last executing test programs:

6m35.11800706s ago: executing program 1 (id=728):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x202, &(0x7f0000000000)="b6538f0502000000", 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x38, r3, 0x1, 0x70b929, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x14}, 0x0)
rt_sigsuspend(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="853e"], &(0x7f0000000300)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0)
r4 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x4e60, 0x10100}, &(0x7f0000000080), &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x20000000, 0x26b}, &(0x7f0000000040)=<r6=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r4, 0x6ed2, 0x8000dae5, 0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x406}, 0x20)

6m34.678121029s ago: executing program 1 (id=733):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = userfaultfd(0x1)
io_setup(0x1, &(0x7f0000000000)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x2001, r1, 0x0, 0x0, 0x10001}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x7, r1, 0x0, 0x0, 0xc4, 0x0, 0x2}])
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x800, 0xbbbe, 0x0, 0x2, 0x4, {0x0, 0x0, 0x1}, {0x7, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})

6m33.754626419s ago: executing program 1 (id=735):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$unix(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x4000000}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1000, 0x4, &(0x7f0000006680))
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$getownex(r4, 0x10, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x810, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x3c, 0x10, 0x1, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xf, 0x6}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x7f}}, @TCA_INGRESS_BLOCK={0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x756}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4804)
close(r5)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
r6 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, 0x0, 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000005c0)=r6, 0x12)
r9 = openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_freezer_state(r9, &(0x7f00000000c0)='THAWED\x00', 0x7)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x13)
sendmsg$nl_route(r11, &(0x7f0000000240)={0x0, 0x2a, &(0x7f00000000c0)={0x0}, 0x9, 0x0, 0x0, 0x200400c4}, 0x14008850)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f00000003c0)=@assoc_value, &(0x7f0000000200)=0x8)

6m33.037577438s ago: executing program 1 (id=739):
unshare(0x20000400)
r0 = socket(0x40000000015, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
socket$xdp(0x2c, 0x3, 0x0)
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000002c0)={r4, <r5=>0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000580)={&(0x7f0000000040)=[0x0], 0x1, r5, r6, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x3, 0x67, 0xf4b, 0x1, 0x2, 0x5, 0x412f, 0xe154, 0x1000, 0x7f, 0x6, 0xffffffff, "fe1d00003413000000000020b42717e47f00"}})
write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080)=0x100, 0x4)
pipe(&(0x7f0000000500)={<r7=>0xffffffffffffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
move_mount(r9, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
move_mount(r9, 0x0, r8, 0x0, 0x46)
r10 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r10, 0x47f6, 0x0, 0x4, 0x0, 0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
splice(r7, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r13 = socket(0x1d, 0x2, 0x6)
bind$can_j1939(r13, &(0x7f0000000380)={0x1d, 0x0, 0x10002, {0x1, 0x0, 0x1}, 0xfd}, 0x18)

6m31.777564778s ago: executing program 1 (id=743):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0xff8d, &(0x7f0000000180)=[{&(0x7f0000000000)="2c10", 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

6m30.546127259s ago: executing program 1 (id=747):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0x1200, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/144, 0x90}, 0xc}], 0x1, 0x2131, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
r7 = socket(0x10, 0x80003, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000180000000000000100000e00"}}}]}, 0x48}}, 0x10)
sendto$packet(r6, &(0x7f0000000340)="5025b4b43b793449a6c3f0f3a27ed9f1fd1820bcab10a213e7345ac72f223379327afbe070cf0363a3c43ff3b68c3bf808a00ac78b01a795db936f68e0e2", 0x3e, 0x20000890, &(0x7f0000000380)={0x11, 0x1c, r9, 0x1, 0xf8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

