last executing test programs:

29.222655353s ago: executing program 3 (id=2723):
r0 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x0, 0x0, 0xdb4, 0x2})
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r1)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6bc6}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2f97}]}, 0x60}, 0x1, 0x0, 0x0, 0x801}, 0x40000)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfdfffff5, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0x2a35, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f561e28, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x3, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x1000000, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0xc, 0x3, 0x7, 0x0, 0x5, 0x6, 0x9, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x2, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x8, 0x3, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x1, 0x1, 0x6, 0xfffffffd, 0x4a, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x5, 0x4, 0x9, 0x8, 0x9, 0x5, 0x5, 0x3, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0x10001, 0x9, 0x48c93690, 0x9, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x8005, 0xb, 0x4, 0x5, 0x3, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x1000000b, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xc, 0x8, 0x6, 0x6d05, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x9, 0x53cf697b, 0x5, 0x6, 0x54fe12d6, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x4, 0x3f, 0x800005, 0x0, 0x9, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x1000009, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x105, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa621, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x9, 0x5, 0xffffffff, 0x7ffffffd, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x9, 0x6, 0x4000001, 0x10000, 0x5, 0x8, 0x2b91, 0x6, 0x8, 0x9, 0x11, 0x6c19, 0x0, 0x4, 0x5, 0xb1c, 0xffffffff, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000140)={0x0, 0x0, 0x0})
write$char_usb(r3, &(0x7f0000000040)="e2", 0x918)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'})
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x1d, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x4e21, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}, {0x0, 0x80}, 0x100}}, 0xb8}}, 0x0)
fcntl$lock(r1, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x4004, 0x409})
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000000)=0x849)

29.111870234s ago: executing program 3 (id=2724):
r0 = socket$pppoe(0x18, 0x1, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000580)={{{@in, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@multicast2}, 0x0, @in=@initdev}}, &(0x7f0000000140)=0xe8)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, r1, &(0x7f0000000400)={0x3, 0x1, 0x7fffffff, 0x1, 0x1, 0x8000000000000000, 0x2, 0x2, 0x6})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x10a})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000003680)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d9200283afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000ff0000000000000000000001ff0000aafc010000000000040000000000000000"], 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x1, 0x0, @mcast2, 0x200}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000500)={0x1, {{0xa, 0x4e20, 0x0, @mcast1}}, 0x1}, 0x90)
landlock_restrict_self(r6, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = open(&(0x7f0000000240)='./file1\x00', 0x4000, 0x1aa)
mmap(&(0x7f000029a000/0x1000)=nil, 0x1000, 0xc, 0x4002011, r9, 0x0)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), r8)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x1c, r10, 0x10, 0x2, 0x25dfdc01, {0x7}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}]}, 0x1c}}, 0x0)
ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000500)={@flat=@weak_binder={0x77622a85, 0x1001}, @fda={0x66646185, 0x80000000000008, 0x2, 0x8}, @flat=@binder={0x73622a85, 0x10a, 0x1}}, &(0x7f0000000200)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x1, 0x100000000000000, &(0x7f0000001540)='\t'})
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a2010203010902240001000000000904"], 0x0)

26.002198474s ago: executing program 3 (id=2736):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback, 0x3}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000040)={0xa, 0x4e23, 0x800000, @loopback}, 0x8)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
vmsplice(r5, &(0x7f0000000540)=[{&(0x7f00000000c0)="7927393059dab7272a842d1a8644", 0xe}, {&(0x7f0000000040)="7ee7e9a7", 0x4}], 0x2, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
splice(r4, 0x0, r6, 0x0, 0x12, 0x4)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000200)={'sit0\x00', 0x0})
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0)
writev(r0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000002c0)={0x0, 0x2}, &(0x7f0000000300)=0x8)

25.23911652s ago: executing program 3 (id=2739):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x0, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000480)={0x0, 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 4)

24.43358035s ago: executing program 3 (id=2742):
r0 = syz_io_uring_setup(0x559, 0x0, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r0, 0x47f5, 0x0, 0x60, 0x0, 0x0)

24.268740098s ago: executing program 3 (id=2743):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file4/file6\x00', 0x1c0)
mknodat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x81c0, 0x0)
getsockname(0xffffffffffffffff, &(0x7f0000000480)=@nfc, &(0x7f0000000440)=0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file4/file6\x00', 0xc0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000280)=0x3a0af83a)
shutdown(0xffffffffffffffff, 0x1)
listen(0xffffffffffffffff, 0x28)
r0 = syz_io_uring_setup(0x48c9, &(0x7f0000000140)={0x0, 0x5a60, 0x1000, 0x0, 0x140}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)
poll(&(0x7f00000003c0)=[{0xffffffffffffffff, 0x234b}], 0x1a, 0x400)
shutdown(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x2a14}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0x600200, 0xbc)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000000600))
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000340)={0x2000, r4}, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r3, 0x0)
mmap(&(0x7f00001f6000/0x4000)=nil, 0x4000, 0x2000008, 0x204031, r3, 0xec776000)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
read$alg(r6, &(0x7f0000000400)=""/15, 0xf)

14.525271764s ago: executing program 0 (id=2772):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010829bd7000fbdbdf25140000001c0007800c0004000800000000edffff0b000300"], 0x30}, 0x1, 0x0, 0x0, 0x8085}, 0x4000)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x18800018}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0xf4, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}]}, @TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x0, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0xcc}}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000200)={&(0x7f0000001480)=[{0x9, 0x8001, 0x0, 0x0}, {0x8, 0x11, 0x0, 0x0}], 0x2})
r4 = syz_open_dev$sg(0x0, 0xffff0000, 0x40)
lchown(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xee01, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x81000000000000, 0x400040)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000040000"])
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000011c0), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000300))
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x8000, 0x0)
socket$caif_stream(0x25, 0x1, 0x0)
getdents64(r5, &(0x7f0000001f00)=""/4093, 0xffd)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

11.377033475s ago: executing program 2 (id=2777):
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5e, &(0x7f0000000780)={&(0x7f0000002740)=@deltfilter={0x24, 0x2d, 0x8, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xe}, {0xc, 0xd}, {0x3, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44800}, 0x8800)
setxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f0000001340)=ANY=[@ANYBLOB="03020a000085d20fc027d38f380cba8d791b458f3ef53968cf975235900f879357be979c911de5af9464adfb195ec0e593bf59d59dfc04fe4ba6e00885af85fd656b48dd64806e2e16334e99f0ef00a3b098baf1e613a1023602208fdb287a54b41743322279cf0a9a97e05df61ea3631d40dff4e18d18252fc98efe866c0429d0561e4e26ca227a736f5225287a5c5d10df978e2503fa9c4d2c3fcbdf06648f778a845a9123c15b5b1e16fed277442e9bedcfd2da64f1d17d14acd9f549bbadef6037692d0c9ce8333a1ec47206ba489c41efaba748c01ccef95285a122cbdb059a55062131f9c46d48fe5563aadc6b7c359e2cccbb376899f2ec1237dbea536fd144ebe66dde1529ba19b97468b9be146928c7d541d2ab701b0f24344edc17cfd4c85110fb6d84c3a2951a35497e0421ba1f69ff2001f9cb46f5893824740ede715475af9a56bed7d1be882ac389e0ca8272cc4ceda1d66718c19ee60e75fc7cf55ed445c878b137e2d189c0cc4273e2e828b9f9d3d4b8e89c4e7f94394a5e9f72dd9fb4ae2cd83914992c463e756e9673aaae6e6272d630559f7ade36ec17b7e5952f805d7ffe61f3b79feb9614c72bc02933a5864cc03362bf08ca0ab080291f2e3eed0c6f1805192d54e49fcdb6640c6d33bd7c674b0b532d006991eac0195c083fca081bb741ef89eaed8bb85d5d542d7ef5c65d45e07db54e76fb8f5db6df95c427ec89dc7198a8d0799805ca8120a2d1cca838fbf3a897e8630f0efc322c38d182eacdd7c9dc55f16f43bd4dcab0c237193dec7371b8bacc45bd8f1c9876e7e4082ce83a997d6f0efd0a1dbd3dd155de402d86298f037c5e834392867a17daefc24d0d80fe3aa8f9aba09cee17c2859dc97f3147498a186298476099357984b9d7df82681c969867dd541edd1ef8477b9bb9ac777f1a1d1fdbcc3cdad9de500f2fdc91880a7eee906adfda9daf72d77c432260b601818292c765ebc9df6ef34bad7491e65714c0b6276d6dcec0091310cc06319ee19418b4c1e8c99e0c835b93fde0f7dbba5e79557ac5eefaa0b0ea2e43c5a568e480ba68f0511a30e8e1aebea1b721b863f77c87c6bb292a4a85b26f2919bd06f11e719d1a3545f42bb98ad0de68916c36006d09ee1e58ab3e21d8df1a43069cd01b62f6133a1ec3e81fb7e369130159bc6f0d1d7622290b5137a3b49f4094812c8690a6eae85d8c8f81bd3c4b1f42b0e4a9bdf1c63c02a6efa3deb03195f87d9b0e5edc4788b86bc2df1395993704f4eadfa44dab174b825454e384dad9d84eae1220d08b5162fc4f726df715f27783493da348e264ac065c4cab9dfcd1b3f8a1cb1dd49ee0db56930e461c44bcd49798d20b425f0addceb10728ec1f812d7983a59354f071cc0d409da8c8bef8de6bb37bc05ef236565f11b732c9f670b727305ad8578b67dca5e035e06b8bc2c3065c9b1fa6ff051845f011155345ed77551b23ff4791773b534a79c3a07c9931c3201e73553de7ecaa0198ec484c46b39dc06300d69ad9df71074661a3e836fa478b5a064f82cc977c17159dada9c659e1d771be8418067fe0ebe7fccba0281c0619d5560a3fefb3dfad325389e5841a24587b912100d43834d32875619aff6dc25af1ffce2005d5821c84162dd285aa76ada4abea0b3a33e4f93c38ecb0c21372cb1e211ddba90fa0cea450ae249c1b0687c69c268b75eb261e373c6eea0951b23349c4c9753acef21818ab109c76031d21b034a48ac0a4124836c1ffcba1ea4a101b0d70a80f4fea05881843816b705e86d09a9c2a2e11303e61c661a687f8c1a61fea423665048b18b7b1248deb78c488de2ee70beacef7b4e35dc2c8d6d4cf69dbda26b4ff45fb5c5d8990a6ae38135839d2343e0685f82d5c02e92844216efb39b87a9c89d37f22f274a4688d9fdfc846c2f7a19dfc805dc5d33f64cb7fbcd953f8843f4231ca659d5725e55e2e0d248b72703f85e4de98380231f176f05124c685803f59807756ac088fa4a09b3eddbce813083fc8bda1d4687f41d4df66e6bac2220c3546851b9cf0d72c454340f85bc50b0639369e228be19cce674cffaf45b762628d1cdbcafde76e03e387edc092260c512da691d12cad4448a16aeefcc6fedfbbd543f9672bba9bd8a4f0995d30ec98c10b0c9e5d737f2e35f8efba9c29187d01d7356e7de9ffc23259809a8cc3f4892212bc979a5ed4f6e06283119694218ef1e8b880ffdcd07d43f5505875fc30ca98810c8699042548888419eb8f1898c46b956697af5f25235adf6b52c8d39144e2782fb4b4025d00672c94fb7ae8ecc1fcb9e3ed917219192ddc209ae0d89a8afb7b957b44293dd3bf17224f2b97e1b0582b2fe57785804f77a413b0b4259c20ff5bca87bdb84ff0c59ee82698e40c6bdfa0bbdfd33f8112469ab5b6d8a43eda298c15326c17689000494b5d154e6504fbba18e3d07514c620e88ba5379bc2ef033f5e816d70a5e1dfbf60471226afc316e85980caf3171792a8b10a1aeeb93c35a0176b5dec16bcb77e4ec741d1abda42ad22a4cb51ff7780384fa4f2edfe54a5ba57e9cc840bb3e4518c69c4f104d4b0456f716ce47fa5c2ca38ab4f95fb01b6c0dc9c1f2d406074836cd8dae76b120eb248a7b3f9e3a0bc29b5c3f37cc5a4f975c0ccab53a11271b316c8aae604476b6626ebecdff01ddaa9cff8accbb197d0ef34e1ef02ac8a76bbff4f894177f2d9cdb9e382f72b7a88fecc1fb7de245c42a46fa99399120ee96da038a92d9eec7a325cb87e647eb16c5adcad08db2018a5a77fe5ddc5578f0ad0297e1d5a567bcfc43d4def2f5770e988bfa589e098b11cd3a7063c113ab06b01c2a611b713199c0bce022208af839ec7d26886dae451977f689a54aa59fdd254cabe3f6073d5d8257844b0a12c0e187c8a5500786fcd65244af00b1751afbc379ab2310fc8c8518c285acc5371cc450b5ede966a83d6005d8ab712d7d27c6bc1aaf381928e622d715cb4400fc69d91601b2ee4e685c8868de17e9fa3b37fc9d5a7b69a29eb438df838f3262bed2ed6663d39da667e9ea5405c074d70f087b1fb37c1e1654bb174a16c78d7405a2187a68697d196c710f6ff1642689ce3ba9320c238b41d75d4bb68c7c989ffebdbe27ab282b1d8e252efd733c3e4125ff899591cd867ebc8b28bbfc0acc2fe5f3767a55a25f9b3d69aa40d98fc65117e8308ca3817d1b8c60f369c231faa50c1efd508221bc5dc3fd0d1ecfc94a10b2f4767ab32b20942bab7901891ae340a6132a2112ff34a5593e0ec41b6788dfcff415d7e81860f195b404379ea6bd997bdccf023efd24ef4ffcc07b00e95cb7135508ba6527005462e9abe5ade55aa2aef65241dcbc4e23bcec30344ddbaa057cb7e1bdf285d008fc0c876a931acd09f1a34b719799aa3987d90fde5e1047731dfd18063cf012bde3b2ee415b1c9ebcd15b352e9a68756dd660272503e8ca517a1cea4f47f607e3ca8d5c33fa6c93c4b3ca0e348e3b6b57ac26e497c34721c2a115c8ff9435c68b6204eb916c31fa3d53039a26951c9a3198399a2c0a0b0af6e89d6f367f5e46670a5af685ef11af3908b0781d5eaeff5f51508b3a546b7b9bd5fab5c7641cc4964c9b9032da47af91fbd9ca243593b8d295b605e0ffe6f738c996b02cb8f4d4ea0d062a4298fa5a7e56de8c91c230b66a7ca7714eb7f277c134828ceb2ca0189610d9bd8d6b2319e7bf4d3185e0ed84be997c51927f532ff0427c2baefdb0b255610a7e97b898e5bcd65e4fba63428d56f5c25ecc1993dc4214ed76b52ccaba96c61cf1d2540ae58e9fe25dcde41666cafb43b8c6fcdc4a0be4a8174fcdd2819e53f9374ce057e9b6cb4322ec022634603052e63a4be466defcb05758bfe7ee0a0bd4f6682705a9d0959e8c2cc331dc2e755c68e151d1190945de135d92a332eefcaf83b0f3878f00990107c79fec67a2d819caf7ea15ab6d64a1e27440d9f0d6bc9d1707b6ed0b6a49941260ff8f2a52bb7b89136f1898d591856f6be1cc02756dbe61f1fbcc06ed3c401115df08800243b75703c25f4b6266875b30234f5c42db70114370a2a773e031e31f0ce90ddc932de87d56b543dcec25c7f4a10171a05a127deabd62a3c6136cad3e9e32560b836fde89ff3178a5b0ec3627c2c434231b09f9fd62c73d581ee3efb5b241aa0a839697f2cbb0b208d398acb2f4f46ac9a4973966ac477ee90236f9e3fc1c063e8a943d85188a5d667ead011571e22f206cc7bd895508ee58723821fef25a2175d30ba354887e88c7cdbd94b92ce5efbfd153adb40df09dfa547afcbdc61811095f13c48799bde9091d83404fcd97d03220344db5648dda6f2772e660bfbc21acfd9134ea5ed8afbc801293b696b61a9c57970cf5456945fbd93bac04888c0daaaf07ea6bfcf6b2ef7a9b768064157f8a5d4a3d462561984412de94a9ef22aebd9356ba75beec3e8d6e95f9472bc17f5a782360c2c4f6473fa6a64a0d8869e4175650037dc1b49b6d6cc3995623632c6311bdb2677449bfcf843d8df868893eb0da9c48a1ffda9871eaabcf1c55cae7cad43113f325d5a86156152e8da079a2f4360639a8b9cc47c1652de5f794be616748f92be61dfe4723b4be677467ff4924f2cb83c71d314af335e8fd5eb9bce0e782d4ee075f7dfd18aa1b8b78cf83a0db039a2a9a80480c82926bbaca9047a675029650b4ef8364a45c307f5255f1f81085166e8999cb5cd71f8ecb96589db62d81f4096beff8b9454b0c4f56e862e48fe8b0886ed66e628bc9ec894eb7bb6afa5a32b8ddf38bf75be08263067ccbb847a41842275bd0df0cf5f552e573eff95b5aba6e6152ba56882180f6f8c656143ac5f136cfdb6ddbd8c516023bc99adf51d5c841ff49c8a1d7ad7dd9686eb375601a78c174c6cfac1646df7db147b4cc0a30ebefc954a75e78a3cdbadbf563a77af8ccbe7ab879b284971e09cf9f122a0d16b3e0f70b5d925b3e025c8429eac9e4d717832b1786a3f81feaef17163a38ac22643efcb8e69e5a8969d7259eafa063b7647e1ad7a9b81176c0b146de707d2a5d55723d00c6e20f310ec99c5fb6d696863109301b793f4ce9e3516d55e144a52264d8429fc3927823cf1f417dcde07a038939254891da68c086f2dfb56c3cc812c5e38664865f7458c706c6aa4f56c8b4ba0e1eca528bdc8514df30c2209e4cfde88be1dda6a52630067fdc660291a58cf6fc8f94cd4a0266e69ab5378daed0e26bc1c2f68c392159a504611a8ab7c7358e59b0344ee60cb82c73140e4d7dde3dc2ba57bee6e65f03cef4eb895cd3e6726f60eb519eb59324bd0ead14d69d74be1fae598f8370ffb9593ad11b82298339806d1a31a2bba6caff2ec7688ff7565ddba2897f0774c7562835ade34eb3775cfcf0879ea8c126dc74059631f47a883e9ba5921dfd8f5082dcd5dfd47eea202e935bbbe5ba9339c0963caf83e465480dcf2a351639678670aea1c8d1bde08dca25205c19bcf4ed7b69b80ca0377ad151966e173c980fc7716a927e5884ffeda326500e20f4ce5bf6fb22b1814a970d3dc7506ed3a9d5f080e1554e933822966d830efa7b7772020d5f854b72bea047c30eeb05eb74b5f347a1e2da1c1ff08360db1c4a31ccfaabbd23919dafc24612c18fb1028e27dadd5898aed62a7b093625d1eafc8f0ab7b56c09c447c0f0000000006345be88ab672a8cc8808a640edc6350bd9051565272925630078d6bd1759f58f78bfda6ee954f02e3475bc8a4a0d1fd14edf7f8217f0642bea36f55368f5b37f233d21ee735e9b9991dad2490e68ab60a0879c53a595d0330ba76dce29226ed43210afc357d4d8e3184de4c9939033a4ec7b43af92c8cf6d17d8925247875662a8abaa748ef490df7c5d92b4a73dda126fbda56c90cf19ab6afae3b465f7b0b4bb9bb3ddb4f80175d74a50d251bbe24d8e4e5901ff70689df730ce6a844ef0f1a2b278265353c57a6a1e3302393990dcb4726febc5b5c0eefea2bab374d5539c952ad59f87b8133a002c4900000000000000000000124304fbe106afcfef29a0d3ef79c939177bfcc4e57901ad95"], 0xfc9, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000002680)=[0x0], 0x1})
ioctl$TCXONC(r0, 0x540a, 0x2)
syz_emit_ethernet(0x1046, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f0000000000))
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0x1b)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000140)={{0x0, 0x3be443d7eff9216f, 0xf8, 0x2, 0x2}, 0xfffffffffffffff9, 0x1000, 0x7fffffffffffffff})
ppoll(&(0x7f0000000100)=[{r0, 0x2000}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58)
accept4(r5, 0x0, 0x0, 0x800)

