fail_ex+0x414/0x560
[ 2013.213715][ T6360]  should_failslab+0xa8/0x100
[ 2013.213736][ T6360]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 2013.213760][ T6360]  ? skb_clone+0x212/0x3a0
[ 2013.213780][ T6360]  skb_clone+0x212/0x3a0
[ 2013.213798][ T6360]  __netlink_deliver_tap+0x404/0x850
[ 2013.213831][ T6360]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2013.213855][ T6360]  netlink_deliver_tap+0x19c/0x1b0
[ 2013.213880][ T6360]  netlink_unicast+0x7fa/0x9e0
[ 2013.213912][ T6360]  ? __pfx_netlink_unicast+0x10/0x10
[ 2013.213936][ T6360]  ? netlink_sendmsg+0x642/0xb30
[ 2013.213958][ T6360]  ? skb_put+0x11b/0x210
[ 2013.213985][ T6360]  netlink_sendmsg+0x805/0xb30
[ 2013.214019][ T6360]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2013.214046][ T6360]  ? __import_iovec+0x5d4/0x7f0
[ 2013.214061][ T6360]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2013.214085][ T6360]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2013.214103][ T6360]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2013.214128][ T6360]  __sock_sendmsg+0x21c/0x270
[ 2013.214152][ T6360]  ____sys_sendmsg+0x505/0x820
[ 2013.214184][ T6360]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2013.214212][ T6360]  ? kstrtouint+0x6e/0xe0
[ 2013.214241][ T6360]  ___sys_sendmsg+0x21f/0x2a0
[ 2013.214268][ T6360]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2013.214299][ T6360]  ? rcu_read_lock_any_held+0xb3/0x120
[ 2013.214348][ T6360]  ? __fget_files+0x2a/0x420
[ 2013.214367][ T6360]  ? __fget_files+0x3a0/0x420
[ 2013.214398][ T6360]  __sys_sendmsg+0x164/0x220
[ 2013.214429][ T6360]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2013.214463][ T6360]  ? __pfx_ksys_write+0x10/0x10
[ 2013.214496][ T6360]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 2013.214515][ T6360]  ? lockdep_hardirqs_on+0x98/0x140
[ 2013.214542][ T6360]  __do_fast_syscall_32+0xb6/0x300
[ 2013.214561][ T6360]  ? lockdep_hardirqs_on+0x98/0x140
[ 2013.214590][ T6360]  do_fast_syscall_32+0x34/0x80
[ 2013.214607][ T6360]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2013.214628][ T6360] RIP: 0023:0xf700d539
[ 2013.214645][ T6360] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2013.214661][ T6360] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2013.214681][ T6360] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000100
[ 2013.214694][ T6360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2013.214705][ T6360] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2013.214715][ T6360] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2013.214727][ T6360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2013.214756][ T6360]  </TASK>
[ 2013.972469][ T6367] can: request_module (can-proto-3) failed.
[ 2014.548492][ T2905] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 2014.715500][ T2905] usb 4-1: config 0 has no interfaces?
[ 2014.783520][ T2905] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2014.810299][ T2905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2014.833625][ T5887] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[ 2014.846048][T17076] usb 6-1: USB disconnect, device number 4
[ 2014.852775][ T2905] usb 4-1: Product: syz
[ 2014.879438][ T2905] usb 4-1: Manufacturer: syz
[ 2014.899046][ T2905] usb 4-1: SerialNumber: syz
[ 2014.909930][ T6390] FAULT_INJECTION: forcing a failure.
[ 2014.909930][ T6390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2014.937175][ T2905] usb 4-1: config 0 descriptor??
[ 2014.952556][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: syz.0.9719 Not tainted syzkaller #0 PREEMPT(full) 
[ 2014.952573][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2014.952580][ T6390] Call Trace:
[ 2014.952585][ T6390]  <TASK>
[ 2014.952591][ T6390]  dump_stack_lvl+0x189/0x250
[ 2014.952607][ T6390]  ? __pfx____ratelimit+0x10/0x10
[ 2014.952623][ T6390]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2014.952633][ T6390]  ? __pfx__printk+0x10/0x10
[ 2014.952647][ T6390]  ? __might_fault+0xb0/0x130
[ 2014.952667][ T6390]  should_fail_ex+0x414/0x560
[ 2014.952684][ T6390]  _copy_from_iter+0x1de/0x1790
[ 2014.952697][ T6390]  ? trace_mm_page_alloc+0x3e/0x140
[ 2014.952709][ T6390]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[ 2014.952725][ T6390]  ? __pfx__copy_from_iter+0x10/0x10
[ 2014.952739][ T6390]  ? policy_nodemask+0x27c/0x720
[ 2014.952749][ T6390]  ? aa_file_perm+0x44d/0x1540
[ 2014.952765][ T6390]  ? page_copy_sane+0x4e/0x280
[ 2014.952780][ T6390]  copy_page_from_iter+0xdd/0x170
[ 2014.952797][ T6390]  anon_pipe_write+0x9f8/0x1460
[ 2014.952808][ T6390]  ? __pfx_aa_file_perm+0x10/0x10
[ 2014.952833][ T6390]  ? __pfx_anon_pipe_write+0x10/0x10
[ 2014.952842][ T6390]  ? common_file_perm+0x1b5/0x220
[ 2014.952856][ T6390]  ? bpf_lsm_file_permission+0x9/0x20
[ 2014.952867][ T6390]  ? security_file_permission+0x75/0x290
[ 2014.952888][ T6390]  ? rw_verify_area+0x255/0x4d0
[ 2014.952908][ T6390]  ? import_ubuf+0xfb/0x1d0
[ 2014.952926][ T6390]  aio_write+0x535/0x7a0
[ 2014.952951][ T6390]  ? __pfx_aio_write+0x10/0x10
[ 2014.952984][ T6390]  ? __might_fault+0xb0/0x130
[ 2014.953023][ T6390]  io_submit_one+0x78b/0x1310
[ 2014.953060][ T6390]  ? __pfx_io_submit_one+0x10/0x10
[ 2014.953082][ T6390]  ? __might_fault+0xb0/0x130
[ 2014.953122][ T6390]  ? __might_fault+0xb0/0x130
[ 2014.953148][ T6390]  __ia32_compat_sys_io_submit+0x1c7/0x330
[ 2014.953171][ T6390]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[ 2014.953191][ T6390]  ? ksys_write+0x22a/0x250
[ 2014.953212][ T6390]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 2014.953224][ T6390]  ? lockdep_hardirqs_on+0x98/0x140
[ 2014.953240][ T6390]  __do_fast_syscall_32+0xb6/0x300
[ 2014.953250][ T6390]  ? lockdep_hardirqs_on+0x98/0x140
[ 2014.953267][ T6390]  do_fast_syscall_32+0x34/0x80
[ 2014.953276][ T6390]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2014.953289][ T6390] RIP: 0023:0xf7f52539
[ 2014.953299][ T6390] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2014.953308][ T6390] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 00000000000000f8
[ 2014.953320][ T6390] RAX: ffffffffffffffda RBX: 00000000f5415000 RCX: 0000000000000002
[ 2014.953328][ T6390] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[ 2014.953338][ T6390] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2014.953349][ T6390] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2014.953359][ T6390] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2014.953385][ T6390]  </TASK>
[ 2015.457020][ T6392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2015.581505][ T6392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2015.635417][ T5887] usb 3-1: Using ep0 maxpacket: 16
[ 2015.667382][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2015.700032][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2015.713305][ T5887] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[ 2015.722465][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2015.754486][ T5887] usb 3-1: config 0 descriptor??
[ 2015.852735][ T6399] can: request_module (can-proto-3) failed.