6m30.008517418s ago: executing program 32 (id=747):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0x1200, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/144, 0x90}, 0xc}], 0x1, 0x2131, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
r7 = socket(0x10, 0x80003, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000180000000000000100000e00"}}}]}, 0x48}}, 0x10)
sendto$packet(r6, &(0x7f0000000340)="5025b4b43b793449a6c3f0f3a27ed9f1fd1820bcab10a213e7345ac72f223379327afbe070cf0363a3c43ff3b68c3bf808a00ac78b01a795db936f68e0e2", 0x3e, 0x20000890, &(0x7f0000000380)={0x11, 0x1c, r9, 0x1, 0xf8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2m33.450855187s ago: executing program 2 (id=1528):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/tcp6\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet_sctp(0x2, 0x5, 0x84)
syz_usb_connect(0x3, 0x36, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x10)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000200)=@filename='./file0\x00', 0x0, &(0x7f0000000440)={0x5, 0x2, 0x1, 0x2})
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4048004)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0xc, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001c000100000000000000000007000080", @ANYRES32=r4, @ANYBLOB="80004a070a000200aaaaaaaaaa1c0000"], 0x28}, 0x1, 0x0, 0x0, 0x40095}, 0x0)
creat(0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000140)={'veth0_to_bridge\x00', 0x0})
preadv(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000080)="2c380900000045dc1976ab8b8afe2fe982", 0x11)
write$binfmt_script(r7, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0)
preadv(r7, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = landlock_create_ruleset(&(0x7f0000000140)={0x8b28, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r9, 0x0)

2m32.607196082s ago: executing program 2 (id=1533):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000900000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)

2m32.09796609s ago: executing program 2 (id=1535):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @rand_addr, @multicast2}, &(0x7f0000000140)=0xc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/handlers\x00', 0x0, 0x0)
pread64(r4, &(0x7f0000000280)=""/211, 0xd3, 0xea6)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, 0x0, &(0x7f0000000040))
connect$qrtr(r5, &(0x7f0000000000)={0x2a, 0xffffffff, 0x3fff}, 0xc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0xe, 0x1010, 0x85, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1000000, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x3, &(0x7f00000001c0)=ANY=[@ANYRES8=r7], &(0x7f0000000480)='syzkaller\x00', 0x200000, 0x0, 0x0, 0x1f00, 0x22, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, @void, @value}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000200)=@generic={0x0, r8}, 0x18)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x4, 0x408800)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="0200000004000000000000000400000000000000100000000000000020"], 0x24, 0x0)

2m29.380958067s ago: executing program 2 (id=1544):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
move_mount(r2, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file0\x00', 0x46)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r0}) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, <r4=>r0})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pwritev(r5, 0x0, 0x0, 0x10, 0x7)
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40046201, &(0x7f0000000040)='ntfs3\x00')
gettid() (async)
r6 = gettid()
rt_sigqueueinfo(r6, 0x21, &(0x7f0000000180)={0x33, 0x40000020, 0xfffffffb}) (async)
rt_sigqueueinfo(r6, 0x21, &(0x7f0000000180)={0x33, 0x40000020, 0xfffffffb})
r7 = syz_open_procfs(r6, &(0x7f00000000c0)='net/dev\x00')
read$FUSE(r7, &(0x7f0000006140)={0x2020}, 0x2020)