10.834556142s ago: executing program 4 (id=2779):
unshare(0x22020600)
unshare(0x2a020400)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
statx(0xffffffffffffffff, 0x0, 0x4400, 0x800, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000300)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000380)=""/162, 0xa2}], 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x40032, 0xffffffffffffffff, 0x40000000)
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000140)='.\x00', 0x40000132)

9.788294943s ago: executing program 0 (id=2781):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_usb_connect(0x2, 0x3d, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xc9, 0x66, 0x7c, 0x40, 0x1d50, 0x60c6, 0xafe7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x58, 0x77, 0x2, 0x25, 0x84, 0x53, 0x0, [], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x1, 0x2, 0x2}}, {{0x9, 0x5, 0xb, 0x0, 0x10, 0xff, 0x0, 0x6, [@generic={0x7, 0x5, "d57a3b2b6c"}]}}]}}]}}]}}, 0x0)

9.769489601s ago: executing program 4 (id=2782):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r0, 0x0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='u', 0x1}], 0x1, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRESOCT=r0, @ANYRESDEC=r0], 0x10}, 0x0, 0x8400, 0x1})
r1 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0xfe15, 0x1000, 0x10000, 0x30f}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000540))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0xd94, 0x103442)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000080)={0x1, 0x0, 0x1, 0x4, {0x106, 0xe61, 0xfffffffd, 0x1}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_enter(r1, 0x47bc, 0x0, 0x21, 0x0, 0x0)

9.124583217s ago: executing program 32 (id=2743):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file4/file6\x00', 0x1c0)
mknodat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x81c0, 0x0)
getsockname(0xffffffffffffffff, &(0x7f0000000480)=@nfc, &(0x7f0000000440)=0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file4/file6\x00', 0xc0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000280)=0x3a0af83a)
shutdown(0xffffffffffffffff, 0x1)
listen(0xffffffffffffffff, 0x28)
r0 = syz_io_uring_setup(0x48c9, &(0x7f0000000140)={0x0, 0x5a60, 0x1000, 0x0, 0x140}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)
poll(&(0x7f00000003c0)=[{0xffffffffffffffff, 0x234b}], 0x1a, 0x400)
shutdown(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x2a14}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0x600200, 0xbc)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000000600))
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000340)={0x2000, r4}, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r3, 0x0)
mmap(&(0x7f00001f6000/0x4000)=nil, 0x4000, 0x2000008, 0x204031, r3, 0xec776000)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
read$alg(r6, &(0x7f0000000400)=""/15, 0xf)

9.093454789s ago: executing program 4 (id=2785):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), r0)
sendmsg$L2TP_CMD_SESSION_MODIFY(r0, 0x0, 0x40000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x40, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x10, 0x51, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5}]}]}]}, 0x40}}, 0x4800) (fail_nth: 5)
syz_genetlink_get_family_id$tipc2(0x0, r0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4054}, 0x1)

7.758718176s ago: executing program 4 (id=2787):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x80003, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000140)={0x1, 'veth0_vlan\x00'}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@gettaction={0x68, 0x32, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x30, 0x1, [{0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x14, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xff}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(0x0, r5)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x24, r6, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_PS_STATE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x88c0)
sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)={0x4c, 0x0, 0x7, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x8a}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x810}, 0x4004090)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x3}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

6.77518196s ago: executing program 2 (id=2788):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88) (async, rerun: 32)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (rerun: 32)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000180)={0xfffffffffffffffe, 0x0, 0x2, r3}) (async)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (async)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000180)={@empty}, 0x14) (async)
open(&(0x7f0000000080)='./file0\x00', 0x600000, 0x11) (async, rerun: 32)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) (rerun: 32)

6.318654836s ago: executing program 0 (id=2790):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x2, 0x0, 0x7b, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xffffffff}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x0, 0xb}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(r2, 0x4004550d, &(0x7f0000000500)=0x18)
socket(0x22, 0x6, 0x7)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x9, 0x40, 0x3, '\x00', 0x7})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x1, 0x0, 0x2, 0xff, 0x8, 0x99, 0x0, 0x0, 0xd, 0x10, 0x0, 0x20006, 0xf0, 0x0, 0x1, 0x4, 0xfe, '\x00', 0x0, 0xfff})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000080)="660f01df670fc7690d660fc7b200009a4b3f3a000fa1660f38806300b8cd000f00d0fc0f01cfb860008ee8", 0x2b}], 0x1, 0x0, &(0x7f0000000100), 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e0000000d000000050000000900000000020000", @ANYRES32=0x1, @ANYBLOB="ae9c0d00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000040000000600"/28], 0x50)
ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f0000000100)={r3})

6.210737425s ago: executing program 2 (id=2791):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010829bd7000fbdbdf25140000001c0007800c0004000800000000edffff0b000300"], 0x30}, 0x1, 0x0, 0x0, 0x8085}, 0x4000)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x18800018}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0xf4, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}]}, @TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x0, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0xcc}}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000200)={&(0x7f0000001480)=[{0x9, 0x8001, 0x0, 0x0}, {0x8, 0x11, 0x0, 0x0}], 0x2})
r4 = syz_open_dev$sg(0x0, 0xffff0000, 0x40)
lchown(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xee01, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x81000000000000, 0x400040)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000040000"])
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000011c0), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000300))
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x8000, 0x0)
socket$caif_stream(0x25, 0x1, 0x0)
getdents64(r5, &(0x7f0000001f00)=""/4093, 0xffd)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

6.029139297s ago: executing program 1 (id=2792):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0xa3, 0x6eae00)
prlimit64(0x0, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x41}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x10000}]}]}, 0x88}}, 0x0)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001680))
r5 = eventfd2(0x1, 0x1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0xc000)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x0, r5})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000080)=0x5)
r6 = socket$inet6(0x10, 0x3, 0x0)
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x100, 0x7})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
sendto$inet6(r6, &(0x7f0000000000)='M', 0x1, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)={0x3})

4.137669593s ago: executing program 1 (id=2793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x18, 0x0, 0x1}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)={0xfc, 0x17, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0x8c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ipvlan0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip_vti0\x00'}, {0x14, 0x1, 'wg2\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syzkaller0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xc}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xfffffcef, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0xfc}}, 0x20004840)

4.094802099s ago: executing program 4 (id=2794):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r0, 0x0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='u', 0x1}], 0x1, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRESOCT=r0, @ANYRESDEC=r0], 0x10}, 0x0, 0x8400, 0x1})
r1 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0xfe15, 0x1000, 0x10000, 0x30f}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000540))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0xd94, 0x103442)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000080)={0x1, 0x0, 0x1, 0x4, {0x106, 0xe61, 0xfffffffd, 0x1}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_enter(r1, 0x47bc, 0x0, 0x21, 0x0, 0x0)

3.886274457s ago: executing program 0 (id=2795):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x46141, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000040)={0x1, [0x0]})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080)={[{0x2d, 'net_prio'}, {0x2d, 'cpuset'}, {0x2d, 'rdma'}, {0x2b, 'io'}]}, 0x1c)
splice(r0, &(0x7f00000000c0)=0x3, r0, &(0x7f0000000100)=0x8000000000000001, 0x7, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xac, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10001}, @IPVS_CMD_ATTR_DAEMON={0x88, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x99}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_macvtap\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip_vti0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8000}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f00000002c0))
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x6200, 0x0)
ioctl$SNDCTL_DSP_POST(r2, 0x5008, 0x0)
read$dsp(r2, &(0x7f0000000340)=""/58, 0x3a)
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x1, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008041}, 0x4000080)
r3 = syz_open_dev$loop(&(0x7f0000000480), 0xb, 0x20a00)
ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f00000004c0))
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000580)=<r5=>0xffffffffffffffff)
ioctl$VIDIOC_QBUF(r4, 0xc058560f, &(0x7f00000005c0)=@userptr={0x3, 0x8, 0x4, 0x4, 0x101, {}, {0x2, 0xc, 0x5, 0x5, 0x5, 0x44, "32b96d4d"}, 0x9, 0x2, {&(0x7f0000000540)}, 0x100, 0x0, r5})
r6 = epoll_create(0x8)
r7 = syz_io_uring_complete(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000640)={0x10000007})
r8 = syz_open_dev$loop(&(0x7f0000000680), 0x2, 0x20200)
ioctl$HDIO_GETGEO(r8, 0x301, &(0x7f00000006c0))
unshare(0x40000)
getsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000700), &(0x7f0000000740)=0xe)
openat$audio(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r7, 0xc018937b, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r6, {<r9=>0xffffffffffffffff, 0xee01}}, './file0\x00'})
quotactl_fd$Q_GETQUOTA(r7, 0xffffffff80000702, r9, &(0x7f0000000800))
r10 = openat$cgroup_ro(r7, &(0x7f0000000880)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000008c0), &(0x7f0000000900)=0x8)
ioctl$SNDCTL_SEQ_RESET(r10, 0x5100)

3.556961032s ago: executing program 1 (id=2796):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d8000000100081044e81f782db43b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400220000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) (fail_nth: 6)

3.49359714s ago: executing program 4 (id=2797):
r0 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x6, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x0, 0x0})
io_uring_enter(r0, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xfffff000)
read(r4, &(0x7f00000002c0)=""/153, 0x99)
r5 = memfd_create(&(0x7f0000000540)='\x02A\xbb\xcc\xeb\x14\x16\xe8m\x14oSaW', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x100000f, 0x13, r5, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000480)=""/60, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000180))
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x4800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/address_bits', 0x395180, 0x149)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000"], 0x50)

3.381788047s ago: executing program 0 (id=2798):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x142, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x15, 0x0, 0xfffffe0000000001, 0x8fa11, 0xfffffffb}, 0x0)
r2 = syz_open_dev$dri(0x0, 0x7, 0x200)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
read$FUSE(r3, &(0x7f00000034c0)={0x2020}, 0x2020)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2}, 0x14)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180), 0x0})
syz_usb_connect(0x0, 0x4bc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c3555"], 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f00000006c0)="180c455270ae0b502f692c861f7ba0a6115776b0cb297ae4e2fd9988ea51908deb39d752816afc3e1cb8f1ee3fee355d75a599105cbc9838f2db6e54960111971e9b5fcedccd7d2f4380c7c0ae1e2fea5ea494b8ff745d8a90214012b58559699c0bd10f0fe7b59138590021f30ca334dd09eebc109e51394e0419d31125d817aeb576675707642ec06a1ddacbf3e07497b7273f48fbef8e94db41e8bdcd59ec4e2276cf61e6a88536d84009358fa9be0076e265aced2db468e84a97bfd3316c3ff47e14fa79751ec7c78b583633b1936282ffc4c6fe6779a077b736000aa74550e06bdec21041e207000000f1d5fa1246915ac93601d2c57a98af8403052e5cc9eca76791f53be1d201919164f763a1f478256d7f78ead2aa75caf8957f1eafc75d7f10f185c068e82264ec53555330e37e72ee207f3ca4753acd0d5a02467824872231aa668531fec66b2442f14d4afddf0d25128c45fb4eb947408f402568fe550d742ebd1562224d0bd82766390ab6cf08c10300e24ce77ec537ab075ae2354f3c42a024e42206b10a29be1c40cc0f049651233d24bfe54ff507e4292d6c5a690adb2955c4fa360f8ac65caaa8f9ce7adc90ff2a35f7a2089154e15331f7be7b0ab603da87fcdc8a250d15ef9e0977c580c054576d40325d71a36b5a02b93c594fbb97c0f8b8ac9db73fc7eca90eeb87a9c5d7c0f619a4afc05fce6fc5f71761da77b3000000000000000000000000000000e6a9f4b366c6ff25c093b0c6a72ffa00400f008afee19af0da5f9af4039d29eaafc66a3639e122c118ca9979a85b32aeabe3a969becadc9edb8aca46fd640db0f88cd600327d7f139d41cbb20e85d95b6c5b40e6467cfc3b1c4deea320d2ddb0c916c145ff6bb6791220d495ac3d2fb5321598c0bbf67540ed031039850047137cf5ed4641322d463f6b8ee2f3d80b3b618d176475550fd6ba3897b65bf20baa8f592fd19ddc43c08c9abdf274d034744aff00f5effb97233f4f0689f6e4012c41a840d74f5988b77309953e559a7d64", 0xfffffffffffffc57)

1.889346058s ago: executing program 1 (id=2799):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000880)={@in6={{0xa, 0x0, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) (fail_nth: 6)

1.384578773s ago: executing program 2 (id=2800):
munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x104}}, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)

649.850156ms ago: executing program 1 (id=2801):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0xfffffffffffffffc, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000180))
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r1, &(0x7f00000004c0)='\x00', 0x1)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCSPGRP(r4, 0x8902, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000000)={0x1, 0x1fffffe, 0x7, 0x80000000006, 0x9, 0x100000001, 0xfffdfffffffffffe, 0x4, 0x0, 0x2, 0xfffffffd, 0x2})
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x23}, 0x800, 0x0, 0x2, 0x1, 0x80, 0x7}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x2, 0x2, 0x1, 0x96, 0x4}, 0x20)
ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000000c0)=0x10000)

612.909965ms ago: executing program 2 (id=2802):
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=@gettaction={0x14, 0x32, 0x605, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x850}, 0x24000800) (async)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b40)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x800}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x48}}, 0x0)

125.952635ms ago: executing program 2 (id=2803):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) (fail_nth: 6)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x1, 0xfffffffc, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x1000000}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x240008c0)

74.463028ms ago: executing program 0 (id=2804):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r0, &(0x7f0000000100)='reno\x00', 0x5)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=<r2=>0xffffffffffffffff, @ANYBLOB="0100000000000000004eb9b88cdcf4c7778044000400200001000a000000000000000000000000000000400000000000000000040000200002000a00000000000000fc"], 0x6c}}, 0x20004410)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r3, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="1200000000000000", @ANYRES32=0x0, @ANYBLOB="63c268de38ca87e0f2f55ba962bf8d87186dc183d6951ae8d8a3444ff92b94fb60ef8ef79ed3a1e079b872d387579db22e40fccf31283f7a0c340bc2cc512b169776329e491e5e8d8955bb58de112e11ef681b50fa970844b8cbda06002443a332aad456c62f", @ANYRESDEC=r5, @ANYRES8=r0, @ANYRES64=0x0], 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYRESHEX=r2, @ANYRES32=0x0, @ANYBLOB="040100008408020024002b8008000100", @ANYRES32=r5, @ANYRES64=0x0, @ANYRES32=r4, @ANYRES8=r2, @ANYRES32=r5, @ANYBLOB="40f11988f4f4129769b86e9726c9c153a89576113ebafc7315af483884c476effbcae0b30eae652b4d511a8469ee7890a0f8ecf5ab02558f2a84df7766eaa37a01b40037be82e5b2356c57e018da09ac4a4b615dc75c089f6fc2d458f5f48d2d7d0890a00418319a5a8c36d10172db61c5efdd7001788fa54eccf3cfff5431b62c912634565dedb79a07e30d00591a2b0e771000ee95b6bf58ef84344331223738f3ff"], 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x4000)
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r5, 0xc00464d0, &(0x7f0000000140))
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x1)
r7 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301)
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000180)={{{0x1, 0x1}}, 0xfffffffffffffffb, 0x7, 0x0})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x141301)
ioctl$USBDEVFS_CLEAR_HALT(r9, 0x80045515, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1df, 0xa44003)