[ 2016.283387][ T2905] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[ 2016.349203][   T30] kauditd_printk_skb: 77 callbacks suppressed
[ 2016.349225][   T30] audit: type=1804 audit(1764731287.941:1854): pid=6406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.9724" name="file0" dev="ramfs" ino=201756 res=1 errno=0
[ 2016.385325][    C0] raw-gadget.3 gadget.0: ignoring, device is not running
[ 2016.563344][ T2905] usb 1-1: device descriptor read/64, error -32
[ 2016.656383][ T5887] ntrig 0003:1B96:0008.0050: unknown main item tag 0x6
[ 2016.677730][ T5887] ntrig 0003:1B96:0008.0050: unknown main item tag 0x0
[ 2016.693421][ T5887] ntrig 0003:1B96:0008.0050: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.2-1/input0
[ 2016.833186][ T2905] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[ 2016.852141][ T5887] ntrig 0003:1B96:0008.0050: Firmware version: 0.0.0.0.0 (0000 0000)
[ 2016.995294][ T2905] usb 1-1: config 3 has an invalid interface number: 177 but max is 0
[ 2017.007656][ T2905] usb 1-1: config 3 has an invalid interface number: 243 but max is 0
[ 2017.028235][ T2905] usb 1-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[ 2017.057288][ T2905] usb 1-1: config 3 has 2 interfaces, different from the descriptor's value: 1
[ 2017.069134][ T6387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2017.079266][ T6387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2017.088895][ T2905] usb 1-1: config 3 has no interface number 0
[ 2017.097865][ T2905] usb 1-1: config 3 has no interface number 1
[ 2017.104685][ T2905] usb 1-1: config 3 interface 177 altsetting 156 endpoint 0xD has invalid maxpacket 1024, setting to 64
[ 2017.117445][ T2905] usb 1-1: config 3 interface 177 altsetting 156 has 2 endpoint descriptors, different from the interface descriptor's value: 15
[ 2017.133757][ T2905] usb 1-1: config 3 interface 243 altsetting 49 has a duplicate endpoint with address 0xF, skipping
[ 2017.145146][ T2905] usb 1-1: config 3 interface 243 altsetting 49 endpoint 0xB has invalid maxpacket 1470, setting to 64
[ 2017.156659][ T2905] usb 1-1: config 3 interface 243 altsetting 49 has 13 endpoint descriptors, different from the interface descriptor's value: 2
[ 2017.170223][ T2905] usb 1-1: config 3 interface 177 has no altsetting 0
[ 2017.180299][ T2905] usb 1-1: config 3 interface 243 has no altsetting 0
[ 2017.256696][ T6420] __nla_validate_parse: 1 callbacks suppressed
[ 2017.256727][ T6420] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9728'.
[ 2017.330842][ T5887] usb 4-1: USB disconnect, device number 28
[ 2017.399934][ T2905] usb 1-1: New USB device found, idVendor=060b, idProduct=a001, bcdDevice=cb.58
[ 2017.421861][ T2905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2017.448699][ T2905] usb 1-1: Product: ᥆猬縠㞈獉ᗉ빾麟ག亻嵼Ｆ뻔쟀젤鄮킰﵅寎埂⁥蟽୊鎫떟쯱슄騈ⶱꜰ㦚鏑Ⴖ瞰㵽ἆ嘮ꈥ鈡꠾㢬䫅꠻㎏泵⨥疇ຟХ쿦퟾汧䍋뉠靬뙡ᣙ䬉켕叜瑂깞⾂䶝俥톓篨⭲䍹왣ꏘࣩᏔ桔睦蹇鷻е䅑陔⋢ⲛ髇츣튄⌥䊱藝璸
[ 2017.448855][ T6423] can: request_module (can-proto-3) failed.
[ 2017.574039][ T2905] usb 1-1: Manufacturer: ᐇ
[ 2017.625533][ T2905] usb 1-1: SerialNumber: и
[ 2017.656074][ T6426] can: request_module (can-proto-3) failed.
[ 2017.986856][ T2905] usb 1-1: USB disconnect, device number 5
[ 2018.178726][T24599] usb 3-1: USB disconnect, device number 122
[ 2018.569038][ T6442] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2018.576867][ T6442] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2018.706354][ T6447] FAULT_INJECTION: forcing a failure.
[ 2018.706354][ T6447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2018.723530][ T6447] CPU: 1 UID: 0 PID: 6447 Comm: syz.0.9734 Not tainted syzkaller #0 PREEMPT(full) 
[ 2018.723557][ T6447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2018.723569][ T6447] Call Trace:
[ 2018.723577][ T6447]  <TASK>
[ 2018.723585][ T6447]  dump_stack_lvl+0x189/0x250
[ 2018.723611][ T6447]  ? __pfx____ratelimit+0x10/0x10
[ 2018.723636][ T6447]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2018.723653][ T6447]  ? __pfx__printk+0x10/0x10
[ 2018.723676][ T6447]  ? __might_fault+0xb0/0x130
[ 2018.723710][ T6447]  should_fail_ex+0x414/0x560
[ 2018.723737][ T6447]  _copy_from_user+0x2d/0xb0
[ 2018.723757][ T6447]  get_compat_msghdr+0xad/0x4a0
[ 2018.723787][ T6447]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 2018.723811][ T6447]  ? __lock_acquire+0x6b6/0x2cf0
[ 2018.723842][ T6447]  ___sys_recvmsg+0x17f/0x510
[ 2018.723858][ T6447]  ? _parse_integer_limit+0x1ae/0x1f0
[ 2018.723881][ T6447]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2018.723896][ T6447]  ? kstrtoull+0x12f/0x1d0
[ 2018.723936][ T6447]  ? __fget_files+0x3a0/0x420
[ 2018.723964][ T6447]  do_recvmmsg+0x36a/0x770
[ 2018.723988][ T6447]  ? __pfx_do_recvmmsg+0x10/0x10
[ 2018.724004][ T6447]  ? ksys_write+0x1cb/0x250
[ 2018.724044][ T6447]  ? __fget_files+0x3a0/0x420
[ 2018.724070][ T6447]  __sys_recvmmsg+0x19d/0x280
[ 2018.724090][ T6447]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 2018.724107][ T6447]  ? __pfx_ksys_write+0x10/0x10
[ 2018.724157][ T6447]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 2018.724180][ T6447]  __do_fast_syscall_32+0xb6/0x300
[ 2018.724199][ T6447]  ? lockdep_hardirqs_on+0x98/0x140
[ 2018.724227][ T6447]  do_fast_syscall_32+0x34/0x80
[ 2018.724246][ T6447]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2018.724266][ T6447] RIP: 0023:0xf7f52539
[ 2018.724283][ T6447] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2018.724298][ T6447] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 2018.724319][ T6447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[ 2018.724332][ T6447] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 2018.724343][ T6447] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2018.724353][ T6447] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2018.724365][ T6447] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2018.724394][ T6447]  </TASK>
[ 2019.088667][ T6444] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.9733'.
[ 2019.098281][ T6444] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2019.113104][T24599] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 2019.263082][T24599] usb 6-1: Using ep0 maxpacket: 16
[ 2019.271871][T24599] usb 6-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[ 2019.295741][T24599] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2019.305807][T24599] usb 6-1: Product: syz
[ 2019.310024][T24599] usb 6-1: Manufacturer: syz
[ 2019.315035][T24599] usb 6-1: SerialNumber: syz
[ 2019.335526][T24599] usb 6-1: config 0 descriptor??
[ 2019.343136][T17076] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 2019.359602][T24599] uvcvideo 6-1:0.0: Found UVC 0.00 device syz (046d:0721)
[ 2019.367586][T24599] uvcvideo 6-1:0.0: No valid video chain found.
[ 2019.496425][T17076] usb 1-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da
[ 2019.505862][T17076] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2019.519621][T17076] usb 1-1: config 0 descriptor??
[ 2019.554215][T17076] pwc: Philips SPC 900NC USB webcam detected.
[ 2019.600469][T24599] usb 6-1: USB disconnect, device number 5
[ 2019.704442][ T6465] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2019.733267][ T6465] syzkaller0: entered promiscuous mode
[ 2019.752972][ T6465] syzkaller0: entered allmulticast mode
[ 2019.786991][ T6465] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9741'.
[ 2019.908101][ T6464] tipc: Resetting bearer <eth:syzkaller0>
[ 2019.975413][ T6464] tipc: Disabling bearer <eth:syzkaller0>
[ 2020.439952][ T6482] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9746'.
[ 2020.450079][ T6482] netlink: 'syz.5.9746': attribute type 7 has an invalid length.
[ 2020.458711][ T6482] netlink: 'syz.5.9746': attribute type 8 has an invalid length.
