last executing test programs:

6.1396777s ago: executing program 2 (id=609):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b000000000000000200000000000400000008"], 0x50) (fail_nth: 2)

5.700664022s ago: executing program 2 (id=613):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/custom1\x00', 0x2, 0x0)
unshare(0x2c060000)
unshare(0x22020600)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008040)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a0904000000000000000002000000340004800c000180080001006c6f6700240001800b000100657874686472000014000280080006400000000208000140000000150c00034000000000000000020900020073797a3200000000140000001100010000000000000000000000000a1dadf676df2cbe0047a0b1e1fa39622fb012eb930dfde8fae5b4b845fffe7b5e32cf05b5307b7f62da2952557b187040bd5be8028d7c39f6d19d88ef1b6131fbfaddaa1134d705f7fa0540dc48b404059c1ba08b48adfe08cb5ffc2cd5d843d1537c70a1c07735205fbfb9b1766f020cff5a267739fbcfdcf2d4b3c1b1582e70bf82b61ec6f2c111307db684af0d3aae2b21d91d38446749dcf3677b25eaaa549fab050cc0adfe691b3bad78d3102f3de63756dbf68d54a556063e2976ae0c42843bfc689fbefe5f630566c3cbc97fd34dc1fbdcf1d6db"], 0x88}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x80000000, @empty, 0xffffffc0}, {0xa, 0x4e24, 0x0, @mcast1}, 0xffffffffffffffff, 0xfffffffe}}, 0x48)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
socket(0x27, 0x800, 0xfffffe00)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x90, 0x0, &(0x7f0000000ac0)=[@reply={0x40406301, {0x20001, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/105, 0x69, 0x2, 0x12}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/8, 0x8, 0x2, 0x33}}, &(0x7f0000000380)={0x29, 0x28, 0x40}}}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x50, 0x18, &(0x7f00000007c0)={@flat=@handle={0x73682a85, 0x1, 0x5}, @flat=@handle={0x73682a85, 0x1000}, @fda={0x66646185, 0x6, 0x74, 0x2b}}, &(0x7f0000000bc0)={0x0, 0x2d, 0x30}}, 0x40}], 0x0, 0x0, 0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb26403caffafe31010018000000000000007c0000007c000000060000000b00000001000006040000000700000c040000000900000000000008040000000200000007000006040000000900000000000000030000000500000002000000d20000000b000000ff00000002000000050000000600000001000000080000a8e35e00080000000600000000000008010000"], &(0x7f00000006c0)=""/73, 0x9a, 0x49, 0x1, 0x7fff, 0x10000, @value=r2}, 0x28)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7f}, 0x1c)
r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$ptp(r2, &(0x7f0000000200)=""/167, 0xa7)
sendto$inet6(r5, 0x0, 0x0, 0x8805, &(0x7f00000001c0)={0xa, 0x4e21, 0xfffb, @mcast2, 0x3}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r5, 0x29, 0x1, &(0x7f0000000180), 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000300000000000000", @ANYRES32, @ANYBLOB='\x00\b\x00'/20, @ANYRES32=0x0, @ANYRESHEX=r6, @ANYBLOB="04000000000000000200000000000000000000000000000a00000000"], 0x50)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000c00)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000004c0)={@fda={0x66646185, 0x7, 0x2, 0x1d}, @ptr={0x70742a85, 0x0, &(0x7f0000000480)=""/14, 0xe, 0x0, 0x2d}, @fda={0x66646185, 0x7, 0x0, 0x2e}}, &(0x7f0000000540)={0x0, 0x1c, 0x44}}, 0x1000}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
ioctl$I2C_TENBIT(0xffffffffffffffff, 0x704, 0x1)

5.629930983s ago: executing program 2 (id=614):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
gettid()
r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x1, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
getgroups(0x6, &(0x7f0000000140)=[0xffffffffffffffff, 0xee01, 0x0, 0xffffffffffffffff, <r5=>0xee00, 0xffffffffffffffff])
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000040)={0x0, <r8=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001400)={0x24, 0x2c, 0x1, 0x4, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r8}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}]}, 0x24}], 0x1}, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000180)={0x64, 0x7d, 0x1, {{0x0, 0x4d, 0x8, 0xfff, {0x1, 0x1, 0x4}, 0xa8200000, 0xffffff70, 0x9, 0x3, 0x12, '/dev/snd/midiC#D#\x00', 0x5, '[\x12n-}', 0x0, '', 0x3, '\x1e:-'}, 0x2, '^#', 0xee00, r5, r8}}, 0x64)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000240)={0x77359400}, 0x0, 0x0)

5.457280049s ago: executing program 4 (id=616):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
futex(0x0, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffc000)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newtaction={0x48, 0x30, 0xb, 0x0, 0xfffffffd, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

4.750367383s ago: executing program 2 (id=619):
r0 = io_uring_setup(0x6f94, &(0x7f0000001240)={0x0, 0xfffffffd, 0x0, 0x2})
close_range(r0, 0xffffffffffffffff, 0x0)

4.54406337s ago: executing program 2 (id=620):
r0 = syz_usb_connect(0x0, 0x96a, &(0x7f0000000980)={{0x12, 0x1, 0x200, 0x6f, 0xca, 0x67, 0x40, 0x33f8, 0x1a4, 0x8ca7, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x958, 0x4, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb5, 0x3, 0xa, 0xff, 0xf6, 0xb6, 0xfd, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "43dc46b3"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x39fc, 0xfff9, 0x0, 0x7}, [@obex={0x5, 0x24, 0x15, 0x5}, @mdlm={0x15, 0x24, 0x12, 0xf3}, @ncm={0x6, 0x24, 0x1a, 0x8001}]}], [{{0x9, 0x5, 0xe, 0x0, 0x40, 0x5a, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x4, 0x1b8}]}}, {{0x9, 0x5, 0x80, 0xb, 0x3ff, 0x2, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2, 0x2}, @generic={0xe6, 0x6, "33b2d8b3915aa0dae7c6672f7bd21e2ede3e4bdd7a5b0976a0b6cf11936284ba10f8945130115968b7d43c4c06bfd3b060bd24c742cf25c189ad93cc4e05aafecdef4d2c1b5eefa7f7fd3cc184e0f7e568dfec206c86b9c6f9f147c095b41a09bc3cbbc7eaec9fec8e1464f12908660d1e666a637efafc0556d84dce8c048f93ad8c5fd2aa619b84ae86e1d9fa29e7cb161813fdcc1a8645fec96c13281a80e59e8028294fbe43184cf3e5043345775e9d904ae84cc646545f5cb704ad86e015ed38c58ad0ac666aec33825bbd521779829cc37b4bf73e9400854da8bf44876b98369de6"}]}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x9, 0x2, 0x10, [@generic={0x6a, 0x22, "993ae09a53ff9bace6e433ddf02e4c912ccdcfbbb07ab689ef3c472dbb6dc6ab68e7de166ae470ba39aff3e94176ca5765ec17f1dc3ea25254855fdba95d43502e69228ba6cde00719392c275a8093f56d1478137341ca6fb20646aa9004e9ded2db1856ff9c6e1e"}, @generic={0x75, 0x655251c48b19b7cc, "8e5f6c1e54c8e8334e1d1ae88a80cf09085774111f957997132189926e24e9eb9daf626a45f761dbff60875441a86039d99d0af5c2594da59b2a55b60cd30fe0c7f885ce40bb0432ddfd4545991f5e559e04411509553eb6972685f74b4550c7b7522e74bcc2be613ced8cfc31d76db9e22cc7"}]}}, {{0x9, 0x5, 0x1, 0x2, 0x10, 0x7f, 0x9, 0xa8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x6b80}]}}, {{0x9, 0x5, 0xe, 0x0, 0x400, 0x10, 0x2, 0x2f}}, {{0x9, 0x5, 0x6, 0x10, 0x8, 0x6, 0x3, 0x5}}, {{0x9, 0x5, 0xd, 0x10, 0x400, 0x2, 0x4, 0x5}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0x8, 0x1, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x10, 0x7, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x9}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x4, 0x5, 0xb8}}]}}, {{0x9, 0x4, 0x30, 0x9, 0x5, 0xff, 0xff, 0xff, 0xf, [], [{{0x9, 0x5, 0x1, 0x10, 0x20, 0xb, 0xad, 0x10}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0x6, 0x7, 0xe0, [@generic={0xf6, 0xf, "2c8c67c11091d70dd90a4862694ecf7c39535b318ebf67c48d997357f5003179230b30a34de09c0b19f794262dd33338f826f37e4ac789b4f569840b576ed4ec9b7a7ee87713aabbb614c694262d5840c5e82c104502bc3c0f7ab10c878cfad9604b74e716a60b394ce2fa72c3e29d4f1dcacc9e76d2c10516f393871fbeae69e5a99b5fc08d75ff71f1c14ffd5285598c074c7cc1312c84dfe44d2d053ab49f464c81daaa1bb17bf8ae4efd604a3d78bfda1741b331eb440f9f2c0ca1fef3639230fc0ecc89675442d167afb1037120007f8d3502a42c0178f0f6098c440248b6f079b4a2275391719931d09107431695d278b3"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x1}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0xa, 0x5, 0x8}}, {{0x9, 0x5, 0xa, 0x10, 0x400, 0x5, 0x2, 0x3, [@generic={0xc8, 0x8, "1577b29e23ced7ca83e7d1c0c795738cae200392306ca45ede4102c0da057679a50ce69aeeb47aaeba663deec4d6b40f39aaeac5ec5872e381622fd7e6ce3e68f9427c880f20c1b85a8d3be73c7b2d8b143d34d94b1fec8d9cb7fcad10060c41d3e08a8384fc1174b68f58f4b335fca2f1ca1d068519a8d32865f109cb8b260fe99b876856c7306415bcf6d8b75d5c727ac52024ba4120974eaefcca3a78b7f67f2770d21b18672ceee0abc0d2d0a6e3caff520f8e5cb941deeadfb96bc014f683513200f17e"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x3, 0x401}]}}, {{0x9, 0x5, 0xd, 0x10, 0xe1f357b694e1638, 0x9, 0x9c, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x4e, 0x4}]}}]}}, {{0x9, 0x4, 0x4, 0x9, 0x9, 0x70, 0x15, 0xa3, 0x2, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "60746090"}, {0x5, 0x24, 0x0, 0x1ded}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x6, 0x2b, 0x5}, [@acm={0x4, 0x24, 0x2, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x539}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x7}, @country_functional={0xc, 0x24, 0x7, 0x4, 0x3, [0x6, 0x7, 0x4]}, @mbim={0xc, 0x24, 0x1b, 0x3, 0xfff, 0x3, 0xfc, 0xb635, 0x7}]}], [{{0x9, 0x5, 0x8, 0x0, 0x40, 0x14, 0x6}}, {{0x9, 0x5, 0x5, 0x2, 0x58, 0x9e, 0x10, 0xa2}}, {{0x9, 0x5, 0xd, 0x1, 0x400, 0x5, 0x4, 0x6}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x80, 0x9, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xd, 0x7a3d}]}}, {{0x9, 0x5, 0xe, 0x1, 0x40, 0x5, 0x5, 0x2, [@generic={0x3c, 0xc, "23dc19ba5c32d5d785c08d74f777ba3e0837ea0ff370741358aa3fcf8dcfd06c31117d76b6cf4e43403c030000000000000086cf227a2d34ceae"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x4cfe}]}}, {{0x9, 0x5, 0x5, 0x1c, 0x20, 0x2, 0x8, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf7, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x1, 0x3ff, 0x1, 0x9, 0x3}}, {{0x9, 0x5, 0x80, 0x8, 0x10, 0x7, 0x19, 0x89}}, {{0x9, 0x5, 0x7, 0x8, 0x400, 0x2, 0x6f, 0x6, [@generic={0x4d, 0x10, "94ee2feabab68db9434cf3a32203c6f15d0ce638bd7a81e2a16c3e5a58ab27dcafdd09740f6c083044ccc1c2f1b037a8758edac32395531d2286ab431b2c14e3f2120de17cbf702da5b7e3"}, @generic={0x27, 0x19, "1c05c947d3d674c2b2569d3d49cb62a134754da51292fc15461b591bbb601f41739e431ee3"}]}}]}}, {{0x9, 0x4, 0x81, 0x5, 0x9, 0x1b, 0x47, 0x4b, 0x6, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "4ed4e0"}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x200, 0xa3fc, 0x3, 0xb}, {0x6, 0x24, 0x1a, 0x6, 0x25}, [@mdlm_detail={0x13, 0x24, 0x13, 0x18, "b7022e698dafe12460a6d975c0ec8e"}]}, @cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "61ecfa5116"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x8, 0x8, 0x9}}], [{{0x9, 0x5, 0x80, 0x0, 0x20, 0x3, 0x4, 0xf, [@generic={0xe4, 0x31, "e394220a992e6fdd29bbde15c98339c61c6565cd3de6f8721dbd289ba4392bc8f6423f81a913a900812e34bf7d61483969bdb80c52a5e494d9aa1ec7f028b04425382d64b644bb310ddc843df364f15cbdc62a4eaf3c8672343c9dd2701d274285db85908d1cdc8341227e823bba6e6f6256f42e13716c5909d50ad7a3d4d6f2984ce8e756920c494b28c38dfe738df2f5dd1c572bae92b35e433d4185669cec08678dae7ef49bb6ebac1714d7d2ea44531a912d2b653b08543b83e33684a49b4177550ad3e5781c70d82cdbc6937f9324896b77bec0a6abb43ab0d4ecc9c601cecd"}]}}, {{0x9, 0x5, 0xf, 0xc, 0x200, 0x5, 0xf, 0x3}}, {{0x9, 0x5, 0x80, 0x0, 0x8, 0x8, 0xb3, 0x36, [@generic={0x83, 0x21, "7c97c64bea0a8fcbaae42fa420d28c9693add7645249c9d02e4326f4a2420a2c7a1d542ce4e1aea099fa2dd302107f9865a940fe02dcd7a855f79db5fac4ec8784719d59287c032bcdf1bc470ec95a358df7e96ddf4f95d8363da67767bcd8f17479bda8050e1ba1bdf328d6ada9eb15e3467e0c687ecde0e4c063fd9223968e0a"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x40, 0x9, 0x81, 0x5, [@generic={0xe7, 0xf, "2b4694e9d66bfe8aa5127fe08935c34d613bf5870050c67ce3e3a908e4f82cdb5468e68ae41653cbc9773777006b931a0a99990ed492641922c193b795f8648228defd93ced92f8ea8265f1df7e35cb0a556555aeb3d989c4d9a3f98d1d4d864f7452fbaa5f839013c70e24a74021cb0cd6b9d6398a3a5fedcf5bfcda9ccc9afc8ad1715a6de63f5795918ac45b6613dfcee486b19c4cecc9de439cb7ae80b617b947eee732290de1e94116ed88f9869506e103b7f4ca80897d85a223793a57d6c31e65a08dc22904a164912a4bba60d34019db69e661e8032a157f6fd003cb6625ba7ea30"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x20, 0xf4, 0x3, 0xd5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0xff}]}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x4, 0x40, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0xd0a}]}}, {{0x9, 0x5, 0x8, 0x2, 0x3ff, 0x6, 0x0, 0x47, [@generic={0x4b, 0x22, "cfb528ce50a7838eee1dd515305a32d065626efdb0753a7f78fee24cb5217bb67deaf01fd256f2321774a8bced126b951d7876f48f2cd6366376a1707715a47eb59979ff8bee6a7088"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0x8, 0x2, 0x3}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x41, 0x16, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x1}]}}]}}]}}]}}, 0x0)
syz_usb_disconnect(r0)

4.324362706s ago: executing program 4 (id=623):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000240)="db", 0x1, 0xe0, &(0x7f0000000200)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)
shutdown(r1, 0x1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x5, 0x27ff, 0x27fc, 0x2, 0xbb6, 0x2800, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x1, 0x34f}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000440)=@abs={0x1, 0x0, 0x4e1f}, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f00000001c0)=@assoc_value={<r8=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r8, 0x7}, &(0x7f0000000100)=0x8)
r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r9, 0x405c5503, &(0x7f0000000380)={{0x0, 0xfff, 0x4b, 0x8009}, 'syz0\x00', 0x11})
ioctl$UI_DEV_SETUP(r9, 0x5501, 0x0)
r10 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2)
r11 = dup3(r10, r9, 0x80000)
read$FUSE(r11, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x23)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={r8, @in={{0x2, 0x4e21, @loopback}}}, &(0x7f0000000000)=0x84)
r12 = openat$adsp1(0xffffff9c, &(0x7f0000000180), 0x391240, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r12, 0x800c5012, &(0x7f0000000040))

3.747520448s ago: executing program 1 (id=628):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0xfffffffb, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xd, 0x2}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0xff, 0xb}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x800, 0x0, 0x0, 0x5, 0x6, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x404c800}, 0x0)

3.523699323s ago: executing program 3 (id=630):
r0 = io_uring_setup(0x6f94, &(0x7f0000001240)={0x0, 0xfffffffd, 0x0, 0x2})
close_range(r0, 0xffffffffffffffff, 0x0)

3.522407697s ago: executing program 3 (id=631):
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x800000, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1}, 0x48)
r0 = socket(0x848000000015, 0x805, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x8}, &(0x7f0000000140)=0x8)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x10}, 0x1c)

3.42474188s ago: executing program 3 (id=632):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r3], 0x50}, 0xffe, 0xba01}, 0x20004010)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r4, 0x0, 0x404c080)
getsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r5=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000006c0)={r5, 0x6, 0xd1, 0x7, 0x71, 0x4}, &(0x7f0000000840)=0x14)

3.356676047s ago: executing program 3 (id=633):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000000c0), 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x2, 0x0, 0x4, 0x20009, 0x8, 0x0, 0x2}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
ioctl$KVM_GET_MSRS_sys(r3, 0xc008ae88, &(0x7f00000003c0)={0x1, 0x0, [{0x489, 0x0, 0xec}]})
stat64(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0))
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000005c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000000c0)="71e67a55cdf7d6f9d7cb7e375b61a83181e3c36fa7b6ffe902cd9c4721d89d91cbc10a90afda349a36c6e8c07fc88630491e63a3c68a9dbd2233d09729e77e", 0x3f)
r5 = accept4$alg(r4, 0x0, 0x0, 0x0)
sendmmsg(r5, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0c00e900faff010000000000"], 0xc}}], 0x2, 0x20004041)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 2', 0x1b)
ioctl$SOUND_PCM_READ_CHANNELS(0xffffffffffffffff, 0x80045006, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r6, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0)
socket$inet_sctp(0x2, 0x5, 0x84)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f00007cc000/0x4000)=nil)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0)

3.324130886s ago: executing program 1 (id=634):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
futex(0x0, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffc000)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newtaction={0x48, 0x30, 0xb, 0x0, 0xfffffffd, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

3.154783815s ago: executing program 0 (id=635):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
socket(0x2, 0x80805, 0x0)
openat$sndseq(0xffffff9c, &(0x7f0000000380), 0x800)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x4000000}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000040)=0x7ff, 0x4)
sendmsg$tipc(r3, 0x0, 0x20001)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r4)
socket$inet6_sctp(0xa, 0x5, 0x84)
memfd_secret(0x80000)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x22, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5d9dd932}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5}}}}]}]}, 0x70}}, 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r5, @ANYBLOB="08000100"], 0x90}}, 0x0)

2.893208225s ago: executing program 1 (id=636):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x12, &(0x7f0000000380)=@conn_svc_rsp={0x0, 0x0, 0xa, "96329bb8", {0x3, 0x106, 0x0, 0x5, 0x9, 0x3d, 0x15}}) (async)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15"]) (async, rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010600000000000000001c140000fe000001000000000800010000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4009}, 0x0) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x19, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b405000000000000611018000000000062000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000), 0x10, &(0x7f00000001c0)={&(0x7f0000000100)=@can={{0x3, 0x1}, 0x0, 0x1, 0x0, 0x0, "62ef521506070cb5"}, 0x10}, 0x1, 0x0, 0x0, 0x24048017}, 0x48811) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000019100), r2) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r4=>0x0})
syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000002000904000002bd22f00009140303000000393209058aff"], 0x0) (async)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000740)={0x44, r3, 0x1, 0x72bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x4, 0x23}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x9, 0x800, 0x3, 0x2, 0x2, 0x3, 0x1]}}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x44091}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000700)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b0020003", @ANYRES64=r5], 0x2b0}, 0x1, 0x0, 0x0, 0x11}, 0x40080) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64)
r6 = socket(0x40000000015, 0x805, 0x0) (rerun: 64)
getsockopt(r6, 0x114, 0x5, &(0x7f0000000100)=""/102400, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r9, 0x0, 0x488, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x4b564d07}]})
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r10, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x6, 0x6, 0x1, 0x8, 0x10, @private1, @private2, 0x7020, 0x40, 0x4, 0x7}}) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.819838965s ago: executing program 0 (id=637):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x100, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xa}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0)

2.811764748s ago: executing program 4 (id=638):
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[], 0x69}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000003780), 0x802, 0x0)
r0 = syz_io_uring_setup(0x222f, &(0x7f0000000280)={0x0, 0x2, 0x10100}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x6000, @fd_index=0x3, 0x800000, 0x0, 0x0, 0x13})
io_uring_enter(r0, 0x53d1, 0x0, 0x4, 0x0, 0x0)
mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
r3 = syz_io_uring_setup(0x456b, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=<r4=>0x0, &(0x7f0000000100))
socket(0x2d, 0x2, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x40800)
splice(r7, 0x0, r5, 0x0, 0x7ffff040, 0x1200000000000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.401953735s ago: executing program 0 (id=639):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="2400c00e1a005f0214f9f4070009040081000000fe000000000000000800040001000000", 0x24)