2m29.138618508s ago: executing program 2 (id=1546):
r0 = syz_usb_connect$cdc_ecm(0x3, 0xa6, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x94, 0x1, 0x1, 0x8, 0x40, 0x8, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x6, {{0x8, 0x24, 0x6, 0x0, 0x0, "9fc2b4"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x0, 0xf, 0x54}, [@dmm={0x7, 0x24, 0x14, 0x5, 0x9}, @obex={0x5, 0x24, 0x15, 0xa}, @mdlm_detail={0x1b, 0x24, 0x13, 0x52, "3d3110596638ed5eab870f0ede4201c45614e284545e72"}, @mbim={0xc, 0x24, 0x1b, 0xe, 0x8000, 0x8, 0x9, 0xff, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x3}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x3}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0xf, 0x2, 0x7}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x2a, 0xfa, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x22, 0x2, 0x9}}}}}]}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x1, 0x4, 0x10, 0x10, 0x1}, 0xf, &(0x7f0000000140)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x3, 0xe3, 0xde, 0x11}]}, 0x7, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x44f}}, {0x47, &(0x7f0000000cc0)=ANY=[@ANYBLOB="47030753d0e6caf464e7a417044f2cabe535308e59cc1ea5d11a28847b63d123c6e4397fc27f790ce15911c69b4fb0394b0e76d443b94632a05dd934d0d62536b5e3000000000000000000000595a3062f8296000000"]}, {0x91, &(0x7f0000000640)=@string={0x91, 0x3, "07eafff092e353f8b310e9c69d42be611fe0a1e937eafb170087f904fb9f8e3d44907ea4775fbb3efd4959e951fb8f2b1f5b36507aaa4beb5ef48b62b5304b944c555d405d19243bb1852447d7066a18b40579ad6e907ec3d57f9b9eb9e4f952a71c3ee1a3fdcc112d843c406f9d16f75f346d73c38226a4f6decea5def2d1e5420f3fa35b557454c9e157652b0c10"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x438}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x100c}}, {0x89, &(0x7f0000000780)=@string={0x89, 0x3, "7d977e1fa94a5775e3170efe3bba78ab1490a9a0230242d2a873d177798945dd101c27ad23ca3b34d384e3c6872bd5eaf312ba3fbe1a31ecc90825b793a95520e8198d8dc23232a00f4fea4c7ab315aa843811cc78a41a6d423372d7a8220ccb338ab1b402802f422b3d7d81579f7125966142492724be1be3e31fcf52d29e0e399a09bd1b8d38"}}, {0xdd, &(0x7f0000000840)=@string={0xdd, 0x3, "eee80565c7e28029057c37a68cdf79aa30e1f378bd54ee54ec556dc999da879d41b91c7d01fb3b867fe1928e51b67f5c290f31ac57e5e5ad19795b8d90f2e4dc367648f36cd8b87dd21b96a50deca86127e8e4beb62bd16865cff54ca8a1dad0250b5b30a580284776b85ece78740427a3579ae1b16e9edc1b2406cd2e6f8736c7cb4b711984a3e388fcae96b0b57ade21b8256765f4703491524e674bc7981c26986460bc9a432228d0a6f4172fb47a6e8f376f3b3e75edc5fd51a2283d29426e64fe621b78106b1ccaf8800eed51525e843fd50b8736c939bbe6"}}]})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000b00)={0x14, &(0x7f00000009c0)={0x20, 0x22, 0xf0, {0xf0, 0x2, "e633914e682294d50d3b79479853d0a45013ee952afb8693f32c006e4b7459562571cae911e68528475b8d0a5e8efe41db90b2f53e58c7bc769b20f54a2ea29a70ffbd53245a00987d4443717ed12471a5ae336c13d6ceee1546058dba6293788b09e564307a4492fa15fc0d50bf0d04c82aa6aa81d235ba4556f1c49c1f6ff7f48d38c4b16e1061f014749cd4f8bbe79cb0b5acc79f72e81b8652e294d1745ead335cb5626a055512d74affc7dd52947cc6a7625ef894057beccf69ffc512e9716b8ffbf43d42538e7f86326774024a8b847e5cc5f4627b4b69575c0374838aefe33a4931edaadfb3f62f146721"}}, &(0x7f0000000ac0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000c40)={0x1c, &(0x7f0000000b40)={0x20, 0xe, 0x4b, "3cfeb8c9d625e68a810e69e6413a6985bf99a8e07bcaf918793d0c87e8c77b3762c94099ad76cb823f801c6fac80bac3a17e1568a50fbe449d26900a61592805af79fb41744e675b184b24"}, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0xf}})
socket$qrtr(0x2a, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000d48e8840c21536007abb000000010902240001100040000904004b028d4add0c09250700080009080009050610000400040efe5baab20c475949abd4dc48e27095f06fd9c71f43b855423eac0ea1fce7278b50a22a4b0553ea168f3dbc151d81cdfca5d4856410cb2d57e3aa1855133d4cf81dbb6e17979911569a1013d51d67696ea7824b35b3a834a2994e1c94f3053b89014ffed879daf6f3598033056aaab3e57b2270536998834de88d969d45326145ebbad2763e151bfe6e02f30bb272529d0611e213c25b4eb55cfee56fe5793b1b686bf9d5ffa3b55e6c45cb67013fa5ff6c3e1d645360ec896a98240956a2f3ad832a"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
mknod(0x0, 0x8001420, 0x0)
r2 = open(0x0, 0x0, 0x0)
fcntl$setsig(r2, 0xa, 0x21)
utimensat(r2, &(0x7f0000000440)='./file0\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b5b090948f70906d038e7ff7fc6e5539b0d3d0e8b089b32376d07060890e0878f0e1ac6e7049b334a959b3e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f176792a1d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541259bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a1d83c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16fedd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b6030000000000000015da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d2c624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000180))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x5f, 0xff, 0x0, 0xa6, 0x0, 0xff, 0x0, 0xf7fffffffffffdfc}, {0xfffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x4, 0xff, 0x2, 0x0, 0x800000000000000}, {0x2, 0x33, 0x0, 0x0, 0x4, 0x5, 0x4, 0x0, 0x5}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x1, 0xfffffffffffffffd, 0x8000000000000000, 0x0, 0xff, 0x0, 0x0, 0x2, 0x1ffc], 0x80a0000, 0x220004})
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x4)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0xf, 0x3})
socket(0x10, 0x3, 0x9)
connect$netlink(0xffffffffffffffff, &(0x7f0000000c80)=@proc={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000cc0)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2m28.496328892s ago: executing program 2 (id=1547):
syz_open_procfs(0x0, &(0x7f00000042c0)='sched\x00')
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)