[ 2020.468540][ T6482] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9746'.
[ 2020.663766][T24599] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 2020.855228][T24599] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2020.876800][T24599] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2020.913276][T24599] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2020.922744][ T6489] syzkaller1: entered promiscuous mode
[ 2020.929231][T24599] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2020.933417][ T6489] syzkaller1: entered allmulticast mode
[ 2020.948552][T24599] usb 4-1: Product: syz
[ 2020.966551][T24599] usb 4-1: Manufacturer: syz
[ 2020.975487][T24599] usb 4-1: SerialNumber: syz
[ 2021.000701][ T6489] netlink: 'syz.5.9749': attribute type 13 has an invalid length.
[ 2021.023365][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9749'.
[ 2021.038071][ T6489] bond0: option fail_over_mac: unable to set because the bond device has slaves
[ 2021.188431][ T6483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2021.220209][ T6483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2021.250639][T24599] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[ 2021.304698][T24599] usb 4-1: USB disconnect, device number 29
[ 2021.411189][ T6498] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.9753'.
[ 2021.423605][ T6498] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2021.673093][ T2351] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 2021.763146][T24599] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[ 2021.825232][ T2351] usb 2-1: config index 0 descriptor too short (expected 64548, got 36)
[ 2021.834031][ T2351] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[ 2021.842133][ T2351] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2021.851441][ T2351] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2021.864764][ T2351] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2021.874844][ T2351] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2021.884256][ T2351] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2021.895842][ T2351] usb 2-1: config 0 descriptor??
[ 2021.936095][T24599] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[ 2021.944784][T24599] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2021.956101][T24599] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2021.966852][T24599] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[ 2021.981684][T24599] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2022.007766][T24599] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2022.021903][T24599] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2022.166665][T17076] pwc: Failed to set LED on/off time (-71)
[ 2022.187511][T17076] pwc: send_video_command error -71
[ 2022.207355][T17076] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 2022.248322][T17076] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[ 2022.251100][ T6508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2022.286601][T17076] usb 1-1: USB disconnect, device number 6
[ 2022.333946][ T6483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2022.335103][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: unknown main item tag 0x0
[ 2022.365755][ T6483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2022.398423][ T6508] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2022.422254][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: unknown main item tag 0x0
[ 2022.446452][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: unknown main item tag 0x0
[ 2022.481945][T24599] usb 4-1: usb_control_msg returned -71
[ 2022.482455][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: unknown main item tag 0x0
[ 2022.498986][T24599] usbtmc 4-1:16.0: can't read capabilities
[ 2022.513105][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: unknown main item tag 0x0
[ 2022.515263][   T30] audit: type=1326 audit(1764731294.481:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2022.554974][ T2351] aquacomputer_d5next 0003:0C70:F0BD.0051: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.1-1/input0
[ 2022.585186][T24599] usb 4-1: USB disconnect, device number 30
[ 2022.640886][   T30] audit: type=1326 audit(1764731294.521:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=312 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2022.744185][T17076] usb 1-1: new low-speed USB device number 7 using dummy_hcd
[ 2022.752166][   T30] audit: type=1326 audit(1764731294.521:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2022.904773][   T30] audit: type=1326 audit(1764731294.521:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2022.937636][T17076] usb 1-1: device descriptor read/64, error -71
[ 2022.966382][   T30] audit: type=1326 audit(1764731294.521:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2022.988829][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2023.006725][   T30] audit: type=1326 audit(1764731294.521:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2023.065060][   T30] audit: type=1326 audit(1764731294.531:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2023.087073][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2023.094971][   T30] audit: type=1326 audit(1764731294.531:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2023.116974][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2023.133673][   T30] audit: type=1326 audit(1764731294.531:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2023.160524][   T30] audit: type=1326 audit(1764731294.531:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6518 comm="syz.2.9761" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[ 2023.213034][T17076] usb 1-1: new low-speed USB device number 8 using dummy_hcd
[ 2023.213235][T13828] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[ 2023.281955][ T2351] usb 2-1: USB disconnect, device number 125
[ 2023.363415][T17076] usb 1-1: device descriptor read/64, error -71
[ 2023.375234][T13828] usb 6-1: No LPM exit latency info found, disabling LPM.
[ 2023.399285][T13828] usb 6-1: config 1 interface 0 altsetting 60 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2023.432963][T13828] usb 6-1: config 1 interface 0 has no altsetting 0
[ 2023.461298][T13828] usb 6-1: string descriptor 0 read error: -22
[ 2023.474134][T17076] usb usb1-port1: attempt power cycle
[ 2023.498626][T13828] usb 6-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40
[ 2023.508239][T13828] usb 6-1: New USB device strings: Mfr=1, Product=99, SerialNumber=211
[ 2023.610367][ T6534] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9766'.
[ 2023.679367][ T6534] syz_tun (unregistering): left promiscuous mode
[ 2023.691139][ T6534] team0: Port device syz_tun removed
[ 2023.727740][T13828] usbhid 6-1:1.0: can't add hid device: -71
[ 2023.735331][T13828] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 2023.762753][T13828] usb 6-1: USB disconnect, device number 6
[ 2023.891036][T17076] usb 1-1: new low-speed USB device number 9 using dummy_hcd
[ 2023.929184][T17076] usb 1-1: device descriptor read/8, error -71
[ 2024.163402][T17076] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[ 2024.194386][T17076] usb 1-1: device descriptor read/8, error -71
[ 2024.233311][T24600] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 2024.393707][T17076] usb usb1-port1: unable to enumerate USB device
[ 2024.495402][T24600] usb 4-1: Using ep0 maxpacket: 32
[ 2024.503761][T24600] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[ 2024.512153][T24600] usb 4-1: config 0 has no interface number 0
[ 2024.525052][T24600] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[ 2024.534943][T24600] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 2024.543270][T24600] usb 4-1: Product: syz
[ 2024.600867][T24600] usb 4-1: Manufacturer: syz
[ 2024.611252][T24600] usb 4-1: config 0 descriptor??
[ 2024.680898][ T6546] fuse: Unknown parameter 'defau�	'
[ 2024.869886][ T6551] ipip0: entered promiscuous mode
[ 2024.875164][ T6551] ipip0: entered allmulticast mode
[ 2024.911771][ T6551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9768'.
[ 2024.930090][ T6551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9768'.
[ 2025.023715][ T6548] netlink: 7064 bytes leftover after parsing attributes in process `syz.5.9769'.
[ 2025.035510][ T6548] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2025.193265][T13828] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 2025.359205][T13828] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2025.375228][T13828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2025.384169][T13828] usb 2-1: Product: syz
[ 2025.388529][T13828] usb 2-1: Manufacturer: syz
[ 2025.395850][T13828] usb 2-1: SerialNumber: syz
[ 2025.440738][T13828] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2025.521597][T24599] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2026.633126][T24599] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 2026.654531][ T6561] can: request_module (can-proto-3) failed.
[ 2026.674392][T24599] ath9k_htc: Failed to initialize the device
[ 2026.724696][T25131] usb 4-1: USB disconnect, device number 31
[ 2026.970559][T24599] usb 2-1: ath9k_htc: USB layer deinitialized
[ 2027.052783][ T6577] xt_bpf: check failed: parse error
[ 2027.085961][ T6570] syzkaller1: entered promiscuous mode
[ 2027.091876][ T6570] syzkaller1: entered allmulticast mode
[ 2027.689859][T24600] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 2027.857692][T24600] usb 4-1: config index 0 descriptor too short (expected 64548, got 36)
[ 2027.887729][T24600] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 2027.900901][T24600] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2027.914809][T24600] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2027.953169][T24600] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2027.991035][T24600] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2028.051140][T24600] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2028.074766][T17076] usb 2-1: USB disconnect, device number 126
[ 2028.112214][T24600] usb 4-1: config 0 descriptor??
[ 2028.323126][T24599] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[ 2028.493047][T24599] usb 1-1: Using ep0 maxpacket: 32
[ 2028.502995][T24599] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 2028.523758][T24599] usb 1-1: config 0 has no interface number 0
[ 2028.601728][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: unknown main item tag 0x0
[ 2028.626250][T24599] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2028.632226][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: unknown main item tag 0x0
[ 2028.680862][T24599] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2028.712595][T24599] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 2028.732447][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: unknown main item tag 0x0
[ 2028.751960][T24599] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2028.758846][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: unknown main item tag 0x0
[ 2028.778673][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: unknown main item tag 0x0
[ 2028.781611][T24599] usb 1-1: config 0 descriptor??