2.208859687s ago: executing program 0 (id=640):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x4c, r5, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x31}, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000140)='./file0\x00', 0xa)
r7 = socket(0x22, 0x3, 0x0)
r8 = syz_open_dev$video4linux(&(0x7f0000000000), 0x1000, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r8, 0xc0305615, &(0x7f0000000140)={0x0, {0xb, 0x9}})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x2c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xffffffff}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x8}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x13}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x101}]}}]}, 0x58}}, 0x4048000)

1.54084689s ago: executing program 1 (id=641):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x301a00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f00000000c0)=0x2)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x4}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xa6c3, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
ioctl$NBD_SET_TIMEOUT(r2, 0xab09, 0x2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0xffffffff, 0x7d, 0x0, 0x20, 0x3, 0x0, 0x106f, 0x80000080000001, 0xffffffffffffffff, 0x1, 0xfffffffffffffffd, 0x7, 0x5, 0x8000000000000007, 0x800000000000000, 0x9], 0x0, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000100), 0xee09, 0x4000)
ioctl$HIDIOCGUCODE(r4, 0xc018480d, &(0x7f0000000140)={0x3, 0xfffffefe, 0x6, 0xf7c7, 0x4, 0x5})
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
r5 = socket(0x8c1038a9304115e3, 0xa, 0x0)
write(r5, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)

1.508813885s ago: executing program 1 (id=642):
r0 = io_uring_setup(0x6f94, &(0x7f0000001240)={0x0, 0xfffffffd, 0x0, 0x2})
close_range(r0, 0xffffffffffffffff, 0x0)

1.487770386s ago: executing program 4 (id=643):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/ip_mr_vif\x00')
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x2, 0x5, 0x0, 0x2, 0xe, 0x0, 0x0, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e24, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x3}, &(0x7f0000002000)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="9b4307000001", @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @echo_reply={0xe0, 0x0, 0x0, 0xfffd}}}}}, 0x0)
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r7 = socket(0x2b, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
futex(&(0x7f00000000c0)=0x1, 0xb, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)=0x2, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r10, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
close_range(r9, 0xffffffffffffffff, 0x0)
pread64(r0, &(0x7f0000004380)=""/246, 0xf6, 0x2)

1.397128176s ago: executing program 1 (id=644):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x40}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_netdev_private(r1, 0x8947, &(0x7f0000000180)="a6cc04e2d8f1c38afbf14b29b86e3a")
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r3}]}, 0x28}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'erspan0\x00', &(0x7f0000000640)={'syztnl0\x00', <r4=>0x0, 0x40, 0x8, 0x0, 0xff, {{0x6, 0x4, 0x0, 0x9, 0x18, 0x68, 0x0, 0xf4, 0x4, 0x0, @multicast2, @multicast1, {[@end]}}}}})
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000840)={&(0x7f00000006c0)={0x154, 0x0, 0x8, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0x61f0, 0x10100, 0x2, 0x2ea}, &(0x7f0000000100)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
r10 = eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000140)={0x3, r10})
r11 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000300)={0x1, 0x1, 0x1000, 0x4, &(0x7f00000002c0)="51a2aa3a", 0xf0, 0x0, &(0x7f0000000400)="51025023fe507adf97ac29a7ccb0d67426dc15ccbd606c313a118c3a0d78e99c83171a4035ee2c5d4e0a15c078f5f6d8dc17ba936e9dd5c1be1bdae72590a63e1fd3c83ec9f929778a414d8dcb93a6aa6848bfa3eb67fe0fea3b98220417e567f18faee5ab0992826eb35b232cea8d503bcbb600d63d7558c84f600cc55a31adcfa3e0f6f878831496a3f93a6bcfafb89e29c8c72bec38c945a0901bee52f62f3978e86f8063f6f6b361b324114088617ce44f6388c9013e75ebbc06ac556e71219003633c3fd8bdce4a7f44071578207daf40220ede9082e6c4c0bd7d0baf524abd95b603dbbc3bb59c611cd4407385"})
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc5, 0x4f, 0x40, 0x2, 0x80, 0xff, 0x3, 0x44, 0x8, 0x0, 0x100000000009}, {0xb, 0xa6f2, 0x6, 0x8, 0x9, 0xff, 0x4, 0x8, 0xa, 0x16, 0x2, 0x6, 0x1}, {0x1ff, 0x3, 0xd, 0x10, 0x25, 0x9, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x2, 0x4}], 0x9})
ioctl$KVM_SET_REGS(r13, 0x4090ae82, &(0x7f0000000200)={[0x7, 0x6, 0xf3b8, 0x0, 0x1000, 0x402, 0x4002004c4, 0x1000, 0x3, 0x97, 0x1000000000000006, 0x0, 0x7, 0x4], 0xeeee8000, 0x400})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {0xa0b0}, 0x3})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r7, 0xa598626189b4a134)
syz_usb_connect(0x3, 0x4f, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000e45aa5205b109917e9360102030109023d0001000000000904ef0404ff010100090502020800d0000909050800ff03070006bd7a027a77cbd25505d53cfab0f568eb182379768afebcfb1da0f4a0989ade742f7087d0b21f39778381425f3371704ca969c98e95b5eb53871f74b9580e06893023b49136e06b0248822418a02214183f23be51fb6c314bc6f81c615cc0634a94ee1c9656ae83fc0823984c715e5f080ccb30371eaa560ca7b3c32b2f077a4796a9efda7730"], 0x0)

1.336731575s ago: executing program 2 (id=645):
r0 = userfaultfd(0x80001)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000400)=@random={'btrfs.', '\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xaaYq\xf7\x01\xf3\xea\xd1\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xec,\xd5\xfd,\xce`\x9f\x92\xb4\xbe\x06?\xaa\x16Q\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849S\x15=kxS\x1c\xc1\xdat~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xe4b\xdc\x19_\xd5oc\x13\xf0\xd0\xf6P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xea)8\x98A\xb7\x83\x1a*~\xa4\x87\xdez\xff\x97\x1c@\xec\xbd\x99Z\x94\xcai\xbe\xb7\xb2X\xc4\xe9h0\x99I\xee\xb7Ck\xa2\xb6\xf7\xb4\x82~\xd2\xa2H\xfa\x04S\xf4Q\x11\x8b\xc0\xd1O<ks>\xe9D\xbfJ\xfa\xa2.\xe2\x81\x03u\xa2v\x86*\x01\x18\n5\xc4\xc4\x92W\x97\x12\xaf8@\x1e\x93\xcaV\x96P/v\xc2\x9f)+\xbc=4\x14\xd8\xbc\xe8\xcay\x87\t\xac$\xd6\x11\xb4\x06\x81\x8a\xbf\xe5\x8a\x00'}, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'syzkaller0\x00', 0x7101})
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x80000300, 0x80000330, 0x80000360], 0x0, 0x0, &(0x7f0000000300)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x110)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
unshare(0x28000600)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r6, 0x5)
listen(r6, 0x9)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x30, 0xc, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x41}, 0xc0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x9, 0xffffffffffffffff, 0x1})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x8, &(0x7f0000000000)=0x6, 0x4)
getsockopt$inet6_tcp_buf(r8, 0x6, 0x8, 0x0, &(0x7f0000001040))
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0xd)
ioctl$KVM_SET_NR_MMU_PAGES(r9, 0xae44, 0x3ff)
sched_setattr(0xffffffffffffffff, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x8, 0x80000001, 0x3, 0x5fd5, 0x2, 0x7}, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000340)={{&(0x7f00008e3000/0x4000)=nil, 0x4000}, 0x0, 0x2})
syz_usb_connect(0x0, 0x36, &(0x7f0000000400)=ANY=[], 0x0)

1.126292593s ago: executing program 4 (id=646):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
futex(0x0, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffc000)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newtaction={0x48, 0x30, 0xb, 0x0, 0xfffffffd, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

1.101929151s ago: executing program 0 (id=647):
rt_sigprocmask(0x0, &(0x7f000078b000)={[0x9, 0xfffffffc]}, 0x0, 0x8) (async)
r0 = gettid() (async)
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000080)={0x0, 0x0, 0x4})
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) (async)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) (async)
futex(&(0x7f0000004000)=0x2, 0x8d, 0xfffffffd, 0x0, 0x0, 0x0)
readv(r2, &(0x7f0000002940), 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000002200)=@known='user.incfs.id\x00', &(0x7f0000002280)=""/99, 0x63)
r4 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c003107b745336b20129f982d30158b2c"], 0x0, 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000100)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000002140)={0x50, 0x0, r5, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x50) (async)
read$FUSE(r3, &(0x7f000000b040)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) (async)
fcntl$setflags(r3, 0x2, 0x0)
open_by_handle_at(r4, &(0x7f00000021c0)=ANY=[@ANYBLOB="1c0000008100"], 0xfeffffff)

421.19516ms ago: executing program 3 (id=648):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@mpls_newroute={0x1b, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r2, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x88c0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000001040)={0xa5c, r2, 0x20, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x354, 0x11d, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xffffffff}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xbe}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfffffffffffff801}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}]}, {0x2b, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x99}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x94}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0xeb4cd0cac5e42e66}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x7b}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x23c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x210, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xfc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x41, 0x2, [{0x6, 0xa}, {0x4, 0xa}, {0x4, 0x3}, {0x1, 0x4}, {0x7, 0x3}, {0x5, 0x5}, {0x4, 0x4}, {0x4, 0xa}, {0x6, 0x5}, {0x2, 0x2}, {0x4, 0x3}, {0x2, 0x4}, {0x4, 0x2}, {0x2, 0x9}, {0x1, 0x7}, {0x3, 0x6}, {}, {0x6, 0x8}, {0x0, 0x4}, {0x1, 0x1}, {0x7, 0x8}, {0x6, 0x2}, {}, {0x3, 0x3}, {0x2, 0x3}, {0x7, 0x9}, {0x1, 0x5}, {0x0, 0x5}, {0x3, 0x3}, {0x5}, {0x2, 0x3}, {0x1, 0x7}, {0x4, 0x2}, {0x0, 0x9}, {0x6, 0x9}, {0x1}, {0x6, 0x2}, {0x1, 0x6}, {0x1, 0xa}, {0x0, 0x7}, {0x5, 0x9}, {0x0, 0x7}, {0x1, 0x5}, {0x7, 0x7}, {0x2, 0x5}, {0x6, 0xa}, {0x7}, {0x5, 0x6}, {0x1, 0x2}, {0x1, 0x6}, {0x1, 0x9}, {}, {0x3, 0x4}, {0x0, 0x9}, {0x4, 0xa}, {0x2, 0x8}, {0x4, 0x4}, {0x5, 0x4}, {0x7, 0x3}, {0x1, 0x6}, {0x6, 0x7}]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x0, 0x4}, {}, {0x2, 0x5}, {0x2, 0x5}, {0x7, 0x5}, {0x0, 0x1}, {0x0, 0x2}, {0x4, 0x3}, {0x2, 0xa}, {0x6, 0x6}, {0x1, 0xa}, {0x4, 0x8}, {0x0, 0x2}, {0x0, 0x7}, {0x2, 0x2}, {0x5, 0x6}, {0x7, 0x6}, {0x4, 0xa}, {0x5, 0xa}, {0x4, 0x6}, {0x6, 0x3}, {0x0, 0xa}, {0x1, 0x5}, {0x5, 0x9}, {0x2, 0x2}, {0x7, 0xa}]}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x3, 0x9, 0x30, 0xb, 0x48, 0x60, 0x5, 0x12, 0xc, 0x48, 0x6c, 0x9, 0x1b, 0x36, 0x1b, 0x2, 0x6, 0x1, 0x18]}, @NL80211_TXRATE_HT={0x24, 0x2, [{0x4}, {}, {0x6, 0x9}, {0x5, 0x6}, {0x7, 0x6}, {0x0, 0x6}, {0x3, 0xa}, {0x4, 0x6}, {}, {0x3, 0x7}, {0x2, 0x9}, {0x1, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x7, 0x3}, {0x2, 0x5}, {0x0, 0x9}, {0x5, 0x3}, {0x1, 0x2}, {0x6, 0x5}, {0x5}, {0x0, 0x9}, {0x4, 0xa}, {0x4, 0x8}, {}, {0x0, 0x6}, {0x2, 0x3}, {0x5, 0x5}, {0x3, 0x7}, {0x3, 0x5}, {0x7, 0x1}, {0x7, 0xa}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x5, 0x7, 0x7, 0x100, 0x8, 0x6, 0x7]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x0, 0xbd4c, 0x81, 0x7, 0x7, 0x5, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x10, 0x2, 0xb36, 0xa, 0x5, 0xea6e, 0x9, 0x4a07]}}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x2, 0x16, 0x30, 0x1b, 0x36, 0x30]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x0, 0x4}, {0x0, 0x9}, {0x2, 0x1}, {0x0, 0xa}, {0x0, 0xa}, {0x6, 0x1}, {0x3, 0x8}, {0x3, 0x8}, {0x0, 0x9}, {0x5, 0x7}, {0x6, 0x4}, {0x7, 0x7}, {0x1, 0x9}, {0x0, 0x7}, {0x1, 0x2}, {0x0, 0x9}, {0x3, 0x1}, {0x5, 0x7}, {0x2, 0x6}, {0x1}, {0x4}, {0x4, 0x3}, {0x4, 0x7}, {0x0, 0x4}, {0x1}, {0x5, 0x4}, {0x4, 0x5}, {0x3, 0x3}, {0x5, 0x3}, {0x3, 0x4}, {0x3, 0xa}, {0x2}, {0x1, 0xa}, {0x7}, {0x4, 0xa}, {0x3, 0x2}, {0x5, 0x5}, {0x6, 0x5}, {0x3, 0x3}, {0x6, 0xa}, {0x3}, {0x4, 0x6}, {0x2, 0x6}, {0x3, 0x1}, {0x0, 0x2}, {0x2, 0xa}, {0x6, 0xf}]}]}, @NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0xd, 0x2, [{0x1, 0x6}, {0x5, 0xa}, {0x5, 0xa}, {0x5, 0x3}, {0x1, 0x3}, {0x0, 0x5}, {0x0, 0x7}, {0x1, 0x6}, {0x4, 0x7}]}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x1, 0x60, 0x16, 0xc, 0x36, 0x1b, 0x36, 0x1, 0x6c, 0x6c, 0xc]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x19, 0x48, 0x6c, 0x30, 0x48]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x3, 0x3, 0x12, 0x6c, 0x24, 0x1b, 0x1b, 0x3, 0x4, 0x60, 0xc, 0x9, 0x60, 0xb]}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x12, 0x3, 0x3, 0x12, 0x16, 0x4, 0x6, 0x2, 0x9, 0xc, 0x1b, 0x36, 0x1, 0x60, 0x1b, 0x2, 0x1, 0x48, 0x60, 0x9]}]}, @NL80211_BAND_60GHZ={0x40, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xea20, 0x6, 0xffff, 0x7fff, 0x1, 0x2, 0x3]}}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x16, 0x18, 0x16, 0x36, 0xc, 0xb, 0x48, 0x6c, 0x5, 0x4a, 0x6, 0xc, 0x2, 0x9, 0x18, 0x36, 0x36, 0x1b, 0x36, 0x67, 0x12, 0x24, 0x4, 0x5b, 0x48, 0x48, 0x6]}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x3021bedaa09dbd6f}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x5a}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x9e}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x10}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x150, 0x11d, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x60}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x46}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xcb}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x86}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9644}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9f6}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x10}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xc7}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x40}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x50cd}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xa30d}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x3ff}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8001}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x95}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6d}]}]}, @NL80211_ATTR_TID_CONFIG={0x40, 0x11d, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x37}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x28, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}]}]}]}, @NL80211_ATTR_TID_CONFIG={0x21c, 0x11d, 0x0, 0x1, [{0x194, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2e}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x79}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x14c, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe, 0x0, 0x5, 0x8, 0x8, 0x4, 0x5, 0xba]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7ff, 0x2, 0xef, 0x0, 0x8000, 0xc, 0x7, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x200, 0x3, 0x3be1, 0x5d, 0x1f6b, 0x81]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8f, 0x2d0f, 0xc443, 0x6, 0x1ff, 0x3, 0x5, 0xdd]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x8, 0x9, 0x9, 0x2, 0x9, 0x3, 0x200]}}]}, @NL80211_BAND_60GHZ={0x24, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x8270a4c711a17616, 0x39, 0x5, 0x30, 0x6, 0x1b, 0x18, 0x6c, 0x16, 0xb, 0x3, 0x6, 0x1b, 0xb, 0x60, 0x6c, 0x24, 0x5, 0xb, 0x1baeb4f38cc87415, 0x12, 0x2, 0xb, 0x6, 0xc, 0x1b, 0x36]}]}, @NL80211_BAND_60GHZ={0x84, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x5, 0x1, 0xff52811c646200ac, 0x0, 0x6, 0x18, 0xb, 0x77, 0x18, 0x1, 0x6c, 0x2, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x8, 0xfffd, 0x5, 0x3, 0x8, 0x9, 0x1000]}}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x5}, {0x3, 0xa}, {0x5, 0x6}, {0x6}, {0x5, 0x7}, {0x4, 0x4}, {0x7, 0x2}, {0x2, 0x6}, {0x2, 0x1}, {0x3, 0xa}, {0x3, 0x8}, {0x1}, {0x0, 0x4}, {0x1, 0x2}, {0x6, 0x5}, {0x2, 0x2}, {0x1, 0x2}, {0x4, 0x5}, {0x3, 0x9}, {0x4, 0x8}, {0x0, 0x6}, {0x3, 0x4}, {0x3, 0x6}, {0x4}, {0x0, 0x9}, {0x2, 0xa}, {0x6, 0x1}, {0x4, 0x8}, {0x1}, {0x7, 0xa}, {0x1}, {0x1, 0x9}, {0x1, 0x3}, {0x3, 0x4}, {0x6, 0xa}, {0x0, 0xa}, {0x7, 0x6}, {}, {0x2, 0x1}, {0x5}, {0x5, 0x1}, {0x5, 0x9}, {0x5, 0x7}, {0x0, 0x2}, {0x4, 0x3}, {0x3, 0xa}, {0x2}, {0x7, 0x8}, {0x7, 0x5}, {0x3, 0x9}, {0x1, 0x4}, {0x5, 0x1}, {0x4, 0x9}, {0x7, 0x6}, {0x3}, {0x6, 0x8}, {0x2, 0x5}, {0x5, 0x5}, {0x3, 0x6}, {0x3, 0x5}, {0x2, 0x1}, {0x6, 0x8}, {0x5, 0x8}, {0x0, 0x6}, {0x6}]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0xafd, 0xe, 0x2, 0x8000, 0x7, 0x1, 0x6354]}}, @NL80211_TXRATE_HE_LTF={0x5}]}]}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xb9}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xc4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xa7}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x7a}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x1c4, 0x11d, 0x0, 0x1, [{0x188, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x3}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0xb4, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xb0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x16, 0x9, 0x16, 0x30, 0x24, 0x6c, 0x12, 0x30, 0x4, 0x4, 0x18, 0xc, 0xc, 0x6, 0x2, 0x18, 0x30, 0x6c, 0x60, 0xb, 0x1, 0x16, 0x5, 0xb, 0x12, 0x1b, 0x6, 0x3, 0xb, 0xc, 0x1]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0xffff, 0x3, 0x4, 0x7, 0x5, 0xa, 0x80]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0xf, 0x0, 0x2, 0x6, 0x9f24, 0x6, 0x7]}}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x3, 0x2}, {0x2, 0x5}, {0x7, 0x6}, {0x7, 0x2}, {0x1, 0x6}, {0x6, 0x5}, {0x5, 0x6}, {0x7}, {0x6, 0x5}, {0x5, 0x2}, {0x0, 0x8}, {0x2, 0x3}, {0x3, 0x9}, {0x5, 0x4}, {0x1, 0x6}, {0x1, 0x9}, {0x2, 0x3}, {0x0, 0x7}, {0x5, 0x6}, {0x4, 0x8}, {0x0, 0x7}, {0x2, 0x1}, {0x4, 0x2}, {0x5, 0x5}, {0x4, 0x3}, {0x2, 0x6}, {0x0, 0x8}, {0x6, 0x1}, {0x3, 0x7}, {0x3, 0x6}, {0x2, 0x2}, {0x0, 0x5}, {0x4}, {0x7, 0x2}, {0x1, 0x4}, {0x0, 0x8}, {0x2}, {0x6, 0x2}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8888, 0x9, 0x7ff, 0x1, 0x8b9, 0x0, 0x7, 0x9]}}]}]}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7e}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x9c, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x1c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x5c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x2, 0x0, 0xfffc, 0x7ff, 0xfff9, 0x7ff, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x3, 0x10, 0x4, 0x3, 0x1, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x7ff, 0x6, 0x9, 0xf, 0x7, 0x8, 0x49]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x6c, 0x36, 0x1, 0x60, 0xb, 0x12, 0x5, 0x36, 0x9, 0x48, 0x26ef1393c556f456, 0x60, 0x5]}]}, @NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xa4, 0x0, 0x0, 0x1, 0x2, 0xc, 0x40]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x80000000}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x17c, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2c}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7f}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x68}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0xe4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x7d}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8000}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x94, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x40, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x17, 0x1, [0x5, 0x2, 0x18, 0x5, 0x3, 0x1b, 0x3d, 0x5, 0x6, 0x9, 0x12, 0x24, 0x9, 0x2370c0203f8beb98, 0x1, 0x1, 0x0, 0x12, 0x18]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x5, 0xaa, 0x7f, 0x7, 0x6, 0x4, 0x5]}}]}, @NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x1ff, 0x2, 0x1, 0x4d2e, 0x7ff, 0xf, 0x101]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x76, 0x0, 0x38, 0x69, 0x2000, 0x9, 0xfff]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}]}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xba}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xa4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0xa5c}, 0x1, 0x0, 0x0, 0x24}, 0x4000000)