0s ago: executing program 1 (id=2805):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) (async)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) (async)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
kexec_load(0x0, 0x0, 0x0, 0x0) (async)
r3 = socket(0x40000000015, 0x5, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0xff, 0x1c}, 0xc) (async)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x3b)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r6, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0xfffffffffffffffe}) (async)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r6, 0xc008aec1, &(0x7f0000000240)={0xa, 0x0, [{0x4, 0x2, 0x2, 0x5, 0x400, 0x2, 0x3aa}, {0x2, 0x0, 0x0, 0x82e8, 0x200, 0xffffffff, 0x6}, {0x7, 0x9, 0x5, 0x2, 0x0, 0x3, 0x1}, {0xb, 0x6, 0x0, 0x6, 0x8b9b, 0x7, 0x9c1c}, {0xb, 0x7fffffff, 0x0, 0x4, 0x101, 0x5, 0x10000}, {0xd, 0x80000001, 0x3, 0x8001, 0x101, 0x39e, 0x2}, {0xb, 0x4, 0x1, 0x5, 0x807, 0x2, 0x2}, {0xb, 0x5877c6ba, 0x5, 0x0, 0xf1, 0x0, 0x4}, {0x7, 0x7ff, 0x4, 0x18000000, 0x82e, 0x8, 0xc}, {0x1, 0xfffffff8, 0x1, 0xa, 0x5, 0xd0b, 0xd5}]}) (async)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3) (async)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0x50}}, 0x0)
ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f00000008c0)) (async)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e010000"], 0x0) (async)
lsm_get_self_attr(0x64, &(0x7f00000002c0)={0x0, 0x0, 0x35, 0x15, ""/21}, &(0x7f0000001280)=0x35, 0x0)

kernel console output (not intermixed with test programs):