[ 2028.817207][T24600] aquacomputer_d5next 0003:0C70:F0BD.0052: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.3-1/input0
[ 2029.623148][T24599] uclogic 0003:28BD:0094.0053: pen parameters not found
[ 2029.638698][T24599] uclogic 0003:28BD:0094.0053: interface is invalid, ignoring
[ 2029.831268][ T6609] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9784'.
[ 2030.036625][T17076] usb 4-1: USB disconnect, device number 32
[ 2030.090614][ T6614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9783'.
[ 2030.100514][ T6614] bridge_slave_1: left allmulticast mode
[ 2030.154847][ T6614] bridge_slave_1: left promiscuous mode
[ 2030.170939][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2030.200443][ T6614] bridge_slave_0: left allmulticast mode
[ 2030.208958][ T6614] bridge_slave_0: left promiscuous mode
[ 2030.243706][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2030.979724][T24600] usb 1-1: USB disconnect, device number 11
[ 2031.357737][ T6635] pim6reg: entered allmulticast mode
[ 2031.419103][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9786'.
[ 2032.312059][ T6649] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9795'.
[ 2032.903219][T24599] usb 2-1: new low-speed USB device number 127 using dummy_hcd
[ 2032.954027][T24600] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 2033.066187][T24599] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[ 2033.074608][T24599] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[ 2033.083832][T24599] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2033.097436][T24599] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 2033.106619][T24600] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2033.129014][T24599] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 2033.156511][T24599] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 2033.210591][T24599] usb 2-1: string descriptor 0 read error: -22
[ 2033.219720][T24600] usb 1-1: config 0 interface 0 has no altsetting 0
[ 2033.219903][T24599] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 2033.236897][T24599] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2033.249342][T24600] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 2033.267886][T17664] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 2033.279428][T24599] usb 2-1: config 0 descriptor??
[ 2033.285686][T24600] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2033.286675][ T6655] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2033.328541][T24600] usb 1-1: Product: syz
[ 2033.332749][T24600] usb 1-1: Manufacturer: syz
[ 2033.334823][T24599] hub 2-1:0.0: bad descriptor, ignoring hub
[ 2033.348786][T24600] usb 1-1: SerialNumber: syz
[ 2033.349150][T24599] hub 2-1:0.0: probe with driver hub failed with error -5
[ 2033.379847][T24599] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input108
[ 2033.398070][T24600] usb 1-1: config 0 descriptor??
[ 2033.419967][T24600] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 2033.437615][T24600] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2033.438373][T17664] usb 6-1: config index 0 descriptor too short (expected 64548, got 36)
[ 2033.453515][T24600] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 error while loading driver (-23)
[ 2033.471648][T17664] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[ 2033.498480][T17664] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2033.511031][T17664] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2033.572727][T17664] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2033.594993][ T6672] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9801'.
[ 2033.623533][T17664] usb 6-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2033.674674][T17664] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2033.678762][ T6658] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9798'.
[ 2033.701917][T25131] usb 1-1: USB disconnect, device number 12
[ 2033.704043][T17664] usb 6-1: config 0 descriptor??
[ 2033.791972][T24599] usb 2-1: USB disconnect, device number 127
[ 2033.800272][ T6675] can: request_module (can-proto-3) failed.
[ 2034.132842][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: unknown main item tag 0x0
[ 2034.147837][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: unknown main item tag 0x0
[ 2034.158552][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: unknown main item tag 0x0
[ 2034.168426][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: unknown main item tag 0x0
[ 2034.178512][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: unknown main item tag 0x0
[ 2034.201581][T17664] aquacomputer_d5next 0003:0C70:F0BD.0054: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.5-1/input0
[ 2035.138015][T17664] usb 6-1: USB disconnect, device number 7
[ 2035.481185][ T6710] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9811'.
[ 2035.523027][ T2351] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[ 2035.826640][ T2351] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 2035.873032][ T2351] usb 4-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 2035.882115][ T2351] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2036.126787][ T2351] usb 4-1: config 0 descriptor??
[ 2036.132574][ T6702] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2036.567788][ T2351] kye 0003:0458:500F.0055: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 2036.599339][ T2351] kye 0003:0458:500F.0055: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.3-1/input0
[ 2036.623314][ T2351] kye 0003:0458:500F.0055: tablet-enabling feature report not found
[ 2036.631919][ T2351] kye 0003:0458:500F.0055: tablet enabling failed
[ 2036.643218][T13828] usb 1-1: new low-speed USB device number 13 using dummy_hcd
[ 2036.777787][T24600] usb 4-1: USB disconnect, device number 33
[ 2036.826189][T13828] usb 1-1: config index 0 descriptor too short (expected 1307, got 27)
[ 2036.836172][T13828] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[ 2036.846819][T13828] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2036.861093][T13828] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 2036.874395][T13828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 2036.885824][T13828] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 2036.902036][T13828] usb 1-1: string descriptor 0 read error: -22
[ 2036.908475][T13828] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 2036.917765][T13828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2036.927915][T13828] usb 1-1: config 0 descriptor??
[ 2036.933871][ T6726] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2036.942127][T13828] hub 1-1:0.0: bad descriptor, ignoring hub
[ 2036.948649][T13828] hub 1-1:0.0: probe with driver hub failed with error -5
[ 2036.959106][T13828] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input109
[ 2036.993102][ T2351] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[ 2037.083125][T25131] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 2037.155131][ T2351] usb 2-1: config 0 has an invalid interface number: 160 but max is 0
[ 2037.174065][ T2351] usb 2-1: config 0 has no interface number 0
[ 2037.181047][ T2351] usb 2-1: config 0 interface 160 has no altsetting 0
[ 2037.190981][T15240] usb 1-1: USB disconnect, device number 13
[ 2037.216094][ T2351] usb 2-1: New USB device found, idVendor=a6da, idProduct=1e78, bcdDevice=56.e4
[ 2037.228070][ T2351] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2037.240772][T25131] usb 6-1: Using ep0 maxpacket: 32
[ 2037.246273][ T2351] usb 2-1: Product: syz
[ 2037.250594][ T2351] usb 2-1: Manufacturer: syz
[ 2037.256352][ T2351] usb 2-1: SerialNumber: syz
[ 2037.262166][T25131] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2037.275642][T25131] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2037.287621][ T2351] usb 2-1: config 0 descriptor??
[ 2037.294094][T25131] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[ 2037.303480][T25131] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2037.314999][ T2351] usb-storage 2-1:0.160: USB Mass Storage device detected
[ 2037.326888][T25131] usb 6-1: config 0 descriptor??
[ 2037.377183][ T6750] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9823'.
[ 2037.438342][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.448064][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 2037.684085][ T6759] binder_alloc: 6758: binder_alloc_buf, no vma
[ 2037.979798][ T6765] wireguard0: entered promiscuous mode
[ 2037.989870][ T6765] wireguard0: entered allmulticast mode
[ 2038.012717][ T6765] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2038.025637][ T6765] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2038.037412][ T6772] netlink: 'syz.5.9822': attribute type 2 has an invalid length.
[ 2038.105427][ T6765] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2038.120264][ T6765] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2038.163972][ T6775] input: syz0 as /devices/virtual/input/input110
[ 2038.314764][T15240] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[ 2038.488682][T15240] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2038.502351][T15240] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2038.553194][T15240] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2038.588364][T15240] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2038.600476][ T6773] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2038.752555][T15240] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2039.201736][T15240] usb 1-1: USB disconnect, device number 14
[ 2039.782030][ T3469] usb 2-1: USB disconnect, device number 2
[ 2039.954889][T25131] usbhid 6-1:0.0: can't add hid device: -71
[ 2039.961424][T25131] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2039.988150][T25131] usb 6-1: USB disconnect, device number 8
[ 2040.263606][T13828] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[ 2040.438152][T13828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 2040.478006][T30211] Bluetooth: hci4: command 0x0c1a tx timeout
[ 2040.485751][T24600] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 2040.503385][T24600] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[ 2040.541522][T13828] usb 2-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 2040.574847][T13828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2040.599698][T13828] usb 2-1: config 0 descriptor??