229.269887ms ago: executing program 0 (id=649):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f00000006c0)={0x4, 0x0, [{0x0, 0x0, 0x0, 0x6}, {0x80000001, 0xffffffff, 0x7, 0x8, 0x5, 0x110, 0x3}, {0x80000000, 0x5dd3, 0x6, 0x6, 0xe231, 0x4, 0xffffffff}, {0x40000001, 0x0, 0x2, 0xfffffffa, 0xffffffff, 0x80000001, 0x80000000}]})

202.778561ms ago: executing program 3 (id=650):
bind$inet6(0xffffffffffffffff, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) (fail_nth: 6)

0s ago: executing program 4 (id=651):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x0, 'queue1\x00', 0x8001})
writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x20800001, 0x4)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0x12, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000000)=0x2, 0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
fremovexattr(r5, &(0x7f0000000180)=ANY=[@ANYBLOB='osx.secUrity.capabilitW\x00'])
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000200)='bridge0\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000009500)=@newtaction={0xe68, 0x30, 0x0, 0x70bd27, 0x25dfdbfd, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1f, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x401, 0x20000000, 0x1, 0x4}, 0x3c, 0x9}, [{0x10000, 0x80000001, 0x90b71e2, 0x6, 0x6, 0x9}, {0xb943, 0x0, 0x8, 0x7, 0x1, 0x6}, {0x4, 0x80000001, 0x9cb, 0x9, 0x4b, 0x3}, {0x80000000, 0x272f8ca0, 0x0, 0x400, 0x8, 0xde}, {0x9, 0x9, 0x1, 0xfffffff7, 0x9, 0x800000}, {0xa, 0xa, 0x1000, 0x7, 0x2, 0x2000}, {0x63, 0xfffffffe, 0x2, 0x1, 0x6, 0x301}, {0x4757, 0x5, 0x8, 0xbc64, 0x5b, 0x45ef}, {0x1f, 0xfffffffc, 0x1, 0x3, 0x2, 0x2}, {0x7ff, 0x400, 0x10000, 0x9, 0x1, 0x4}, {0x8, 0xa7, 0x40, 0x6, 0x2, 0x9}, {0x2, 0x6, 0x81, 0x7f, 0x2, 0xa}, {0x40, 0x1ff, 0xa, 0x3, 0x6, 0xbebd}, {0x8, 0x3ff, 0x0, 0x8, 0x7, 0x5}, {0x0, 0x4206, 0x7, 0x1, 0x9, 0xdf99caf9}, {0x1, 0x2, 0x9, 0xfffffffd, 0x8, 0x4}, {0xffff, 0x7, 0x9, 0xd, 0x7, 0xc}, {0x6, 0x6d4c, 0x2, 0x2, 0x7, 0x3}, {0x5, 0x8000, 0x3, 0xfffffff4, 0x0, 0x7}, {0x0, 0x424, 0x4, 0xffff0001, 0x2, 0xfffffffb}, {0x6d, 0x4, 0x3b79, 0x2, 0x4, 0x7ff}, {0x90e9, 0xc1e8, 0x80, 0x15, 0x8, 0xc79}, {0x398, 0x4, 0x8, 0x9, 0x8b1, 0xd8}, {0xc9, 0x9, 0x6, 0xf, 0x0, 0x28}, {0xa9, 0x0, 0x81, 0x800, 0x100, 0x7}, {0xfffffff8, 0x7, 0x0, 0x0, 0xab}, {0xc10b, 0x2191, 0x6, 0x9, 0x0, 0xbe}, {0x80000000, 0x2c2d, 0x400, 0x2, 0x3, 0x7}, {0xfe, 0x9, 0x9, 0x9, 0x7, 0x80}, {0x10000, 0x3, 0x7, 0x800, 0xffffffff, 0x1}, {0x7, 0x6, 0x7ffa328c, 0x2, 0x7b51, 0x8ce6}, {0x8, 0x212626f5, 0x2, 0x2, 0x8001, 0x2}, {0x7, 0x2, 0x7fff, 0x4, 0x7, 0x9}, {0x9, 0x5, 0x2, 0x4, 0x9, 0xe}, {0xfffffffe, 0x2, 0x354a657a, 0x7, 0x8, 0x8}, {0x1, 0x5, 0x9e2a, 0x0, 0x7, 0x3}, {0x7f, 0x5, 0x57b, 0x2, 0x0, 0x5}, {0x3, 0x3, 0x1, 0x3, 0x5, 0x9}, {0xff, 0x0, 0xfff, 0x8, 0x4, 0x9}, {0x2c, 0x2, 0x6, 0x10001, 0x2, 0x101}, {0x2, 0x0, 0x4, 0x6, 0x3, 0x10001}, {0xd, 0xfff, 0x5, 0x94, 0x2, 0x6}, {0x5d, 0x80, 0x4, 0x7, 0x11, 0x6}, {0x3, 0x5, 0xc8, 0x5, 0x18000000, 0x6}, {0xfffffffb, 0x7, 0x3, 0x9, 0x8001, 0x6}, {0x1, 0xb94, 0x800, 0xffffff49, 0x5, 0x9}, {0x95d5, 0x8, 0x8, 0x9, 0x1, 0x89bc}, {0x24, 0x1000, 0x7, 0x400040, 0x1, 0x1}, {0x6, 0x800, 0x0, 0x400, 0x10, 0x1}, {0x29a, 0x3, 0x4, 0x6, 0x7, 0x3}, {0x38000000, 0x5, 0x3e690dd2, 0x0, 0x49f, 0x8}, {0x9, 0x8, 0x7f, 0x400, 0x8, 0x8}, {0xfffffff6, 0x0, 0x2, 0x8, 0x1ff, 0x4}, {0xfffffff8, 0x6, 0xfffffffc, 0x7, 0x7, 0x1}, {0xc, 0x70c, 0xad8, 0x7, 0x355e7bd2, 0x7}, {0x5, 0x5, 0x1, 0xe3, 0x6ec, 0x3}, {0xff, 0x7, 0x66, 0xe, 0x9, 0x9}, {0x0, 0x0, 0x2, 0x1, 0x200, 0x8}, {0x32db, 0x1, 0x1, 0xffffffff, 0xe790, 0x9}, {0x2, 0x400, 0xfa, 0x9, 0x6, 0x1}, {0x7f, 0x1, 0x5, 0x8000, 0xffffffff, 0x8}, {0x1, 0xfff, 0x7f, 0x8000, 0xe, 0xc44}, {0x80000000, 0x9, 0x0, 0xf98, 0x9, 0x8}, {0x5, 0x1, 0x18, 0x0, 0x80000001, 0x9}, {0x0, 0x8, 0x3, 0x200, 0x5, 0x7}, {0x80000001, 0x2, 0x9, 0xc8, 0xfffffffc}, {0x5, 0x3b, 0x400, 0x4, 0x4, 0x3}, {0x7, 0x8, 0x1, 0x400, 0x9, 0x529}, {0x9, 0x16, 0x10001, 0x3, 0x1, 0xfffffffa}, {0x6, 0x74, 0xffffffff, 0x3, 0x1, 0x7ff}, {0x80000000, 0x9, 0x9, 0x0, 0x9}, {0xffffff97, 0xc, 0x9, 0x3, 0x1, 0x5}, {0xd, 0x4, 0xd, 0x3f, 0x2, 0x7}, {0xa, 0x4, 0x2, 0x3, 0x5}, {0x0, 0x283, 0x4, 0x6, 0x8, 0xee3}, {0x6, 0x7, 0x3, 0x0, 0x7f, 0x9}, {0x8, 0xe, 0x100, 0x8, 0x4, 0x5}, {0x1, 0xfffffffc, 0x2, 0x4, 0x100, 0x80000001}, {0x4, 0xffff, 0x2a, 0xf24d, 0xffff8001, 0x5}, {0xd6b, 0x7b8c3976, 0x1, 0x0, 0xf7d9, 0x1}, {0xae9, 0x6, 0xfffffffe, 0x6e53de2f, 0x4, 0xe2758a}, {0x7, 0x8, 0x4, 0x9, 0x8, 0x7fff}, {0xff, 0x1, 0x4, 0x8, 0x1, 0x9}, {0x0, 0x3, 0x8a, 0x6, 0x10, 0x5}, {0x2, 0xe24, 0x5, 0x96, 0x7, 0xd859}, {0x6, 0x6, 0x7, 0x400, 0xfff, 0x2}, {0x3, 0xb, 0x6f70, 0x3, 0xe, 0x6}, {0x0, 0x8, 0xdd1d8af, 0xd1e, 0x4dd, 0x6}, {0x9, 0x1, 0x9, 0x1000000, 0x4, 0x81}, {0xfffffffc, 0xad, 0x9, 0x7, 0x8000, 0x6}, {0x5, 0x6, 0x5, 0x2, 0x7f, 0x7}, {0x6, 0x6, 0xe79, 0x10f, 0x80, 0x3}, {0x9404, 0x4d, 0x8, 0xc63, 0x475, 0x9}, {0xc4c3, 0x4, 0x1, 0xfadc, 0x8, 0x5}, {0x4, 0x1, 0x3, 0x8, 0x10, 0xfffeffff}, {0x9, 0x5, 0x14, 0x1, 0x7, 0x1}, {0x5, 0xed40, 0x8000, 0x7cf, 0x10, 0xe}, {0x3, 0x0, 0x1c7b, 0x9fc3, 0x57c4, 0x800}, {0x5, 0xfffeffff, 0x4, 0x1, 0x0, 0x3}, {0x6, 0x9, 0x8, 0x3, 0x5, 0x7}, {0x6, 0x2, 0x4, 0x9, 0x7fff, 0x5}, {0xa, 0x8, 0x0, 0x9, 0xced, 0x80000000}, {0x7ff, 0x3, 0x6, 0x7fff, 0x9, 0xd}, {0x3, 0x5, 0xb, 0x8001, 0x9, 0x1}, {0x0, 0x2, 0x6, 0x2, 0x9, 0x8}, {0x0, 0x7, 0xae6ad9f, 0x9, 0x7, 0x6}, {0x6, 0x200, 0x81, 0xfffffff7, 0x6, 0x4}, {0x0, 0x4, 0x546, 0x6, 0x7, 0x1}, {0xad03, 0x81, 0x7, 0x5, 0x5, 0x9}, {0x4, 0xfff, 0x2, 0x3, 0x9, 0xd}, {0xe, 0x2d4, 0x5, 0x40, 0x1c7a3607, 0xcb2d}, {0x7, 0x9, 0x3, 0x2, 0x4, 0x7fffffff}, {0x0, 0x3, 0x3, 0x8, 0x6}, {0x91, 0x8, 0xfffffffc, 0x8, 0x10000, 0x1}, {0x9, 0x5, 0x8, 0x2, 0x7, 0x8d}, {0x4, 0xb, 0xfffff364, 0x4, 0x400, 0x4}, {0x81, 0x3, 0x1, 0x80000000, 0xbf1}, {0x8, 0x6, 0xd4, 0x1, 0x6, 0x1}, {0x3ff, 0x1, 0x1, 0x801, 0x800, 0xa4}, {0x8, 0x0, 0xfffffff7, 0xfffffffc, 0x4, 0xad5f}, {0x62, 0xe, 0x0, 0x7f7, 0x3, 0x3ff}, {0x100, 0xfffffff9, 0x5, 0xd, 0x84, 0xc20e}, {0xc, 0x6c, 0x2, 0x4, 0x7, 0xea}, {0x8, 0x0, 0x8, 0x0, 0xb2, 0x3}, {0x7, 0x3, 0xec, 0x5, 0x8, 0x1}, {0x8, 0x3000000, 0xffff, 0x81, 0xfffffff6, 0x9}, {0x1, 0xda, 0x5, 0x3, 0x6553, 0x4}, {0xfffffff9, 0x6, 0x7, 0x4, 0xa6, 0x50d8a0cf}], [{0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3}, {}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x5}, {0x3}, {}, {0x5, 0x1}, {0x3}, {0x4}, {0x0, 0x1}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {0x3}, {0x1}, {0x5}, {0x3, 0x1}, {0x2}, {0x6}, {0x5, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x5, 0x1}, {0x4}, {0x3}, {0x3}, {0x1}, {0x3}, {0x5, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {}, {}, {0x4, 0x1}, {0x1}, {0x3}, {0x3}, {0x2}, {0x4, 0x1}, {}, {0x5}, {0xbc772ccd0a61e388, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x2}, {0x0, 0x1}, {0x5}, {0x1, 0x1}, {0x5}, {0x4}, {}, {}, {}, {0x1}, {0x3}, {0x1}, {0x1, 0x1}, {}, {}, {0x2, 0x1}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2}, {0x3, 0x1}, {0x2}, {0x2}, {0x4}, {0x5}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x5}, {0x2}, {0x1, 0x1}, {0x3}, {0x1}, {0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x5}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x2, 0x1}, {}, {0x3, 0x1}, {0x2}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x5}, {}, {0x5, 0x1}, {0x5}, {}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x2}, {0x0, 0x1}, {}, {0x1}, {0x4}, {0x2, 0x1}, {0x3, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x5}}}}]}]}, 0xe68}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
get_mempolicy(&(0x7f00000001c0), &(0x7f0000000200), 0x481, &(0x7f000000d000/0x4000)=nil, 0x3)
r8 = socket(0xa, 0x5, 0x0)
listen(r8, 0x100)
sendmsg$inet_sctp(r8, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000a19d000000000000af000000"], 0x18, 0x8000}, 0x20000800)
r9 = dup(r7)
write$binfmt_script(r9, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000000c0)={0x3, 0x8000, 0x401, 0x7}, &(0x7f0000000100)=0x10)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
syz_clone3(&(0x7f0000000080)={0x2d008400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58)

kernel console output (not intermixed with test programs):