 bulk message failed: -22 (1/0)
[ 1519.680865][T10139] dvb-usb: error while querying for an remote control event.
[ 1519.813058][   T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1519.875820][    T9] usb 3-1: USB disconnect, device number 20
[ 1519.994889][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1520.032796][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1520.063108][T15970] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1520.094914][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1520.250696][   T24] usb 4-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1520.269595][T15970] usb 2-1: Using ep0 maxpacket: 8
[ 1520.307136][T15970] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1520.326541][T10139] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[ 1520.353519][T15970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1520.364753][T15970] usb 2-1: Product: syz
[ 1520.370908][T15970] usb 2-1: Manufacturer: syz
[ 1520.380066][T15970] usb 2-1: SerialNumber: syz
[ 1520.393678][T15970] usb 2-1: config 0 descriptor??
[ 1520.414948][T19561] random: crng reseeded on system resumption
[ 1520.502100][T15970] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1520.534539][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1520.543086][    T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1520.584662][   T24] usb 4-1: Product: syz
[ 1520.604866][T10139] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1520.646102][   T24] usb 4-1: Manufacturer: syz
[ 1520.689188][   T24] usb 4-1: SerialNumber: syz
[ 1520.696761][T10139] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1520.728740][    T9] usb 3-1: Using ep0 maxpacket: 8
[ 1520.758176][T10139] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1520.778585][T10139] usb 1-1: Product: syz
[ 1520.785603][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1520.808363][    T9] usb 3-1: config 8 has an invalid interface number: 137 but max is 0
[ 1520.830701][    T9] usb 3-1: config 8 has an invalid descriptor of length 77, skipping remainder of the config
[ 1520.843198][   T24] usb 4-1: config 0 descriptor??
[ 1520.853542][    T9] usb 3-1: config 8 has no interface number 0
[ 1520.865952][T10139] usb 1-1: Manufacturer: syz
[ 1520.873350][    T9] usb 3-1: config 8 interface 137 altsetting 5 endpoint 0x8 has invalid maxpacket 20736, setting to 1024
[ 1520.932431][T10139] usb 1-1: SerialNumber: syz
[ 1521.046077][T10139] usb 1-1: config 0 descriptor??
[ 1521.056932][    T9] usb 3-1: config 8 interface 137 altsetting 5 bulk endpoint 0x8 has invalid maxpacket 1024
[ 1521.075801][T10139] usb 1-1: ucan: probing device on interface #0
[ 1521.169039][    T9] usb 3-1: config 8 interface 137 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1521.344863][    T9] usb 3-1: config 8 interface 137 has no altsetting 0
[ 1521.380931][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1521.401617][T10139] usb 1-1: ucan: invalid EP count (0)
[ 1521.469889][T10139] usb 1-1: ucan: probe failed; try to update the device firmware
[ 1521.478633][    T9] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=e5.0d
[ 1521.560473][   T24] usb 4-1: USB disconnect, device number 28
[ 1521.568634][T10139] usb 1-1: USB disconnect, device number 27
[ 1521.609962][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1521.731713][T12313] udevd[12313]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1521.757277][    T9] usb 3-1: Product: syz
[ 1521.807922][    T9] usb 3-1: Manufacturer: syz
[ 1521.853161][    T9] usb 3-1: SerialNumber: syz
[ 1521.931234][T19560] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1522.296726][    T9] cyberjack 3-1:8.137: Reiner SCT Cyberjack USB card reader converter detected
[ 1522.309617][    T9] cyberjack ttyUSB0: usb_submit_urb(read int) failed
[ 1522.318307][T19585] FAULT_INJECTION: forcing a failure.
[ 1522.318307][T19585] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1522.402141][    T9] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1522.532229][T19585] CPU: 1 UID: 0 PID: 19585 Comm: syz.0.2614 Not tainted syzkaller #0 PREEMPT(full) 
[ 1522.532257][T19585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1522.532267][T19585] Call Trace:
[ 1522.532275][T19585]  <TASK>
[ 1522.532284][T19585]  dump_stack_lvl+0x189/0x250
[ 1522.532309][T19585]  ? __pfx____ratelimit+0x10/0x10
[ 1522.532333][T19585]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1522.532352][T19585]  ? __pfx__printk+0x10/0x10
[ 1522.532372][T19585]  ? __might_fault+0xb0/0x130
[ 1522.532414][T19585]  should_fail_ex+0x414/0x560
[ 1522.532442][T19585]  _copy_from_user+0x2d/0xb0
[ 1522.532461][T19585]  kstrtouint_from_user+0xc4/0x170
[ 1522.532485][T19585]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1522.532524][T19585]  proc_fail_nth_write+0x88/0x200
[ 1522.532632][T19585]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1522.532659][T19585]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1522.532682][T19585]  vfs_write+0x27e/0xb30
[ 1522.532712][T19585]  ? __pfx_vfs_write+0x10/0x10
[ 1522.532734][T19585]  ? __fget_files+0x2a/0x420
[ 1522.532756][T19585]  ? __fget_files+0x3a0/0x420
[ 1522.532771][T19585]  ? __fget_files+0x2a/0x420
[ 1522.532795][T19585]  ksys_write+0x145/0x250
[ 1522.532819][T19585]  ? __pfx_ksys_write+0x10/0x10
[ 1522.532842][T19585]  ? do_syscall_64+0xbe/0xf80
[ 1522.532863][T19585]  do_syscall_64+0xfa/0xf80
[ 1522.532882][T19585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.532897][T19585]  ? clear_bhb_loop+0x60/0xb0
[ 1522.532914][T19585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.532929][T19585] RIP: 0033:0x7f930438e1ff
[ 1522.532945][T19585] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1522.532959][T19585] RSP: 002b:00007f93051fb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1522.532982][T19585] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f930438e1ff
[ 1522.532992][T19585] RDX: 0000000000000001 RSI: 00007f93051fb0a0 RDI: 0000000000000004
[ 1522.533001][T19585] RBP: 00007f93051fb090 R08: 0000000000000000 R09: 0000000000000000
[ 1522.533011][T19585] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1522.533020][T19585] R13: 00007f93045e6128 R14: 00007f93045e6090 R15: 00007f930470fa28
[ 1522.533048][T19585]  </TASK>
[ 1522.822680][    T9] usb 3-1: USB disconnect, device number 21
[ 1523.286121][    T9] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1523.346438][    T9] cyberjack 3-1:8.137: device disconnected
[ 1523.373490][ T5925] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1523.390730][T19590] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2615'.
[ 1523.613701][ T5925] usb 4-1: Using ep0 maxpacket: 8
[ 1523.764378][T15970] gspca_m5602: Failed to find a sensor
[ 1523.786210][ T5925] usb 4-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1523.792110][T15970] ALi m5602 2-1:0.0: ALi m5602 webcam failed
[ 1523.835914][T15970] usb 2-1: USB disconnect, device number 25
[ 1523.888605][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1523.956657][ T5925] usb 4-1: Product: syz
[ 1523.976062][ T5925] usb 4-1: Manufacturer: syz
[ 1523.991261][ T5925] usb 4-1: SerialNumber: syz
[ 1524.010571][ T5925] usb 4-1: config 0 descriptor??
[ 1524.038338][ T5925] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1524.063257][    T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1524.233055][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1524.255575][    T9] usb 3-1: config index 0 descriptor too short (expected 1033, got 18)
[ 1524.258342][T19604] FAULT_INJECTION: forcing a failure.
[ 1524.258342][T19604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1524.283604][T19604] CPU: 1 UID: 0 PID: 19604 Comm: syz.1.2620 Not tainted syzkaller #0 PREEMPT(full) 
[ 1524.283639][T19604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1524.283649][T19604] Call Trace:
[ 1524.283660][T19604]  <TASK>
[ 1524.283668][T19604]  dump_stack_lvl+0x189/0x250
[ 1524.283695][T19604]  ? __pfx____ratelimit+0x10/0x10
[ 1524.283719][T19604]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1524.283736][T19604]  ? __pfx__printk+0x10/0x10
[ 1524.283756][T19604]  ? __might_fault+0xb0/0x130
[ 1524.283786][T19604]  should_fail_ex+0x414/0x560
[ 1524.283810][T19604]  _copy_from_iter+0x4ff/0x1630
[ 1524.283942][T19604]  ? __pfx__copy_from_iter+0x10/0x10
[ 1524.283960][T19604]  ? __lock_acquire+0x6b6/0x2cf0
[ 1524.283992][T19604]  ? __lock_acquire+0x6b6/0x2cf0
[ 1524.284016][T19604]  tun_get_user+0x219/0x3dc0
[ 1524.284110][T19604]  ? __lock_acquire+0x6b6/0x2cf0
[ 1524.284128][T19604]  ? __pfx_tun_get_user+0x10/0x10
[ 1524.284145][T19604]  ? __lock_acquire+0x6b6/0x2cf0
[ 1524.284170][T19604]  ? ref_tracker_alloc+0x318/0x460
[ 1524.284213][T19604]  ? aa_file_perm+0x139/0x1530
[ 1524.284232][T19604]  ? aa_file_perm+0x44c/0x1530
[ 1524.284251][T19604]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1524.284276][T19604]  ? tun_get+0x1c/0x2f0
[ 1524.284295][T19604]  ? tun_get+0x1c/0x2f0
[ 1524.284311][T19604]  ? tun_get+0x1c/0x2f0
[ 1524.284330][T19604]  tun_chr_write_iter+0x113/0x200
[ 1524.284349][T19604]  do_iter_readv_writev+0x623/0x8c0
[ 1524.284374][T19604]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1524.284391][T19604]  ? common_file_perm+0x1b5/0x220
[ 1524.284408][T19604]  ? bpf_lsm_file_permission+0x9/0x20
[ 1524.284439][T19604]  ? security_file_permission+0x75/0x290
[ 1524.284498][T19604]  ? rw_verify_area+0x255/0x4d0
[ 1524.284518][T19604]  vfs_writev+0x31a/0x960
[ 1524.284567][T19604]  ? vfs_write+0x956/0xb30
[ 1524.284589][T19604]  ? __pfx_vfs_writev+0x10/0x10
[ 1524.284614][T19604]  ? __fget_files+0x2a/0x420
[ 1524.284635][T19604]  ? __fget_files+0x3a0/0x420
[ 1524.284649][T19604]  ? __fget_files+0x2a/0x420
[ 1524.284671][T19604]  do_writev+0x14d/0x2d0
[ 1524.284689][T19604]  ? __pfx_do_writev+0x10/0x10
[ 1524.284707][T19604]  ? do_syscall_64+0xbe/0xf80
[ 1524.284728][T19604]  do_syscall_64+0xfa/0xf80
[ 1524.284743][T19604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1524.284758][T19604]  ? clear_bhb_loop+0x60/0xb0
[ 1524.284775][T19604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1524.284790][T19604] RIP: 0033:0x7f4031f8f749
[ 1524.284807][T19604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1524.284820][T19604] RSP: 002b:00007f40301f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1524.284838][T19604] RAX: ffffffffffffffda RBX: 00007f40321e5fa0 RCX: 00007f4031f8f749
[ 1524.284848][T19604] RDX: 0000000000000003 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1524.284857][T19604] RBP: 00007f40301f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1524.284867][T19604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1524.284876][T19604] R13: 00007f40321e6038 R14: 00007f40321e5fa0 R15: 00007f403230fa28
[ 1524.284905][T19604]  </TASK>
[ 1524.313126][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1524.585377][T19602] usb usb8: usbfs: process 19602 (syz.0.2619) did not claim interface 0 before use
[ 1524.852194][    T9] usb 3-1: config 0 has no interfaces?
[ 1524.867324][    T9] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1524.900806][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.940626][    T9] usb 3-1: config 0 descriptor??
[ 1525.152464][ T5838] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1525.303350][ T5838] usb 5-1: device descriptor read/64, error -71
[ 1525.516789][   T10] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[ 1525.563933][ T5838] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1525.703070][ T5838] usb 5-1: device descriptor read/64, error -71
[ 1525.714978][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1525.738421][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1525.754262][   T10] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1525.773177][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1525.800637][   T10] usb 2-1: config 0 descriptor??
[ 1525.813455][ T5838] usb usb5-port1: attempt power cycle
[ 1525.834962][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1525.864141][   T10] dvb-usb: bulk message failed: -22 (3/0)
[ 1525.873037][   T24] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1525.900085][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1525.952318][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1525.995132][   T10] usb 2-1: media controller created
[ 1526.025033][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1526.033656][T19612] dvb-usb: bulk message failed: -22 (2/0)
[ 1526.072363][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1526.178672][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1526.224590][ T5838] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1526.233691][   T10] dvb-usb: bulk message failed: -22 (6/0)
[ 1526.235956][ T5925] gspca_m5602: Failed to find a sensor
[ 1526.250095][ T5925] ALi m5602 4-1:0.0: ALi m5602 webcam failed
[ 1526.264744][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1526.265156][ T5838] usb 5-1: device descriptor read/8, error -71
[ 1526.281515][   T24] usb 1-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1526.293742][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1526.305836][ T5925] usb 4-1: USB disconnect, device number 29
[ 1526.317835][   T24] usb 1-1: Product: syz
[ 1526.329031][   T24] usb 1-1: Manufacturer: syz
[ 1526.329740][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input127
[ 1526.394001][   T24] usb 1-1: SerialNumber: syz
[ 1526.409147][   T24] usb 1-1: config 0 descriptor??
[ 1526.441195][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[ 1526.451387][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1526.553918][ T5838] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1526.597804][ T5838] usb 5-1: device descriptor read/8, error -71
[ 1526.605518][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1526.612467][   T10] dvb-usb: error while querying for an remote control event.
[ 1526.632840][   T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1526.712554][   T24] usb 1-1: USB disconnect, device number 28
[ 1526.720242][ T5838] usb usb5-port1: unable to enumerate USB device
[ 1526.777141][ T6296] udevd[6296]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1526.805763][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1526.818862][   T10] dvb-usb: error while querying for an remote control event.
[ 1526.903674][ T5838] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1526.993102][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1527.000784][   T10] dvb-usb: error while querying for an remote control event.
[ 1527.065601][ T5838] usb 4-1: config 0 has an invalid interface number: 11 but max is 0
[ 1527.075909][ T5838] usb 4-1: config 0 has no interface number 0
[ 1527.084253][ T5838] usb 4-1: config 0 interface 11 has no altsetting 0
[ 1527.092172][ T5838] usb 4-1: New USB device found, idVendor=1871, idProduct=0306, bcdDevice=1a.d2
[ 1527.103942][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1527.115361][ T5838] usb 4-1: config 0 descriptor??
[ 1527.163879][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1527.170760][   T10] dvb-usb: error while querying for an remote control event.
[ 1527.244180][T19627] FAULT_INJECTION: forcing a failure.
[ 1527.244180][T19627] name failslab, interval 1, probability 0, space 0, times 0
[ 1527.260202][T19627] CPU: 0 UID: 0 PID: 19627 Comm: syz.0.2626 Not tainted syzkaller #0 PREEMPT(full) 
[ 1527.260225][T19627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1527.260232][T19627] Call Trace:
[ 1527.260237][T19627]  <TASK>
[ 1527.260243][T19627]  dump_stack_lvl+0x189/0x250
[ 1527.260264][T19627]  ? __pfx____ratelimit+0x10/0x10
[ 1527.260281][T19627]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1527.260292][T19627]  ? __pfx__printk+0x10/0x10
[ 1527.260313][T19627]  ? __pfx___might_resched+0x10/0x10
[ 1527.260329][T19627]  ? fs_reclaim_acquire+0x7d/0x100
[ 1527.260356][T19627]  should_fail_ex+0x414/0x560
[ 1527.260546][T19627]  should_failslab+0xa8/0x100
[ 1527.260574][T19627]  __kmalloc_noprof+0xcb/0x800
[ 1527.260593][T19627]  ? tomoyo_encode+0x28b/0x550
[ 1527.260694][T19627]  tomoyo_encode+0x28b/0x550
[ 1527.260719][T19627]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1527.260740][T19627]  ? tomoyo_domain+0xd8/0x130
[ 1527.260764][T19627]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1527.260802][T19627]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1527.260818][T19627]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1527.260894][T19627]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1527.261217][T19627]  ? __fget_files+0x2a/0x420
[ 1527.261243][T19627]  ? __fget_files+0x3a0/0x420
[ 1527.261257][T19627]  ? __fget_files+0x2a/0x420
[ 1527.261272][T19627]  security_file_ioctl+0xcb/0x2d0
[ 1527.261296][T19627]  __se_sys_ioctl+0x47/0x170
[ 1527.261366][T19627]  do_syscall_64+0xfa/0xf80
[ 1527.261384][T19627]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1527.261403][T19627]  ? clear_bhb_loop+0x60/0xb0
[ 1527.261424][T19627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1527.261435][T19627] RIP: 0033:0x7f930438f749
[ 1527.261446][T19627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1527.261455][T19627] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1527.261468][T19627] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1527.261475][T19627] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1527.261481][T19627] RBP: 00007f930521c090 R08: 0000000000000000 R09: 0000000000000000
[ 1527.261487][T19627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1527.261493][T19627] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1527.261509][T19627]  </TASK>
[ 1527.262579][T19627] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1527.591017][   T10] dvb-usb: bulk message failed: -22 (1/0)
[ 1527.605147][T19630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1527.620360][   T10] dvb-usb: error while querying for an remote control event.
[ 1527.636137][T19630] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1527.650983][ T5838] usb 4-1: string descriptor 0 read error: -71
[ 1527.686282][ T5838] uvcvideo 4-1:0.11: Found multiple Units with ID 1
[ 1527.718093][ T5838] uvcvideo 4-1:0.11: Found UVC 0.00 device <unnamed> (1871:0306)
[ 1527.734378][ T5838] uvcvideo 4-1:0.11: No valid video chain found.
[ 1527.747118][ T5838] usb 4-1: USB disconnect, device number 30
[ 1527.793004][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1527.801733][    T9] dvb-usb: error while querying for an remote control event.
[ 1527.877582][T19634] fuse: Bad value for 'fd'
[ 1527.965090][ T5925] usb 3-1: USB disconnect, device number 22
[ 1528.058032][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1528.095377][    T9] dvb-usb: error while querying for an remote control event.
[ 1528.171580][ T5838] usb 2-1: USB disconnect, device number 26
[ 1528.445888][ T5838] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1528.593461][ T5925] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1528.620926][T19650] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2633'.
[ 1528.717063][T19653] FAULT_INJECTION: forcing a failure.
[ 1528.717063][T19653] name failslab, interval 1, probability 0, space 0, times 0
[ 1528.783085][ T5925] usb 1-1: Using ep0 maxpacket: 8
[ 1528.800519][ T5925] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1528.829838][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1528.853196][T19653] CPU: 0 UID: 0 PID: 19653 Comm: syz.2.2634 Not tainted syzkaller #0 PREEMPT(full) 
[ 1528.853223][T19653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1528.853233][T19653] Call Trace:
[ 1528.853240][T19653]  <TASK>
[ 1528.853248][T19653]  dump_stack_lvl+0x189/0x250
[ 1528.853273][T19653]  ? __pfx____ratelimit+0x10/0x10
[ 1528.853296][T19653]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1528.853314][T19653]  ? __pfx__printk+0x10/0x10
[ 1528.853340][T19653]  ? __pfx___might_resched+0x10/0x10
[ 1528.853356][T19653]  ? fs_reclaim_acquire+0x7d/0x100
[ 1528.853383][T19653]  should_fail_ex+0x414/0x560
[ 1528.853411][T19653]  should_failslab+0xa8/0x100
[ 1528.853436][T19653]  __kmalloc_noprof+0xcb/0x800
[ 1528.853456][T19653]  ? tomoyo_encode+0x28b/0x550
[ 1528.853481][T19653]  tomoyo_encode+0x28b/0x550
[ 1528.853506][T19653]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1528.853527][T19653]  ? tomoyo_domain+0xd8/0x130
[ 1528.853551][T19653]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1528.853575][T19653]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1528.853600][T19653]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1528.853640][T19653]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1528.853683][T19653]  ? __fget_files+0x2a/0x420
[ 1528.853705][T19653]  ? __fget_files+0x3a0/0x420
[ 1528.853720][T19653]  ? __fget_files+0x2a/0x420
[ 1528.853739][T19653]  security_file_ioctl+0xcb/0x2d0
[ 1528.853765][T19653]  __se_sys_ioctl+0x47/0x170
[ 1528.853788][T19653]  do_syscall_64+0xfa/0xf80
[ 1528.853806][T19653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.853823][T19653]  ? clear_bhb_loop+0x60/0xb0
[ 1528.853843][T19653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.853860][T19653] RIP: 0033:0x7f420f18f749
[ 1528.853876][T19653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1528.853895][T19653] RSP: 002b:00007f42100d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1528.853915][T19653] RAX: ffffffffffffffda RBX: 00007f420f3e5fa0 RCX: 00007f420f18f749
[ 1528.853927][T19653] RDX: 0000000000000000 RSI: 0000000000008983 RDI: 0000000000000003
[ 1528.853938][T19653] RBP: 00007f42100d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1528.853947][T19653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.853960][T19653] R13: 00007f420f3e6038 R14: 00007f420f3e5fa0 R15: 00007f420f50fa28
[ 1528.853994][T19653]  </TASK>
[ 1528.854078][T19653] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1529.087164][ T5925] usb 1-1: Product: syz
[ 1529.174719][ T5925] usb 1-1: Manufacturer: syz
[ 1529.179927][ T5925] usb 1-1: SerialNumber: syz
[ 1529.203151][ T5925] usb 1-1: config 0 descriptor??
[ 1529.213750][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1529.232682][ T5925] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1529.378342][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1529.395308][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1529.467988][    T9] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1529.491157][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1529.525115][    T9] usb 2-1: Product: syz
[ 1529.530707][    T9] usb 2-1: Manufacturer: syz
[ 1529.543712][    T9] usb 2-1: SerialNumber: syz
[ 1529.546942][T19666] netlink: 774 bytes leftover after parsing attributes in process `syz.2.2640'.
[ 1529.565619][    T9] usb 2-1: config 0 descriptor??
[ 1529.791143][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1529.907688][    T9] usb 2-1: USB disconnect, device number 27
[ 1530.027787][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1530.375735][T19687] netlink: 'syz.3.2647': attribute type 10 has an invalid length.
[ 1530.423658][T19687] team0: Device veth1_macvtap failed to register rx_handler
[ 1530.473188][   T24] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1530.653765][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1530.665716][   T24] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[ 1530.683088][   T24] usb 5-1: config 0 has no interface number 0
[ 1530.696837][   T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1530.711012][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1530.721273][   T24] usb 5-1: Product: syz
[ 1530.727390][   T24] usb 5-1: Manufacturer: syz
[ 1530.752673][   T24] usb 5-1: SerialNumber: syz
[ 1530.769241][   T24] usb 5-1: config 0 descriptor??
[ 1530.788254][   T24] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1530.822149][T19693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2649'.
[ 1531.010651][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1531.060810][   T24] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1531.075822][ T5925] gspca_m5602: Failed to find a sensor