[ 2040.616932][ T6787] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2041.113516][T24600] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 2041.131450][T13828] kye 0003:0458:500F.0056: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 2041.178154][T13828] kye 0003:0458:500F.0056: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.1-1/input0
[ 2041.247903][T13828] kye 0003:0458:500F.0056: tablet-enabling feature report not found
[ 2041.286400][T13828] kye 0003:0458:500F.0056: tablet enabling failed
[ 2041.302012][T24600] usb 4-1: Using ep0 maxpacket: 32
[ 2041.331630][T24600] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2041.340523][T13828] usb 2-1: USB disconnect, device number 3
[ 2041.428589][T24600] usb 4-1: config 0 has no interface number 0
[ 2041.467455][T24600] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 2041.506941][T24600] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2041.616005][ T6817] fido_id[6817]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 2041.660532][T24600] usb 4-1: Product: syz
[ 2041.674361][T24600] usb 4-1: Manufacturer: syz
[ 2041.674513][ T2905] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 2041.678998][T24600] usb 4-1: SerialNumber: syz
[ 2041.736589][T24600] usb 4-1: config 0 descriptor??
[ 2041.766901][T24600] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 2041.809358][T24600] usb 4-1: selecting invalid altsetting 1
[ 2041.825930][T24600] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 2041.858148][T24600] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 2041.903129][ T2905] usb 1-1: Using ep0 maxpacket: 32
[ 2041.921059][ T2905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2042.017563][ T2905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2042.031963][T24600] dvb_usb_ce6230 4-1:0.1: probe with driver dvb_usb_ce6230 failed with error -23
[ 2042.135184][ T2905] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[ 2042.171667][ T2905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2042.223914][ T6814] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9844'.
[ 2042.233880][ T2905] usb 1-1: config 0 descriptor??
[ 2042.806249][T13828] usb 4-1: USB disconnect, device number 34
[ 2042.899791][ T6838] netlink: 'syz.0.9846': attribute type 2 has an invalid length.
[ 2042.979126][ T6840] FAULT_INJECTION: forcing a failure.
[ 2042.979126][ T6840] name failslab, interval 1, probability 0, space 0, times 0
[ 2043.043164][ T6840] CPU: 1 UID: 0 PID: 6840 Comm: syz.2.9850 Not tainted syzkaller #0 PREEMPT(full) 
[ 2043.043192][ T6840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2043.043204][ T6840] Call Trace:
[ 2043.043212][ T6840]  <TASK>
[ 2043.043221][ T6840]  dump_stack_lvl+0x189/0x250
[ 2043.043244][ T6840]  ? __pfx____ratelimit+0x10/0x10
[ 2043.043267][ T6840]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2043.043286][ T6840]  ? __pfx__printk+0x10/0x10
[ 2043.043321][ T6840]  should_fail_ex+0x414/0x560
[ 2043.043346][ T6840]  should_failslab+0xa8/0x100
[ 2043.043367][ T6840]  __kmalloc_cache_noprof+0x6f/0x6e0
[ 2043.043390][ T6840]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 2043.043412][ T6840]  ? sctp_add_bind_addr+0x8c/0x370
[ 2043.043441][ T6840]  sctp_add_bind_addr+0x8c/0x370
[ 2043.043468][ T6840]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 2043.043492][ T6840]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 2043.043515][ T6840]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 2043.043543][ T6840]  ? sctp_v4_is_any+0x35/0x60
[ 2043.043566][ T6840]  ? sctp_copy_one_addr+0x93/0x360
[ 2043.043593][ T6840]  sctp_bind_addr_copy+0xb3/0x3c0
[ 2043.043618][ T6840]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 2043.043644][ T6840]  sctp_connect_new_asoc+0x2e0/0x690
[ 2043.043667][ T6840]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 2043.043688][ T6840]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 2043.043711][ T6840]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 2043.043727][ T6840]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 2043.043747][ T6840]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 2043.043767][ T6840]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 2043.043796][ T6840]  sctp_sendmsg+0x155c/0x2810
[ 2043.043828][ T6840]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 2043.043845][ T6840]  ? aa_sk_perm+0x160/0x920
[ 2043.043867][ T6840]  ? aa_sk_perm+0x7f0/0x920
[ 2043.043893][ T6840]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2043.043916][ T6840]  ? sock_rps_record_flow+0x19/0x410
[ 2043.043945][ T6840]  ? inet_sendmsg+0x2f4/0x370
[ 2043.043967][ T6840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2043.043989][ T6840]  __sock_sendmsg+0x19c/0x270
[ 2043.044014][ T6840]  __sys_sendto+0x3bd/0x520
[ 2043.044040][ T6840]  ? __pfx___sys_sendto+0x10/0x10
[ 2043.044060][ T6840]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 2043.044100][ T6840]  ? __fget_files+0x3a0/0x420
[ 2043.044132][ T6840]  ? ksys_write+0x22a/0x250
[ 2043.044159][ T6840]  ? __pfx_ksys_write+0x10/0x10
[ 2043.044188][ T6840]  __ia32_sys_sendto+0xdd/0x100
[ 2043.044216][ T6840]  __do_fast_syscall_32+0xb6/0x300
[ 2043.044243][ T6840]  do_fast_syscall_32+0x34/0x80
[ 2043.044261][ T6840]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2043.044283][ T6840] RIP: 0023:0xf7f87539
[ 2043.044300][ T6840] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2043.044316][ T6840] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[ 2043.044336][ T6840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 2043.044348][ T6840] RDX: 0000000000034000 RSI: 000000002000c8d4 RDI: 00000000800000c0
[ 2043.044360][ T6840] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[ 2043.044371][ T6840] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2043.044383][ T6840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2043.044412][ T6840]  </TASK>
[ 2043.375963][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2043.683099][ T2351] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 2043.833914][ T2351] usb 6-1: Using ep0 maxpacket: 32
[ 2043.841345][ T2351] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2043.864481][ T2351] usb 6-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.40
[ 2043.874242][ T2351] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2043.883285][ T2351] usb 6-1: Product: syz
[ 2043.887679][ T2351] usb 6-1: Manufacturer: syz
[ 2043.892636][ T2351] usb 6-1: SerialNumber: syz
[ 2043.987686][ T2351] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input111
[ 2044.115284][ T5193] bcm5974 6-1:1.0: could not read from device
[ 2044.143248][ T5193] bcm5974 6-1:1.0: could not read from device
[ 2044.185278][ T2351] usb 6-1: USB disconnect, device number 9
[ 2044.218366][ T5193] bcm5974 6-1:1.0: could not read from device
[ 2044.474328][ T3469] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 2044.669429][ T3469] usb 4-1: config index 0 descriptor too short (expected 64548, got 36)
[ 2044.691488][ T3469] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 2044.753582][ T3469] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2044.773312][ T2351] usb 3-1: new full-speed USB device number 123 using dummy_hcd
[ 2044.793470][ T3469] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2044.829295][ T3469] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2044.850006][ T3469] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 2044.851018][ T2905] usbhid 1-1:0.0: can't add hid device: -71
[ 2044.886725][ T6862] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9859'.
[ 2044.918037][ T3469] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2044.923576][ T2905] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2044.960935][ T2351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 2044.975706][ T2905] usb 1-1: USB disconnect, device number 15
[ 2044.992625][ T2351] usb 3-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00
[ 2045.026512][ T2351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2045.038163][ T3469] usb 4-1: config 0 descriptor??
[ 2045.079097][ T2351] usb 3-1: config 0 descriptor??