for 'group_id'
[  122.242259][ T6630] fuse: Bad value for 'group_id'
[  122.286753][   T30] audit: type=1326 audit(1764870206.319:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6624 comm="syz.4.168" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705d539 code=0x0
[  122.603241][ T6185] appleir 0003:05AC:8243.0006: unknown main item tag 0x0
[  122.621549][ T6185] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  123.315905][    T9] usb 4-1: new low-speed USB device number 8 using dummy_hcd
[  123.480327][    T9] usb 4-1: device descriptor read/64, error -71
[  123.701512][ T6652] netlink: 20 bytes leftover after parsing attributes in process `syz.0.173'.
[  123.736164][    T9] usb 4-1: new low-speed USB device number 9 using dummy_hcd
[  123.896657][    T9] usb 4-1: device descriptor read/64, error -71
[  123.948160][ T6647] netlink: 'syz.4.170': attribute type 10 has an invalid length.
[  124.064966][ T6647] wlan1: mtu less than device minimum
[  124.070603][ T6647] .`: (slave wlan1): Error -22 calling dev_set_mtu
[  124.080859][    T9] usb usb4-port1: attempt power cycle
[  124.186570][   T24] usb 3-1: reset high-speed USB device number 10 using dummy_hcd
[  124.426020][    T9] usb 4-1: new low-speed USB device number 10 using dummy_hcd
[  124.446346][    T9] usb 4-1: device descriptor read/8, error -71
[  124.696203][    T9] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  124.726597][    T9] usb 4-1: device descriptor read/8, error -71
[  124.973417][ T6663] FAULT_INJECTION: forcing a failure.
[  124.973417][ T6663] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  124.994858][    T9] usb usb4-port1: unable to enumerate USB device
[  124.997317][ T5926] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  125.023009][ T6663] CPU: 0 UID: 0 PID: 6663 Comm: syz.4.176 Not tainted syzkaller #0 PREEMPT(full) 
[  125.023036][ T6663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  125.023046][ T6663] Call Trace:
[  125.023053][ T6663]  <TASK>
[  125.023061][ T6663]  dump_stack_lvl+0x189/0x250
[  125.023085][ T6663]  ? __pfx____ratelimit+0x10/0x10
[  125.023107][ T6663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.023122][ T6663]  ? __pfx__printk+0x10/0x10
[  125.023142][ T6663]  ? __might_fault+0xb0/0x130
[  125.023172][ T6663]  should_fail_ex+0x414/0x560
[  125.023199][ T6663]  _copy_to_iter+0x404/0x1790
[  125.023235][ T6663]  ? __pfx__copy_to_iter+0x10/0x10
[  125.023259][ T6663]  ? fput+0xa0/0xd0
[  125.023273][ T6663]  ? __pfx_dma_buf_show_fdinfo+0x10/0x10
[  125.023294][ T6663]  ? seq_show+0x5bb/0x710
[  125.023318][ T6663]  seq_read_iter+0xbf5/0xe20
[  125.023356][ T6663]  seq_read+0x369/0x480
[  125.023384][ T6663]  ? __pfx_seq_read+0x10/0x10
[  125.023423][ T6663]  ? rw_verify_area+0x2a6/0x4d0
[  125.023442][ T6663]  ? __pfx_seq_read+0x10/0x10
[  125.023462][ T6663]  vfs_read+0x200/0xa30
[  125.023480][ T6663]  ? fdget_pos+0x247/0x320
[  125.023499][ T6663]  ? __pfx___mutex_lock+0x10/0x10
[  125.023516][ T6663]  ? __pfx_vfs_read+0x10/0x10
[  125.023537][ T6663]  ? __fget_files+0x2a/0x420
[  125.023556][ T6663]  ? __fget_files+0x3a0/0x420
[  125.023570][ T6663]  ? __fget_files+0x2a/0x420
[  125.023595][ T6663]  ksys_read+0x145/0x250
[  125.023616][ T6663]  ? __pfx_ksys_read+0x10/0x10
[  125.023635][ T6663]  ? __secure_computing+0xe2/0x2a0
[  125.023665][ T6663]  __do_fast_syscall_32+0x1f7/0x570
[  125.023683][ T6663]  ? rcu_is_watching+0x15/0xb0
[  125.023700][ T6663]  ? do_fast_syscall_32+0x34/0x80
[  125.023722][ T6663]  do_fast_syscall_32+0x34/0x80
[  125.023744][ T6663]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  125.023763][ T6663] RIP: 0023:0xf705d539
[  125.023778][ T6663] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  125.023792][ T6663] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  125.023809][ T6663] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001280
[  125.023820][ T6663] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  125.023830][ T6663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  125.023839][ T6663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  125.023848][ T6663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  125.023876][ T6663]  </TASK>
[  125.272730][    C0] vkms_vblank_simulate: vblank timer overrun
[  125.486010][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  125.493387][ T5926] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  125.510500][ T5926] usb 2-1: config 1 has an invalid interface descriptor of length 6, skipping
[  125.529257][ T5926] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.535134][ T6673] netlink: 'syz.2.177': attribute type 10 has an invalid length.
[  125.665894][ T5926] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  125.704235][ T5926] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  125.732218][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.754273][ T5926] usb 2-1: Product: syz
[  125.769798][ T5926] usb 2-1: Manufacturer: syz
[  125.781104][ T5926] usb 2-1: SerialNumber: syz
[  126.024711][ T5926] usb 2-1: 0:2 : does not exist
[  126.057121][ T5894] usb 3-1: USB disconnect, device number 10
[  126.130016][ T5926] usb 2-1: USB disconnect, device number 9
[  126.168159][ T5841] udevd[5841]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  126.385581][   T30] audit: type=1326 audit(1764870210.529:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.180" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x0
[  126.551215][ T6685] fuse: Bad value for 'fd'
[  126.655486][   T30] audit: type=1326 audit(1764870210.799:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.180" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f91539 code=0x0
[  126.838321][ T6693] netlink: 'syz.2.184': attribute type 10 has an invalid length.
[  126.966354][ T6693] wlan1: mtu less than device minimum
[  127.426661][   T30] audit: type=1804 audit(1764870211.229:12): pid=6703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.185" name="/newroot/42/bus" dev="tmpfs" ino=236 res=1 errno=0
[  127.485877][ T6693] .`: (slave wlan1): Error -22 calling dev_set_mtu
[  129.275858][ T6693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.184'.
[  129.547981][ T6698] .`: entered promiscuous mode
[  129.615990][ T6698] bond_slave_0: entered promiscuous mode
[  129.707498][ T6698] bond_slave_1: entered promiscuous mode
[  129.827304][ T6718] program syz.2.188 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  130.225851][ T5926] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  130.296543][ T5921] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  130.405481][ T5926] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  130.429567][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.444399][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.455859][ T5926] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  130.485443][ T5926] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  130.496599][ T5921] usb 1-1: unable to get BOS descriptor or descriptor too short
[  130.504533][ T5926] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  130.515901][ T5921] usb 1-1: not running at top speed; connect to a high speed hub
[  130.516053][ T5926] usb 2-1: Manufacturer: syz
[  130.544831][ T5921] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.546627][ T5926] usb 2-1: config 0 descriptor??
[  130.588515][ T6734] netlink: 'syz.3.192': attribute type 10 has an invalid length.
[  130.601357][ T5921] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  130.720191][ T5921] usb 1-1: string descriptor 0 read error: -22
[  130.726707][ T5921] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  130.885496][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.935530][ T5921] usb 1-1: 0:2 : does not exist
[  131.075485][ T5926] appleir 0003:05AC:8243.0007: unknown main item tag 0x0
[  131.097870][ T5926] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  132.083181][ T5921] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  132.106449][ T5921] usb 1-1: Warning! Unlikely big volume range (=23808), cval->res is probably wrong.
[  132.117060][ T5921] usb 1-1: [5] FU [Mic Capture Volume] ch = 1, val = -23808/0/1
[  132.130366][ T5921] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5)
[  132.152431][ T5921] usb 1-1: 5:0: failed to get current value for ch 1 (-22)
[  132.239985][ T5921] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5)
[  132.272624][ T5921] usb 1-1: USB disconnect, device number 6
[  132.526241][    T9] usb 2-1: reset high-speed USB device number 10 using dummy_hcd
[  132.929329][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  132.947096][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  133.977485][ T5887] usb 2-1: USB disconnect, device number 10
[  135.049139][ T6781] loop4: detected capacity change from 0 to 7
[  135.067699][ T5841]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[  135.098153][ T5841] loop4: p1 size 2037579776 extends beyond EOD, truncated
[  135.528242][ T5841] loop4: p2 start 4294901760 is beyond EOD, truncated
[  135.537543][ T5841] loop4: p3 start 4294836224 is beyond EOD, truncated
[  135.544328][ T5841] loop4: p4 size 327680 extends beyond EOD, truncated
[  135.556608][ T5841] loop4: p5 size 8323072 extends beyond EOD, truncated
[  135.567375][ T5841] loop4: p6 start 8192 is beyond EOD, truncated
[  135.589000][ T6782] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  135.659399][ T6787] netlink: 'syz.2.203': attribute type 10 has an invalid length.
[  135.725665][ T6781]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[  135.876956][ T6781] loop4: p1 size 2037579776 extends beyond EOD, truncated
[  135.943864][ T6781] loop4: p2 start 4294901760 is beyond EOD, truncated
[  135.964591][ T6792] netlink: 36 bytes leftover after parsing attributes in process `syz.3.205'.
[  136.052302][ T6781] loop4: p3 start 4294836224 is beyond EOD, truncated
[  136.059354][ T6781] loop4: p4 size 327680 extends beyond EOD, truncated
[  136.075342][ T6781] loop4: p5 size 8323072 extends beyond EOD, truncated
[  136.158134][ T6781] loop4: p6 start 8192 is beyond EOD, truncated
[  136.525160][ T5841] udevd[5841]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  136.705590][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  136.717672][ T6801] udevd[6801]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  136.729710][ T6792] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  136.772433][ T5851] udevd[5851]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory
[  136.786040][ T5841] udevd[5841]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  136.794461][ T6799] udevd[6799]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  137.838505][ T5926] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  138.081442][ T5926] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  138.123358][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.148026][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.169851][ T5926] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  138.294946][ T5926] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  138.330626][ T5926] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  138.361795][ T5926] usb 5-1: Manufacturer: syz
[  138.394143][ T5926] usb 5-1: config 0 descriptor??
[  138.877613][ T5926] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  138.920147][ T5926] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  139.508199][ T6844] netlink: 'syz.0.218': attribute type 10 has an invalid length.
[  140.236659][ T5926] usb 5-1: reset high-speed USB device number 6 using dummy_hcd
[  140.356023][ T6185] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  140.495859][ T6185] usb 4-1: device descriptor read/64, error -71
[  140.546439][  T181] usb 3-1: new low-speed USB device number 11 using dummy_hcd
[  140.708728][  T181] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  140.720565][  T181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D is Bulk; changing to Interrupt
[  140.736875][ T6185] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  140.753672][  T181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  140.782093][  T181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  140.797472][  T181] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  140.811137][  T181] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  140.823262][  T181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.842668][  T181] usb 3-1: config 0 descriptor??
[  140.852118][ T6853] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  140.866240][ T6860] netlink: 12 bytes leftover after parsing attributes in process `syz.1.223'.
[  140.876161][ T6185] usb 4-1: device descriptor read/64, error -71
[  141.006144][ T6185] usb usb4-port1: attempt power cycle
[  141.174379][  T181] usb 3-1: USB disconnect, device number 11
[  141.354205][ T6865] netdevsim netdevsim0 : renamed from netdevsim0 (while UP)
[  141.365991][ T6185] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  141.576590][ T6185] usb 4-1: device descriptor read/8, error -71
[  141.827076][ T6185] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  141.857232][ T6185] usb 4-1: device descriptor read/8, error -71
[  141.945970][ T5926] usb 5-1: device descriptor read/64, error -71
[  141.982592][ T6185] usb usb4-port1: unable to enumerate USB device
[  142.173105][ T6879] netlink: 'syz.2.228': attribute type 29 has an invalid length.
[  142.200411][ T5926] usb 5-1: reset high-speed USB device number 6 using dummy_hcd
[  142.375949][  T181] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  142.383584][ T5926] usb 5-1: device descriptor read/64, error -71
[  142.539274][  T181] usb 2-1: config 2 has an invalid interface number: 174 but max is 0
[  142.547940][  T181] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  142.558165][  T181] usb 2-1: config 2 has no interface number 0
[  142.575671][  T181] usb 2-1: config 2 interface 174 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  142.614883][  T181] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  142.624386][  T181] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.633580][  T181] usb 2-1: Product: syz
[  142.637833][ T5926] usb 5-1: reset high-speed USB device number 6 using dummy_hcd
[  142.646847][  T181] usb 2-1: Manufacturer: syz
[  142.651718][  T181] usb 2-1: SerialNumber: syz
[  142.682240][ T5926] usb 5-1: device descriptor read/8, error -71
[  142.925901][ T5926] usb 5-1: reset high-speed USB device number 6 using dummy_hcd
[  142.946771][ T5926] usb 5-1: device descriptor read/8, error -71
[  143.068392][   T24] usb 5-1: USB disconnect, device number 6
[  143.184515][ T6882] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  143.265896][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  143.273748][ T6885] usb usb8: usbfs: process 6885 (syz.3.230) did not claim interface 0 before use
[  143.406129][   T24] usb 5-1: device descriptor read/64, error -71
[  143.567295][ T6890] fuse: Bad value for 'user_id'
[  143.572255][ T6890] fuse: Bad value for 'user_id'
[  143.583888][ T6890] netlink: 68 bytes leftover after parsing attributes in process `syz.3.232'.
[  143.655896][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  143.805856][   T24] usb 5-1: device descriptor read/64, error -71
[  143.934183][   T24] usb usb5-port1: attempt power cycle
[  144.440569][   T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  144.448553][ T6185] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  144.501034][   T24] usb 5-1: device descriptor read/8, error -71
[  144.695454][ T6185] usb 3-1: Using ep0 maxpacket: 16
[  144.737443][ T6185] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  144.771732][ T6185] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  144.807237][ T6185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.825436][ T6185] usb 3-1: Product: syz
[  144.836424][ T6185] usb 3-1: Manufacturer: syz
[  144.847660][ T6185] usb 3-1: SerialNumber: syz
[  144.860854][ T6185] usb 3-1: config 0 descriptor??
[  145.026561][ T6185] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  145.036808][ T6185] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  145.588694][ T6185] em28xx 3-1:0.0: chip ID is em2874
[  146.021959][  T181] usb 2-1: probing VID:PID(0424:012C)   
[  146.032471][  T181] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  146.051562][  T181] vub300 2-1:2.174: probe with driver vub300 failed with error -22
[  146.082942][  T181] usb 2-1: USB disconnect, device number 11
[  146.223217][ T6913] fuse: Unknown parameter 'f%�d'
[  146.226429][ T6185] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  146.245920][ T6185] em28xx 3-1:0.0: board has no eeprom
[  146.273287][ T6911] fuse: Unknown parameter '�d'
[  146.625898][ T6185] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  146.633773][ T6185] em28xx 3-1:0.0: dvb set to bulk mode.
[  147.034847][ T6183] em28xx 3-1:0.0: Binding DVB extension
[  147.331043][ T6922] netlink: 'syz.2.234': attribute type 27 has an invalid length.
[  147.540094][ T6922] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.547896][ T6922] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.569959][ T6922] .`: left promiscuous mode
[  147.583869][ T6922] bond_slave_0: left promiscuous mode
[  147.606505][ T6922] bond_slave_1: left promiscuous mode
[  147.633567][ T6896] em28xx 3-1:0.0: writing to i2c device at 0xfffe failed (error=-5)
[  147.642252][ T6937] fuse: Bad value for 'user_id'
[  147.642272][ T6937] fuse: Bad value for 'user_id'
[  147.646547][ T6937] netlink: 68 bytes leftover after parsing attributes in process `syz.3.243'.
[  147.754060][ T6922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.771803][ T6922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.864357][ T6183] em28xx 3-1:0.0: Registering input extension
[  147.874496][ T6943] trusted_key: encrypted_key: master key parameter is missing
[  147.976230][ T6183] rc_core: IR keymap rc-pinnacle-pctv-hd not found
[  147.986976][ T6183] Registered IR keymap rc-empty
[  148.019717][ T6478] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.040162][ T6183] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  148.056571][ T6478] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.081017][   T36] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.088324][ T6183] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input7
[  148.099149][   T36] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.180574][ T6183] em28xx 3-1:0.0: Input extension successfully initialized
[  148.266398][ T6185] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  148.425942][ T6185] usb 2-1: Using ep0 maxpacket: 16
[  148.434096][ T6185] usb 2-1: config 1 interface 0 altsetting 61 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  148.445737][ T6185] usb 2-1: config 1 interface 0 altsetting 61 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  148.448356][ T6959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.250'.
[  148.460692][ T6185] usb 2-1: config 1 interface 0 has no altsetting 0
[  148.478945][ T6185] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.40
[  148.485882][  T181] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  148.489466][ T6185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.498078][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.4.250'.
[  148.513592][ T6185] usb 2-1: Product: syz
[  148.519559][ T6185] usb 2-1: Manufacturer: ¾
[  148.524888][ T6185] usb 2-1: SerialNumber: syz
[  148.666470][  T181] usb 4-1: Using ep0 maxpacket: 8
[  148.675847][  T181] usb 4-1: config 150 has an invalid interface number: 220 but max is 1
[  148.684457][  T181] usb 4-1: config 150 has an invalid interface number: 76 but max is 1
[  148.692823][  T181] usb 4-1: config 150 has no interface number 0
[  148.702507][  T181] usb 4-1: config 150 has no interface number 1
[  148.708892][  T181] usb 4-1: config 150 interface 220 has no altsetting 0
[  148.727618][  T181] usb 4-1: config 150 interface 76 has no altsetting 0
[  148.748433][  T181] usb 4-1: New USB device found, idVendor=0c45, idProduct=610a, bcdDevice=37.94
[  148.758518][  T181] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.768292][  T181] usb 4-1: Product: syz
[  148.773000][  T181] usb 4-1: Manufacturer: syz
[  148.778013][  T181] usb 4-1: SerialNumber: syz
[  148.940703][ T5894] usb 3-1: USB disconnect, device number 12
[  148.950116][ T6950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.962240][ T5894] em28xx 3-1:0.0: Disconnecting em28xx
[  148.968745][ T6950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.988760][ T5894] em28xx 3-1:0.0: Closing input extension
[  149.017603][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  149.095469][ T6185] usbhid 2-1:1.0: can't add hid device: -71
[  149.103145][ T5894] em28xx 3-1:0.0: Freeing device
[  149.124325][ T6185] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  149.168146][ T6185] usb 2-1: USB disconnect, device number 12
[  149.197050][    T9] usb 5-1: Using ep0 maxpacket: 16
[  149.210096][    T9] usb 5-1: config 3 has an invalid interface number: 144 but max is 0
[  149.228141][    T9] usb 5-1: config 3 has no interface number 0
[  149.247454][    T9] usb 5-1: New USB device found, idVendor=0421, idProduct=02d9, bcdDevice=5c.1b
[  149.257179][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.265297][    T9] usb 5-1: Product: syz
[  149.269801][    T9] usb 5-1: Manufacturer: syz
[  149.274415][    T9] usb 5-1: SerialNumber: syz
[  149.291271][    T9] usb 5-1: bad CDC descriptors
[  149.495276][  T181] usb 5-1: USB disconnect, device number 11
[  149.505865][ T6185] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  149.555895][ T5894] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  149.695869][ T6185] usb 2-1: Using ep0 maxpacket: 16
[  149.705881][ T5894] usb 3-1: Using ep0 maxpacket: 16
[  149.712027][ T6185] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  149.713544][ T5894] usb 3-1: config 0 has an invalid interface number: 68 but max is 0
[  149.722192][ T6185] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  149.724580][ T6185] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  149.732312][ T5894] usb 3-1: config 0 has no interface number 0
[  149.755867][ T6185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.765300][ T5894] usb 3-1: config 0 interface 68 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.774328][ T6185] usb 2-1: Product: syz
[  149.780720][ T6185] usb 2-1: Manufacturer: syz
[  149.785868][ T6185] usb 2-1: SerialNumber: syz
[  149.786428][ T5894] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  149.815915][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.823950][ T5894] usb 3-1: Product: syz
[  149.828193][ T5894] usb 3-1: Manufacturer: syz
[  149.832795][ T5894] usb 3-1: SerialNumber: syz
[  149.846199][ T5894] usb 3-1: config 0 descriptor??
[  149.901173][ T5894] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  150.000943][ T6185] usb 2-1: 0:2 : does not exist
[  150.041979][ T6185] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  150.103798][ T6185] usb 2-1: USB disconnect, device number 13
[  150.158591][ T6799] udevd[6799]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.183691][ T6971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.254'.
[  150.195862][ T6971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.254'.
[  150.208299][ T6971] netlink: 'syz.2.254': attribute type 11 has an invalid length.
[  150.226161][ T6971] netlink: 'syz.2.254': attribute type 14 has an invalid length.
[  150.268930][   T36] usb 3-1: Failed to submit usb control message: -71
[  150.276546][ T5894] usb 3-1: USB disconnect, device number 13
[  150.287882][   T36] usb 3-1: unable to send the bmi data to the device: -71
[  150.295430][   T36] usb 3-1: unable to get target info from device
[  150.302056][   T36] usb 3-1: could not get target info (-71)
[  150.309983][   T36] usb 3-1: could not probe fw (-71)