[ 1531.104588][ T5925] ALi m5602 1-1:0.0: ALi m5602 webcam failed
[ 1531.147823][ T5925] usb 1-1: USB disconnect, device number 29
[ 1531.289379][T19704] FAULT_INJECTION: forcing a failure.
[ 1531.289379][T19704] name failslab, interval 1, probability 0, space 0, times 0
[ 1531.342648][T19704] CPU: 1 UID: 0 PID: 19704 Comm: syz.0.2652 Not tainted syzkaller #0 PREEMPT(full) 
[ 1531.342674][T19704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1531.342684][T19704] Call Trace:
[ 1531.342692][T19704]  <TASK>
[ 1531.342699][T19704]  dump_stack_lvl+0x189/0x250
[ 1531.342727][T19704]  ? __pfx____ratelimit+0x10/0x10
[ 1531.342752][T19704]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1531.342772][T19704]  ? __pfx__printk+0x10/0x10
[ 1531.342795][T19704]  ? __pfx___might_resched+0x10/0x10
[ 1531.342813][T19704]  ? fs_reclaim_acquire+0x7d/0x100
[ 1531.342841][T19704]  should_fail_ex+0x414/0x560
[ 1531.342867][T19704]  should_failslab+0xa8/0x100
[ 1531.342890][T19704]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1531.342909][T19704]  ? __alloc_skb+0x255/0x430
[ 1531.343058][T19704]  ? napi_skb_cache_get+0x4a5/0x780
[ 1531.343072][T19704]  ? napi_skb_cache_get+0x151/0x780
[ 1531.343092][T19704]  __alloc_skb+0x255/0x430
[ 1531.343113][T19704]  ? __pfx___alloc_skb+0x10/0x10
[ 1531.343133][T19704]  ? netlink_autobind+0xdb/0x300
[ 1531.343194][T19704]  ? netlink_autobind+0x2c2/0x300
[ 1531.343219][T19704]  netlink_sendmsg+0x5c6/0xb30
[ 1531.343248][T19704]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1531.343271][T19704]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1531.343294][T19704]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1531.343316][T19704]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1531.343336][T19704]  __sock_sendmsg+0x21c/0x270
[ 1531.343362][T19704]  ____sys_sendmsg+0x505/0x820
[ 1531.343387][T19704]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1531.343415][T19704]  ? import_iovec+0x74/0xa0
[ 1531.343436][T19704]  ___sys_sendmsg+0x21f/0x2a0
[ 1531.343458][T19704]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1531.343483][T19704]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1531.343542][T19704]  ? __fget_files+0x2a/0x420
[ 1531.343563][T19704]  ? __fget_files+0x3a0/0x420
[ 1531.343588][T19704]  __x64_sys_sendmsg+0x19b/0x260
[ 1531.343611][T19704]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1531.343640][T19704]  ? __pfx_ksys_write+0x10/0x10
[ 1531.343664][T19704]  ? do_syscall_64+0xbe/0xf80
[ 1531.343685][T19704]  do_syscall_64+0xfa/0xf80
[ 1531.343701][T19704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.343717][T19704]  ? clear_bhb_loop+0x60/0xb0
[ 1531.343736][T19704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.343753][T19704] RIP: 0033:0x7f930438f749
[ 1531.343769][T19704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1531.343785][T19704] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1531.343805][T19704] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1531.343818][T19704] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003
[ 1531.343830][T19704] RBP: 00007f930521c090 R08: 0000000000000000 R09: 0000000000000000
[ 1531.343841][T19704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.343851][T19704] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1531.343880][T19704]  </TASK>
[ 1531.712640][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1531.736569][T19709] bridge1: entered promiscuous mode
[ 1531.814485][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1531.823745][   T24] usb 5-1: USB disconnect, device number 37
[ 1531.859364][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1531.863046][    T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1531.878638][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1531.900728][   T24] quatech2 5-1:0.51: device disconnected
[ 1532.083008][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1532.096747][    T9] usb 3-1: config 0 has an invalid interface number: 30 but max is 0
[ 1532.134449][    T9] usb 3-1: config 0 has no interface number 0
[ 1532.263099][    T9] usb 3-1: config 0 interface 30 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[ 1532.301471][    T9] usb 3-1: config 0 interface 30 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1532.327583][    T9] usb 3-1: config 0 interface 30 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 8
[ 1532.343152][    T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c180, bcdDevice=fc.f0
[ 1532.360603][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.376723][    T9] usb 3-1: Product: syz
[ 1532.382534][    T9] usb 3-1: Manufacturer: syz
[ 1532.390016][    T9] usb 3-1: SerialNumber: syz
[ 1532.403844][    T9] usb 3-1: config 0 descriptor??
[ 1532.424711][T19703] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1532.440671][T19703] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1532.452364][    T9] quatech2 3-1:0.30: Quatech 2nd gen USB to Serial Driver converter detected
[ 1532.498227][ T5925] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1532.740219][    T9] usb 3-1: qt2_attach - failed to power on unit: -71
[ 1532.754987][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1532.824288][    T9] quatech2 3-1:0.30: probe with driver quatech2 failed with error -71
[ 1532.831521][T19729] FAULT_INJECTION: forcing a failure.
[ 1532.831521][T19729] name failslab, interval 1, probability 0, space 0, times 0
[ 1532.889691][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1533.026728][T19729] CPU: 0 UID: 0 PID: 19729 Comm: syz.4.2660 Not tainted syzkaller #0 PREEMPT(full) 
[ 1533.026755][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1533.026765][T19729] Call Trace:
[ 1533.026772][T19729]  <TASK>
[ 1533.026780][T19729]  dump_stack_lvl+0x189/0x250
[ 1533.026805][T19729]  ? __pfx____ratelimit+0x10/0x10
[ 1533.026828][T19729]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1533.026845][T19729]  ? __pfx__printk+0x10/0x10
[ 1533.026871][T19729]  ? __pfx___might_resched+0x10/0x10
[ 1533.026893][T19729]  should_fail_ex+0x414/0x560
[ 1533.026919][T19729]  should_failslab+0xa8/0x100
[ 1533.026943][T19729]  __kmalloc_noprof+0xcb/0x800
[ 1533.027036][T19729]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1533.027062][T19729]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1533.027080][T19729]  ? tomoyo_domain+0xd8/0x130
[ 1533.027104][T19729]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1533.027127][T19729]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1533.027150][T19729]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1533.027176][T19729]  ? sb_end_write+0xe9/0x1c0
[ 1533.027194][T19729]  ? vfs_write+0x956/0xb30
[ 1533.027245][T19729]  ? ksys_write+0x1e1/0x250
[ 1533.027269][T19729]  security_file_ioctl+0xcb/0x2d0
[ 1533.027293][T19729]  __se_sys_ioctl+0x47/0x170
[ 1533.027315][T19729]  do_syscall_64+0xfa/0xf80
[ 1533.027332][T19729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1533.027371][T19729]  ? clear_bhb_loop+0x60/0xb0
[ 1533.027391][T19729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1533.027406][T19729] RIP: 0033:0x7f28ca78f749
[ 1533.027424][T19729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1533.027439][T19729] RSP: 002b:00007f28cb57b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1533.027458][T19729] RAX: ffffffffffffffda RBX: 00007f28ca9e5fa0 RCX: 00007f28ca78f749
[ 1533.027470][T19729] RDX: 0000000000000000 RSI: 00000000000007a0 RDI: 0000000000000003
[ 1533.027481][T19729] RBP: 00007f28cb57b090 R08: 0000000000000000 R09: 0000000000000000
[ 1533.027491][T19729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1533.027501][T19729] R13: 00007f28ca9e6038 R14: 00007f28ca9e5fa0 R15: 00007f28cab0fa28
[ 1533.027531][T19729]  </TASK>
[ 1533.027539][T19729] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1533.029160][ T5925] usb 4-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1533.404571][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1533.478803][ T5925] usb 4-1: Product: syz
[ 1533.535020][    T9] usb 3-1: USB disconnect, device number 23
[ 1533.563070][ T5925] usb 4-1: Manufacturer: syz
[ 1533.593042][ T5925] usb 4-1: SerialNumber: syz
[ 1533.643319][ T5925] usb 4-1: config 0 descriptor??
[ 1533.843012][   T24] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1533.926026][ T5925] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1534.027207][T19738] 8021q: adding VLAN 0 to HW filter on device batadv55
[ 1534.070266][T19738] team0: Port device batadv55 added
[ 1534.111436][ T5925] usb 4-1: USB disconnect, device number 31
[ 1534.187159][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1534.220649][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1534.263483][    T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1534.271554][   T24] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1534.379690][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1534.421223][   T24] usb 5-1: config 0 descriptor??
[ 1534.433070][    T9] usb 3-1: Using ep0 maxpacket: 8
[ 1534.511670][    T9] usb 3-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1534.543125][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1534.564757][T15970] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1534.594828][    T9] usb 3-1: Product: syz
[ 1534.603234][    T9] usb 3-1: Manufacturer: syz
[ 1534.623070][    T9] usb 3-1: SerialNumber: syz
[ 1534.637071][   T24] usbhid 5-1:0.0: can't add hid device: -22
[ 1534.651426][T19745] FAULT_INJECTION: forcing a failure.
[ 1534.651426][T19745] name failslab, interval 1, probability 0, space 0, times 0
[ 1534.654255][    T9] usb 3-1: config 0 descriptor??
[ 1534.683907][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[ 1534.706289][T15970] usb 2-1: device descriptor read/64, error -71
[ 1534.715085][T19731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1534.745592][T19731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1534.768841][T19745] CPU: 1 UID: 0 PID: 19745 Comm: syz.0.2665 Not tainted syzkaller #0 PREEMPT(full) 
[ 1534.768868][T19745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1534.768879][T19745] Call Trace:
[ 1534.768887][T19745]  <TASK>
[ 1534.768895][T19745]  dump_stack_lvl+0x189/0x250
[ 1534.768920][T19745]  ? __pfx____ratelimit+0x10/0x10
[ 1534.768942][T19745]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1534.768960][T19745]  ? __pfx__printk+0x10/0x10
[ 1534.768987][T19745]  ? __pfx___might_resched+0x10/0x10
[ 1534.769004][T19745]  ? fs_reclaim_acquire+0x7d/0x100
[ 1534.769027][T19745]  should_fail_ex+0x414/0x560
[ 1534.769050][T19745]  should_failslab+0xa8/0x100
[ 1534.769074][T19745]  kmem_cache_alloc_noprof+0x74/0x6f0
[ 1534.769095][T19745]  ? alloc_empty_file+0x55/0x1d0
[ 1534.769111][T19745]  ? kernel_text_address+0xa5/0xe0
[ 1534.769137][T19745]  alloc_empty_file+0x55/0x1d0
[ 1534.769152][T19745]  path_openat+0x108/0x3dd0
[ 1534.769397][T19745]  ? stack_trace_save+0x9c/0xe0
[ 1534.769429][T19745]  ? stack_depot_save_flags+0x40/0x850
[ 1534.769443][T19745]  ? _parse_integer_limit+0x131/0x1f0
[ 1534.769459][T19745]  ? kasan_save_track+0x4f/0x80
[ 1534.769505][T19745]  ? __kasan_slab_alloc+0x6c/0x80
[ 1534.769517][T19745]  ? kmem_cache_alloc_noprof+0x367/0x6f0
[ 1534.769528][T19745]  ? getname_flags+0xb8/0x540
[ 1534.769541][T19745]  ? do_sys_openat2+0xbc/0x200
[ 1534.769551][T19745]  ? __x64_sys_openat+0x138/0x170
[ 1534.769560][T19745]  ? do_syscall_64+0xfa/0xf80
[ 1534.769571][T19745]  ? __pfx_path_openat+0x10/0x10
[ 1534.769584][T19745]  ? __lock_acquire+0x6b6/0x2cf0
[ 1534.769601][T19745]  do_filp_open+0x1fa/0x410
[ 1534.769614][T19745]  ? __pfx_do_filp_open+0x10/0x10
[ 1534.769637][T19745]  ? _raw_spin_unlock+0x28/0x50
[ 1534.769679][T19745]  ? alloc_fd+0x64c/0x6c0
[ 1534.769722][T19745]  do_sys_openat2+0x121/0x200
[ 1534.769734][T19745]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1534.769746][T19745]  ? ksys_write+0x22a/0x250
[ 1534.769763][T19745]  ? __pfx_ksys_write+0x10/0x10
[ 1534.769781][T19745]  __x64_sys_openat+0x138/0x170
[ 1534.769795][T19745]  do_syscall_64+0xfa/0xf80
[ 1534.769804][T19745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.769814][T19745]  ? clear_bhb_loop+0x60/0xb0
[ 1534.769826][T19745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.769836][T19745] RIP: 0033:0x7f930438f749
[ 1534.769848][T19745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1534.769857][T19745] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1534.769869][T19745] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1534.769876][T19745] RDX: 0000000000000800 RSI: 0000200000000640 RDI: ffffffffffffff9c
[ 1534.769883][T19745] RBP: 00007f930521c090 R08: 0000000000000000 R09: 0000000000000000
[ 1534.769889][T19745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1534.769895][T19745] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1534.769911][T19745]  </TASK>
[ 1534.788539][    T9] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1534.962980][T10139] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[ 1535.102101][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1535.176797][T15970] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1535.186697][   T24] usb 5-1: USB disconnect, device number 38
[ 1535.333056][T15970] usb 2-1: device descriptor read/64, error -71
[ 1535.368982][T19752] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2668'.
[ 1535.444433][T15970] usb usb2-port1: attempt power cycle
[ 1535.521554][T10139] usb 4-1: config 1 has an invalid descriptor of length 106, skipping remainder of the config
[ 1535.542574][T10139] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1535.575179][T10139] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1535.610670][T10139] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1535.627935][T10139] usb 4-1: Product: syz
[ 1535.640291][T10139] usb 4-1: Manufacturer: syz
[ 1535.645730][T10139] usb 4-1: SerialNumber: syz
[ 1535.793097][T15970] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1535.830954][T15970] usb 2-1: device descriptor read/8, error -71
[ 1535.875147][T10139] usb 4-1: 0:2 : does not exist
[ 1535.915487][T10139] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1535.957462][T10139] usb 4-1: USB disconnect, device number 32
[ 1536.113217][T15970] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1536.133894][ T5834] udevd[5834]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1536.152452][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1536.224149][T15970] usb 2-1: device descriptor read/8, error -71
[ 1536.334997][T15970] usb usb2-port1: unable to enumerate USB device
[ 1537.062140][    T9] gspca_m5602: Failed to find a sensor
[ 1537.072998][    T9] ALi m5602 3-1:0.0: ALi m5602 webcam failed
[ 1537.104252][    T9] usb 3-1: USB disconnect, device number 24
[ 1537.145179][T19771] random: crng reseeded on system resumption
[ 1537.455472][T15970] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1537.683020][T15970] usb 4-1: Using ep0 maxpacket: 32
[ 1537.871613][T15970] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[ 1537.883108][T15970] usb 4-1: config 0 has no interface number 0
[ 1537.890011][T15970] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1537.925893][T15970] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1538.031005][T15970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1538.086983][T15970] usb 4-1: Product: syz
[ 1538.102118][T15970] usb 4-1: Manufacturer: syz
[ 1538.123115][T15970] usb 4-1: SerialNumber: syz
[ 1538.142179][T15970] usb 4-1: config 0 descriptor??
[ 1538.171562][T19770] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1538.227045][T19785] FAULT_INJECTION: forcing a failure.
[ 1538.227045][T19785] name failslab, interval 1, probability 0, space 0, times 0
[ 1538.356854][T19785] CPU: 1 UID: 0 PID: 19785 Comm: syz.0.2677 Not tainted syzkaller #0 PREEMPT(full) 
[ 1538.356882][T19785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1538.356894][T19785] Call Trace:
[ 1538.356904][T19785]  <TASK>
[ 1538.356912][T19785]  dump_stack_lvl+0x189/0x250
[ 1538.356934][T19785]  ? __pfx____ratelimit+0x10/0x10
[ 1538.356950][T19785]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1538.356961][T19785]  ? __pfx__printk+0x10/0x10
[ 1538.356976][T19785]  ? __pfx___might_resched+0x10/0x10
[ 1538.356988][T19785]  ? fs_reclaim_acquire+0x7d/0x100
[ 1538.357016][T19785]  should_fail_ex+0x414/0x560
[ 1538.357044][T19785]  should_failslab+0xa8/0x100
[ 1538.357069][T19785]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1538.357086][T19785]  ? _copy_from_user+0x94/0xb0
[ 1538.357096][T19785]  ? __se_sys_mount+0x166/0x410
[ 1538.357105][T19785]  ? memdup_user+0x99/0xd0
[ 1538.357117][T19785]  __se_sys_mount+0x166/0x410
[ 1538.357129][T19785]  ? __pfx___se_sys_mount+0x10/0x10
[ 1538.357143][T19785]  ? do_syscall_64+0xbe/0xf80
[ 1538.357159][T19785]  ? __x64_sys_mount+0x20/0xc0
[ 1538.357177][T19785]  do_syscall_64+0xfa/0xf80
[ 1538.357194][T19785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.357211][T19785]  ? clear_bhb_loop+0x60/0xb0
[ 1538.357230][T19785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.357240][T19785] RIP: 0033:0x7f930438f749
[ 1538.357251][T19785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1538.357261][T19785] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1538.357272][T19785] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1538.357280][T19785] RDX: 0000200000000000 RSI: 00002000000020c0 RDI: 0000000000000000
[ 1538.357287][T19785] RBP: 00007f930521c090 R08: 0000200000000040 R09: 0000000000000000
[ 1538.357298][T19785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.357308][T19785] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1538.357338][T19785]  </TASK>
[ 1538.597143][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1538.616910][T19770] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1538.733165][ T5978] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1538.914862][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1538.973213][ T5978] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1539.023946][ T5978] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1539.048424][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1539.133116][ T5978] usb 2-1: Product: syz
[ 1539.163358][ T5978] usb 2-1: Manufacturer: syz
[ 1539.206305][ T5978] usb 2-1: SerialNumber: syz
[ 1539.229006][ T5978] usb 2-1: config 0 descriptor??
[ 1539.365651][T15970] asix 4-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1539.391688][T19799] FAULT_INJECTION: forcing a failure.
[ 1539.391688][T19799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1539.423442][T19799] CPU: 1 UID: 0 PID: 19799 Comm: syz.0.2681 Not tainted syzkaller #0 PREEMPT(full) 
[ 1539.423469][T19799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1539.423480][T19799] Call Trace:
[ 1539.423488][T19799]  <TASK>
[ 1539.423496][T19799]  dump_stack_lvl+0x189/0x250
[ 1539.423522][T19799]  ? __pfx____ratelimit+0x10/0x10
[ 1539.423545][T19799]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1539.423564][T19799]  ? __pfx__printk+0x10/0x10
[ 1539.423586][T19799]  ? __might_fault+0xb0/0x130
[ 1539.423619][T19799]  should_fail_ex+0x414/0x560
[ 1539.423652][T19799]  _copy_from_iter+0x3b0/0x1630
[ 1539.423687][T19799]  ? __pfx__copy_from_iter+0x10/0x10
[ 1539.423710][T19799]  ? __lock_acquire+0x6b6/0x2cf0
[ 1539.423730][T19799]  ? __lock_acquire+0x6b6/0x2cf0
[ 1539.423754][T19799]  tun_get_user+0x48b/0x3dc0
[ 1539.423794][T19799]  ? __pfx_tun_get_user+0x10/0x10
[ 1539.423814][T19799]  ? __lock_acquire+0x6b6/0x2cf0
[ 1539.423844][T19799]  ? ref_tracker_alloc+0x318/0x460
[ 1539.423865][T19799]  ? aa_file_perm+0x139/0x1530
[ 1539.423886][T19799]  ? aa_file_perm+0x44c/0x1530
[ 1539.423904][T19799]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1539.423933][T19799]  ? tun_get+0x1c/0x2f0
[ 1539.423956][T19799]  ? tun_get+0x1c/0x2f0
[ 1539.423973][T19799]  ? tun_get+0x1c/0x2f0
[ 1539.423995][T19799]  tun_chr_write_iter+0x113/0x200
[ 1539.424017][T19799]  do_iter_readv_writev+0x623/0x8c0
[ 1539.424046][T19799]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1539.424066][T19799]  ? common_file_perm+0x1b5/0x220
[ 1539.424088][T19799]  ? bpf_lsm_file_permission+0x9/0x20
[ 1539.424104][T19799]  ? security_file_permission+0x75/0x290
[ 1539.424129][T19799]  ? rw_verify_area+0x255/0x4d0
[ 1539.424153][T19799]  vfs_writev+0x31a/0x960
[ 1539.424169][T19799]  ? vfs_write+0x956/0xb30
[ 1539.424195][T19799]  ? __pfx_vfs_writev+0x10/0x10
[ 1539.424233][T19799]  ? __fget_files+0x2a/0x420
[ 1539.424255][T19799]  ? __fget_files+0x3a0/0x420
[ 1539.424270][T19799]  ? __fget_files+0x2a/0x420
[ 1539.424295][T19799]  do_writev+0x14d/0x2d0
[ 1539.424331][T19799]  ? __pfx_do_writev+0x10/0x10
[ 1539.424350][T19799]  ? do_syscall_64+0xbe/0xf80
[ 1539.424371][T19799]  do_syscall_64+0xfa/0xf80
[ 1539.424388][T19799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.424405][T19799]  ? clear_bhb_loop+0x60/0xb0
[ 1539.424425][T19799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1539.424442][T19799] RIP: 0033:0x7f930438f749
[ 1539.424460][T19799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1539.424475][T19799] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1539.424494][T19799] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1539.424507][T19799] RDX: 0000000000000003 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1539.424519][T19799] RBP: 00007f930521c090 R08: 0000000000000000 R09: 0000000000000000
[ 1539.424530][T19799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1539.424541][T19799] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1539.424570][T19799]  </TASK>
[ 1539.515298][ T5978] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1539.520670][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1539.574751][ T5978] usb 2-1: USB disconnect, device number 32
[ 1539.578700][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1539.932980][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1539.979899][T15970] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1540.005865][T15970] asix 4-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 1540.039094][T15970] asix 4-1:0.188: probe with driver asix failed with error -71
[ 1540.105625][T15970] usb 4-1: USB disconnect, device number 33
[ 1540.143009][  T183] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1540.363012][  T183] usb 5-1: Using ep0 maxpacket: 32
[ 1540.379376][  T183] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1540.393319][T10139] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1540.405742][  T183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.432197][  T183] usb 5-1: Product: syz
[ 1540.439800][  T183] usb 5-1: Manufacturer: syz
[ 1540.514744][  T183] usb 5-1: SerialNumber: syz
[ 1540.556460][  T183] usb 5-1: config 0 descriptor??
[ 1540.570070][  T183] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1540.573175][T10139] usb 1-1: Using ep0 maxpacket: 32
[ 1540.666329][T10139] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 1540.683577][T10139] usb 1-1: config 0 has no interface number 0
[ 1540.705191][T10139] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1540.721784][T10139] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.734481][T19816] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2687'.
[ 1540.745794][T10139] usb 1-1: Product: syz
[ 1540.750697][T10139] usb 1-1: Manufacturer: syz
[ 1540.756534][T10139] usb 1-1: SerialNumber: syz
[ 1540.772366][T19815] geneve2: entered promiscuous mode
[ 1540.789065][T10139] usb 1-1: config 0 descriptor??
[ 1540.807310][T10139] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1540.913089][   T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1541.015089][T10139] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1541.065461][T10139] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1541.076451][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1541.103474][   T24] usb 3-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1541.118011][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1541.132640][   T24] usb 3-1: Product: syz