[ 2045.094877][ T6860] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 2045.547657][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: unknown main item tag 0x0
[ 2045.556122][ T2351] kye 0003:0458:500F.0058: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 2045.567550][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: unknown main item tag 0x0
[ 2045.617943][ T2351] kye 0003:0458:500F.0058: hidraw0: USB HID v0.05 Device [HID 0458:500f] on usb-dummy_hcd.2-1/input0
[ 2045.631508][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: unknown main item tag 0x0
[ 2045.653364][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: unknown main item tag 0x0
[ 2045.675648][ T2351] kye 0003:0458:500F.0058: tablet-enabling feature report not found
[ 2045.701393][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: unknown main item tag 0x0
[ 2045.725413][ T2351] kye 0003:0458:500F.0058: tablet enabling failed
[ 2045.791488][ T3469] aquacomputer_d5next 0003:0C70:F0BD.0057: hidraw1: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.3-1/input0
[ 2045.820998][ T2351] usb 3-1: USB disconnect, device number 123
[ 2046.375116][ T3469] usb 4-1: USB disconnect, device number 35
[ 2046.532489][ T6884] binder: 6883:6884 ioctl c018620c 80000000 returned -22
[ 2046.716862][ T6886] binder: 6885:6886 ioctl 4b46 80000040 returned -22
[ 2046.872760][ T4170] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.923315][ T4170] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.942517][ T4170] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.980777][ T4170] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2047.336039][ T3469] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[ 2047.364937][ T6906] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9872'.
[ 2047.499340][ T3469] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 2047.510279][ T3469] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2047.543539][ T3469] usb 3-1: Product: syz
[ 2047.547940][ T3469] usb 3-1: Manufacturer: syz
[ 2047.574934][ T3469] usb 3-1: SerialNumber: syz
[ 2047.582467][ T3469] usb 3-1: config 0 descriptor??
[ 2047.604921][ T3469] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 2047.633302][ T6910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9874'.
[ 2047.644374][ T6912] IPv6: addrconf: prefix option has invalid lifetime
[ 2048.030045][ T6894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2048.063398][ T6894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2048.239655][ T6933] dlm: non-version read from control device 222
[ 2048.433109][ T2905] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 2049.853107][ T2905] usb 2-1: Using ep0 maxpacket: 8
[ 2049.860019][ T2905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2049.896350][ T2905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2049.928984][ T2905] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2049.965180][ T2905] usb 2-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[ 2049.997705][ T2905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2050.032447][ T2905] usb 2-1: config 0 descriptor??
[ 2050.057712][ T6954] netlink: 226 bytes leftover after parsing attributes in process `syz.3.9889'.
[ 2050.173480][T24600] usb 3-1: USB disconnect, device number 124
[ 2050.255643][ T2905] apple 0003:05AC:027A.0059: hidraw0: USB HID v0.07 Device [HID 05ac:027a] on usb-dummy_hcd.1-1/input0
[ 2050.696530][ T6975] loop2: detected capacity change from 0 to 7
[ 2050.714303][ T2972] Dev loop2: unable to read RDB block 7
[ 2050.730477][ T2972]  loop2: unable to read partition table
[ 2050.743339][ T2972] loop2: partition table beyond EOD, truncated
[ 2050.765170][ T6975] Dev loop2: unable to read RDB block 7
[ 2050.770794][ T6975]  loop2: unable to read partition table
[ 2050.785095][ T6975] loop2: partition table beyond EOD, truncated
[ 2050.794840][ T6975] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 2050.824825][ T5208] Dev loop2: unable to read RDB block 7
[ 2050.830567][ T5208]  loop2: unable to read partition table
[ 2050.836988][ T5208] loop2: partition table beyond EOD, truncated
[ 2051.472521][ T3469] usb 2-1: USB disconnect, device number 4
[ 2051.498317][ T6992] netlink: 7064 bytes leftover after parsing attributes in process `syz.5.9902'.
[ 2051.520589][ T6992] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2052.323350][ T7015] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2052.364399][ T7015] syzkaller0: entered promiscuous mode
[ 2052.377581][ T7015] syzkaller0: entered allmulticast mode
[ 2052.429210][ T7020] tipc: Resetting bearer <eth:syzkaller0>
[ 2052.494345][ T7014] tipc: Resetting bearer <eth:syzkaller0>
[ 2052.553904][ T7014] tipc: Disabling bearer <eth:syzkaller0>
[ 2052.609507][ T7027] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 2052.913868][ T7038] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2053.025972][ T7041] FAULT_INJECTION: forcing a failure.
[ 2053.025972][ T7041] name failslab, interval 1, probability 0, space 0, times 0
[ 2053.203895][ T7041] CPU: 0 UID: 0 PID: 7041 Comm: syz.0.9916 Not tainted syzkaller #0 PREEMPT(full) 
[ 2053.203913][ T7041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2053.203919][ T7041] Call Trace:
[ 2053.203924][ T7041]  <TASK>
[ 2053.203930][ T7041]  dump_stack_lvl+0x189/0x250
[ 2053.203946][ T7041]  ? __pfx____ratelimit+0x10/0x10
[ 2053.203961][ T7041]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2053.203971][ T7041]  ? __pfx__printk+0x10/0x10
[ 2053.203988][ T7041]  ? __pfx___might_resched+0x10/0x10
[ 2053.204001][ T7041]  should_fail_ex+0x414/0x560
[ 2053.204017][ T7041]  should_failslab+0xa8/0x100
[ 2053.204030][ T7041]  __kmalloc_noprof+0xcb/0x7e0
[ 2053.204043][ T7041]  ? kernel_fpu_end+0xd2/0x120
[ 2053.204054][ T7041]  ? skcipher_next_slow+0xee/0x230
[ 2053.204069][ T7041]  ? skcipher_walk_next+0x7b3/0xbe0
[ 2053.204085][ T7041]  skcipher_next_slow+0xee/0x230
[ 2053.204101][ T7041]  ecb_decrypt+0x10a/0x190
[ 2053.204111][ T7041]  ? __pfx_ecb_decrypt+0x10/0x10
[ 2053.204128][ T7041]  ? __asan_memcpy+0x40/0x70
[ 2053.204142][ T7041]  ? lrw_init_crypt+0x1e1/0x290
[ 2053.204152][ T7041]  ? gf128mul_64k_bbe+0x24/0x980
[ 2053.204165][ T7041]  lrw_decrypt+0x3f/0x80
[ 2053.204175][ T7041]  skcipher_recvmsg+0xb37/0x11d0
[ 2053.204197][ T7041]  ? __pfx_skcipher_recvmsg+0x10/0x10
[ 2053.204210][ T7041]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 2053.204220][ T7041]  ? security_socket_recvmsg+0x7e/0x2e0
[ 2053.204235][ T7041]  ? __pfx_skcipher_recvmsg+0x10/0x10
[ 2053.204246][ T7041]  sock_recvmsg+0x22c/0x270
[ 2053.204261][ T7041]  ____sys_recvmsg+0x1c9/0x460
[ 2053.204281][ T7041]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 2053.204294][ T7041]  ? get_compat_msghdr+0x37e/0x4a0
[ 2053.204315][ T7041]  ? __lock_acquire+0x6b6/0x2cf0
[ 2053.204335][ T7041]  ___sys_recvmsg+0x1b5/0x510
[ 2053.204348][ T7041]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2053.204370][ T7041]  ? __fget_files+0x3a0/0x420
[ 2053.204387][ T7041]  __sys_recvmsg+0x161/0x220
[ 2053.204403][ T7041]  ? __pfx___sys_recvmsg+0x10/0x10
[ 2053.204422][ T7041]  ? __pfx_ksys_write+0x10/0x10
[ 2053.204438][ T7041]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 2053.204449][ T7041]  ? lockdep_hardirqs_on+0x98/0x140
[ 2053.204465][ T7041]  __do_fast_syscall_32+0xb6/0x300
[ 2053.204476][ T7041]  ? lockdep_hardirqs_on+0x98/0x140
[ 2053.204492][ T7041]  do_fast_syscall_32+0x34/0x80
[ 2053.204503][ T7041]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2053.204514][ T7041] RIP: 0023:0xf7f52539
[ 2053.204524][ T7041] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2053.204533][ T7041] RSP: 002b:00000000f544655c EFLAGS: 00000206 ORIG_RAX: 0000000000000174
[ 2053.204545][ T7041] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 2053.204552][ T7041] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2053.204558][ T7041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2053.204564][ T7041] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2053.204570][ T7041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2053.204586][ T7041]  </TASK>
[ 2053.953393][ T7049] can: request_module (can-proto-3) failed.