[  150.386991][   T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  150.547773][   T24] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  150.570118][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.599433][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.616884][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  150.642740][   T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  150.656153][   T24] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  150.664373][   T24] usb 5-1: Manufacturer: syz
[  150.673222][   T24] usb 5-1: config 0 descriptor??
[  150.689023][ T6991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.257'.
[  150.698230][ T6991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.257'.
[  150.757651][ T6993] fuse: Bad value for 'user_id'
[  150.762609][ T6993] fuse: Bad value for 'user_id'
[  150.775463][ T6993] netlink: 68 bytes leftover after parsing attributes in process `syz.1.258'.
[  151.093541][   T24] appleir 0003:05AC:8243.0009: unknown main item tag 0x0
[  151.119542][   T24] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  151.227722][ T6997] hub 1-0:1.0: USB hub found
[  151.235922][ T6997] hub 1-0:1.0: 1 port detected
[  151.825831][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  151.975919][    T9] usb 4-1: USB disconnect, device number 16
[  152.186918][   T24] usb 1-1: Using ep0 maxpacket: 32
[  152.226845][   T24] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  152.236966][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.244987][   T24] usb 1-1: Product: syz
[  152.249881][   T24] usb 1-1: Manufacturer: syz
[  152.254500][   T24] usb 1-1: SerialNumber: syz
[  152.262888][   T24] usb 1-1: config 0 descriptor??
[  152.273572][   T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  152.445867][ T5894] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[  153.979144][   T24] gspca_ov534_9: reg_w failed -71
[  153.989659][ T5920] usb 5-1: USB disconnect, device number 12
[  154.305823][   T24] gspca_ov534_9: Unknown sensor 0000
[  154.305915][   T24] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22
[  154.429036][   T24] usb 1-1: USB disconnect, device number 7
[  154.670590][ T7036] fuse: Bad value for 'user_id'
[  154.675614][ T7036] fuse: Bad value for 'user_id'
[  154.690292][ T7036] netlink: 68 bytes leftover after parsing attributes in process `syz.1.269'.
[  154.726189][ T7034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.268'.
[  154.874845][ T7034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.268'.
[  155.807053][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  155.974772][   T24] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  155.989942][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.005805][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.023083][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  156.044385][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  156.053639][   T24] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  156.061831][   T24] usb 3-1: Manufacturer: syz
[  156.076465][   T24] usb 3-1: config 0 descriptor??
[  156.491943][   T24] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  156.512208][   T24] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  156.875247][ T7083] fuse: Bad value for 'user_id'
[  156.883378][ T7083] fuse: Bad value for 'user_id'
[  156.903018][ T7083] netlink: 68 bytes leftover after parsing attributes in process `syz.4.281'.
[  157.166533][ T7087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.282'.
[  157.211199][ T7087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.282'.
[  157.585906][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  157.748684][   T24] usb 5-1: device descriptor read/64, error -71
[  157.817852][ T7097] fuse: Bad value for 'rootmode'
[  157.935867][ T5926] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[  157.948258][ T7090] fuse: Unknown parameter 'E���Qe��vx����]�$����L��'
[  158.035901][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  158.132545][ T7103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.290'.
[  158.196148][   T24] usb 5-1: device descriptor read/64, error -71
[  158.203900][ T7103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.290'.
[  158.306398][   T24] usb usb5-port1: attempt power cycle
[  158.487531][ T7112] fuse: Bad value for 'user_id'
[  158.492651][ T7112] fuse: Bad value for 'user_id'
[  158.527284][ T7112] netlink: 68 bytes leftover after parsing attributes in process `syz.3.294'.
[  158.539582][ T7110] netlink: 'syz.0.292': attribute type 29 has an invalid length.
[  158.666305][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  158.688366][   T24] usb 5-1: device descriptor read/8, error -71
[  158.701293][ T7109] fuse: Unknown parameter '�/�<'
[  158.935893][   T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  158.955954][ T5894] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  158.968761][   T24] usb 5-1: device descriptor read/8, error -71
[  159.096266][   T24] usb usb5-port1: unable to enumerate USB device
[  159.129329][ T5894] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  159.139550][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[  159.148421][ T5894] usb 4-1: Product: syz
[  159.153385][ T5894] usb 4-1: Manufacturer: syz
[  159.158104][ T5894] usb 4-1: SerialNumber: syz
[  159.178987][ T5894] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  159.206744][ T7125] netlink: 'syz.1.297': attribute type 4 has an invalid length.
[  159.215918][ T7125] netlink: 152 bytes leftover after parsing attributes in process `syz.1.297'.
[  159.306011][ T5926] usb 3-1: device descriptor read/64, error -71
[  159.545941][ T5926] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[  159.579447][ T5894] vp7045: USB control message 'in' went wrong.
[  159.587177][ T5894] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  159.599132][ T5894] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  159.685848][ T5926] usb 3-1: device descriptor read/64, error -71
[  159.790097][ T7115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.800064][ T7115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.862588][ T7127] netlink: 'syz.3.295': attribute type 1 has an invalid length.
[  159.922962][ T6185] usb 4-1: USB disconnect, device number 17
[  159.933792][ T5926] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[  159.976869][ T5926] usb 3-1: device descriptor read/8, error -71
[  160.009894][ T7129] fuse: Bad value for 'rootmode'
[  160.226059][ T5926] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[  160.246563][ T5926] usb 3-1: device descriptor read/8, error -71
[  160.358339][  T181] usb 3-1: USB disconnect, device number 14
[  160.581733][  T181] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  160.678694][ T7148] fuse: Bad value for 'user_id'
[  160.707124][ T7148] fuse: Bad value for 'user_id'
[  160.725916][  T181] usb 3-1: device descriptor read/64, error -71
[  160.742359][ T7148] netlink: 68 bytes leftover after parsing attributes in process `syz.4.305'.
[  160.936354][ T5894] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  160.966010][  T181] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  161.144512][ T7155] netlink: 'syz.4.308': attribute type 29 has an invalid length.
[  161.195866][ T6185] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  161.254832][ T5894] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  161.274705][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.295891][  T181] usb 3-1: device descriptor read/64, error -71
[  161.302522][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.407118][  T181] usb usb3-port1: attempt power cycle
[  161.438708][ T6185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.455850][ T5894] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  161.469126][ T6185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.484466][ T6185] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  161.498275][ T5894] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  161.506344][ T6185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.522889][ T5894] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  161.546787][ T5894] usb 4-1: Manufacturer: syz
[  161.548861][ T6185] usb 1-1: config 0 descriptor??
[  161.560129][ T5894] usb 4-1: config 0 descriptor??
[  161.779131][  T181] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  161.841822][  T181] usb 3-1: device descriptor read/8, error -71
[  161.982053][ T5894] appleir 0003:05AC:8243.000B: unknown main item tag 0x0
[  162.128469][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.182229][ T5894] appleir 0003:05AC:8243.000B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  162.222375][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.230722][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.237997][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.248827][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.257367][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.264376][ T6185] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  162.273431][ T6185] cp2112 0003:10C4:EA90.000C: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  162.329181][ T6185] cp2112 0003:10C4:EA90.000C: Part Number: 0x82 Device Version: 0xFE
[  162.938795][ T6185] cp2112 0003:10C4:EA90.000C: error reading lock byte: -71
[  163.020744][ T6185] usb 1-1: USB disconnect, device number 8
[  163.406253][  T181] usb 4-1: reset high-speed USB device number 18 using dummy_hcd
[  163.925858][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  164.092745][ T7185] netlink: 24 bytes leftover after parsing attributes in process `syz.4.317'.
[  164.106603][    T9] usb 1-1: Using ep0 maxpacket: 16
[  164.113827][    T9] usb 1-1: config 0 has an invalid interface number: 72 but max is 0
[  164.127152][ T7188] fuse: Unknown parameter ''
[  164.139670][    T9] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  164.156069][    T9] usb 1-1: config 0 has no interface number 0
[  164.162244][    T9] usb 1-1: config 0 interface 72 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 32
[  164.186562][    T9] usb 1-1: config 0 interface 72 has no altsetting 0
[  164.209281][    T9] usb 1-1: New USB device found, idVendor=1b3d, idProduct=010c, bcdDevice=e0.60
[  164.225995][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.285317][    T9] usb 1-1: Product: syz
[  164.352930][    T9] usb 1-1: Manufacturer: syz
[  164.357984][    T9] usb 1-1: SerialNumber: syz
[  164.415862][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  164.495865][    T9] usb 1-1: config 0 descriptor??
[  164.510190][ T7177] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  164.519859][    T9] ftdi_sio 1-1:0.72: FTDI USB Serial Device converter detected
[  164.707865][    T9] ftdi_sio ttyUSB0: unknown device type: 0xe060
[  164.710475][   T24] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  164.741462][ T5894] usb 1-1: USB disconnect, device number 9
[  164.750021][ T5894] ftdi_sio 1-1:0.72: device disconnected
[  164.762205][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.791927][   T24] usb 2-1: Product: syz
[  164.809199][   T24] usb 2-1: Manufacturer: syz
[  164.813984][   T24] usb 2-1: SerialNumber: syz
[  164.836437][   T24] usb 2-1: config 0 descriptor??
[  164.848723][ T5920] usb 4-1: USB disconnect, device number 18
[  166.556760][ T7221] hub 1-0:1.0: USB hub found
[  166.565898][ T7221] hub 1-0:1.0: 1 port detected
[  167.098284][ T7230] binder: 7225:7230 ioctl 40044591 0 returned -22
[  167.144513][ T7226] binder: 7225:7226 ioctl c0306201 80000040 returned -14
[  167.219662][   T30] audit: type=1326 audit(1764870251.369:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.3.328" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[  167.247577][   T24] usb-storage 2-1:0.0: USB Mass Storage device detected
[  167.293795][   T30] audit: type=1326 audit(1764870251.399:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.3.328" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708d539 code=0x7ffc0000
[  167.315565][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.396029][   T24] usb 2-1: USB disconnect, device number 14
[  168.012723][ T7254] sctp: [Deprecated]: syz.1.335 (pid 7254) Use of int in max_burst socket option deprecated.
[  168.012723][ T7254] Use struct sctp_assoc_value instead
[  168.673448][ T7252] netlink: 100 bytes leftover after parsing attributes in process `syz.3.334'.
[  169.547282][ T7277] loop9: detected capacity change from 0 to 7
[  169.558913][ T7274] veth1: entered promiscuous mode
[  169.564264][ T7274] vlan2: entered promiscuous mode
[  169.575968][ T6799] Dev loop9: unable to read RDB block 7
[  169.597753][ T6799]  loop9: unable to read partition table
[  169.609675][ T5894] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  169.644476][ T6799] loop9: partition table beyond EOD, truncated
[  169.676472][ T5894] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  169.756356][ T7277] Dev loop9: unable to read RDB block 7
[  169.793080][ T7277]  loop9: unable to read partition table
[  169.837697][ T7277] loop9: partition table beyond EOD, truncated
[  169.855520][ T7277] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  170.529099][ T7297] netlink: 'syz.3.345': attribute type 10 has an invalid length.
[  171.279109][ T7301] hub 1-0:1.0: USB hub found
[  171.285908][ T7301] hub 1-0:1.0: 1 port detected
[  171.577134][ T7305] syzkaller0: entered promiscuous mode
[  171.582672][ T7305] syzkaller0: entered allmulticast mode
[  171.846182][ T5887] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  172.031845][ T5887] usb 3-1: unable to read config index 0 descriptor/start: -71
[  172.075901][ T5887] usb 3-1: can't read configurations, error -71
[  173.265853][ T6183] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  173.379818][ T7332] FAULT_INJECTION: forcing a failure.
[  173.379818][ T7332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.445932][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz.0.354 Not tainted syzkaller #0 PREEMPT(full) 
[  173.445955][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  173.445965][ T7332] Call Trace:
[  173.445972][ T7332]  <TASK>
[  173.445979][ T7332]  dump_stack_lvl+0x189/0x250
[  173.446006][ T7332]  ? __pfx____ratelimit+0x10/0x10
[  173.446029][ T7332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.446045][ T7332]  ? __pfx__printk+0x10/0x10
[  173.446065][ T7332]  ? __might_fault+0xb0/0x130
[  173.446094][ T7332]  should_fail_ex+0x414/0x560
[  173.446119][ T7332]  _copy_from_user+0x2d/0xb0
[  173.446138][ T7332]  get_compat_msghdr+0xad/0x4a0
[  173.446163][ T7332]  ? __pfx_get_compat_msghdr+0x10/0x10
[  173.446183][ T7332]  ? rcu_is_watching+0x15/0xb0
[  173.446201][ T7332]  ? ___sys_recvmsg+0x1c4/0x510
[  173.446227][ T7332]  ___sys_recvmsg+0x17f/0x510
[  173.446251][ T7332]  ? __pfx____sys_recvmsg+0x10/0x10
[  173.446292][ T7332]  ? __fget_files+0x3a0/0x420
[  173.446318][ T7332]  do_recvmmsg+0x36a/0x770
[  173.446345][ T7332]  ? __pfx_do_recvmmsg+0x10/0x10
[  173.446376][ T7332]  ? __pfx_vfs_write+0x10/0x10
[  173.446411][ T7332]  __sys_recvmmsg+0x19d/0x280
[  173.446432][ T7332]  ? __pfx___sys_recvmmsg+0x10/0x10
[  173.446458][ T7332]  ? ksys_write+0x22a/0x250
[  173.446480][ T7332]  ? __pfx_ksys_write+0x10/0x10
[  173.446503][ T7332]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  173.446528][ T7332]  __do_fast_syscall_32+0x1f7/0x570
[  173.446547][ T7332]  ? rcu_is_watching+0x15/0xb0
[  173.446563][ T7332]  ? do_fast_syscall_32+0x34/0x80
[  173.446585][ T7332]  do_fast_syscall_32+0x34/0x80
[  173.446601][ T7332]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  173.446620][ T7332] RIP: 0023:0xf7f91539
[  173.446634][ T7332] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  173.446648][ T7332] RSP: 002b:00000000f546555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  173.446665][ T7332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  173.446677][ T7332] RDX: 000000000291962b RSI: 000000002e4b39ff RDI: 0000000000000000
[  173.446687][ T7332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  173.446696][ T7332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  173.446704][ T7332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  173.446729][ T7332]  </TASK>
[  173.688611][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.925876][ T5887] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  174.055849][ T5926] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  174.055859][ T5887] usb 3-1: device descriptor read/64, error -71
[  174.237464][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  174.451238][ T5887] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  174.451589][ T5926] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  174.476020][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.532563][ T5926] usb 2-1: config 0 descriptor??
[  174.543258][ T7335] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  174.607083][ T5887] usb 3-1: device descriptor read/64, error -71
[  174.795001][ T5887] usb usb3-port1: attempt power cycle
[  175.037784][ T5926] elan 0003:04F3:0755.000E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  175.167669][ T7361] hub 1-0:1.0: USB hub found
[  175.175949][ T7361] hub 1-0:1.0: 1 port detected
[  175.205906][ T5887] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  175.271679][ T5887] usb 3-1: device descriptor read/8, error -71
[  175.305073][ T5926] usb 2-1: USB disconnect, device number 15
[  175.517318][ T5887] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  175.551135][ T5887] usb 3-1: device descriptor read/8, error -71
[  175.669089][ T5887] usb usb3-port1: unable to enumerate USB device
[  176.061376][ T7383] fuse: Unknown parameter '0x000000000000000400000000000000000000003'
[  176.728562][ T7404] netlink: 28 bytes leftover after parsing attributes in process `syz.0.370'.
[  176.749404][ T7404] netlink: 28 bytes leftover after parsing attributes in process `syz.0.370'.
[  177.155899][ T6183] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  177.460204][ T7424] netlink: 'syz.0.372': attribute type 10 has an invalid length.
[  177.556009][ T6183] usb 3-1: Using ep0 maxpacket: 32
[  177.563101][ T6183] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  177.587948][ T6183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.620798][ T6183] usb 3-1: config 0 descriptor??
[  178.120736][ T7431] vcan0: tx drop: invalid sa for name 0x0000020000000000
[  178.574537][ T6183] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  178.575865][   T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  178.593323][ T6183] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  178.642836][ T6183] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  178.815831][   T24] usb 4-1: Using ep0 maxpacket: 8
[  178.857877][   T24] usb 4-1: config 0 interface 0 altsetting 108 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.857904][   T24] usb 4-1: config 0 interface 0 altsetting 108 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  178.857935][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  178.857966][   T24] usb 4-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  178.857983][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.859732][   T24] usb 4-1: config 0 descriptor??
[  179.269005][   T24] cypress 0003:04B4:0001.000F: unknown main item tag 0x2
[  179.276243][   T24] cypress 0003:04B4:0001.000F: item fetching failed at offset 8/164
[  179.291000][   T24] cypress 0003:04B4:0001.000F: parse failed
[  179.377651][ T7461] hub 1-0:1.0: USB hub found
[  179.386106][ T7461] hub 1-0:1.0: 1 port detected
[  179.851288][   T24] cypress 0003:04B4:0001.000F: probe with driver cypress failed with error -22
[  179.918902][   T24] usb 4-1: USB disconnect, device number 19
[  180.136085][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  180.201185][ T7476] fuse: Bad value for 'user_id'
[  180.209976][ T7476] fuse: Bad value for 'user_id'
[  180.221276][ T7476] netlink: 68 bytes leftover after parsing attributes in process `syz.1.381'.
[  180.318081][    T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  180.385902][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  180.416089][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.436782][    T9] usb 1-1: Product: syz
[  180.444471][    T9] usb 1-1: Manufacturer: syz
[  180.473716][    T9] usb 1-1: SerialNumber: syz
[  180.500669][ T7489] FAULT_INJECTION: forcing a failure.
[  180.500669][ T7489] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.546882][ T7489] CPU: 0 UID: 0 PID: 7489 Comm: syz.1.384 Not tainted syzkaller #0 PREEMPT(full) 
[  180.546925][ T7489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  180.546947][ T7489] Call Trace:
[  180.546961][ T7489]  <TASK>
[  180.546968][ T7489]  dump_stack_lvl+0x189/0x250
[  180.547001][ T7489]  ? __pfx____ratelimit+0x10/0x10
[  180.547024][ T7489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.547050][ T7489]  ? __pfx__printk+0x10/0x10
[  180.547070][ T7489]  ? __might_fault+0xb0/0x130
[  180.547098][ T7489]  should_fail_ex+0x414/0x560
[  180.547123][ T7489]  _copy_from_iter+0x1cd/0x1630
[  180.547148][ T7489]  ? __build_skb_around+0x22d/0x3c0
[  180.547178][ T7489]  ? __pfx__copy_from_iter+0x10/0x10
[  180.547197][ T7489]  ? __alloc_skb+0x2f1/0x430
[  180.547213][ T7489]  ? __pfx___alloc_skb+0x10/0x10
[  180.547232][ T7489]  ? netlink_sendmsg+0x642/0xb30
[  180.547250][ T7489]  ? skb_put+0x11b/0x210
[  180.547270][ T7489]  netlink_sendmsg+0x6b2/0xb30
[  180.547299][ T7489]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.547321][ T7489]  ? __import_iovec+0x5d4/0x7f0
[  180.547335][ T7489]  ? aa_sock_msg_perm+0xf1/0x1b0
[  180.547354][ T7489]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  180.547376][ T7489]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.547396][ T7489]  __sock_sendmsg+0x21c/0x270
[  180.547422][ T7489]  ____sys_sendmsg+0x505/0x820
[  180.547446][ T7489]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.547470][ T7489]  ? kstrtouint+0x6e/0xe0
[  180.547497][ T7489]  ___sys_sendmsg+0x21f/0x2a0
[  180.547518][ T7489]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.547541][ T7489]  ? rcu_read_lock_any_held+0xb3/0x120
[  180.547583][ T7489]  ? __fget_files+0x2a/0x420
[  180.547597][ T7489]  ? __fget_files+0x3a0/0x420
[  180.547620][ T7489]  __sys_sendmsg+0x164/0x220
[  180.547638][ T7489]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.547662][ T7489]  ? __pfx_ksys_write+0x10/0x10
[  180.547685][ T7489]  ? __do_fast_syscall_32+0xbe/0x570
[  180.547706][ T7489]  __do_fast_syscall_32+0x1f7/0x570
[  180.547722][ T7489]  ? rcu_is_watching+0x15/0xb0
[  180.547737][ T7489]  ? do_fast_syscall_32+0x34/0x80
[  180.547757][ T7489]  do_fast_syscall_32+0x34/0x80
[  180.547773][ T7489]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.547790][ T7489] RIP: 0023:0xf701d539
[  180.547812][ T7489] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  180.547826][ T7489] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  180.547849][ T7489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080006040
[  180.547860][ T7489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  180.547868][ T7489] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.547877][ T7489] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  180.547886][ T7489] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.547911][ T7489]  </TASK>
[  180.979696][ T7496] netlink: 'syz.1.386': attribute type 2 has an invalid length.
[  181.015907][ T5921] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  181.090250][ T5838] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1
[  181.098478][ T5838] Bluetooth: hci1: unexpected event for opcode 0x203e
[  181.139699][ T7505] netlink: 'syz.4.387': attribute type 29 has an invalid length.
[  181.160333][ T7505] netlink: 'syz.4.387': attribute type 29 has an invalid length.
[  181.165973][ T5921] usb 4-1: Using ep0 maxpacket: 16
[  181.175379][ T5921] usb 4-1: config 6 has an invalid interface number: 223 but max is 0
[  181.189660][ T5921] usb 4-1: config 6 has no interface number 0
[  181.195890][ T5921] usb 4-1: config 6 interface 223 has no altsetting 0