[ 1541.139979][   T24] usb 3-1: Manufacturer: syz
[ 1541.157095][   T24] usb 3-1: SerialNumber: syz
[ 1541.182269][   T24] usb 3-1: config 0 descriptor??
[ 1541.255684][   T24] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1541.478933][T19805] bridge1: entered promiscuous mode
[ 1541.491095][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1541.501106][T10139] usb 1-1: USB disconnect, device number 30
[ 1541.515042][T10139] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1541.549980][T10139] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1541.608720][T10139] quatech2 1-1:0.51: device disconnected
[ 1542.207945][T19801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1542.240159][T19801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1542.321777][  T183] gspca_ov534_9: reg_r err -71
[ 1542.593446][  T183] gspca_ov534_9: Unknown sensor 0000
[ 1542.593551][  T183] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[ 1542.595436][T19831] FAULT_INJECTION: forcing a failure.
[ 1542.595436][T19831] name failslab, interval 1, probability 0, space 0, times 0
[ 1542.708335][T19831] CPU: 1 UID: 0 PID: 19831 Comm: syz.0.2692 Not tainted syzkaller #0 PREEMPT(full) 
[ 1542.708360][T19831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1542.708374][T19831] Call Trace:
[ 1542.708382][T19831]  <TASK>
[ 1542.708394][T19831]  dump_stack_lvl+0x189/0x250
[ 1542.708419][T19831]  ? __pfx____ratelimit+0x10/0x10
[ 1542.708447][T19831]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1542.708465][T19831]  ? __pfx__printk+0x10/0x10
[ 1542.708490][T19831]  ? __pfx___might_resched+0x10/0x10
[ 1542.708508][T19831]  ? fs_reclaim_acquire+0x7d/0x100
[ 1542.708537][T19831]  should_fail_ex+0x414/0x560
[ 1542.708564][T19831]  should_failslab+0xa8/0x100
[ 1542.708589][T19831]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1542.708609][T19831]  ? trace_contention_end+0x39/0x100
[ 1542.708626][T19831]  ? vhost_task_create+0xf8/0x320
[ 1542.708653][T19831]  vhost_task_create+0xf8/0x320
[ 1542.708671][T19831]  ? unwind_get_return_address+0x4d/0x90
[ 1542.708689][T19831]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1542.708752][T19831]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1542.708771][T19831]  ? __pfx_vhost_task_create+0x10/0x10
[ 1542.708799][T19831]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1542.708822][T19831]  ? __lock_acquire+0x6b6/0x2cf0
[ 1542.708847][T19831]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1542.708870][T19831]  kvm_arch_vcpu_ioctl_run+0xdc/0x1c90
[ 1542.708910][T19831]  ? register_lock_class+0x51/0x320
[ 1542.708931][T19831]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1542.708954][T19831]  ? __lock_acquire+0x6b6/0x2cf0
[ 1542.708975][T19831]  ? __mutex_lock+0x335/0x1350
[ 1542.709001][T19831]  ? kasan_quarantine_put+0xdd/0x220
[ 1542.709022][T19831]  ? lockdep_hardirqs_on+0x98/0x140
[ 1542.709067][T19831]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1542.709101][T19831]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1542.709129][T19831]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1542.709166][T19831]  ? __fget_files+0x2a/0x420
[ 1542.709187][T19831]  ? __fget_files+0x3a0/0x420
[ 1542.709203][T19831]  ? __fget_files+0x2a/0x420
[ 1542.709222][T19831]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1542.709240][T19831]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1542.709260][T19831]  __se_sys_ioctl+0xfc/0x170
[ 1542.709283][T19831]  do_syscall_64+0xfa/0xf80
[ 1542.709300][T19831]  ? rcu_is_watching+0x15/0xb0
[ 1542.709316][T19831]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1542.709332][T19831]  ? clear_bhb_loop+0x60/0xb0
[ 1542.709353][T19831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1542.709369][T19831] RIP: 0033:0x7f930438f749
[ 1542.709386][T19831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1542.709401][T19831] RSP: 002b:00007f930521c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1542.709422][T19831] RAX: ffffffffffffffda RBX: 00007f93045e5fa0 RCX: 00007f930438f749
[ 1542.709434][T19831] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1542.709445][T19831] RBP: 00007f930521c090 R08: 0000000000000000 R09: 0000000000000000
[ 1542.709456][T19831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1542.709466][T19831] R13: 00007f93045e6038 R14: 00007f93045e5fa0 R15: 00007f930470fa28
[ 1542.709497][T19831]  </TASK>
[ 1542.974656][  T183] usb 5-1: USB disconnect, device number 39
[ 1542.978342][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1543.197384][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1543.421659][   T24] gspca_m5602: Failed to find a sensor
[ 1543.427764][   T24] ALi m5602 3-1:0.0: ALi m5602 webcam failed
[ 1543.438715][   T24] usb 3-1: USB disconnect, device number 25
[ 1543.843243][  T183] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1544.002981][   T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1544.046633][  T183] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1544.072988][  T183] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1544.225380][  T183] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1544.254586][  T183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1544.282239][  T183] usb 5-1: Product: syz
[ 1544.295750][   T24] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1544.303049][  T183] usb 5-1: Manufacturer: syz
[ 1544.319580][  T183] usb 5-1: SerialNumber: syz
[ 1544.347025][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1544.408793][   T24] usb 3-1: config 0 descriptor??
[ 1544.420065][  T183] usb 5-1: config 0 descriptor??
[ 1544.449218][   T24] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1544.463089][ T5978] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[ 1544.676274][T19867] program syz.0.2702 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1544.709611][ T5978] usb 2-1: config 7 has an invalid interface number: 252 but max is 0
[ 1544.740863][ T5978] usb 2-1: config 7 has no interface number 0
[ 1544.766845][ T5978] usb 2-1: config 7 interface 252 has no altsetting 0
[ 1544.779241][  T183] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1544.951705][ T5978] usb 2-1: string descriptor 0 read error: -22
[ 1545.046580][ T5978] usb 2-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[ 1545.064538][  T183] usb 5-1: USB disconnect, device number 40
[ 1545.107002][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1545.304585][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1545.653588][T19862] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1545.806648][T19862] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2698'.
[ 1545.817892][T19862] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2698'.
[ 1545.862859][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.870274][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.984811][T19855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1546.010229][T19855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1546.194514][   T24] gspca_cpia1: usb_control_msg 02, error -110
[ 1546.214882][   T24] gspca_cpia1: usb_control_msg 05, error -32
[ 1546.259122][   T24] gspca_cpia1: usb_control_msg 05, error -32
[ 1546.311356][   T24] gspca_cpia1: usb_control_msg 05, error -32
[ 1546.344968][   T24] gspca_cpia1: usb_control_msg 05, error -32
[ 1546.400401][   T24] gspca_cpia1: usb_control_msg 04, error -32
[ 1546.430861][   T24] gspca_cpia1: usb_control_msg 04, error -32
[ 1546.469151][   T24] gspca_cpia1: usb_control_msg 04, error -32
[ 1546.498466][   T24] gspca_cpia1: usb_control_msg 04, error -32
[ 1546.520612][   T24] cpia1 3-1:0.0: probe with driver cpia1 failed with error -32
[ 1546.769293][   T30] audit: type=1400 audit(1764850377.517:4): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=19872 comm="syz.4.2704"
[ 1547.210345][T19877] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2706'.
[ 1547.460053][ T5978] usb 2-1: USB disconnect, device number 33
[ 1547.513004][ T6942] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1547.630443][T19883] netdevsim netdevsim1: Firmware load for '../file0/file0' refused, path contains '..' component
[ 1547.663703][ T6942] usb 1-1: device descriptor read/64, error -71
[ 1547.886284][  T183] usb 3-1: USB disconnect, device number 26
[ 1547.963816][ T6942] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1548.021519][ T5978] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1548.183335][ T6942] usb 1-1: device descriptor read/64, error -71
[ 1548.254390][  T183] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1548.342829][ T5978] usb 2-1: Using ep0 maxpacket: 8
[ 1548.343272][ T6942] usb usb1-port1: attempt power cycle
[ 1548.350963][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 122, changing to 10
[ 1548.373638][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 24801, setting to 1024
[ 1548.393339][   T24] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1548.393446][ T5978] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1548.415522][  T183] usb 5-1: Using ep0 maxpacket: 16
[ 1548.422022][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1548.432978][  T183] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[ 1548.443707][  T183] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1548.469281][ T5978] usb 2-1: config 0 descriptor??
[ 1548.475230][  T183] usb 5-1: config 0 has no interface number 0
[ 1548.533583][ T5838] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1548.545015][  T183] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1548.556777][  T183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1548.567315][  T183] usb 5-1: Product: syz
[ 1548.572344][  T183] usb 5-1: Manufacturer: syz
[ 1548.580618][  T183] usb 5-1: SerialNumber: syz
[ 1548.603479][  T183] usb 5-1: config 0 descriptor??
[ 1548.633329][   T24] usb 4-1: Using ep0 maxpacket: 8
[ 1548.666408][   T24] usb 4-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1548.677264][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1548.690827][   T24] usb 4-1: Product: syz
[ 1548.708384][ T5838] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1548.726970][ T6942] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1548.743321][   T24] usb 4-1: Manufacturer: syz
[ 1548.748963][ T5978] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1548.757160][ T5838] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1548.784935][   T24] usb 4-1: SerialNumber: syz
[ 1548.795679][   T24] usb 4-1: config 0 descriptor??
[ 1548.816592][ T6942] usb 1-1: device descriptor read/8, error -71
[ 1548.822515][  T183] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 1548.835276][   T24] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1548.844020][  T183] uvcvideo 5-1:0.105: No valid video chain found.
[ 1548.854785][ T5838] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1548.868195][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1548.910138][ T5838] usb 3-1: Product: syz
[ 1548.921646][ T5838] usb 3-1: Manufacturer: syz
[ 1548.940465][ T5838] usb 3-1: SerialNumber: syz
[ 1548.964583][ T5838] usb 3-1: config 0 descriptor??
[ 1548.985663][  T183] usb 2-1: USB disconnect, device number 34
[ 1549.095894][ T6942] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1549.130386][ T5978] usb 5-1: USB disconnect, device number 41
[ 1549.134358][ T6942] usb 1-1: device descriptor read/8, error -71
[ 1549.179339][ T5838] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1549.260764][ T5838] usb 3-1: USB disconnect, device number 27
[ 1549.289706][ T6942] usb usb1-port1: unable to enumerate USB device
[ 1549.358875][T12313] udevd[12313]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1550.453300][ T5978] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[ 1550.624081][ T5978] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1550.662268][ T5978] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1550.675390][  T183] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1550.714891][ T5978] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1550.774611][ T5978] usb 3-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00
[ 1550.805222][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1550.847448][  T183] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1550.857099][  T183] usb 2-1: config 0 has no interface number 0
[ 1550.888207][  T183] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1550.917047][ T5978] usb 3-1: config 0 descriptor??
[ 1550.958619][  T183] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1550.977114][  T183] usb 2-1: Product: syz
[ 1550.981951][  T183] usb 2-1: Manufacturer: syz
[ 1550.988316][  T183] usb 2-1: SerialNumber: syz
[ 1550.998885][  T183] usb 2-1: config 0 descriptor??
[ 1551.033211][    T9] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1551.215920][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1551.242983][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1551.390370][ T5978] uclogic 0003:28BD:0075.0013: interface is invalid, ignoring
[ 1551.401020][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1551.431069][    T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1551.456414][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1551.458740][   T24] gspca_m5602: Failed to find a sensor
[ 1551.500782][    T9] usb 5-1: config 0 descriptor??
[ 1551.533178][   T24] ALi m5602 4-1:0.0: ALi m5602 webcam failed
[ 1551.588280][   T24] usb 4-1: USB disconnect, device number 34
[ 1551.646316][T19902] netlink: 'syz.2.2715': attribute type 4 has an invalid length.
[ 1551.683602][T19902] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2715'.
[ 1551.737169][  T183] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1551.781162][T19902] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1551.805896][  T183] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1551.816706][ T5838] usb 3-1: USB disconnect, device number 28
[ 1551.857505][  T183] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1551.890359][  T183] usb 2-1: media controller created
[ 1551.946371][    T9] plantronics 0003:047F:FFFF.0014: reserved main item tag 0xd
[ 1551.999183][    T9] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1552.041189][    T9] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1552.065178][  T183] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1552.083754][    T9] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1552.097437][    T9] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1552.107598][    T9] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[ 1552.157125][    T9] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1552.207759][T19927] FAULT_INJECTION: forcing a failure.
[ 1552.207759][T19927] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.254580][    T9] usb 5-1: USB disconnect, device number 42
[ 1552.273317][T19927] CPU: 0 UID: 0 PID: 19927 Comm: syz.3.2722 Not tainted syzkaller #0 PREEMPT(full) 
[ 1552.273349][T19927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1552.273360][T19927] Call Trace:
[ 1552.273368][T19927]  <TASK>
[ 1552.273377][T19927]  dump_stack_lvl+0x189/0x250
[ 1552.273459][T19927]  ? __pfx____ratelimit+0x10/0x10
[ 1552.273518][T19927]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1552.273536][T19927]  ? __pfx__printk+0x10/0x10
[ 1552.273559][T19927]  ? kmalloc_reserve+0xbd/0x290
[ 1552.273606][T19927]  ? __lock_acquire+0x6b6/0x2cf0
[ 1552.273643][T19927]  should_fail_ex+0x414/0x560
[ 1552.273697][T19927]  should_failslab+0xa8/0x100
[ 1552.273739][T19927]  kmem_cache_alloc_noprof+0x74/0x6f0
[ 1552.273791][T19927]  ? skb_clone+0x212/0x3a0
[ 1552.273811][T19927]  skb_clone+0x212/0x3a0
[ 1552.273830][T19927]  __netlink_deliver_tap+0x404/0x850
[ 1552.273870][T19927]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1552.273898][T19927]  netlink_deliver_tap+0x19c/0x1b0
[ 1552.273918][T19927]  netlink_unicast+0x7fa/0x9e0
[ 1552.273943][T19927]  ? __pfx_netlink_unicast+0x10/0x10
[ 1552.273963][T19927]  ? netlink_sendmsg+0x642/0xb30
[ 1552.273981][T19927]  ? skb_put+0x11b/0x210
[ 1552.274000][T19927]  netlink_sendmsg+0x805/0xb30
[ 1552.274026][T19927]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1552.274045][T19927]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1552.274081][T19927]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1552.274114][T19927]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1552.274135][T19927]  __sock_sendmsg+0x21c/0x270
[ 1552.274168][T19927]  sock_write_iter+0x279/0x360
[ 1552.274189][T19927]  ? __pfx_sock_write_iter+0x10/0x10
[ 1552.274217][T19927]  ? kstrtoull+0x12f/0x1d0
[ 1552.274258][T19927]  do_iter_readv_writev+0x623/0x8c0
[ 1552.274293][T19927]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1552.274310][T19927]  ? common_file_perm+0x1b5/0x220
[ 1552.274330][T19927]  ? bpf_lsm_file_permission+0x9/0x20
[ 1552.274343][T19927]  ? security_file_permission+0x75/0x290
[ 1552.274371][T19927]  ? rw_verify_area+0x255/0x4d0
[ 1552.274393][T19927]  vfs_writev+0x31a/0x960
[ 1552.274409][T19927]  ? vfs_write+0x956/0xb30
[ 1552.274433][T19927]  ? __pfx_vfs_writev+0x10/0x10
[ 1552.274462][T19927]  ? __fget_files+0x2a/0x420
[ 1552.274494][T19927]  ? __fget_files+0x3a0/0x420
[ 1552.274510][T19927]  ? __fget_files+0x2a/0x420
[ 1552.274534][T19927]  do_writev+0x14d/0x2d0
[ 1552.274553][T19927]  ? __pfx_do_writev+0x10/0x10
[ 1552.274573][T19927]  ? do_syscall_64+0xbe/0xf80
[ 1552.274601][T19927]  do_syscall_64+0xfa/0xf80
[ 1552.274619][T19927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1552.274646][T19927]  ? clear_bhb_loop+0x60/0xb0
[ 1552.274666][T19927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1552.274683][T19927] RIP: 0033:0x7f30ceb8f749
[ 1552.274701][T19927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1552.274717][T19927] RSP: 002b:00007f30cf9dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1552.274737][T19927] RAX: ffffffffffffffda RBX: 00007f30cede5fa0 RCX: 00007f30ceb8f749
[ 1552.274749][T19927] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004
[ 1552.274760][T19927] RBP: 00007f30cf9dc090 R08: 0000000000000000 R09: 0000000000000000
[ 1552.274772][T19927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1552.274783][T19927] R13: 00007f30cede6038 R14: 00007f30cede5fa0 R15: 00007f30cef0fa28
[ 1552.274813][T19927]  </TASK>
[ 1552.733352][T19929] fido_id[19929]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[ 1552.904276][T19931] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2723'.
[ 1552.934144][ T5978] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1553.086502][T19934] binder: 19932:19934 ioctl c0306201 200000001640 returned -14
[ 1553.094856][ T5978] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[ 1553.115273][ T5978] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[ 1553.126648][ T5978] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[ 1553.138650][ T5978] usb 1-1: config 1 interface 0 altsetting 127 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1553.159271][ T5978] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1553.172539][ T5978] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[ 1553.196546][  T183] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[ 1553.208964][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1553.229881][ T5978] usb 1-1: Product: syz
[ 1553.262542][ T5978] usb 1-1: Manufacturer: syz
[ 1553.277689][ T5978] usb 1-1: SerialNumber: syz
[ 1553.320898][T19928] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1553.367681][T19928] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1553.383433][T10139] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[ 1553.422597][   T24] usb 2-1: USB disconnect, device number 35
[ 1553.463796][ T5917] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1553.607361][T10139] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1553.631921][ T5978] rtl8150 1-1:1.0: couldn't find required endpoints
[ 1553.651238][ T5978] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5
[ 1553.654977][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1553.703365][T10139] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1553.733754][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1553.826415][T10139] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1553.855451][T19945] random: crng reseeded on system resumption
[ 1553.866109][T10139] usb 4-1: Product: syz
[ 1553.879152][T10139] usb 4-1: Manufacturer: syz
[ 1553.885165][ T5917] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1553.896662][T10139] usb 4-1: SerialNumber: syz
[ 1553.902989][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1553.912527][ T5917] usb 3-1: Product: syz
[ 1554.148705][T10139] usb 4-1: config 0 descriptor??
[ 1554.149535][ T5978] usb 1-1: USB disconnect, device number 35
[ 1554.162961][ T5917] usb 3-1: Manufacturer: syz
[ 1554.168648][ T5917] usb 3-1: SerialNumber: syz
[ 1554.176357][T10139] usb 4-1: ucan: probing device on interface #0
[ 1554.218775][ T5917] usb 3-1: config 0 descriptor??
[ 1554.246770][T10139] usb 4-1: ucan: invalid EP count (0)
[ 1554.268209][T10139] usb 4-1: ucan: probe failed; try to update the device firmware
[ 1554.622651][ T5917] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1554.770164][ T5917] usb 3-1: USB disconnect, device number 29
[ 1554.947018][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1555.443049][  T183] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1555.545119][T19962] fuse: Bad value for 'fd'
[ 1555.603052][  T183] usb 1-1: Using ep0 maxpacket: 8
[ 1555.663531][  T183] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1555.678592][  T183] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.703274][  T183] usb 1-1: Product: syz
[ 1555.716628][  T183] usb 1-1: Manufacturer: syz
[ 1555.732057][  T183] usb 1-1: SerialNumber: syz
[ 1555.771100][  T183] usb 1-1: config 0 descriptor??
[ 1555.795938][  T183] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1556.039815][   T24] usb 4-1: USB disconnect, device number 35
[ 1556.200478][T19968] ipvlan2: entered promiscuous mode
[ 1557.077645][T19987] FAULT_INJECTION: forcing a failure.
[ 1557.077645][T19987] name failslab, interval 1, probability 0, space 0, times 0
[ 1557.123429][T19987] CPU: 1 UID: 0 PID: 19987 Comm: syz.2.2740 Not tainted syzkaller #0 PREEMPT(full) 
[ 1557.123457][T19987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1557.123469][T19987] Call Trace:
[ 1557.123484][T19987]  <TASK>
[ 1557.123492][T19987]  dump_stack_lvl+0x189/0x250
[ 1557.123521][T19987]  ? __pfx____ratelimit+0x10/0x10
[ 1557.123547][T19987]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1557.123565][T19987]  ? __pfx__printk+0x10/0x10
[ 1557.123591][T19987]  ? __pfx___might_resched+0x10/0x10
[ 1557.123627][T19987]  ? fs_reclaim_acquire+0x7d/0x100
[ 1557.123661][T19987]  should_fail_ex+0x414/0x560
[ 1557.123690][T19987]  should_failslab+0xa8/0x100
[ 1557.123718][T19987]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1557.123745][T19987]  ? __pfx___mutex_lock+0x10/0x10
[ 1557.123784][T19987]  ? vmci_ctx_create+0xb8/0x650
[ 1557.123916][T19987]  vmci_ctx_create+0xb8/0x650
[ 1557.123941][T19987]  vmci_host_unlocked_ioctl+0x1a55/0x2650
[ 1557.123994][T19987]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1557.124033][T19987]  ? kasan_quarantine_put+0xdd/0x220
[ 1557.124055][T19987]  ? lockdep_hardirqs_on+0x98/0x140
[ 1557.124080][T19987]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1557.124118][T19987]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1557.124141][T19987]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1557.124166][T19987]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1557.124193][T19987]  ? vfs_write+0x956/0xb30
[ 1557.124248][T19987]  ? ksys_write+0x1e1/0x250