[ 2054.171667][ T7063] netlink: 'syz.2.9923': attribute type 9 has an invalid length.
[ 2054.889338][ T7077] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.9929'.
[ 2054.913826][ T2905] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[ 2054.922577][ T7077] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 2055.067384][ T2905] usb 1-1: config 0 has an invalid interface number: 82 but max is 0
[ 2055.079163][ T2905] usb 1-1: config 0 has no interface number 0
[ 2055.093190][ T7090] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9930'.
[ 2055.179385][ T2905] usb 1-1: New USB device found, idVendor=0506, idProduct=11f8, bcdDevice=b6.28
[ 2055.201358][ T2905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2055.386513][ T2905] usb 1-1: Product: syz
[ 2055.403157][ T2905] usb 1-1: Manufacturer: syz
[ 2055.408093][ T2905] usb 1-1: SerialNumber: syz
[ 2055.421764][ T2905] usb 1-1: config 0 descriptor??
[ 2055.648037][ T2905] kaweth 1-1:0.82: Firmware present in device.
[ 2055.863147][ T2905] kaweth 1-1:0.82: Statistics collection: 0
[ 2055.879351][ T2905] kaweth 1-1:0.82: Multicast filter limit: 0
[ 2055.904942][ T2905] kaweth 1-1:0.82: MTU: 0
[ 2055.909351][ T2905] kaweth 1-1:0.82: Read MAC address 00:00:00:00:00:00
[ 2056.392085][ T7117] FAULT_INJECTION: forcing a failure.
[ 2056.392085][ T7117] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2056.412846][ T7117] CPU: 1 UID: 0 PID: 7117 Comm: syz.2.9940 Not tainted syzkaller #0 PREEMPT(full) 
[ 2056.412875][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2056.412886][ T7117] Call Trace:
[ 2056.412895][ T7117]  <TASK>
[ 2056.412903][ T7117]  dump_stack_lvl+0x189/0x250
[ 2056.412925][ T7117]  ? __pfx____ratelimit+0x10/0x10
[ 2056.412948][ T7117]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2056.412966][ T7117]  ? __pfx__printk+0x10/0x10
[ 2056.412988][ T7117]  ? __might_fault+0xb0/0x130
[ 2056.413023][ T7117]  should_fail_ex+0x414/0x560
[ 2056.413048][ T7117]  _copy_from_user+0x2d/0xb0
[ 2056.413067][ T7117]  copy_uabi_to_xstate+0x397/0x970
[ 2056.413097][ T7117]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[ 2056.413118][ T7117]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2056.413144][ T7117]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 2056.413169][ T7117]  ? x86_task_fpu+0x4c/0x90
[ 2056.413190][ T7117]  fpu__restore_sig+0xf54/0x10d0
[ 2056.413210][ T7117]  ? fpu__restore_sig+0xa48/0x10d0
[ 2056.413238][ T7117]  ? __pfx_fpu__restore_sig+0x10/0x10
[ 2056.413289][ T7117]  ia32_restore_sigcontext+0x449/0x5b0
[ 2056.413317][ T7117]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[ 2056.413348][ T7117]  ? cgroup_freezing+0x20/0x350
[ 2056.413371][ T7117]  ? cgroup_freezing+0x20/0x350
[ 2056.413391][ T7117]  ? cgroup_freezing+0x20/0x350
[ 2056.413425][ T7117]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2056.413447][ T7117]  ? lockdep_hardirqs_on+0x98/0x140
[ 2056.413472][ T7117]  __ia32_compat_sys_rt_sigreturn+0x1a9/0x260
[ 2056.413499][ T7117]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[ 2056.413528][ T7117]  ? do_int80_emulation+0xec/0x3f0
[ 2056.413545][ T7117]  ? asm_int80_emulation+0x1a/0x20
[ 2056.413563][ T7117]  do_int80_emulation+0x126/0x3f0
[ 2056.413581][ T7117]  ? clear_bhb_loop+0x60/0xb0
[ 2056.413597][ T7117]  ? clear_bhb_loop+0x60/0xb0
[ 2056.413617][ T7117]  asm_int80_emulation+0x1a/0x20
[ 2056.413633][ T7117] RIP: 0023:0xf7f87539
[ 2056.413649][ T7117] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2056.413664][ T7117] RSP: 002b:00000000f547655c EFLAGS: 00000206
[ 2056.413681][ T7117] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
[ 2056.413693][ T7117] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[ 2056.413705][ T7117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2056.413715][ T7117] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2056.413727][ T7117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2056.413756][ T7117]  </TASK>
[ 2056.472995][ T2905] kaweth 1-1:0.82: Error setting receive filter
[ 2056.477886][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2056.681971][ T2905] kaweth 1-1:0.82: probe with driver kaweth failed with error -5
[ 2056.697184][ T2905] usb 1-1: USB disconnect, device number 16
[ 2056.856734][ T7123] FAULT_INJECTION: forcing a failure.
[ 2056.856734][ T7123] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2056.871239][ T7123] CPU: 0 UID: 0 PID: 7123 Comm: syz.3.9944 Not tainted syzkaller #0 PREEMPT(full) 
[ 2056.871263][ T7123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2056.871274][ T7123] Call Trace:
[ 2056.871282][ T7123]  <TASK>
[ 2056.871290][ T7123]  dump_stack_lvl+0x189/0x250
[ 2056.871314][ T7123]  ? __pfx____ratelimit+0x10/0x10
[ 2056.871337][ T7123]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2056.871358][ T7123]  ? __pfx__printk+0x10/0x10
[ 2056.871379][ T7123]  ? __might_fault+0xb0/0x130
[ 2056.871412][ T7123]  should_fail_ex+0x414/0x560
[ 2056.871438][ T7123]  _copy_from_user+0x2d/0xb0
[ 2056.871457][ T7123]  copy_uabi_to_xstate+0x397/0x970
[ 2056.871486][ T7123]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[ 2056.871506][ T7123]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2056.871536][ T7123]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 2056.871564][ T7123]  ? x86_task_fpu+0x4c/0x90
[ 2056.871585][ T7123]  fpu__restore_sig+0xf54/0x10d0
[ 2056.871606][ T7123]  ? fpu__restore_sig+0xa48/0x10d0
[ 2056.871634][ T7123]  ? __pfx_fpu__restore_sig+0x10/0x10
[ 2056.871683][ T7123]  ia32_restore_sigcontext+0x449/0x5b0
[ 2056.871711][ T7123]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[ 2056.871735][ T7123]  ? cgroup_freezing+0x20/0x350
[ 2056.871757][ T7123]  ? cgroup_freezing+0x20/0x350
[ 2056.871777][ T7123]  ? cgroup_freezing+0x20/0x350
[ 2056.871811][ T7123]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2056.871832][ T7123]  ? lockdep_hardirqs_on+0x98/0x140
[ 2056.871858][ T7123]  __ia32_compat_sys_rt_sigreturn+0x1a9/0x260
[ 2056.871885][ T7123]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[ 2056.871916][ T7123]  ? do_int80_emulation+0xec/0x3f0
[ 2056.871935][ T7123]  ? asm_int80_emulation+0x1a/0x20
[ 2056.871953][ T7123]  do_int80_emulation+0x126/0x3f0
[ 2056.871970][ T7123]  ? clear_bhb_loop+0x60/0xb0
[ 2056.871986][ T7123]  ? clear_bhb_loop+0x60/0xb0
[ 2056.872008][ T7123]  asm_int80_emulation+0x1a/0x20
[ 2056.872024][ T7123] RIP: 0023:0xf700d537
[ 2056.872040][ T7123] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2056.872055][ T7123] RSP: 002b:00000000f53fd55c EFLAGS: 00000206
[ 2056.872072][ T7123] RAX: 0000000000000151 RBX: 0000000000000003 RCX: 0000000080000740
[ 2056.872084][ T7123] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 0000000000000000
[ 2056.872095][ T7123] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2056.872105][ T7123] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2056.872127][ T7123] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2056.872153][ T7123]  </TASK>
[ 2057.273795][ T5887] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[ 2057.400880][ T7133] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9946'.
[ 2057.411727][ T7133] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9946'.
[ 2057.424250][ T5887] usb 6-1: device descriptor read/64, error -71
[ 2057.619111][ T7139] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2057.634426][ T7145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9949'.