[  181.208705][ T5921] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=ba.fb
[  181.218374][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.226463][ T5921] usb 4-1: Product: syz
[  181.233613][ T5921] usb 4-1: Manufacturer: syz
[  181.250131][ T5921] usb 4-1: SerialNumber: syz
[  181.345911][ T5894] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  181.510106][ T7466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.518685][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  181.549597][ T5894] usb 2-1: config 1 interface 0 altsetting 129 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  181.582777][ T5921] hdpvr 4-1:6.223: Could not find bulk-in endpoint
[  181.591776][ T7466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.600815][ T5921] hdpvr 4-1:6.223: probe with driver hdpvr failed with error -12
[  181.608770][ T5894] usb 2-1: config 1 interface 0 has no altsetting 0
[  181.631581][ T5894] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0a31, bcdDevice= 0.40
[  181.658790][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.668403][ T5921] usb 4-1: USB disconnect, device number 20
[  181.705016][ T5894] usb 2-1: Manufacturer: х
[  181.729696][ T5894] usb 2-1: SerialNumber: င
[  181.851554][    T9] cdc_ncm 1-1:1.0: bind() failure
[  181.874393][    T9] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  181.888719][    T9] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  181.908491][    T9] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  181.949117][    T9] usb 1-1: USB disconnect, device number 10
[  182.146194][   T24] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  182.168176][ T7527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.391'.
[  182.177619][ T7527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.391'.
[  182.203172][ T7527] team0: entered promiscuous mode
[  182.208633][ T7527] team_slave_0: entered promiscuous mode
[  182.214633][ T7527] team_slave_1: entered promiscuous mode
[  182.222329][ T7527] .`: entered promiscuous mode
[  182.227294][ T7527] bond_slave_0: entered promiscuous mode
[  182.233277][ T7527] bond_slave_1: entered promiscuous mode
[  182.246734][ T7527] debugfs: 'hsr1' already exists in 'hsr'
[  182.252562][ T7527] Cannot create hsr debugfs directory
[  182.258702][ T7527] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network
[  182.269030][ T7527] hsr1: Slave B (.`) is not up; please bring it up to get a fully working HSR network
[  182.279378][ T7527] 8021q: adding VLAN 0 to HW filter on device hsr1
[  182.306304][   T24] usb 5-1: Using ep0 maxpacket: 32
[  182.339072][   T24] usb 5-1: config 0 has an invalid interface number: 109 but max is 0
[  182.352720][   T24] usb 5-1: config 0 has no interface number 0
[  182.369024][   T24] usb 5-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=72.1d
[  182.395830][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.407961][   T24] usb 5-1: Product: syz
[  182.412181][   T24] usb 5-1: Manufacturer: syz
[  182.435840][   T24] usb 5-1: SerialNumber: syz
[  182.451707][   T24] usb 5-1: config 0 descriptor??
[  182.536781][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.392'.
[  182.672085][ T7517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.389'.
[  182.696498][ T5894] usbhid 2-1:1.0: can't add hid device: -71
[  182.706438][ T5894] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  182.767420][ T5894] usb 2-1: USB disconnect, device number 16
[  183.279857][ T7517] vlan2: entered promiscuous mode
[  183.285026][ T7517] veth1: entered promiscuous mode
[  183.299614][ T7553] syzkaller0: entered promiscuous mode
[  183.299665][   T24] mdc800 5-1:0.109: probe fails -> wrong Interface
[  183.305105][ T7553] syzkaller0: entered allmulticast mode
[  183.361217][   T24] usb 5-1: USB disconnect, device number 18
[  183.434588][ T5887] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  183.629138][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  183.639480][ T5887] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  183.788282][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  183.800311][ T5887] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  183.815590][ T5887] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  183.825053][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.833482][ T5887] usb 1-1: Product: syz
[  183.838928][ T5887] usb 1-1: Manufacturer: syz
[  183.843654][ T5887] usb 1-1: SerialNumber: syz
[  183.858836][ T5887] usb 1-1: config 0 descriptor??
[  183.870782][ T5887] kvaser_usb 1-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0
[  183.885185][ T5887] kvaser_usb 1-1:0.0: error -EMSGSIZE: Failed to initialize card
[  183.906740][ T5887] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  184.045883][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  184.089245][ T5926] usb 1-1: USB disconnect, device number 11
[  184.195848][   T24] usb 4-1: Using ep0 maxpacket: 16
[  184.203174][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  184.299450][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  184.330236][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  184.343811][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.358996][   T24] usb 4-1: Product: syz
[  184.364652][   T24] usb 4-1: Manufacturer: syz
[  184.373942][   T24] usb 4-1: SerialNumber: syz
[  184.406237][ T7565] netlink: 'syz.1.400': attribute type 29 has an invalid length.
[  184.418112][ T7565] netlink: 'syz.1.400': attribute type 29 has an invalid length.
[  184.591087][   T24] usb 4-1: 0:2 : does not exist
[  184.603749][   T24] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  184.682618][   T24] usb 4-1: USB disconnect, device number 21
[  184.802397][ T6799] udevd[6799]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  185.246955][ T5838] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  185.256343][ T5838] Bluetooth: hci1: Injecting HCI hardware error event
[  185.264306][ T5838] Bluetooth: hci1: hardware error 0x00
[  186.105954][ T5921] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  186.275868][ T5921] usb 4-1: Using ep0 maxpacket: 16
[  186.386216][ T5921] usb 4-1: config 255 has an invalid interface number: 122 but max is 0
[  186.405869][ T5921] usb 4-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  186.405900][   T30] audit: type=1326 audit(1764870270.539:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.437947][ T5921] usb 4-1: config 255 has no interface number 0
[  186.438002][ T5921] usb 4-1: config 255 interface 122 altsetting 68 endpoint 0x5 has invalid maxpacket 1022, setting to 64
[  186.475387][   T30] audit: type=1326 audit(1764870270.539:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.475852][ T5887] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  186.522413][ T7595] netlink: 20 bytes leftover after parsing attributes in process `syz.1.410'.
[  186.531677][ T5921] usb 4-1: config 255 interface 122 altsetting 68 has an invalid descriptor for endpoint zero, skipping
[  186.546434][ T5921] usb 4-1: config 255 interface 122 altsetting 68 bulk endpoint 0x8 has invalid maxpacket 32
[  186.553180][   T30] audit: type=1326 audit(1764870270.539:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.579563][ T5921] usb 4-1: config 255 interface 122 altsetting 68 has an invalid descriptor for endpoint zero, skipping
[  186.596176][ T5921] usb 4-1: config 255 interface 122 has no altsetting 0
[  186.628875][   T30] audit: type=1326 audit(1764870270.539:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.700767][   T30] audit: type=1326 audit(1764870270.539:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.728449][   T30] audit: type=1326 audit(1764870270.539:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.750681][   T30] audit: type=1326 audit(1764870270.539:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.806338][ T5921] usb 4-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=2d.9c
[  186.808039][ T7599] fuse: Bad value for 'user_id'
[  186.815440][ T5921] usb 4-1: New USB device strings: Mfr=3, Product=2, SerialNumber=3
[  186.815465][ T5921] usb 4-1: Product: syz
[  186.815478][ T5921] usb 4-1: Manufacturer: syz
[  186.815490][ T5921] usb 4-1: SerialNumber: syz
[  186.824731][   T30] audit: type=1326 audit(1764870270.539:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  186.848307][ T5887] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc
[  186.899101][ T7599] fuse: Bad value for 'user_id'
[  187.027209][ T7574] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.036243][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.040220][ T7599] netlink: 68 bytes leftover after parsing attributes in process `syz.1.411'.
[  187.044283][ T5887] usb 5-1: Product: syz
[  187.098435][   T30] audit: type=1326 audit(1764870270.539:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  187.215287][   T30] audit: type=1326 audit(1764870270.539:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000
[  187.243695][ T5887] usb 5-1: Manufacturer: syz
[  187.259306][ T5887] usb 5-1: SerialNumber: syz
[  187.283853][ T5887] usb 5-1: config 0 descriptor??
[  187.301134][ T5887] cypress_m8 5-1:0.0: Nokia CA-42 V2 Adapter converter detected
[  187.308269][ T5838] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  187.435582][ T5887] nokiaca42v2 ttyUSB0: required endpoint is missing
[  187.541126][ T7608] vxcan1: entered promiscuous mode
[  187.577733][ T7583] syzkaller0: entered promiscuous mode
[  187.592371][ T7583] syzkaller0: entered allmulticast mode
[  187.981672][ T5887] usb 5-1: USB disconnect, device number 19
[  187.991868][ T5887] cypress_m8 5-1:0.0: device disconnected
[  188.617365][ T7625] netlink: 20 bytes leftover after parsing attributes in process `syz.4.419'.
[  188.661114][ T7625] FAULT_INJECTION: forcing a failure.
[  188.661114][ T7625] name failslab, interval 1, probability 0, space 0, times 0
[  188.689232][ T7625] CPU: 0 UID: 0 PID: 7625 Comm: syz.4.419 Not tainted syzkaller #0 PREEMPT(full) 
[  188.689261][ T7625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  188.689269][ T7625] Call Trace:
[  188.689273][ T7625]  <TASK>
[  188.689279][ T7625]  dump_stack_lvl+0x189/0x250
[  188.689294][ T7625]  ? __pfx____ratelimit+0x10/0x10
[  188.689309][ T7625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.689320][ T7625]  ? __pfx__printk+0x10/0x10
[  188.689335][ T7625]  ? __pfx___might_resched+0x10/0x10
[  188.689345][ T7625]  ? fs_reclaim_acquire+0x7d/0x100
[  188.689367][ T7625]  should_fail_ex+0x414/0x560
[  188.689383][ T7625]  should_failslab+0xa8/0x100
[  188.689399][ T7625]  __kvmalloc_node_noprof+0x158/0x910
[  188.689418][ T7625]  ? alloc_netdev_mqs+0xa4b/0x11b0
[  188.689439][ T7625]  alloc_netdev_mqs+0xa4b/0x11b0
[  188.689456][ T7625]  rtnl_create_link+0x31f/0xcf0
[  188.689473][ T7625]  rtnl_newlink_create+0x25c/0xb00
[  188.689492][ T7625]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  188.689512][ T7625]  ? __pfx___mutex_lock+0x10/0x10
[  188.689539][ T7625]  ? ns_capable+0x8a/0xf0
[  188.689557][ T7625]  rtnl_newlink+0x16e7/0x1c90
[  188.689588][ T7625]  ? __pfx_rtnl_newlink+0x10/0x10
[  188.689602][ T7625]  ? __do_fast_syscall_32+0x1f7/0x570
[  188.689617][ T7625]  ? do_fast_syscall_32+0x34/0x80
[  188.689631][ T7625]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.689684][ T7625]  ? kasan_quarantine_put+0xdd/0x220
[  188.689704][ T7625]  ? lockdep_hardirqs_on+0x98/0x140
[  188.689727][ T7625]  ? kmem_cache_free+0x197/0x620
[  188.689747][ T7625]  ? nlmon_xmit+0xb0/0x100
[  188.689777][ T7625]  ? __lock_acquire+0x6b6/0x2cf0
[  188.689797][ T7625]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  188.689818][ T7625]  ? __dev_queue_xmit+0x289/0x3140
[  188.689840][ T7625]  ? __dev_queue_xmit+0x289/0x3140
[  188.689859][ T7625]  ? __dev_queue_xmit+0x289/0x3140
[  188.689907][ T7625]  ? __pfx_rtnl_newlink+0x10/0x10
[  188.689925][ T7625]  rtnetlink_rcv_msg+0x7cf/0xb70
[  188.689947][ T7625]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  188.689964][ T7625]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  188.689979][ T7625]  ? ref_tracker_free+0x63a/0x7d0
[  188.690002][ T7625]  ? __asan_memcpy+0x40/0x70
[  188.690020][ T7625]  ? __pfx_ref_tracker_free+0x10/0x10
[  188.690041][ T7625]  ? __skb_clone+0x63/0x7a0
[  188.690070][ T7625]  netlink_rcv_skb+0x208/0x470
[  188.690092][ T7625]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  188.690111][ T7625]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  188.690140][ T7625]  ? netlink_deliver_tap+0x2e/0x1b0
[  188.690184][ T7625]  netlink_unicast+0x82f/0x9e0
[  188.690212][ T7625]  ? __pfx_netlink_unicast+0x10/0x10
[  188.690232][ T7625]  ? netlink_sendmsg+0x642/0xb30
[  188.690249][ T7625]  ? skb_put+0x11b/0x210
[  188.690269][ T7625]  netlink_sendmsg+0x805/0xb30
[  188.690298][ T7625]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.690321][ T7625]  ? __import_iovec+0x5d4/0x7f0
[  188.690336][ T7625]  ? aa_sock_msg_perm+0xf1/0x1b0
[  188.690355][ T7625]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  188.690377][ T7625]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.690395][ T7625]  __sock_sendmsg+0x21c/0x270
[  188.690420][ T7625]  ____sys_sendmsg+0x505/0x820
[  188.690446][ T7625]  ? __pfx_____sys_sendmsg+0x10/0x10
[  188.690471][ T7625]  ? kstrtouint+0x6e/0xe0
[  188.690500][ T7625]  ___sys_sendmsg+0x21f/0x2a0
[  188.690522][ T7625]  ? __pfx____sys_sendmsg+0x10/0x10
[  188.690549][ T7625]  ? rcu_read_lock_any_held+0xb3/0x120
[  188.690597][ T7625]  ? __fget_files+0x2a/0x420
[  188.690611][ T7625]  ? __fget_files+0x3a0/0x420
[  188.690636][ T7625]  __sys_sendmsg+0x164/0x220
[  188.690657][ T7625]  ? __pfx___sys_sendmsg+0x10/0x10
[  188.690685][ T7625]  ? __pfx_ksys_write+0x10/0x10
[  188.690710][ T7625]  ? __do_fast_syscall_32+0xbe/0x570
[  188.690732][ T7625]  __do_fast_syscall_32+0x1f7/0x570
[  188.690750][ T7625]  ? rcu_is_watching+0x15/0xb0
[  188.690767][ T7625]  ? do_fast_syscall_32+0x34/0x80
[  188.690790][ T7625]  do_fast_syscall_32+0x34/0x80
[  188.690807][ T7625]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.690827][ T7625] RIP: 0023:0xf705d539
[  188.690841][ T7625] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  188.690855][ T7625] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  188.690872][ T7625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  188.690883][ T7625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  188.690892][ T7625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.690901][ T7625] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  188.690911][ T7625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.690939][ T7625]  </TASK>
[  189.520058][ T5921] appletouch 4-1:255.122: Could not find int-in endpoint
[  189.527166][ T5921] appletouch 4-1:255.122: probe with driver appletouch failed with error -5
[  189.536931][ T5921] usbhid 4-1:255.122: couldn't find an input interrupt endpoint
[  189.552720][ T5921] usb 4-1: USB disconnect, device number 22
[  189.566329][ T7628] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  190.125880][ T5921] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  190.385888][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  190.395341][ T5921] usb 4-1: config 3 has an invalid interface number: 201 but max is 0
[  190.404044][ T5921] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  190.414526][ T5921] usb 4-1: config 3 has no interface number 0
[  190.421006][ T5921] usb 4-1: too many endpoints for config 3 interface 201 altsetting 255: 242, using maximum allowed: 30
[  190.468127][ T5921] usb 4-1: config 3 interface 201 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 242
[  190.503992][ T5921] usb 4-1: config 3 interface 201 has no altsetting 0
[  190.591906][ T5921] usb 4-1: New USB device found, idVendor=0b95, idProduct=178a, bcdDevice=b0.61
[  190.601020][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.615846][ T5921] usb 4-1: Product: syz
[  190.662921][ T5921] usb 4-1: Manufacturer: syz
[  190.718098][ T5921] usb 4-1: SerialNumber: syz
[  190.760727][ T5921] ax88179_178a 4-1:3.201: probe with driver ax88179_178a failed with error -22
[  190.965320][ T7638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.979171][ T7638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.122635][   T24] usb 4-1: USB disconnect, device number 23
[  191.216260][ T7662] fuse: Unknown parameter 'rOotmoDe'
[  191.227242][ T7662] netlink: 20 bytes leftover after parsing attributes in process `syz.1.430'.
[  191.427416][ T7669] fuse: Unknown parameter '0xffffffffffffffff'
[  191.441344][ T7669] fuse: Unknown parameter '0x000000000000000a��0xffffffffffffffffgrou�VB�}���
;���5vѠ9���*9�&��1����'
[  191.866282][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  192.025904][   T24] usb 1-1: Using ep0 maxpacket: 16
[  192.036734][   T24] usb 1-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  192.047083][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  192.099274][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  192.189288][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  192.210599][   T24] usb 1-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40
[  192.223037][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  192.231148][   T24] usb 1-1: SerialNumber: syz
[  192.240213][   T24] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  192.248234][   T24] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  192.254678][   T24] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  194.354543][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.360997][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  194.706637][ T5926] usb 1-1: USB disconnect, device number 12
[  194.714314][ T7707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.441'.
[  194.885041][ T7707] : entered promiscuous mode
[  195.626449][ T7713] can: request_module (can-proto-3) failed.
[  197.336239][ T7740] 
: renamed from bridge_slave_0 (while UP)
[  198.325909][ T5926] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  198.348850][ T7747] bond0: Removing last ns target with arp_interval on
[  198.397241][ T7751] netlink: 16 bytes leftover after parsing attributes in process `syz.3.452'.
[  198.505879][ T5926] usb 1-1: Using ep0 maxpacket: 32
[  198.513083][ T5926] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  198.555985][ T5926] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8224, setting to 1024
[  198.581297][ T5926] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  198.605862][ T5921] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  198.616149][ T5926] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  198.635825][ T5926] usb 1-1: Product: syz
[  198.635998][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  198.640014][ T5926] usb 1-1: Manufacturer: syz
[  198.680909][ T5926] hub 1-1:4.0: USB hub found
[  198.735910][ T5921] usb 4-1: device descriptor read/64, error -71
[  198.806014][    T9] usb 5-1: Using ep0 maxpacket: 32
[  198.815121][    T9] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  198.824663][    T9] usb 5-1: config 0 has no interface number 0
[  198.834078][    T9] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  198.843783][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.853003][    T9] usb 5-1: Product: syz
[  198.857637][    T9] usb 5-1: Manufacturer: syz
[  198.862244][    T9] usb 5-1: SerialNumber: syz
[  198.876166][    T9] usb 5-1: config 0 descriptor??
[  198.896173][    T9] smsc95xx v2.0.0
[  198.978208][ T5921] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  199.131910][ T5921] usb 4-1: device descriptor read/64, error -71
[  199.289542][ T5921] usb usb4-port1: attempt power cycle
[  199.299582][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  199.323344][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  199.655981][ T5921] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  199.706519][ T5921] usb 4-1: device descriptor read/8, error -71
[  199.946830][ T5921] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  199.976694][ T5921] usb 4-1: device descriptor read/8, error -71
[  200.087178][ T5921] usb usb4-port1: unable to enumerate USB device
[  201.049169][ T5926] hub 1-1:4.0: config failed, can't read hub descriptor (err -22)
[  201.090920][ T5926] usb 1-1: USB disconnect, device number 13
[  201.357270][ T7771] netlink: 'syz.1.459': attribute type 29 has an invalid length.
[  201.486078][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  201.486112][   T30] audit: type=1400 audit(1764870285.629:34): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7768 comm="syz.0.458"
[  202.348434][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000008: -71
[  202.363685][    T9] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  202.546031][    T9] usb 5-1: USB disconnect, device number 20
[  202.559792][ T7790] FAULT_INJECTION: forcing a failure.
[  202.559792][ T7790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.688444][ T7790] CPU: 1 UID: 0 PID: 7790 Comm: syz.1.464 Not tainted syzkaller #0 PREEMPT(full) 
[  202.688461][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  202.688468][ T7790] Call Trace:
[  202.688472][ T7790]  <TASK>
[  202.688478][ T7790]  dump_stack_lvl+0x189/0x250
[  202.688494][ T7790]  ? __pfx____ratelimit+0x10/0x10
[  202.688509][ T7790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.688519][ T7790]  ? __pfx__printk+0x10/0x10
[  202.688532][ T7790]  ? __might_fault+0xb0/0x130
[  202.688550][ T7790]  should_fail_ex+0x414/0x560
[  202.688566][ T7790]  _copy_from_user+0x2d/0xb0
[  202.688576][ T7790]  get_compat_msghdr+0xad/0x4a0
[  202.688589][ T7790]  ? __lock_acquire+0x6b6/0x2cf0
[  202.688600][ T7790]  ? __pfx_get_compat_msghdr+0x10/0x10
[  202.688613][ T7790]  ? __lock_acquire+0x6b6/0x2cf0
[  202.688625][ T7790]  ___sys_recvmsg+0x17f/0x510
[  202.688640][ T7790]  ? __pfx____sys_recvmsg+0x10/0x10
[  202.688650][ T7790]  ? __might_fault+0xb0/0x130
[  202.688673][ T7790]  ? __fget_files+0x3a0/0x420
[  202.688688][ T7790]  __sys_recvmsg+0x161/0x220
[  202.688700][ T7790]  ? __pfx___sys_recvmsg+0x10/0x10
[  202.688716][ T7790]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  202.688734][ T7790]  ? do_int80_emulation+0xec/0x410
[  202.688745][ T7790]  ? asm_int80_emulation+0x1a/0x20
[  202.688754][ T7790]  do_int80_emulation+0x126/0x410
[  202.688764][ T7790]  ? clear_bhb_loop+0x60/0xb0
[  202.688772][ T7790]  ? clear_bhb_loop+0x60/0xb0
[  202.688783][ T7790]  asm_int80_emulation+0x1a/0x20
[  202.688792][ T7790] RIP: 0023:0xf701d539
[  202.688801][ T7790] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  202.688810][ T7790] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000174
[  202.688821][ T7790] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  202.688828][ T7790] RDX: 0000000000000123 RSI: 0000000000000000 RDI: 0000000000000000
[  202.688833][ T7790] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  202.688839][ T7790] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  202.688844][ T7790] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.688858][ T7790]  </TASK>
[  203.122784][ T7792] FAULT_INJECTION: forcing a failure.
[  203.122784][ T7792] name failslab, interval 1, probability 0, space 0, times 0
[  203.235922][ T7792] CPU: 0 UID: 0 PID: 7792 Comm: syz.2.465 Not tainted syzkaller #0 PREEMPT(full) 
[  203.235947][ T7792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  203.235958][ T7792] Call Trace:
[  203.235964][ T7792]  <TASK>
[  203.235972][ T7792]  dump_stack_lvl+0x189/0x250
[  203.235996][ T7792]  ? __pfx____ratelimit+0x10/0x10
[  203.236023][ T7792]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.236039][ T7792]  ? __pfx__printk+0x10/0x10
[  203.236059][ T7792]  ? __pfx___might_resched+0x10/0x10
[  203.236075][ T7792]  ? fs_reclaim_acquire+0x7d/0x100
[  203.236101][ T7792]  should_fail_ex+0x414/0x560
[  203.236128][ T7792]  should_failslab+0xa8/0x100
[  203.236153][ T7792]  kmem_cache_alloc_node_noprof+0x77/0x710
[  203.236174][ T7792]  ? __alloc_skb+0x255/0x430
[  203.236191][ T7792]  ? napi_skb_cache_get+0x4a5/0x780