[ 1557.124274][T19987]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1557.124292][T19987]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1557.124315][T19987]  __se_sys_ioctl+0xfc/0x170
[ 1557.124339][T19987]  do_syscall_64+0xfa/0xf80
[ 1557.124358][T19987]  ? rcu_is_watching+0x15/0xb0
[ 1557.124381][T19987]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1557.124398][T19987]  ? clear_bhb_loop+0x60/0xb0
[ 1557.124418][T19987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1557.124435][T19987] RIP: 0033:0x7f420f18f749
[ 1557.124453][T19987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1557.124467][T19987] RSP: 002b:00007f42100d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1557.124496][T19987] RAX: ffffffffffffffda RBX: 00007f420f3e5fa0 RCX: 00007f420f18f749
[ 1557.124509][T19987] RDX: 0000200000000100 RSI: 00000000000007a0 RDI: 0000000000000003
[ 1557.124520][T19987] RBP: 00007f42100d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1557.124531][T19987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1557.124542][T19987] R13: 00007f420f3e6038 R14: 00007f420f3e5fa0 R15: 00007f420f50fa28
[ 1557.124571][T19987]  </TASK>
[ 1557.132570][T19987] Failed to allocate memory for VMCI context
[ 1557.828009][    T9] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1557.984985][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1558.016132][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1558.170775][    T9] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1558.202065][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1558.262086][    T9] usb 3-1: Product: syz
[ 1558.284059][    T9] usb 3-1: Manufacturer: syz
[ 1558.289523][    T9] usb 3-1: SerialNumber: syz
[ 1558.345037][    T9] usb 3-1: config 0 descriptor??
[ 1558.597366][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1558.717353][T19997] FAULT_INJECTION: forcing a failure.
[ 1558.717353][T19997] name failslab, interval 1, probability 0, space 0, times 0
[ 1558.773296][T19997] CPU: 1 UID: 0 PID: 19997 Comm: syz.4.2744 Not tainted syzkaller #0 PREEMPT(full) 
[ 1558.773321][T19997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1558.773332][T19997] Call Trace:
[ 1558.773340][T19997]  <TASK>
[ 1558.773347][T19997]  dump_stack_lvl+0x189/0x250
[ 1558.773370][T19997]  ? __pfx____ratelimit+0x10/0x10
[ 1558.773391][T19997]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1558.773409][T19997]  ? __pfx__printk+0x10/0x10
[ 1558.773434][T19997]  ? __pfx___might_resched+0x10/0x10
[ 1558.773450][T19997]  ? fs_reclaim_acquire+0x7d/0x100
[ 1558.773476][T19997]  should_fail_ex+0x414/0x560
[ 1558.773501][T19997]  should_failslab+0xa8/0x100
[ 1558.773524][T19997]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1558.773544][T19997]  ? dup_task_struct+0x52/0x7b0
[ 1558.773583][T19997]  dup_task_struct+0x52/0x7b0
[ 1558.773599][T19997]  ? lockdep_hardirqs_on+0x98/0x140
[ 1558.773617][T19997]  copy_process+0x4ea/0x3950
[ 1558.773666][T19997]  ? __pfx_copy_process+0x10/0x10
[ 1558.773688][T19997]  ? mutex_init_lockep+0xf9/0x130
[ 1558.773711][T19997]  vhost_task_create+0x1ce/0x320
[ 1558.773730][T19997]  ? unwind_get_return_address+0x4d/0x90
[ 1558.773751][T19997]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1558.773780][T19997]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1558.773799][T19997]  ? __pfx_vhost_task_create+0x10/0x10
[ 1558.773825][T19997]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1558.773848][T19997]  ? __lock_acquire+0x6b6/0x2cf0
[ 1558.773877][T19997]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1558.773899][T19997]  kvm_arch_vcpu_ioctl_run+0xdc/0x1c90
[ 1558.773934][T19997]  ? register_lock_class+0x51/0x320
[ 1558.773951][T19997]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1558.773976][T19997]  ? __lock_acquire+0x6b6/0x2cf0
[ 1558.773993][T19997]  ? __mutex_lock+0x335/0x1350
[ 1558.774017][T19997]  ? kasan_quarantine_put+0xdd/0x220
[ 1558.774038][T19997]  ? lockdep_hardirqs_on+0x98/0x140
[ 1558.774091][T19997]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1558.774121][T19997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1558.774143][T19997]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1558.774179][T19997]  ? __fget_files+0x2a/0x420
[ 1558.774202][T19997]  ? __fget_files+0x3a0/0x420
[ 1558.774217][T19997]  ? __fget_files+0x2a/0x420
[ 1558.774238][T19997]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1558.774256][T19997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1558.774277][T19997]  __se_sys_ioctl+0xfc/0x170
[ 1558.774298][T19997]  do_syscall_64+0xfa/0xf80
[ 1558.774315][T19997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1558.774332][T19997]  ? clear_bhb_loop+0x60/0xb0
[ 1558.774351][T19997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1558.774366][T19997] RIP: 0033:0x7f28ca78f749
[ 1558.774382][T19997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1558.774397][T19997] RSP: 002b:00007f28cb57b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1558.774414][T19997] RAX: ffffffffffffffda RBX: 00007f28ca9e5fa0 RCX: 00007f28ca78f749
[ 1558.774426][T19997] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1558.774436][T19997] RBP: 00007f28cb57b090 R08: 0000000000000000 R09: 0000000000000000
[ 1558.774447][T19997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1558.774457][T19997] R13: 00007f28ca9e6038 R14: 00007f28ca9e5fa0 R15: 00007f28cab0fa28
[ 1558.774485][T19997]  </TASK>
[ 1559.367282][  T183] gspca_m5602: Failed to find a sensor
[ 1559.405850][  T183] ALi m5602 1-1:0.0: ALi m5602 webcam failed
[ 1559.453720][  T183] usb 1-1: USB disconnect, device number 36
[ 1559.510729][    T9] usb 3-1: USB disconnect, device number 30
[ 1559.667474][T12313] udevd[12313]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1559.718630][T20010] netlink: 'syz.1.2748': attribute type 4 has an invalid length.
[ 1559.804429][T20010] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2748'.
[ 1559.926238][T20010] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1560.082401][T20024] mmap: syz.4.2750 (20024) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1560.100394][   T30] audit: type=1400 audit(1764850390.877:5): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=295EB92A pid=20021 comm="syz.4.2750"
[ 1561.323026][   T24] usb 5-1: new low-speed USB device number 43 using dummy_hcd
[ 1561.669893][   T24] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1561.725793][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1561.752187][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1561.849166][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1562.064809][   T24] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1562.166030][T16878] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1562.220757][   T24] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1562.425305][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1562.500649][T16878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1562.523385][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1562.537580][ T5925] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1562.558505][T16878] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1562.578333][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1562.587124][   T24] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1562.610371][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1562.627200][   T24] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1562.642674][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1562.643514][T16878] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1562.677484][   T24] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1562.698101][T16878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1562.708738][   T24] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1562.732437][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1562.746323][T16878] usb 2-1: Product: syz
[ 1562.756388][T16878] usb 2-1: Manufacturer: syz
[ 1562.765715][T16878] usb 2-1: SerialNumber: syz
[ 1562.777408][ T5925] usb 3-1: Using ep0 maxpacket: 8
[ 1562.849914][ T5925] usb 3-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1562.893824][   T24] usb 5-1: string descriptor 0 read error: -22
[ 1562.905439][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1562.928032][   T24] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1562.946483][T16878] usb 2-1: config 0 descriptor??
[ 1562.954168][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1562.969425][ T5925] usb 3-1: Product: syz
[ 1562.978869][ T5925] usb 3-1: Manufacturer: syz
[ 1562.990162][ T5925] usb 3-1: SerialNumber: syz
[ 1563.007586][   T24] adutux 5-1:168.0: interrupt endpoints not found
[ 1563.019409][ T5925] usb 3-1: config 0 descriptor??
[ 1563.094251][ T5925] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1563.167213][T16878] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1563.250573][   T24] usb 5-1: USB disconnect, device number 43
[ 1563.311368][T16878] usb 2-1: USB disconnect, device number 36
[ 1563.427325][T12313] udevd[12313]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1564.094657][T16878] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1564.234145][ T6942] usb 2-1: new low-speed USB device number 37 using dummy_hcd
[ 1564.284722][T16878] usb 1-1: Using ep0 maxpacket: 16
[ 1564.308599][T16878] usb 1-1: config 252 has an invalid interface number: 15 but max is 0
[ 1564.349772][T16878] usb 1-1: config 252 has no interface number 0
[ 1564.387542][T16878] usb 1-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1564.465261][ T6942] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1564.490900][T16878] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[ 1564.535462][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1564.561008][T16878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1564.619048][T16878] usb 1-1: Product: syz
[ 1564.626663][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1564.654279][T16878] usb 1-1: Manufacturer: syz
[ 1564.680652][T16878] usb 1-1: SerialNumber: syz
[ 1564.687313][ T6942] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1564.756495][ T6942] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1564.782143][T16878] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1564.840992][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1564.863404][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1564.878621][ T6942] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1564.898949][ T6942] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1564.916564][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1565.071563][ T6942] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1565.120294][ T6942] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1565.157539][T20060] syz.0.2760 (20060): /proc/20057/oom_adj is deprecated, please use /proc/20057/oom_score_adj instead.
[ 1565.243866][ T6942] usb 2-1: string descriptor 0 read error: -22
[ 1565.251190][ T6942] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1565.287797][ T6942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1565.331807][T20060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1565.343390][ T6942] adutux 2-1:168.0: interrupt endpoints not found
[ 1565.489864][T20060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1565.864855][ T4453] usb 1-1: Failed to submit usb control message: -110
[ 1565.904714][ T4453] usb 1-1: unable to send the bmi data to the device: -110
[ 1565.967159][ T4453] usb 1-1: unable to get target info from device
[ 1566.018928][ T4453] usb 1-1: could not get target info (-110)
[ 1566.077333][ T4453] usb 1-1: could not probe fw (-110)
[ 1566.378431][ T5925] gspca_m5602: Failed to find a sensor
[ 1566.428481][ T5925] ALi m5602 3-1:0.0: ALi m5602 webcam failed
[ 1566.483237][ T5925] usb 3-1: USB disconnect, device number 31
[ 1566.989325][  T183] usb 2-1: USB disconnect, device number 37
[ 1567.024851][ T5925] usb 1-1: USB disconnect, device number 37
[ 1567.147146][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1567.343050][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1567.415922][    T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[ 1567.553444][    T9] usb 3-1: config 0 has no interface number 0
[ 1567.592387][    T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1567.683870][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1567.795480][    T9] usb 3-1: Product: syz
[ 1567.821781][    T9] usb 3-1: Manufacturer: syz
[ 1567.835008][    T9] usb 3-1: SerialNumber: syz
[ 1567.854182][ T5925] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1567.869789][    T9] usb 3-1: config 0 descriptor??
[ 1567.892982][T15970] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1567.917791][    T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1568.063695][T15970] usb 2-1: Using ep0 maxpacket: 8
[ 1568.096647][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1568.111946][ T5925] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1568.223109][  T183] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[ 1568.250318][T15970] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1568.320192][    T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1568.334257][T15970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1568.346359][T15970] usb 2-1: Product: syz
[ 1568.384687][    T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1568.395598][ T5925] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1568.396072][T15970] usb 2-1: Manufacturer: syz
[ 1568.425719][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1568.469632][T15970] usb 2-1: SerialNumber: syz
[ 1568.477883][  T183] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1568.510127][T15970] usb 2-1: config 0 descriptor??
[ 1568.523111][  T183] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1568.583900][T15970] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[ 1568.613094][  T183] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1568.643824][T20085] bridge1: entered promiscuous mode
[ 1568.650939][  T183] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1568.684771][ T5925] usb 5-1: Product: syz
[ 1568.685789][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1568.700015][    T9] usb 3-1: USB disconnect, device number 32
[ 1568.722613][ T5925] usb 5-1: Manufacturer: syz
[ 1568.756688][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1568.809869][ T5925] usb 5-1: SerialNumber: syz
[ 1568.889187][  T183] usb 1-1: config 0 descriptor??
[ 1568.915552][ T5925] usb 5-1: config 0 descriptor??
[ 1568.980400][  T183] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1569.014976][  T183] dvb-usb: bulk message failed: -22 (3/0)
[ 1569.050181][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1569.070379][  T183] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1569.109498][    T9] quatech2 3-1:0.51: device disconnected
[ 1569.130118][  T183] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1569.144138][ T5925] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1569.154790][  T183] usb 1-1: media controller created
[ 1569.165284][T20099] dvb-usb: bulk message failed: -22 (2/0)
[ 1569.384886][  T183] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1569.572380][ T5925] usb 5-1: USB disconnect, device number 44
[ 1569.582790][  T183] dvb-usb: bulk message failed: -22 (6/0)
[ 1569.630954][  T183] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1569.697179][  T183] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input128
[ 1569.799604][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1569.925014][  T183] dvb-usb: schedule remote query interval to 150 msecs.
[ 1570.006232][  T183] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1570.164307][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1570.277840][  T183] dvb-usb: error while querying for an remote control event.
[ 1570.483472][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1570.515964][  T183] dvb-usb: error while querying for an remote control event.
[ 1570.717451][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1570.745908][  T183] dvb-usb: error while querying for an remote control event.
[ 1570.953366][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1570.959475][  T183] dvb-usb: error while querying for an remote control event.
[ 1571.108162][T15970] gspca_m5602: Failed to find a sensor
[ 1571.146571][T15970] ALi m5602 2-1:0.0: ALi m5602 webcam failed
[ 1571.163117][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1571.192043][T15970] usb 2-1: USB disconnect, device number 38
[ 1571.220888][  T183] dvb-usb: error while querying for an remote control event.
[ 1571.403502][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1571.423979][  T183] dvb-usb: error while querying for an remote control event.
[ 1571.582999][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1571.591567][  T183] dvb-usb: error while querying for an remote control event.
[ 1571.833008][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1571.857094][  T183] dvb-usb: error while querying for an remote control event.
[ 1572.105687][  T183] dvb-usb: bulk message failed: -22 (1/0)
[ 1572.203042][  T183] dvb-usb: error while querying for an remote control event.
[ 1572.243070][  T183] usb 1-1: USB disconnect, device number 38
[ 1572.517400][  T183] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1573.063091][  T183] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[ 1573.144179][   T30] audit: type=1326 audit(1764850403.907:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1573.201730][T20136] FAULT_INJECTION: forcing a failure.
[ 1573.201730][T20136] name failslab, interval 1, probability 0, space 0, times 0
[ 1573.340380][T20136] CPU: 0 UID: 0 PID: 20136 Comm: syz.4.2785 Not tainted syzkaller #0 PREEMPT(full) 
[ 1573.340409][T20136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1573.340420][T20136] Call Trace:
[ 1573.340427][T20136]  <TASK>
[ 1573.340435][T20136]  dump_stack_lvl+0x189/0x250
[ 1573.340460][T20136]  ? __pfx____ratelimit+0x10/0x10
[ 1573.340487][T20136]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1573.340506][T20136]  ? __pfx__printk+0x10/0x10
[ 1573.340527][T20136]  ? kmalloc_reserve+0xbd/0x290
[ 1573.340551][T20136]  ? __lock_acquire+0x6b6/0x2cf0
[ 1573.340578][T20136]  should_fail_ex+0x414/0x560
[ 1573.340608][T20136]  should_failslab+0xa8/0x100
[ 1573.340635][T20136]  kmem_cache_alloc_noprof+0x74/0x6f0
[ 1573.340665][T20136]  ? skb_clone+0x212/0x3a0
[ 1573.340689][T20136]  skb_clone+0x212/0x3a0
[ 1573.340711][T20136]  __netlink_deliver_tap+0x404/0x850
[ 1573.340743][T20136]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1573.340766][T20136]  netlink_deliver_tap+0x19c/0x1b0
[ 1573.340785][T20136]  netlink_unicast+0x7fa/0x9e0
[ 1573.340812][T20136]  ? __pfx_netlink_unicast+0x10/0x10
[ 1573.340832][T20136]  ? netlink_sendmsg+0x642/0xb30
[ 1573.340849][T20136]  ? skb_put+0x11b/0x210
[ 1573.340868][T20136]  netlink_sendmsg+0x805/0xb30
[ 1573.340895][T20136]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1573.340917][T20136]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1573.340936][T20136]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1573.340959][T20136]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1573.340978][T20136]  __sock_sendmsg+0x21c/0x270
[ 1573.341004][T20136]  ____sys_sendmsg+0x505/0x820
[ 1573.341030][T20136]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1573.341056][T20136]  ? import_iovec+0x74/0xa0
[ 1573.341077][T20136]  ___sys_sendmsg+0x21f/0x2a0
[ 1573.341097][T20136]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1573.341120][T20136]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1573.341162][T20136]  ? __fget_files+0x2a/0x420
[ 1573.341178][T20136]  ? __fget_files+0x3a0/0x420
[ 1573.341204][T20136]  __x64_sys_sendmsg+0x19b/0x260
[ 1573.341229][T20136]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1573.341274][T20136]  ? __pfx_ksys_write+0x10/0x10
[ 1573.341302][T20136]  ? do_syscall_64+0xbe/0xf80
[ 1573.341421][T20136]  do_syscall_64+0xfa/0xf80
[ 1573.341440][T20136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1573.341460][T20136]  ? clear_bhb_loop+0x60/0xb0
[ 1573.341482][T20136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1573.341500][T20136] RIP: 0033:0x7f28ca78f749
[ 1573.341518][T20136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1573.341536][T20136] RSP: 002b:00007f28cb57b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1573.341556][T20136] RAX: ffffffffffffffda RBX: 00007f28ca9e5fa0 RCX: 00007f28ca78f749
[ 1573.341569][T20136] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[ 1573.341581][T20136] RBP: 00007f28cb57b090 R08: 0000000000000000 R09: 0000000000000000
[ 1573.341593][T20136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1573.341604][T20136] R13: 00007f28ca9e6038 R14: 00007f28ca9e5fa0 R15: 00007f28cab0fa28
[ 1573.341637][T20136]  </TASK>
[ 1573.747922][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1573.966500][  T183] usb 1-1: config 4 has an invalid interface number: 88 but max is 0
[ 1573.975694][  T183] usb 1-1: config 4 has no interface number 0
[ 1573.983817][  T183] usb 1-1: config 4 interface 88 altsetting 119 has a duplicate endpoint with address 0xB, skipping
[ 1573.997401][  T183] usb 1-1: config 4 interface 88 altsetting 119 has an endpoint descriptor with address 0xD5, changing to 0x85
[ 1574.011579][  T183] usb 1-1: config 4 interface 88 altsetting 119 endpoint 0x85 has invalid maxpacket 11067, setting to 64
[ 1574.024979][  T183] usb 1-1: config 4 interface 88 altsetting 119 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1574.041165][  T183] usb 1-1: config 4 interface 88 has no altsetting 0
[ 1574.052371][  T183] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[ 1574.063465][  T183] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1574.072789][  T183] usb 1-1: Product: syz
[ 1574.079497][  T183] usb 1-1: Manufacturer: syz
[ 1574.085274][  T183] usb 1-1: SerialNumber: syz
[ 1574.093575][T20129] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1574.262000][   T30] audit: type=1326 audit(1764850403.907:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1574.383024][   T30] audit: type=1326 audit(1764850403.907:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1574.486989][  T183] usb 1-1: USB disconnect, device number 39
[ 1574.514491][   T30] audit: type=1326 audit(1764850403.957:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1574.540861][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1574.584080][T20146] FAULT_INJECTION: forcing a failure.
[ 1574.584080][T20146] name failslab, interval 1, probability 0, space 0, times 0
[ 1574.652500][   T30] audit: type=1326 audit(1764850403.957:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1574.723278][T20146] CPU: 0 UID: 0 PID: 20146 Comm: syz.1.2786 Not tainted syzkaller #0 PREEMPT(full) 
[ 1574.723304][T20146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1574.723317][T20146] Call Trace:
[ 1574.723325][T20146]  <TASK>
[ 1574.723333][T20146]  dump_stack_lvl+0x189/0x250
[ 1574.723360][T20146]  ? __pfx____ratelimit+0x10/0x10
[ 1574.723384][T20146]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1574.723404][T20146]  ? __pfx__printk+0x10/0x10
[ 1574.723433][T20146]  ? __pfx___might_resched+0x10/0x10
[ 1574.723450][T20146]  ? fs_reclaim_acquire+0x7d/0x100
[ 1574.723478][T20146]  should_fail_ex+0x414/0x560
[ 1574.723502][T20146]  should_failslab+0xa8/0x100
[ 1574.723528][T20146]  __kmalloc_noprof+0xcb/0x800
[ 1574.723549][T20146]  ? security_task_alloc+0x4d/0x360
[ 1574.723656][T20146]  ? perf_event_init_task+0x12d/0x4b0
[ 1574.723685][T20146]  security_task_alloc+0x4d/0x360
[ 1574.723712][T20146]  copy_process+0x1493/0x3950
[ 1574.723743][T20146]  ? copy_process+0x915/0x3950
[ 1574.723770][T20146]  ? __pfx_copy_process+0x10/0x10
[ 1574.723796][T20146]  ? mutex_init_lockep+0xf9/0x130
[ 1574.723818][T20146]  vhost_task_create+0x1ce/0x320
[ 1574.723839][T20146]  ? unwind_get_return_address+0x4d/0x90