[ 2057.691906][ T5887] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[ 2057.855095][ T5887] usb 6-1: device descriptor read/64, error -71
[ 2057.964505][ T5887] usb usb6-port1: attempt power cycle
[ 2057.982726][ T7151] ------------[ cut here ]------------
[ 2057.988368][ T7151] WARNING: drivers/gpu/drm/drm_prime.c:223 at drm_prime_destroy_file_private+0x4b/0x60, CPU#1: syz.3.9951/7151
[ 2058.000404][ T7151] Modules linked in:
[ 2058.004414][ T7151] CPU: 1 UID: 0 PID: 7151 Comm: syz.3.9951 Not tainted syzkaller #0 PREEMPT(full) 
[ 2058.014393][ T7151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2058.024728][ T7151] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[ 2058.031577][ T7151] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 5d 59 f2 fc 48 83 3b 00 75 0c e8 c2 d6 8c fc 5b c3 cc cc cc cc cc e8 b6 d6 8c fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[ 2058.051349][ T7151] RSP: 0018:ffffc9000d7ffc40 EFLAGS: 00010293
[ 2058.057493][ T7151] RAX: ffffffff8534103a RBX: ffff888021bb0410 RCX: ffff888064525b80
[ 2058.065680][ T7151] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888021bb0380
[ 2058.074102][ T7151] RBP: ffff888021bb02c8 R08: ffffc9000d7ffbc7 R09: 1ffff92001afff78
[ 2058.082149][ T7151] R10: dffffc0000000000 R11: fffff52001afff79 R12: dffffc0000000000
[ 2058.090399][ T7151] R13: dead000000000100 R14: 0000000000000000 R15: ffff888021bb02d8
[ 2058.098512][ T7151] FS:  0000000000000000(0000) GS:ffff8881261c5000(0063) knlGS:00000000575a4440
[ 2058.107536][ T7151] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 2058.114198][ T7151] CR2: 000000002e11cff8 CR3: 0000000056282000 CR4: 00000000003526f0
[ 2058.122251][ T7151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2058.130305][ T7151] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2058.138364][ T7151] Call Trace:
[ 2058.141648][ T7151]  <TASK>
[ 2058.144667][ T7151]  drm_file_free+0x7f2/0xa00
[ 2058.149285][ T7151]  drm_release+0x2de/0x3f0
[ 2058.154260][ T7151]  ? __pfx_drm_release+0x10/0x10
[ 2058.159229][ T7151]  __fput+0x44c/0xa70
[ 2058.163388][ T7151]  task_work_run+0x1d4/0x260
[ 2058.168007][ T7151]  ? __pfx_task_work_run+0x10/0x10
[ 2058.173230][ T7151]  ? exit_to_user_mode_loop+0x40/0x130
[ 2058.178780][ T7151]  exit_to_user_mode_loop+0xe9/0x130
[ 2058.184207][ T7151]  __do_fast_syscall_32+0x1fe/0x300
[ 2058.189405][ T7151]  ? lockdep_hardirqs_on+0x98/0x140
[ 2058.194734][ T7151]  do_fast_syscall_32+0x34/0x80
[ 2058.199605][ T7151]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2058.205992][ T7151] RIP: 0023:0xf700d539
[ 2058.210081][ T7151] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2058.229772][ T7151] RSP: 002b:00000000f74ffaec EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
[ 2058.238232][ T7151] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[ 2058.246368][ T7151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2058.254549][ T7151] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 2058.262579][ T7151] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2058.270622][ T7151] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2058.278972][ T7151]  </TASK>
[ 2058.282031][ T7151] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2058.289384][ T7151] CPU: 1 UID: 0 PID: 7151 Comm: syz.3.9951 Not tainted syzkaller #0 PREEMPT(full) 
[ 2058.298646][ T7151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2058.308715][ T7151] Call Trace:
[ 2058.311980][ T7151]  <TASK>
[ 2058.314904][ T7151]  dump_stack_lvl+0x99/0x250
[ 2058.319591][ T7151]  ? __asan_memcpy+0x40/0x70
[ 2058.324180][ T7151]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2058.329369][ T7151]  ? __pfx__printk+0x10/0x10
[ 2058.333979][ T7151]  vpanic+0x237/0x6d0
[ 2058.337978][ T7151]  ? __pfx_vpanic+0x10/0x10
[ 2058.342474][ T7151]  ? is_bpf_text_address+0x292/0x2b0
[ 2058.347745][ T7151]  ? is_bpf_text_address+0x26/0x2b0
[ 2058.352939][ T7151]  panic+0xb9/0xc0
[ 2058.356645][ T7151]  ? __pfx_panic+0x10/0x10
[ 2058.361096][ T7151]  __warn+0x317/0x4b0
[ 2058.365080][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.371147][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.377236][ T7151]  __report_bug+0x288/0x500
[ 2058.381733][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.387796][ T7151]  ? __pfx___report_bug+0x10/0x10
[ 2058.392817][ T7151]  ? lockdep_hardirqs_on+0x98/0x140
[ 2058.398005][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.404149][ T7151]  ? report_bug+0x15d/0x220
[ 2058.408646][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.414703][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.420843][ T7151]  report_bug+0x16a/0x220
[ 2058.425161][ T7151]  ? drm_prime_destroy_file_private+0x4b/0x60
[ 2058.431297][ T7151]  ? drm_prime_destroy_file_private+0x4d/0x60
[ 2058.437354][ T7151]  handle_bug+0x98/0x200
[ 2058.441593][ T7151]  exc_invalid_op+0x1a/0x50
[ 2058.446123][ T7151]  asm_exc_invalid_op+0x1a/0x20
[ 2058.450974][ T7151] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[ 2058.457666][ T7151] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 5d 59 f2 fc 48 83 3b 00 75 0c e8 c2 d6 8c fc 5b c3 cc cc cc cc cc e8 b6 d6 8c fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[ 2058.477262][ T7151] RSP: 0018:ffffc9000d7ffc40 EFLAGS: 00010293
[ 2058.483322][ T7151] RAX: ffffffff8534103a RBX: ffff888021bb0410 RCX: ffff888064525b80
[ 2058.491300][ T7151] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888021bb0380
[ 2058.499356][ T7151] RBP: ffff888021bb02c8 R08: ffffc9000d7ffbc7 R09: 1ffff92001afff78
[ 2058.507337][ T7151] R10: dffffc0000000000 R11: fffff52001afff79 R12: dffffc0000000000
[ 2058.515334][ T7151] R13: dead000000000100 R14: 0000000000000000 R15: ffff888021bb02d8
[ 2058.523306][ T7151]  ? drm_prime_destroy_file_private+0x4a/0x60
[ 2058.529382][ T7151]  drm_file_free+0x7f2/0xa00
[ 2058.533979][ T7151]  drm_release+0x2de/0x3f0
[ 2058.538402][ T7151]  ? __pfx_drm_release+0x10/0x10
[ 2058.543334][ T7151]  __fput+0x44c/0xa70
[ 2058.547342][ T7151]  task_work_run+0x1d4/0x260
[ 2058.551941][ T7151]  ? __pfx_task_work_run+0x10/0x10
[ 2058.557055][ T7151]  ? exit_to_user_mode_loop+0x40/0x130
[ 2058.562720][ T7151]  exit_to_user_mode_loop+0xe9/0x130
[ 2058.568024][ T7151]  __do_fast_syscall_32+0x1fe/0x300
[ 2058.573224][ T7151]  ? lockdep_hardirqs_on+0x98/0x140
[ 2058.578453][ T7151]  do_fast_syscall_32+0x34/0x80
[ 2058.583310][ T7151]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2058.589649][ T7151] RIP: 0023:0xf700d539
[ 2058.593724][ T7151] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 2058.613343][ T7151] RSP: 002b:00000000f74ffaec EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
[ 2058.621755][ T7151] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[ 2058.629733][ T7151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2058.637813][ T7151] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 2058.645886][ T7151] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2058.653878][ T7151] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2058.661876][ T7151]  </TASK>
[ 2058.665042][ T7151] Kernel Offset: disabled
[ 2058.669358][ T7151] Rebooting in 86400 seconds..