[  203.236206][ T7792]  ? napi_skb_cache_get+0x151/0x780
[  203.236227][ T7792]  __alloc_skb+0x255/0x430
[  203.236246][ T7792]  ? __pfx___alloc_skb+0x10/0x10
[  203.236265][ T7792]  ? netlink_autobind+0xdb/0x300
[  203.236283][ T7792]  ? netlink_autobind+0x2c2/0x300
[  203.236308][ T7792]  netlink_sendmsg+0x5c6/0xb30
[  203.236338][ T7792]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.236360][ T7792]  ? __import_iovec+0x5d4/0x7f0
[  203.236375][ T7792]  ? aa_sock_msg_perm+0xf1/0x1b0
[  203.236396][ T7792]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  203.236416][ T7792]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.236437][ T7792]  __sock_sendmsg+0x21c/0x270
[  203.236462][ T7792]  ____sys_sendmsg+0x505/0x820
[  203.236487][ T7792]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.236511][ T7792]  ? kstrtouint+0x6e/0xe0
[  203.236539][ T7792]  ___sys_sendmsg+0x21f/0x2a0
[  203.236561][ T7792]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.236587][ T7792]  ? rcu_read_lock_any_held+0xb3/0x120
[  203.236632][ T7792]  ? __fget_files+0x2a/0x420
[  203.236647][ T7792]  ? __fget_files+0x3a0/0x420
[  203.236670][ T7792]  __sys_sendmsg+0x164/0x220
[  203.236690][ T7792]  ? __pfx___sys_sendmsg+0x10/0x10
[  203.236714][ T7792]  ? __pfx_ksys_write+0x10/0x10
[  203.236738][ T7792]  ? __do_fast_syscall_32+0xbe/0x570
[  203.236760][ T7792]  __do_fast_syscall_32+0x1f7/0x570
[  203.236777][ T7792]  ? rcu_is_watching+0x15/0xb0
[  203.236793][ T7792]  ? do_fast_syscall_32+0x34/0x80
[  203.236813][ T7792]  do_fast_syscall_32+0x34/0x80
[  203.236830][ T7792]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  203.236852][ T7792] RIP: 0023:0xf703d539
[  203.236868][ T7792] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  203.236882][ T7792] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  203.236900][ T7792] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  203.236911][ T7792] RDX: 0000000020008800 RSI: 0000000000000000 RDI: 0000000000000000
[  203.236922][ T7792] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  203.236931][ T7792] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  203.236941][ T7792] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  203.236967][ T7792]  </TASK>
[  203.905898][ T5894] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  203.935891][ T6185] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  204.073329][ T7812] tap0: tun_chr_ioctl cmd 1074025677
[  204.079523][ T7812] tap0: linktype set to 270
[  204.097107][ T5894] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  204.110427][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  204.121430][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  204.131458][ T5894] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  204.146441][ T6185] usb 1-1: config 0 has an invalid interface number: 63 but max is 0
[  204.147377][ T5894] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  204.154721][ T6185] usb 1-1: config 0 has no interface number 0
[  204.187283][ T6185] usb 1-1: New USB device found, idVendor=093a, idProduct=2463, bcdDevice=db.44
[  204.206891][ T5894] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  204.257189][ T5894] usb 5-1: Manufacturer: syz
[  204.263572][ T6185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.280970][ T5894] usb 5-1: config 0 descriptor??
[  204.307783][ T6185] usb 1-1: config 0 descriptor??
[  204.505896][   T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  204.525599][ T6185] usb 1-1: string descriptor 0 read error: -71
[  204.539567][ T6185] gspca_main: pac207-2.14.0 probing 093a:2463
[  204.551938][ T6185] gspca_pac207: Failed to read a register (index 0x0000, error -71)
[  204.673042][   T24] usb 2-1: config index 0 descriptor too short (expected 30768, got 18)
[  204.692168][ T6185] usb 1-1: USB disconnect, device number 14
[  204.693564][ T5894] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  204.705600][   T24] usb 2-1: config 48 has too many interfaces: 48, using maximum allowed: 32
[  204.724831][   T24] usb 2-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config
[  204.748199][   T24] usb 2-1: config 48 has 0 interfaces, different from the descriptor's value: 48
[  204.759199][ T5894] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  204.792620][   T24] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  204.838981][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.859216][   T24] usb 2-1: Product: syz
[  204.884178][   T24] usb 2-1: Manufacturer: syz
[  204.896343][   T24] usb 2-1: SerialNumber: syz
[  205.327908][ T7823] fuse: Bad value for 'user_id'
[  205.332997][ T7823] fuse: Bad value for 'user_id'
[  205.347985][ T7823] netlink: 68 bytes leftover after parsing attributes in process `syz.0.475'.
[  205.734552][ T7835] netlink: 'syz.0.480': attribute type 29 has an invalid length.
[  206.301844][ T7842] netlink: 'syz.0.482': attribute type 21 has an invalid length.
[  206.309854][ T7842] netlink: 156 bytes leftover after parsing attributes in process `syz.0.482'.
[  206.338365][ T5894] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  206.495832][ T5894] usb 4-1: Using ep0 maxpacket: 8
[  206.509608][ T5894] usb 4-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  206.529994][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.544651][ T5894] usb 4-1: Product: syz
[  206.552225][ T5894] usb 4-1: Manufacturer: syz
[  206.560596][ T5894] usb 4-1: SerialNumber: syz
[  206.791465][ T7844] netlink: 44 bytes leftover after parsing attributes in process `syz.4.483'.
[  206.967630][ T1215] usb 5-1: USB disconnect, device number 21
[  207.154509][   T24] usb 2-1: USB disconnect, device number 17
[  207.565045][ T7858] fuse: Bad value for 'user_id'
[  207.570230][ T7858] fuse: Bad value for 'user_id'
[  207.582430][ T7858] netlink: 68 bytes leftover after parsing attributes in process `syz.1.487'.
[  208.178229][ T5894] mxuport 4-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  208.188457][ T5894] mxuport 4-1:254.0: probe with driver mxuport failed with error -5
[  208.215395][ T5894] usb 4-1: USB disconnect, device number 28
[  208.225951][  T181] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  208.382223][  T181] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.401150][  T181] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.427950][  T181] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  208.446197][  T181] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.467103][  T181] usb 2-1: config 0 descriptor??
[  208.489296][   T30] audit: type=1326 audit(1764870292.639:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7876 comm="syz.4.494" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705d539 code=0x0
[  208.621575][ T7882] sock: sock_timestamping_bind_phc: sock not bind to device
[  208.855480][ T7873] netlink: 'syz.3.492': attribute type 29 has an invalid length.
[  208.895723][  T181] cm6533_jd 0003:0D8C:0022.0011: unknown global tag 0xe
[  208.897970][  T181] cm6533_jd 0003:0D8C:0022.0011: item 0 2 1 14 parsing failed
[  208.900496][  T181] cm6533_jd 0003:0D8C:0022.0011: parse failed
[  208.944937][  T181] cm6533_jd 0003:0D8C:0022.0011: probe with driver cm6533_jd failed with error -22
[  209.689749][ T7922] dummy0: entered promiscuous mode
[  209.716086][ T7922] vlan3: entered promiscuous mode
[  209.906151][  T181] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  209.945508][ T7934] netlink: 'syz.2.501': attribute type 4 has an invalid length.
[  209.953473][ T7934] netlink: 152 bytes leftover after parsing attributes in process `syz.2.501'.
[  210.427452][ T7935] binder: BINDER_SET_CONTEXT_MGR already set
[  210.434251][ T7935] binder: 7932:7935 ioctl 4018620d 80000040 returned -16
[  210.456049][  T181] usb 4-1: Using ep0 maxpacket: 32
[  210.464041][  T181] usb 4-1: unable to get BOS descriptor or descriptor too short
[  210.504829][  T181] usb 4-1: config 120 has an invalid interface number: 58 but max is 0
[  210.513644][  T181] usb 4-1: config 120 has an invalid descriptor of length 165, skipping remainder of the config
[  210.524624][  T181] usb 4-1: config 120 has no interface number 0
[  210.531964][  T181] usb 4-1: config 120 interface 58 altsetting 0 endpoint 0x3 has an invalid bInterval 167, changing to 7
[  210.546339][  T181] usb 4-1: config 120 interface 58 altsetting 0 endpoint 0x3 has invalid maxpacket 16901, setting to 1024
[  210.567497][  T181] usb 4-1: New USB device found, idVendor=0421, idProduct=007b, bcdDevice=6e.b5
[  210.580201][  T181] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.592034][  T181] usb 4-1: Product: syz
[  210.598317][  T181] usb 4-1: Manufacturer: syz
[  210.605013][  T181] usb 4-1: SerialNumber: syz
[  210.831167][  T181] usb 4-1: bad CDC descriptors
[  210.843983][  T181] cdc_acm 4-1:120.58: Zero length descriptor references
[  210.861594][  T181] cdc_acm 4-1:120.58: probe with driver cdc_acm failed with error -22
[  210.907468][  T181] usb 4-1: USB disconnect, device number 29
[  210.998604][ T5894] usb 2-1: USB disconnect, device number 18
[  211.229327][ T7946] netlink: 'syz.2.506': attribute type 2 has an invalid length.
[  211.240228][ T7946] netlink: 16174 bytes leftover after parsing attributes in process `syz.2.506'.
[  211.365870][ T7817] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  212.137944][ T7817] usb 5-1: config 16 has an invalid descriptor of length 204, skipping remainder of the config
[  212.148507][ T7817] usb 5-1: too many endpoints for config 16 interface 0 altsetting 168: 38, using maximum allowed: 30
[  212.328858][ T7817] usb 5-1: config 16 interface 0 altsetting 168 has 0 endpoint descriptors, different from the interface descriptor's value: 38
[  212.384480][ T7817] usb 5-1: config 16 interface 0 has no altsetting 0
[  212.414086][ T7817] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  212.430868][ T7817] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.880852][ T7962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.910207][ T7962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.978378][ T7817] usb 5-1: string descriptor 0 read error: -71
[  212.998223][ T7817] usb 5-1: USB disconnect, device number 22
[  214.301421][  T181] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  214.485860][  T181] usb 5-1: Using ep0 maxpacket: 32
[  214.573905][  T181] usb 5-1: config 251 has an invalid interface number: 19 but max is 1
[  214.584407][  T181] usb 5-1: config 251 has an invalid interface number: 217 but max is 1
[  214.702217][  T181] usb 5-1: config 251 has no interface number 0
[  214.716499][  T181] usb 5-1: config 251 has no interface number 1
[  214.722989][  T181] usb 5-1: config 251 interface 19 has no altsetting 0
[  214.749176][  T181] usb 5-1: config 251 interface 217 has no altsetting 0
[  215.358647][  T181] usb 5-1: New USB device found, idVendor=12d1, idProduct=c4a9, bcdDevice=bd.40
[  215.372788][  T181] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.383519][  T181] usb 5-1: Product: syz
[  215.399672][  T181] usb 5-1: Manufacturer: syz
[  215.562650][  T181] usb 5-1: SerialNumber: syz
[  215.895739][ T8004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.905597][ T8004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.977059][ T8004] pimreg: entered allmulticast mode
[  215.983800][ T8004] pimreg: left allmulticast mode
[  216.134818][ T8005] netlink: 20 bytes leftover after parsing attributes in process `syz.3.522'.
[  216.330175][ T8012] program syz.3.525 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  216.381758][ T8012] : renamed from veth0_to_bond (while UP)
[  217.323185][  T181] option 5-1:251.19: GSM modem (1-port) converter detected
[  217.359945][  T181] uvcvideo 5-1:251.217: Found Unit with invalid ID 0
[  217.396719][  T181] uvcvideo 5-1:251.217: Found UVC 252.03 device syz (12d1:c4a9)
[  217.433785][  T181] uvcvideo 5-1:251.217: No valid video chain found.
[  217.453709][  T181] usb 5-1: USB disconnect, device number 23
[  217.482207][  T181] option 5-1:251.19: device disconnected
[  218.056342][ T7817] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  218.221398][ T7817] usb 5-1: config 7 descriptor has 1 excess byte, ignoring
[  218.229030][ T7817] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2
[  218.249626][ T7817] usb 5-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84
[  218.271143][ T7817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.294210][ T7817] usb 5-1: Product: syz
[  218.311860][ T7817] usb 5-1: Manufacturer: syz
[  218.322249][ T7817] usb 5-1: SerialNumber: syz
[  218.361924][ T7817] rndis_host 5-1:7.0: skipping garbage
[  218.370800][ T7817] usb 5-1: bad CDC descriptors
[  218.392147][ T7817] option 5-1:7.0: GSM modem (1-port) converter detected
[  218.564097][ T8035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.564955][ T8048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.534'.
[  218.574511][ T8035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.582848][ T8048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.534'.
[  218.600515][ T8049] random: crng reseeded on system resumption
[  218.611267][ T8048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.620288][ T8048] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.641504][ T7817] usb 5-1: USB disconnect, device number 24
[  218.648823][ T7817] option 5-1:7.0: device disconnected
[  218.891962][ T8061] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  218.900357][ T8061] syzkaller0: entered promiscuous mode
[  218.906230][ T8061] syzkaller0: entered allmulticast mode
[  218.928285][ T8061] tipc: Resetting bearer <eth:syzkaller0>
[  218.938213][ T8060] tipc: Resetting bearer <eth:syzkaller0>
[  218.954405][ T8060] tipc: Disabling bearer <eth:syzkaller0>
[  219.105874][ T1215] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  219.255905][ T1215] usb 2-1: Using ep0 maxpacket: 32
[  219.279179][ T1215] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  219.308694][ T1215] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.339309][ T1215] usb 2-1: Product: syz
[  219.343527][ T1215] usb 2-1: Manufacturer: syz
[  219.365467][ T1215] usb 2-1: SerialNumber: syz
[  219.386465][ T1215] usb 2-1: config 0 descriptor??
[  219.399788][ T1215] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  219.448545][ T8063] netlink: 'syz.4.540': attribute type 29 has an invalid length.
[  219.618112][ T8072] fuse: Unknown parameter 'group�	_id'
[  219.632277][ T8072] netlink: 'syz.4.544': attribute type 11 has an invalid length.
[  220.008056][ T1215] gspca_stk1135: reg_w 0x3 err -71
[  220.057667][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.070084][ T1215] gspca_stk1135: Sensor write failed
[  220.075419][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.137714][ T1215] gspca_stk1135: Sensor write failed
[  220.146086][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.154352][ T8085] netlink: 'syz.0.548': attribute type 21 has an invalid length.
[  220.200312][ T1215] gspca_stk1135: Sensor read failed
[  220.205569][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.212084][ T1215] gspca_stk1135: Sensor read failed
[  220.228162][ T1215] gspca_stk1135: Detected sensor type unknown (0x0)
[  220.237502][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.243840][ T1215] gspca_stk1135: Sensor read failed
[  220.249304][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.256532][ T1215] gspca_stk1135: Sensor read failed
[  220.261769][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.268929][ T1215] gspca_stk1135: Sensor write failed
[  220.276557][ T1215] gspca_stk1135: serial bus timeout: status=0x00
[  220.288641][ T1215] gspca_stk1135: Sensor write failed
[  220.294074][ T1215] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  220.307602][ T1215] usb 2-1: USB disconnect, device number 19
[  221.428955][   T48] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  221.626886][   T48] usb 2-1: Using ep0 maxpacket: 16
[  221.641285][   T48] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  221.650847][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.835830][   T48] usb 2-1: Product: syz
[  221.840156][   T48] usb 2-1: Manufacturer: syz
[  221.844759][   T48] usb 2-1: SerialNumber: syz
[  221.867306][   T48] r8152-cfgselector 2-1: Unknown version 0x0000
[  221.910324][   T48] r8152-cfgselector 2-1: config 0 descriptor??
[  222.125238][ T8106] netlink: 'syz.3.554': attribute type 29 has an invalid length.
[  222.323700][ T8112] mmap: syz.4.556 (8112) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  222.477896][ T8114] FAULT_INJECTION: forcing a failure.
[  222.477896][ T8114] name failslab, interval 1, probability 0, space 0, times 0
[  222.516283][ T8114] CPU: 1 UID: 0 PID: 8114 Comm: syz.3.557 Not tainted syzkaller #0 PREEMPT(full) 
[  222.516308][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  222.516319][ T8114] Call Trace:
[  222.516326][ T8114]  <TASK>
[  222.516333][ T8114]  dump_stack_lvl+0x189/0x250
[  222.516357][ T8114]  ? __pfx____ratelimit+0x10/0x10
[  222.516389][ T8114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.516407][ T8114]  ? __pfx__printk+0x10/0x10
[  222.516434][ T8114]  ? __pfx___might_resched+0x10/0x10
[  222.516450][ T8114]  ? fs_reclaim_acquire+0x7d/0x100
[  222.516476][ T8114]  should_fail_ex+0x414/0x560
[  222.516503][ T8114]  should_failslab+0xa8/0x100
[  222.516527][ T8114]  __kmalloc_noprof+0xcb/0x800
[  222.516547][ T8114]  ? sock_kmalloc+0xd6/0x160
[  222.516573][ T8114]  sock_kmalloc+0xd6/0x160
[  222.516601][ T8114]  skcipher_recvmsg+0x571/0x11d0
[  222.516636][ T8114]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  222.516655][ T8114]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  222.516675][ T8114]  ? security_socket_recvmsg+0x7e/0x2e0
[  222.516696][ T8114]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  222.516711][ T8114]  sock_recvmsg+0x22c/0x270
[  222.516737][ T8114]  ____sys_recvmsg+0x1c9/0x460
[  222.516766][ T8114]  ? __pfx_____sys_recvmsg+0x10/0x10
[  222.516783][ T8114]  ? get_compat_msghdr+0x37e/0x4a0
[  222.516815][ T8114]  ? __lock_acquire+0x6b6/0x2cf0
[  222.516845][ T8114]  ___sys_recvmsg+0x1b5/0x510
[  222.516871][ T8114]  ? __pfx____sys_recvmsg+0x10/0x10
[  222.516915][ T8114]  ? __fget_files+0x3a0/0x420
[  222.516942][ T8114]  do_recvmmsg+0x36a/0x770
[  222.516970][ T8114]  ? __pfx_do_recvmmsg+0x10/0x10
[  222.517001][ T8114]  ? __pfx_vfs_write+0x10/0x10
[  222.517035][ T8114]  __sys_recvmmsg+0x19d/0x280
[  222.517056][ T8114]  ? __pfx___sys_recvmmsg+0x10/0x10
[  222.517070][ T8114]  ? ksys_write+0x22a/0x250
[  222.517091][ T8114]  ? __pfx_ksys_write+0x10/0x10
[  222.517114][ T8114]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  222.517143][ T8114]  __do_fast_syscall_32+0x1f7/0x570
[  222.517162][ T8114]  ? rcu_is_watching+0x15/0xb0
[  222.517179][ T8114]  ? do_fast_syscall_32+0x34/0x80
[  222.517201][ T8114]  do_fast_syscall_32+0x34/0x80
[  222.517218][ T8114]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  222.517238][ T8114] RIP: 0023:0xf708d539
[  222.517253][ T8114] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  222.517267][ T8114] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  222.517286][ T8114] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001e40
[  222.517298][ T8114] RDX: 0000000000000001 RSI: 0000000000010000 RDI: 0000000000000000
[  222.517308][ T8114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.517318][ T8114] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  222.517327][ T8114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.517355][ T8114]  </TASK>
[  222.809689][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.904267][ T8117] netlink: 120 bytes leftover after parsing attributes in process `syz.2.558'.
[  223.119671][ T8126] bond0: (slave veth0_to_hsr): Error: Device can not be enslaved while up
[  223.823148][ T8137] usb usb8: usbfs: process 8137 (syz.4.564) did not claim interface 0 before use
[  223.933907][ T8138] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  224.421365][ T8144] FAULT_INJECTION: forcing a failure.
[  224.421365][ T8144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.505939][ T8144] CPU: 1 UID: 0 PID: 8144 Comm: syz.0.565 Not tainted syzkaller #0 PREEMPT(full) 
[  224.505962][ T8144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  224.505973][ T8144] Call Trace:
[  224.505980][ T8144]  <TASK>
[  224.505986][ T8144]  dump_stack_lvl+0x189/0x250
[  224.506007][ T8144]  ? __pfx____ratelimit+0x10/0x10
[  224.506028][ T8144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.506044][ T8144]  ? __pfx__printk+0x10/0x10
[  224.506074][ T8144]  should_fail_ex+0x414/0x560
[  224.506096][ T8144]  _copy_to_user+0x31/0xb0
[  224.506112][ T8144]  simple_read_from_buffer+0xe1/0x170
[  224.506138][ T8144]  proc_fail_nth_read+0x1b3/0x220
[  224.506161][ T8144]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  224.506183][ T8144]  ? rw_verify_area+0x2a6/0x4d0
[  224.506202][ T8144]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  224.506223][ T8144]  vfs_read+0x200/0xa30
[  224.506249][ T8144]  ? __pfx_vfs_read+0x10/0x10
[  224.506276][ T8144]  ? __pfx_timespec64_add_safe+0x10/0x10
[  224.506303][ T8144]  ksys_read+0x145/0x250
[  224.506322][ T8144]  ? __pfx_ksys_read+0x10/0x10
[  224.506342][ T8144]  ? __do_fast_syscall_32+0xbe/0x570
[  224.506361][ T8144]  __do_fast_syscall_32+0x1f7/0x570
[  224.506377][ T8144]  ? rcu_is_watching+0x15/0xb0
[  224.506391][ T8144]  ? do_fast_syscall_32+0x34/0x80
[  224.506411][ T8144]  do_fast_syscall_32+0x34/0x80
[  224.506426][ T8144]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.506444][ T8144] RIP: 0023:0xf7f91539
[  224.506468][ T8144] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  224.506482][ T8144] RSP: 002b:00000000f5486590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  224.506499][ T8144] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5486620
[  224.506508][ T8144] RDX: 000000000000000f RSI: 00000000f7426ff4 RDI: 0000000000000000
[  224.506516][ T8144] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  224.506522][ T8144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  224.506529][ T8144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.506549][ T8144]  </TASK>
[  224.725295][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.354327][ T8149] netlink: 'syz.0.566': attribute type 4 has an invalid length.
[  225.362186][ T8149] netlink: 152 bytes leftover after parsing attributes in process `syz.0.566'.
[  226.537652][ T8153] netlink: 'syz.3.568': attribute type 29 has an invalid length.
[  226.666575][ T8137] syz.4.564 (8137): drop_caches: 2
[  226.986162][   T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  227.135851][   T24] usb 4-1: Using ep0 maxpacket: 16
[  227.146464][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.158529][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.168558][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  227.178529][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.194000][   T24] usb 4-1: config 0 descriptor??
[  227.367205][ T8098] Set syz1 is full, maxelem 65536 reached
[  227.380753][ T8170] Cannot find map_set index 2 as target
[  227.464360][ T7817] r8152-cfgselector 2-1: USB disconnect, device number 20
[  227.572132][ T8175] FAULT_INJECTION: forcing a failure.
[  227.572132][ T8175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.598725][ T8175] CPU: 1 UID: 0 PID: 8175 Comm: syz.1.576 Not tainted syzkaller #0 PREEMPT(full) 
[  227.598749][ T8175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  227.598759][ T8175] Call Trace:
[  227.598766][ T8175]  <TASK>
[  227.598773][ T8175]  dump_stack_lvl+0x189/0x250
[  227.598796][ T8175]  ? __pfx____ratelimit+0x10/0x10
[  227.598819][ T8175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.598837][ T8175]  ? __pfx__printk+0x10/0x10
[  227.598861][ T8175]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  227.598884][ T8175]  should_fail_ex+0x414/0x560
[  227.598910][ T8175]  strncpy_from_user+0x36/0x2c0
[  227.598932][ T8175]  __se_sys_add_key+0xcc/0x410
[  227.598956][ T8175]  ? __pfx___se_sys_add_key+0x10/0x10