[ 1574.723858][T20146]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1574.723878][T20146]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1574.723899][T20146]  ? __pfx_vhost_task_create+0x10/0x10
[ 1574.723929][T20146]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1574.723955][T20146]  ? __lock_acquire+0x6b6/0x2cf0
[ 1574.723984][T20146]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1574.724009][T20146]  kvm_arch_vcpu_ioctl_run+0xdc/0x1c90
[ 1574.724046][T20146]  ? register_lock_class+0x51/0x320
[ 1574.724064][T20146]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1574.724089][T20146]  ? __lock_acquire+0x6b6/0x2cf0
[ 1574.724109][T20146]  ? __mutex_lock+0x335/0x1350
[ 1574.724136][T20146]  ? kasan_quarantine_put+0xdd/0x220
[ 1574.724156][T20146]  ? lockdep_hardirqs_on+0x98/0x140
[ 1574.724201][T20146]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1574.724233][T20146]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1574.724262][T20146]  ? __mutex_unlock_slowpath+0x1a1/0x730
[ 1574.724308][T20146]  ? __fget_files+0x2a/0x420
[ 1574.724330][T20146]  ? __fget_files+0x3a0/0x420
[ 1574.724345][T20146]  ? __fget_files+0x2a/0x420
[ 1574.724365][T20146]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1574.724381][T20146]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1574.724402][T20146]  __se_sys_ioctl+0xfc/0x170
[ 1574.724426][T20146]  do_syscall_64+0xfa/0xf80
[ 1574.724444][T20146]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.724461][T20146]  ? clear_bhb_loop+0x60/0xb0
[ 1574.724482][T20146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.724497][T20146] RIP: 0033:0x7f4031f8f749
[ 1574.724513][T20146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1574.724529][T20146] RSP: 002b:00007f40301f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1574.724549][T20146] RAX: ffffffffffffffda RBX: 00007f40321e5fa0 RCX: 00007f4031f8f749
[ 1574.724562][T20146] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1574.724573][T20146] RBP: 00007f40301f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1574.724584][T20146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1574.724596][T20146] R13: 00007f40321e6038 R14: 00007f40321e5fa0 R15: 00007f403230fa28
[ 1574.724622][T20146]  </TASK>
[ 1575.182900][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1575.203120][   T30] audit: type=1326 audit(1764850403.967:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1575.538187][   T30] audit: type=1326 audit(1764850403.967:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1575.825789][   T30] audit: type=1326 audit(1764850403.967:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1575.873581][   T30] audit: type=1326 audit(1764850403.967:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1575.919842][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1576.142945][   T30] audit: type=1326 audit(1764850403.967:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20130 comm="syz.1.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f4031f8f749 code=0x7ffc0000
[ 1576.174644][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1576.506156][   T24] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[ 1576.627708][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1576.672080][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1576.704064][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1576.723005][T10139] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1576.747034][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1576.756321][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1576.780513][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1576.810549][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1576.839555][   T24] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1576.863074][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1576.877920][   T24] usb 3-1: config 0 descriptor??
[ 1576.902949][T10139] usb 1-1: Using ep0 maxpacket: 8
[ 1576.935305][T10139] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1576.950556][T10139] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[ 1576.977121][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1576.985471][T10139] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1577.074380][T10139] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1577.085389][   T24] dvb-usb: bulk message failed: -22 (3/0)
[ 1577.093582][T10139] usb 1-1: Product: syz
[ 1577.101495][T10139] usb 1-1: Manufacturer: syz
[ 1577.111088][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1577.142922][T10139] usb 1-1: SerialNumber: syz
[ 1577.156835][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1577.184775][T20166] dvb-usb: bulk message failed: -22 (2/0)
[ 1577.301292][   T24] usb 3-1: media controller created
[ 1577.356997][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1577.470033][T10139] cdc_ncm 1-1:1.0: bind() failure
[ 1577.548223][T10139] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[ 1577.602618][   T24] dvb-usb: bulk message failed: -22 (6/0)
[ 1577.652636][T10139] cdc_ncm 1-1:1.1: bind() failure
[ 1577.663353][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1577.708862][T10139] usb 1-1: USB disconnect, device number 40
[ 1577.745701][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input129
[ 1577.887531][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[ 1577.985147][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1578.121539][T20180] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2793'.
[ 1578.143954][   T24] dvb-usb: bulk message failed: -22 (1/0)
[ 1578.213043][   T24] dvb-usb: error while querying for an remote control event.
[ 1578.373068][   T24] dvb-usb: bulk message failed: -22 (1/0)
[ 1578.397633][   T24] dvb-usb: error while querying for an remote control event.
[ 1578.589793][ T5838] dvb-usb: bulk message failed: -22 (1/0)
[ 1578.623026][ T5838] dvb-usb: error while querying for an remote control event.
[ 1578.676701][T20173] chnl_net:caif_netlink_parms(): no params data found
[ 1578.717517][T20189] FAULT_INJECTION: forcing a failure.
[ 1578.717517][T20189] name failslab, interval 1, probability 0, space 0, times 0
[ 1578.812685][T20189] CPU: 0 UID: 0 PID: 20189 Comm: syz.1.2796 Not tainted syzkaller #0 PREEMPT(full) 
[ 1578.812713][T20189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1578.812723][T20189] Call Trace:
[ 1578.812732][T20189]  <TASK>
[ 1578.812740][T20189]  dump_stack_lvl+0x189/0x250
[ 1578.812777][T20189]  ? __pfx____ratelimit+0x10/0x10
[ 1578.812800][T20189]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1578.812818][T20189]  ? __pfx__printk+0x10/0x10
[ 1578.812855][T20189]  ? __pfx___might_resched+0x10/0x10
[ 1578.812871][T20189]  ? fs_reclaim_acquire+0x7d/0x100
[ 1578.812896][T20189]  should_fail_ex+0x414/0x560
[ 1578.812922][T20189]  should_failslab+0xa8/0x100
[ 1578.812950][T20189]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1578.812970][T20189]  ? rtnl_newlink+0xfb/0x1c90
[ 1578.813106][T20189]  ? stack_depot_save_flags+0x40/0x850
[ 1578.813132][T20189]  rtnl_newlink+0xfb/0x1c90
[ 1578.813152][T20189]  ? kasan_save_track+0x4f/0x80
[ 1578.813177][T20189]  ? kasan_save_track+0x3e/0x80
[ 1578.813198][T20189]  ? __kasan_save_free_info+0x46/0x50
[ 1578.813215][T20189]  ? __kasan_slab_free+0x5c/0x80
[ 1578.813234][T20189]  ? kmem_cache_free+0x197/0x620
[ 1578.813254][T20189]  ? nlmon_xmit+0xb0/0x100
[ 1578.813382][T20189]  ? dev_hard_start_xmit+0x2cd/0x800
[ 1578.813424][T20189]  ? __dev_queue_xmit+0x1493/0x3140
[ 1578.813442][T20189]  ? __netlink_deliver_tap+0x5ad/0x850
[ 1578.813461][T20189]  ? netlink_deliver_tap+0x19c/0x1b0
[ 1578.813478][T20189]  ? netlink_unicast+0x7fa/0x9e0
[ 1578.813495][T20189]  ? netlink_sendmsg+0x805/0xb30
[ 1578.813516][T20189]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1578.813532][T20189]  ? do_syscall_64+0xfa/0xf80
[ 1578.813548][T20189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.813595][T20189]  ? kasan_quarantine_put+0xdd/0x220
[ 1578.813615][T20189]  ? lockdep_hardirqs_on+0x98/0x140
[ 1578.813638][T20189]  ? kmem_cache_free+0x197/0x620
[ 1578.813657][T20189]  ? nlmon_xmit+0xb0/0x100
[ 1578.813683][T20189]  ? __lock_acquire+0x6b6/0x2cf0
[ 1578.813703][T20189]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1578.813723][T20189]  ? __dev_queue_xmit+0x289/0x3140
[ 1578.813743][T20189]  ? __dev_queue_xmit+0x289/0x3140
[ 1578.814010][T20189]  ? __dev_queue_xmit+0x289/0x3140
[ 1578.814077][T20189]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1578.814096][T20189]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1578.814119][T20189]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1578.814136][T20189]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1578.814153][T20189]  ? ref_tracker_free+0x63a/0x7d0
[ 1578.814178][T20189]  ? __asan_memcpy+0x40/0x70
[ 1578.814198][T20189]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1578.814219][T20189]  ? __skb_clone+0x63/0x7a0
[ 1578.814248][T20189]  netlink_rcv_skb+0x208/0x470
[ 1578.814271][T20189]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1578.814292][T20189]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1578.814323][T20189]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1578.814352][T20189]  netlink_unicast+0x82f/0x9e0
[ 1578.814381][T20189]  ? __pfx_netlink_unicast+0x10/0x10
[ 1578.814400][T20189]  ? netlink_sendmsg+0x642/0xb30
[ 1578.814415][T20189]  ? skb_put+0x11b/0x210
[ 1578.814435][T20189]  netlink_sendmsg+0x805/0xb30
[ 1578.814465][T20189]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1578.814490][T20189]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1578.814511][T20189]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1578.814533][T20189]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1578.814556][T20189]  __sock_sendmsg+0x21c/0x270
[ 1578.814584][T20189]  ____sys_sendmsg+0x505/0x820
[ 1578.814609][T20189]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1578.814644][T20189]  ? import_iovec+0x74/0xa0
[ 1578.814666][T20189]  ___sys_sendmsg+0x21f/0x2a0
[ 1578.814689][T20189]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1578.814715][T20189]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1578.814766][T20189]  ? __fget_files+0x2a/0x420
[ 1578.814781][T20189]  ? __fget_files+0x3a0/0x420
[ 1578.814802][T20189]  __x64_sys_sendmsg+0x19b/0x260
[ 1578.814820][T20189]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1578.814843][T20189]  ? __pfx_ksys_write+0x10/0x10
[ 1578.814868][T20189]  ? do_syscall_64+0xbe/0xf80
[ 1578.814888][T20189]  do_syscall_64+0xfa/0xf80
[ 1578.814905][T20189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.814923][T20189]  ? clear_bhb_loop+0x60/0xb0
[ 1578.814944][T20189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.814961][T20189] RIP: 0033:0x7f4031f8f749
[ 1578.814979][T20189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1578.814994][T20189] RSP: 002b:00007f40301f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1578.815014][T20189] RAX: ffffffffffffffda RBX: 00007f40321e5fa0 RCX: 00007f4031f8f749
[ 1578.815074][T20189] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1578.815087][T20189] RBP: 00007f40301f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1578.815099][T20189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1578.815109][T20189] R13: 00007f40321e6038 R14: 00007f40321e5fa0 R15: 00007f403230fa28
[ 1578.815139][T20189]  </TASK>
[ 1579.396715][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1579.406483][ T5156] Bluetooth: hci5: command tx timeout
[ 1579.417405][ T5838] dvb-usb: bulk message failed: -22 (1/0)
[ 1579.432519][ T5838] dvb-usb: error while querying for an remote control event.
[ 1580.075549][T10139] dvb-usb: bulk message failed: -22 (1/0)
[ 1580.163057][T10139] dvb-usb: error while querying for an remote control event.
[ 1580.363722][T10139] dvb-usb: bulk message failed: -22 (1/0)
[ 1580.370033][T10139] dvb-usb: error while querying for an remote control event.
[ 1580.684430][   T24] dvb-usb: bulk message failed: -22 (1/0)
[ 1580.691415][T10139] usb 3-1: USB disconnect, device number 33
[ 1580.709127][   T24] dvb-usb: error while querying for an remote control event.
[ 1580.765620][T20173] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1580.802993][T20206] FAULT_INJECTION: forcing a failure.
[ 1580.802993][T20206] name failslab, interval 1, probability 0, space 0, times 0
[ 1580.824788][T20206] CPU: 1 UID: 0 PID: 20206 Comm: syz.1.2799 Not tainted syzkaller #0 PREEMPT(full) 
[ 1580.824822][T20206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1580.824834][T20206] Call Trace:
[ 1580.824841][T20206]  <TASK>
[ 1580.824849][T20206]  dump_stack_lvl+0x189/0x250
[ 1580.824875][T20206]  ? __pfx____ratelimit+0x10/0x10
[ 1580.824899][T20206]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1580.824919][T20206]  ? __pfx__printk+0x10/0x10
[ 1580.824955][T20206]  should_fail_ex+0x414/0x560
[ 1580.824984][T20206]  should_failslab+0xa8/0x100
[ 1580.825010][T20206]  kmem_cache_alloc_noprof+0x74/0x6f0
[ 1580.825032][T20206]  ? skb_clone+0x212/0x3a0
[ 1580.825059][T20206]  skb_clone+0x212/0x3a0
[ 1580.825083][T20206]  __netlink_deliver_tap+0x404/0x850
[ 1580.825117][T20206]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1580.825144][T20206]  netlink_deliver_tap+0x19c/0x1b0
[ 1580.825166][T20206]  netlink_dump+0x92b/0xe90
[ 1580.825198][T20206]  ? __pfx_netlink_dump+0x10/0x10
[ 1580.825246][T20206]  __netlink_dump_start+0x5cb/0x7e0
[ 1580.825275][T20206]  inet_diag_handler_cmd+0x1bf/0x290
[ 1580.825412][T20206]  ? __pfx_inet_diag_handler_cmd+0x10/0x10
[ 1580.825433][T20206]  ? __pfx_inet_diag_dump_start+0x10/0x10
[ 1580.825453][T20206]  ? __pfx_inet_diag_dump+0x10/0x10
[ 1580.825472][T20206]  ? __pfx_inet_diag_dump_done+0x10/0x10
[ 1580.825496][T20206]  ? sock_diag_lock_handler+0x19/0x290
[ 1580.825537][T20206]  ? sock_diag_lock_handler+0x19/0x290
[ 1580.825559][T20206]  sock_diag_rcv_msg+0x4cc/0x600
[ 1580.825582][T20206]  netlink_rcv_skb+0x208/0x470
[ 1580.825604][T20206]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[ 1580.825624][T20206]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1580.825656][T20206]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1580.825684][T20206]  netlink_unicast+0x82f/0x9e0
[ 1580.825712][T20206]  ? __pfx_netlink_unicast+0x10/0x10
[ 1580.825733][T20206]  ? netlink_sendmsg+0x642/0xb30
[ 1580.825752][T20206]  ? skb_put+0x11b/0x210
[ 1580.825775][T20206]  netlink_sendmsg+0x805/0xb30
[ 1580.825811][T20206]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.825835][T20206]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1580.825857][T20206]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1580.825880][T20206]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.825902][T20206]  __sock_sendmsg+0x21c/0x270
[ 1580.825930][T20206]  sock_write_iter+0x279/0x360
[ 1580.825972][T20206]  ? __pfx_sock_write_iter+0x10/0x10
[ 1580.826002][T20206]  ? kstrtoull+0x12f/0x1d0
[ 1580.826032][T20206]  do_iter_readv_writev+0x623/0x8c0
[ 1580.826061][T20206]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1580.826081][T20206]  ? common_file_perm+0x1b5/0x220
[ 1580.826103][T20206]  ? bpf_lsm_file_permission+0x9/0x20
[ 1580.826118][T20206]  ? security_file_permission+0x75/0x290
[ 1580.826142][T20206]  ? rw_verify_area+0x255/0x4d0
[ 1580.826167][T20206]  vfs_writev+0x31a/0x960
[ 1580.826183][T20206]  ? vfs_write+0x956/0xb30
[ 1580.826210][T20206]  ? __pfx_vfs_writev+0x10/0x10
[ 1580.826241][T20206]  ? __fget_files+0x2a/0x420
[ 1580.826263][T20206]  ? __fget_files+0x3a0/0x420
[ 1580.826278][T20206]  ? __fget_files+0x2a/0x420
[ 1580.826303][T20206]  do_writev+0x14d/0x2d0
[ 1580.826323][T20206]  ? __pfx_do_writev+0x10/0x10
[ 1580.826343][T20206]  ? do_syscall_64+0xbe/0xf80
[ 1580.826368][T20206]  do_syscall_64+0xfa/0xf80
[ 1580.826386][T20206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.826404][T20206]  ? clear_bhb_loop+0x60/0xb0
[ 1580.826425][T20206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.826441][T20206] RIP: 0033:0x7f4031f8f749
[ 1580.826458][T20206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1580.826474][T20206] RSP: 002b:00007f40301f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1580.826493][T20206] RAX: ffffffffffffffda RBX: 00007f40321e5fa0 RCX: 00007f4031f8f749
[ 1580.826506][T20206] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004
[ 1580.826518][T20206] RBP: 00007f40301f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1580.826529][T20206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1580.826540][T20206] R13: 00007f40321e6038 R14: 00007f40321e5fa0 R15: 00007f403230fa28
[ 1580.826599][T20206]  </TASK>
[ 1580.835194][T20173] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1580.883272][ T5838] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 1581.150456][T20173] bridge_slave_0: entered allmulticast mode
[ 1581.453676][ T5156] Bluetooth: hci5: command tx timeout
[ 1581.485611][T10139] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1581.516528][T20173] bridge_slave_0: entered promiscuous mode
[ 1581.527477][T20173] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1581.537314][T20173] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1581.545905][T20173] bridge_slave_1: entered allmulticast mode
[ 1581.554419][T20173] bridge_slave_1: entered promiscuous mode
[ 1581.703848][T20214] tc_dump_action: action bad kind
[ 1581.802614][    C1] raw-gadget.1 gadget.0: ignoring, device is not running
[ 1581.828863][T20173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1581.949807][T20173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1582.083869][T20220] FAULT_INJECTION: forcing a failure.
[ 1582.083869][T20220] name failslab, interval 1, probability 0, space 0, times 0
[ 1582.140066][T20220] CPU: 1 UID: 0 PID: 20220 Comm: syz.2.2803 Not tainted syzkaller #0 PREEMPT(full) 
[ 1582.140093][T20220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1582.140105][T20220] Call Trace:
[ 1582.140113][T20220]  <TASK>
[ 1582.140121][T20220]  dump_stack_lvl+0x189/0x250
[ 1582.140145][T20220]  ? __pfx____ratelimit+0x10/0x10
[ 1582.140170][T20220]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1582.140188][T20220]  ? __pfx__printk+0x10/0x10
[ 1582.140226][T20220]  ? __pfx___might_resched+0x10/0x10
[ 1582.140244][T20220]  ? fs_reclaim_acquire+0x7d/0x100
[ 1582.140271][T20220]  should_fail_ex+0x414/0x560
[ 1582.140299][T20220]  should_failslab+0xa8/0x100
[ 1582.140324][T20220]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[ 1582.140346][T20220]  ? __d_alloc+0x37/0x6f0
[ 1582.140378][T20220]  ? __debug_object_init+0x102/0x4b0
[ 1582.140492][T20220]  __d_alloc+0x37/0x6f0
[ 1582.140516][T20220]  d_alloc_pseudo+0x21/0xc0
[ 1582.140536][T20220]  alloc_file_pseudo+0xcc/0x210
[ 1582.140557][T20220]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1582.140577][T20220]  ? alloc_fd+0x64c/0x6c0
[ 1582.140604][T20220]  sock_alloc_file+0xb8/0x2e0
[ 1582.140626][T20220]  ? __sys_socket+0x12e/0x320
[ 1582.140651][T20220]  __sys_socket+0x13e/0x320
[ 1582.140679][T20220]  __x64_sys_socket+0x7a/0x90
[ 1582.140703][T20220]  do_syscall_64+0xfa/0xf80
[ 1582.140722][T20220]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.140739][T20220]  ? clear_bhb_loop+0x60/0xb0
[ 1582.140760][T20220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.140776][T20220] RIP: 0033:0x7f420f191667
[ 1582.140793][T20220] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1582.140809][T20220] RSP: 002b:00007f42100d3fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1582.140829][T20220] RAX: ffffffffffffffda RBX: 00007f420f3e5fa0 RCX: 00007f420f191667
[ 1582.140842][T20220] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1582.140853][T20220] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1582.140864][T20220] R10: 00002000000001c0 R11: 0000000000000286 R12: 0000000000000001
[ 1582.140875][T20220] R13: 00007f420f3e6038 R14: 00007f420f3e5fa0 R15: 00007f420f50fa28
[ 1582.140905][T20220]  </TASK>
[ 1582.141033][T20220] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff888060671d80
[ 1582.141033][T20220] fs sockfs mode 140777 opflags 0x8 flags 0x0 state 0x300 count 0
[ 1582.434295][T20220] ------------[ cut here ]------------
[ 1582.440777][T20220] kernel BUG at fs/inode.c:1971!
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1582.534321][T20173] team0: Port device team_slave_0 added
[ 1582.553483][T20220] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1582.560939][T20220] CPU: 0 UID: 0 PID: 20220 Comm: syz.2.2803 Not tainted syzkaller #0 PREEMPT(full) 
[ 1582.572849][T20220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1582.584758][T20220] RIP: 0010:iput+0xfc9/0x1030
[ 1582.589819][T20220] Code: 8b 7c 24 18 48 c7 c6 a0 e0 79 8b e8 e1 44 e8 fe 90 0f 0b e8 e9 57 81 ff 48 8b 7c 24 18 48 c7 c6 40 e0 79 8b e8 c8 44 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[ 1582.613776][T20220] RSP: 0018:ffffc9000c907de8 EFLAGS: 00010282
[ 1582.620629][T20220] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 4d04c81b52e1b400
[ 1582.629203][T20220] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1582.638208][T20220] RBP: 1ffffffff1ed6a7a R08: ffffc9000c907aa7 R09: 1ffff92001920f54
[ 1582.648129][T20220] R10: dffffc0000000000 R11: fffff52001920f55 R12: 1ffff1100c0ce3f0
[ 1582.657252][T20220] R13: ffff888060671f80 R14: 0000000000000200 R15: 1ffffffff1f01a12
[ 1582.667423][T20220] FS:  00007f42100d56c0(0000) GS:ffff8881260a6000(0000) knlGS:0000000000000000
[ 1582.677643][T20220] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1582.684823][T20220] CR2: 000055da6f21f468 CR3: 000000003c3b6000 CR4: 00000000003526f0
[ 1582.694813][T20220] Call Trace:
[ 1582.698967][T20220]  <TASK>
[ 1582.702957][T20220]  ? do_raw_spin_unlock+0x122/0x240
[ 1582.709240][T20220]  __sys_socket+0x2bf/0x320
[ 1582.714516][T20220]  __x64_sys_socket+0x7a/0x90
[ 1582.721829][T20220]  do_syscall_64+0xfa/0xf80
[ 1582.727572][T20220]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.734870][T20220]  ? clear_bhb_loop+0x60/0xb0
[ 1582.739837][T20220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.746451][T20220] RIP: 0033:0x7f420f191667
[ 1582.751473][T20220] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1582.777415][T20220] RSP: 002b:00007f42100d3fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1582.786358][T20220] RAX: ffffffffffffffda RBX: 00007f420f3e5fa0 RCX: 00007f420f191667
[ 1582.795474][T20220] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1582.805563][T20220] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1582.817536][T20220] R10: 00002000000001c0 R11: 0000000000000286 R12: 0000000000000001
[ 1582.829471][T20220] R13: 00007f420f3e6038 R14: 00007f420f3e5fa0 R15: 00007f420f50fa28
[ 1582.839877][T20220]  </TASK>
[ 1582.843675][T20220] Modules linked in:
[ 1582.848653][T20220] ---[ end trace 0000000000000000 ]---
[ 1582.873385][T20220] RIP: 0010:iput+0xfc9/0x1030
[ 1582.943191][T20220] Code: 8b 7c 24 18 48 c7 c6 a0 e0 79 8b e8 e1 44 e8 fe 90 0f 0b e8 e9 57 81 ff 48 8b 7c 24 18 48 c7 c6 40 e0 79 8b e8 c8 44 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[ 1583.002934][T20220] RSP: 0018:ffffc9000c907de8 EFLAGS: 00010282
[ 1583.010708][T20220] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 4d04c81b52e1b400
[ 1583.094120][T20220] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1583.113483][T20220] RBP: 1ffffffff1ed6a7a R08: ffffc9000c907aa7 R09: 1ffff92001920f54
[ 1583.184219][T20220] R10: dffffc0000000000 R11: fffff52001920f55 R12: 1ffff1100c0ce3f0
[ 1583.192781][T20220] R13: ffff888060671f80 R14: 0000000000000200 R15: 1ffffffff1f01a12
[ 1583.272996][T20220] FS:  00007f42100d56c0(0000) GS:ffff8881260a6000(0000) knlGS:0000000000000000
[ 1583.382959][T20220] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1583.390984][T20220] CR2: 00007f4032d17d60 CR3: 000000003c3b6000 CR4: 00000000003526f0
[ 1583.475141][T20220] Kernel panic - not syncing: Fatal exception
[ 1583.482717][T20220] Kernel Offset: disabled
[ 1583.487881][T20220] Rebooting in 86400 seconds..