[  227.598980][ T8175]  ? __do_fast_syscall_32+0xbe/0x570
[  227.598996][ T8175]  ? __ia32_sys_add_key+0x20/0xc0
[  227.599017][ T8175]  __do_fast_syscall_32+0x1f7/0x570
[  227.599034][ T8175]  ? rcu_is_watching+0x15/0xb0
[  227.599051][ T8175]  ? do_fast_syscall_32+0x34/0x80
[  227.599073][ T8175]  do_fast_syscall_32+0x34/0x80
[  227.599089][ T8175]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  227.599108][ T8175] RIP: 0023:0xf701d539
[  227.599123][ T8175] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  227.599138][ T8175] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 000000000000011e
[  227.599156][ T8175] RAX: ffffffffffffffda RBX: 0000000080002240 RCX: 0000000080002180
[  227.599167][ T8175] RDX: 0000000080000080 RSI: 0000000000000057 RDI: 00000000ffffffff
[  227.599178][ T8175] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  227.599195][ T8175] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  227.599204][ T8175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.599230][ T8175]  </TASK>
[  227.815349][ T8178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.831764][ T8178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.846033][   T24] apple 0003:05AC:024B.0012: unknown global tag 0xe
[  227.852634][   T24] apple 0003:05AC:024B.0012: item 0 1 1 14 parsing failed
[  227.857593][ T8177] netlink: 2660 bytes leftover after parsing attributes in process `syz.1.576'.
[  227.860504][   T24] apple 0003:05AC:024B.0012: parse failed
[  227.874871][   T24] apple 0003:05AC:024B.0012: probe with driver apple failed with error -22
[  228.050428][ T7817] usb 4-1: USB disconnect, device number 30
[  228.185019][ T8187] netlink: 'syz.2.577': attribute type 4 has an invalid length.
[  228.194343][ T8187] netlink: 152 bytes leftover after parsing attributes in process `syz.2.577'.
[  228.264008][ T8188] netlink: 'syz.1.578': attribute type 4 has an invalid length.
[  228.272232][ T8188] netlink: 152 bytes leftover after parsing attributes in process `syz.1.578'.
[  229.066236][  T181] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  229.227870][  T181] usb 4-1: Using ep0 maxpacket: 32
[  229.234864][  T181] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  229.243152][  T181] usb 4-1: config 0 has no interface number 0
[  229.251250][  T181] usb 4-1: config 0 interface 12 has no altsetting 0
[  229.270926][  T181] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  229.280347][  T181] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.383780][  T181] usb 4-1: Product: syz
[  229.388275][  T181] usb 4-1: Manufacturer: syz
[  229.392866][  T181] usb 4-1: SerialNumber: syz
[  229.401149][  T181] usb 4-1: config 0 descriptor??
[  229.592137][ T8200] netlink: 'syz.1.582': attribute type 29 has an invalid length.
[  230.898841][  T181] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 88 failed: -71
[  230.918995][  T181] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  230.928543][  T181] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  230.947168][  T181] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  230.999807][  T181] usb 4-1: USB disconnect, device number 31
[  231.082535][ T8212] tipc: Started in network mode
[  231.089152][ T8212] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  231.112452][ T8212] tipc: Enabled bearer <eth:team0>, priority 0
[  231.470735][ T8225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.523925][ T8225] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.908859][ T8235] netlink: 'syz.4.591': attribute type 4 has an invalid length.
[  231.916623][ T8235] netlink: 152 bytes leftover after parsing attributes in process `syz.4.591'.
[  232.012571][ T8237] netlink: 'syz.3.593': attribute type 10 has an invalid length.
[  232.036816][ T8237] netlink: 40 bytes leftover after parsing attributes in process `syz.3.593'.
[  232.069278][ T8237] batadv0: entered promiscuous mode
[  232.087905][ T8237] batadv0: entered allmulticast mode
[  232.119981][ T8237] bridge0: port 3(batadv0) entered blocking state
[  232.128638][ T8237] bridge0: port 3(batadv0) entered disabled state
[  232.477067][ T8237] bridge0: port 3(batadv0) entered blocking state
[  232.483599][ T8237] bridge0: port 3(batadv0) entered forwarding state
[  232.564888][ T5894] tipc: Node number set to 11578026
[  232.586472][ T6481] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  232.596745][ T6481] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  232.669634][ T8248] FAULT_INJECTION: forcing a failure.
[  232.669634][ T8248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.685020][ T8248] CPU: 1 UID: 0 PID: 8248 Comm: syz.0.595 Not tainted syzkaller #0 PREEMPT(full) 
[  232.685044][ T8248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  232.685054][ T8248] Call Trace:
[  232.685061][ T8248]  <TASK>
[  232.685068][ T8248]  dump_stack_lvl+0x189/0x250
[  232.685092][ T8248]  ? __pfx____ratelimit+0x10/0x10
[  232.685114][ T8248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.685129][ T8248]  ? __pfx__printk+0x10/0x10
[  232.685145][ T8248]  ? __might_fault+0xb0/0x130
[  232.685170][ T8248]  should_fail_ex+0x414/0x560
[  232.685191][ T8248]  _copy_from_user+0x2d/0xb0
[  232.685205][ T8248]  get_compat_msghdr+0xad/0x4a0
[  232.685226][ T8248]  ? __pfx_get_compat_msghdr+0x10/0x10
[  232.685244][ T8248]  ? kstrtouint+0x6e/0xe0
[  232.685265][ T8248]  ___sys_sendmsg+0x193/0x2a0
[  232.685282][ T8248]  ? __pfx____sys_sendmsg+0x10/0x10
[  232.685302][ T8248]  ? rcu_read_lock_any_held+0xb3/0x120
[  232.685337][ T8248]  ? __fget_files+0x2a/0x420
[  232.685348][ T8248]  ? __fget_files+0x3a0/0x420
[  232.685367][ T8248]  __sys_sendmsg+0x164/0x220
[  232.685384][ T8248]  ? __pfx___sys_sendmsg+0x10/0x10
[  232.685404][ T8248]  ? __pfx_ksys_write+0x10/0x10
[  232.685423][ T8248]  ? __do_fast_syscall_32+0xbe/0x570
[  232.685440][ T8248]  __do_fast_syscall_32+0x1f7/0x570
[  232.685454][ T8248]  ? rcu_is_watching+0x15/0xb0
[  232.685467][ T8248]  ? do_fast_syscall_32+0x34/0x80
[  232.685484][ T8248]  do_fast_syscall_32+0x34/0x80
[  232.685497][ T8248]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.685513][ T8248] RIP: 0023:0xf7f91539
[  232.685525][ T8248] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  232.685537][ T8248] RSP: 002b:00000000f544455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  232.685552][ T8248] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  232.685561][ T8248] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  232.685569][ T8248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.685577][ T8248] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  232.685585][ T8248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.685605][ T8248]  </TASK>
[  232.904105][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.986863][ T8252] netlink: 'syz.4.596': attribute type 10 has an invalid length.
[  234.878854][ T8280] netlink: 28 bytes leftover after parsing attributes in process `syz.4.604'.
[  234.912360][ T8280] netlink: 'syz.4.604': attribute type 7 has an invalid length.
[  234.951497][ T8280] netlink: 'syz.4.604': attribute type 8 has an invalid length.
[  235.000829][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.604'.
[  235.272473][ T8291] FAULT_INJECTION: forcing a failure.
[  235.272473][ T8291] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.322826][ T8291] CPU: 0 UID: 0 PID: 8291 Comm: syz.2.609 Not tainted syzkaller #0 PREEMPT(full) 
[  235.322850][ T8291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  235.322861][ T8291] Call Trace:
[  235.322868][ T8291]  <TASK>
[  235.322875][ T8291]  dump_stack_lvl+0x189/0x250
[  235.322898][ T8291]  ? __pfx____ratelimit+0x10/0x10
[  235.322922][ T8291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.322940][ T8291]  ? __pfx__printk+0x10/0x10
[  235.322973][ T8291]  should_fail_ex+0x414/0x560
[  235.322999][ T8291]  _copy_to_user+0x31/0xb0
[  235.323018][ T8291]  simple_read_from_buffer+0xe1/0x170
[  235.323045][ T8291]  proc_fail_nth_read+0x1b3/0x220
[  235.323070][ T8291]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  235.323094][ T8291]  ? rw_verify_area+0x2a6/0x4d0
[  235.323113][ T8291]  ? ringbuf_map_alloc+0x104/0x380
[  235.323129][ T8291]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  235.323151][ T8291]  vfs_read+0x200/0xa30
[  235.323170][ T8291]  ? fdget_pos+0x247/0x320
[  235.323191][ T8291]  ? __pfx___mutex_lock+0x10/0x10
[  235.323208][ T8291]  ? __pfx_vfs_read+0x10/0x10
[  235.323229][ T8291]  ? __fget_files+0x2a/0x420
[  235.323248][ T8291]  ? __fget_files+0x3a0/0x420
[  235.323263][ T8291]  ? __fget_files+0x2a/0x420
[  235.323286][ T8291]  ksys_read+0x145/0x250
[  235.323301][ T8291]  ? exc_page_fault+0x82/0x100
[  235.323319][ T8291]  ? __pfx_ksys_read+0x10/0x10
[  235.323341][ T8291]  ? __do_fast_syscall_32+0xbe/0x570
[  235.323363][ T8291]  __do_fast_syscall_32+0x1f7/0x570
[  235.323381][ T8291]  ? rcu_is_watching+0x15/0xb0
[  235.323398][ T8291]  ? do_fast_syscall_32+0x34/0x80
[  235.323419][ T8291]  do_fast_syscall_32+0x34/0x80
[  235.323436][ T8291]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  235.323456][ T8291] RIP: 0023:0xf703d539
[  235.323470][ T8291] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  235.323485][ T8291] RSP: 002b:00000000f542d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  235.323503][ T8291] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f542d620
[  235.323515][ T8291] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000
[  235.323525][ T8291] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  235.323542][ T8291] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  235.323552][ T8291] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  235.323579][ T8291]  </TASK>
[  235.678155][ T8298] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.800716][ T8298] veth0: entered promiscuous mode
[  235.809744][ T8298] bond0: (slave macvlan2): making interface the new active one
[  235.819034][ T8298] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  236.248623][ T8314] netlink: 'syz.1.615': attribute type 10 has an invalid length.
[  236.640955][ T8311] netlink: 'syz.4.616': attribute type 29 has an invalid length.
[  236.652668][ T8320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.618'.
[  237.309339][   T30] audit: type=1326 audit(1764870321.459:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.0.625" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f91539 code=0x0
[  237.435303][ T8343] input: syz0 as /devices/virtual/input/input10
[  237.812645][ T8358] netlink: 'syz.1.628': attribute type 17 has an invalid length.
[  237.900826][ T8358] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  238.235958][ T8370] netlink: 28 bytes leftover after parsing attributes in process `syz.0.635'.
[  238.244904][ T8370] netlink: 'syz.0.635': attribute type 7 has an invalid length.
[  238.253326][ T8370] netlink: 'syz.0.635': attribute type 8 has an invalid length.
[  238.269289][ T8370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.635'.
[  238.324136][ T8364] netlink: 'syz.1.634': attribute type 29 has an invalid length.
[  238.625876][ T5894] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  238.795943][  T181] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  238.815813][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  238.963891][ T5894] usb 4-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  238.973196][  T181] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  238.983238][  T181] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.991635][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.001968][  T181] usb 2-1: Product: syz
[  239.011193][  T181] usb 2-1: Manufacturer: syz
[  239.016186][ T5894] usb 4-1: Product: syz
[  239.020363][ T5894] usb 4-1: Manufacturer: syz
[  239.025058][  T181] usb 2-1: SerialNumber: syz
[  239.031887][ T5894] usb 4-1: SerialNumber: syz
[  239.044284][  T181] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  239.092332][ T5894] usb 4-1: config 0 descriptor??
[  239.109227][ T5989] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  239.148650][ T5894] as10x_usb: device has been detected
[  239.160530][ T5894] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  239.232033][ T5894] usb 4-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  239.302547][ T5894] as10x_usb: error during firmware upload part1
[  239.316495][ T5894] Registered device Sky IT Digital Key (green led)
[  239.356651][ T8368] random: crng reseeded on system resumption
[  239.730247][ T5894] usb 2-1: USB disconnect, device number 21
[  240.009890][   T24] usb 4-1: USB disconnect, device number 32
[  240.119380][   T24] Unregistered device Sky IT Digital Key (green led)
[  240.129445][   T24] as10x_usb: device has been disconnected
[  240.191227][ T5989] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  240.225639][ T5989] ath9k_htc: Failed to initialize the device
[  240.311026][ T5894] usb 2-1: ath9k_htc: USB layer deinitialized
[  240.377009][ T8403] syz.1.644(8403): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  240.469713][ T6183] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  240.509680][ T8410] GUP no longer grows the stack in syz.0.647 (8410): 80005000-80008000 (80004000)
[  240.528045][ T6183] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  240.547612][ T8410] CPU: 0 UID: 0 PID: 8410 Comm: syz.0.647 Not tainted syzkaller #0 PREEMPT(full) 
[  240.547634][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  240.547640][ T8410] Call Trace:
[  240.547645][ T8410]  <TASK>
[  240.547650][ T8410]  dump_stack_lvl+0x189/0x250
[  240.547668][ T8410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.547679][ T8410]  ? __pfx__printk+0x10/0x10
[  240.547690][ T8410]  ? find_vma+0xe7/0x160
[  240.547708][ T8410]  fixup_user_fault+0x661/0x720
[  240.547723][ T8410]  fault_in_user_writeable+0x72/0xe0
[  240.547739][ T8410]  futex_lock_pi+0x773/0xa90
[  240.547754][ T8410]  ? __pfx_futex_lock_pi+0x10/0x10
[  240.547780][ T8410]  ? __pfx_futex_wake_mark+0x10/0x10
[  240.547799][ T8410]  ? __pfx_userfaultfd_unmap_complete+0x10/0x10
[  240.547813][ T8410]  do_futex+0x292/0x420
[  240.547825][ T8410]  ? __pfx_do_futex+0x10/0x10
[  240.547834][ T8410]  ? __vm_munmap+0x2c1/0x380
[  240.547847][ T8410]  __se_sys_futex_time32+0x360/0x3e0
[  240.547861][ T8410]  ? __pfx___se_sys_futex_time32+0x10/0x10
[  240.547876][ T8410]  ? __ia32_sys_futex_time32+0x21/0xf0
[  240.547888][ T8410]  __do_fast_syscall_32+0x1f7/0x570
[  240.547898][ T8410]  ? lockdep_hardirqs_on+0x98/0x140
[  240.547907][ T8410]  ? do_fast_syscall_32+0x34/0x80
[  240.547916][ T8410]  ? irqentry_exit+0x10f/0x660
[  240.547923][ T8410]  ? rcu_is_watching+0x15/0xb0
[  240.547936][ T8410]  do_fast_syscall_32+0x34/0x80
[  240.547953][ T8410]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  240.547964][ T8410] RIP: 0023:0xf7f91539
[  240.547974][ T8410] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  240.547982][ T8410] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 00000000000000f0
[  240.547993][ T8410] RAX: ffffffffffffffda RBX: 0000000080004000 RCX: 000000000000008d
[  240.548000][ T8410] RDX: 00000000fffffffd RSI: 0000000000000000 RDI: 0000000000000000
[  240.548005][ T8410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  240.548011][ T8410] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  240.548016][ T8410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  240.548031][ T8410]  </TASK>
[  240.774849][ T6183] usb 3-1: USB disconnect, device number 25
[  240.972442][ T8408] netlink: 'syz.4.646': attribute type 29 has an invalid length.
[  241.056055][ T5894] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  241.145899][ T6183] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  241.245856][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  241.257758][ T5894] usb 2-1: config 0 has an invalid interface number: 239 but max is 0
[  241.276015][ T6183] usb 3-1: device descriptor read/64, error -71
[  241.276978][ T8419] FAULT_INJECTION: forcing a failure.
[  241.276978][ T8419] name failslab, interval 1, probability 0, space 0, times 0
[  241.295045][ T5894] usb 2-1: config 0 has an invalid descriptor of length 189, skipping remainder of the config
[  241.336023][ T8419] CPU: 0 UID: 0 PID: 8419 Comm: syz.3.650 Not tainted syzkaller #0 PREEMPT(full) 
[  241.336056][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  241.336067][ T8419] Call Trace:
[  241.336075][ T8419]  <TASK>
[  241.336082][ T8419]  dump_stack_lvl+0x189/0x250
[  241.336106][ T8419]  ? __pfx____ratelimit+0x10/0x10
[  241.336130][ T8419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  241.336148][ T8419]  ? __pfx__printk+0x10/0x10
[  241.336174][ T8419]  ? __pfx___might_resched+0x10/0x10
[  241.336190][ T8419]  ? fs_reclaim_acquire+0x7d/0x100
[  241.336213][ T8419]  should_fail_ex+0x414/0x560
[  241.336238][ T8419]  should_failslab+0xa8/0x100
[  241.336261][ T8419]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[  241.336281][ T8419]  ? __d_alloc+0x37/0x6f0
[  241.336304][ T8419]  __d_alloc+0x37/0x6f0
[  241.336327][ T8419]  d_alloc_pseudo+0x21/0xc0
[  241.336345][ T8419]  alloc_file_pseudo+0xcc/0x210
[  241.336366][ T8419]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  241.336385][ T8419]  ? _raw_spin_unlock+0x28/0x50
[  241.336406][ T8419]  ? alloc_fd+0x64c/0x6c0
[  241.336434][ T8419]  sock_alloc_file+0xb8/0x2e0
[  241.336454][ T8419]  ? __sys_socket+0x12e/0x320
[  241.336479][ T8419]  __sys_socket+0x13e/0x320
[  241.336505][ T8419]  __ia32_compat_sys_socketcall+0x6df/0x9d0
[  241.336528][ T8419]  ? __fget_files+0x3a0/0x420
[  241.336547][ T8419]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  241.336569][ T8419]  ? fput+0xa0/0xd0
[  241.336585][ T8419]  ? ksys_write+0x22a/0x250
[  241.336608][ T8419]  ? __pfx_ksys_write+0x10/0x10
[  241.336632][ T8419]  ? __do_fast_syscall_32+0xbe/0x570
[  241.336653][ T8419]  __do_fast_syscall_32+0x1f7/0x570
[  241.336672][ T8419]  ? rcu_is_watching+0x15/0xb0
[  241.336689][ T8419]  ? do_fast_syscall_32+0x34/0x80
[  241.336710][ T8419]  do_fast_syscall_32+0x34/0x80
[  241.336728][ T8419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.336746][ T8419] RIP: 0023:0xf708d539
[  241.336762][ T8419] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  241.336777][ T8419] RSP: 002b:00000000f547c4b0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  241.336795][ T8419] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f547c4c0
[  241.336807][ T8419] RDX: 00000000f7426ff4 RSI: 0000000000000000 RDI: 0000000000000000
[  241.336817][ T8419] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  241.336827][ T8419] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  241.336837][ T8419] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.336864][ T8419]  </TASK>
[  241.337000][ T8419] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff888058b6dcc0
[  241.337000][ T8419] fs sockfs mode 140777 opflags 0x8 flags 0x0 state 0x300 count 0
[  241.379326][ T5894] usb 2-1: config 0 has no interface number 0
[  241.615897][ T6183] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  241.626702][ T8419] ------------[ cut here ]------------
[  241.632441][ T8419] kernel BUG at fs/inode.c:1971!
[  241.669720][ T8419] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  241.676004][ T8419] CPU: 1 UID: 0 PID: 8419 Comm: syz.3.650 Not tainted syzkaller #0 PREEMPT(full) 
[  241.685199][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  241.695254][ T8419] RIP: 0010:iput+0xfc9/0x1030
[  241.699945][ T8419] Code: 8b 7c 24 18 48 c7 c6 a0 e0 79 8b e8 e1 44 e8 fe 90 0f 0b e8 e9 57 81 ff 48 8b 7c 24 18 48 c7 c6 40 e0 79 8b e8 c8 44 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[  241.719558][ T8419] RSP: 0018:ffffc900053afc90 EFLAGS: 00010282
[  241.725639][ T8419] RAX: 000000000000009f RBX: dffffc0000000000 RCX: c51e228e9f9e2300
[  241.733622][ T8419] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  241.741594][ T8419] RBP: 1ffffffff1ed6a7a R08: ffffc900053af947 R09: 1ffff92000a75f28
[  241.749558][ T8419] R10: dffffc0000000000 R11: fffff52000a75f29 R12: 1ffff1100b16dbd8
[  241.757521][ T8419] R13: ffff888058b6dec0 R14: 0000000000000200 R15: 1ffffffff1f01a12
[  241.765479][ T8419] FS:  0000000000000000(0000) GS:ffff8881261a6000(0063) knlGS:00000000f547db40
[  241.774392][ T8419] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  241.781228][ T8419] CR2: 000000008090d000 CR3: 00000000750da000 CR4: 00000000003526f0
[  241.789203][ T8419] Call Trace:
[  241.792480][ T8419]  <TASK>
[  241.795403][ T8419]  ? do_raw_spin_unlock+0x122/0x240
[  241.800593][ T8419]  __sys_socket+0x2bf/0x320
[  241.805276][ T8419]  __ia32_compat_sys_socketcall+0x6df/0x9d0
[  241.811173][ T8419]  ? __fget_files+0x3a0/0x420
[  241.815851][ T8419]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  241.822260][ T8419]  ? fput+0xa0/0xd0
[  241.826066][ T8419]  ? ksys_write+0x22a/0x250
[  241.830558][ T8419]  ? __pfx_ksys_write+0x10/0x10
[  241.835410][ T8419]  ? __do_fast_syscall_32+0xbe/0x570
[  241.840695][ T8419]  __do_fast_syscall_32+0x1f7/0x570
[  241.845886][ T8419]  ? rcu_is_watching+0x15/0xb0
[  241.850638][ T8419]  ? do_fast_syscall_32+0x34/0x80
[  241.855646][ T8419]  do_fast_syscall_32+0x34/0x80
[  241.860477][ T8419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.866786][ T8419] RIP: 0023:0xf708d539
[  241.870842][ T8419] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  241.890605][ T8419] RSP: 002b:00000000f547c4b0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  241.899008][ T8419] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f547c4c0
[  241.906964][ T8419] RDX: 00000000f7426ff4 RSI: 0000000000000000 RDI: 0000000000000000
[  241.914915][ T8419] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  241.922866][ T8419] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  241.930820][ T8419] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.938781][ T8419]  </TASK>
[  241.941782][ T8419] Modules linked in:
[  241.946295][ T8419] ---[ end trace 0000000000000000 ]---
[  241.967141][ T5894] usb 2-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  241.977022][ T5894] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  241.988023][ T5894] usb 2-1: config 0 interface 239 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  242.001136][ T5894] usb 2-1: config 0 interface 239 has no altsetting 0
[  242.036258][ T8419] RIP: 0010:iput+0xfc9/0x1030
[  242.048179][ T6183] usb 3-1: device descriptor read/64, error -71
[  242.124137][ T5894] usb 2-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  242.145823][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.146320][ T8419] Code: 8b 7c 24 18 48 c7 c6 a0 e0 79 8b e8 e1 44 e8 fe 90 0f 0b e8 e9 57 81 ff 48 8b 7c 24 18 48 c7 c6 40 e0 79 8b e8 c8 44 e8 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[  242.153836][ T5894] usb 2-1: Product: syz
[  242.153851][ T5894] usb 2-1: Manufacturer: syz
[  242.153863][ T5894] usb 2-1: SerialNumber: syz
[  242.187136][ T8419] RSP: 0018:ffffc900053afc90 EFLAGS: 00010282
[  242.193302][ T8419] RAX: 000000000000009f RBX: dffffc0000000000 RCX: c51e228e9f9e2300
[  242.200170][ T5894] usb 2-1: config 0 descriptor??
[  242.201484][ T8419] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  242.214440][ T8419] RBP: 1ffffffff1ed6a7a R08: ffffc900053af947 R09: 1ffff92000a75f28
[  242.222595][ T8419] R10: dffffc0000000000 R11: fffff52000a75f29 R12: 1ffff1100b16dbd8
[  242.231099][ T6183] usb usb3-port1: attempt power cycle
[  242.248165][ T8407] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  242.275938][ T8419] R13: ffff888058b6dec0 R14: 0000000000000200 R15: 1ffffffff1f01a12
[  242.301558][ T8419] FS:  0000000000000000(0000) GS:ffff8881261a6000(0063) knlGS:00000000f547db40
[  242.326145][ T8419] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  242.343864][ T8419] CR2: 0000000080b39000 CR3: 00000000750da000 CR4: 00000000003526f0
[  242.365886][ T8419] Kernel panic - not syncing: Fatal exception
[  242.372116][ T8419] Kernel Offset: disabled
[  242.376434][ T8419] Rebooting in 86400 seconds..