2m27.383117574s ago: executing program 33 (id=1547):
syz_open_procfs(0x0, &(0x7f00000042c0)='sched\x00')
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)

8.346498208s ago: executing program 4 (id=2070):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video4linux(&(0x7f0000002d80), 0x3, 0xc101)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1)
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0xffffffff}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x60}}, 0x8000)
sendfile(r3, r4, 0x0, 0x20000023896)
close(r3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000300)={0x0, 0x0, 0x0})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x50}}, 0x0)
writev(r5, &(0x7f00000003c0), 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e21, @empty}], 0x20)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

5.656645812s ago: executing program 0 (id=2076):
unshare(0x22020600)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r0, 0x851, 0x0)

5.654726672s ago: executing program 4 (id=2077):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x1, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

5.449835002s ago: executing program 0 (id=2079):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket(0x10, 0x3, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
setitimer(0x1, &(0x7f0000000580)={{r1, r2/1000+60000}, {0x0, 0x2710}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a001800000000000080"], 0x14}}, 0x20008050)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)

4.874026531s ago: executing program 5 (id=2086):
r0 = socket(0x2, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fspick(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006)

4.367262257s ago: executing program 0 (id=2087):
landlock_create_ruleset(&(0x7f0000000040)={0x4089, 0x3}, 0x18, 0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0xb})
io_uring_enter(r0, 0x100847c0, 0x0, 0x1, 0x0, 0x0)

3.693772457s ago: executing program 3 (id=2091):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="01"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0)

3.533607716s ago: executing program 3 (id=2092):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000008500000011000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000008b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, @void, @value}, 0x94)

3.474848713s ago: executing program 3 (id=2093):
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
close(r1)
socket$tipc(0x1e, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x20000004})

2.888293247s ago: executing program 3 (id=2094):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r2, 0x8000000000000002, {0x2, 0x1}}, 0x18)
write$uinput_user_dev(r1, &(0x7f0000000e00)={'syz0\x00', {0x10, 0x0, 0x1e30, 0xfffa}, 0x47, [0x10, 0xfff, 0x6, 0x0, 0x0, 0x8, 0x6, 0x0, 0x6, 0x1, 0x6, 0xfffffffa, 0x3, 0x7, 0xc, 0xd, 0x0, 0x7, 0x0, 0x2, 0xffff, 0x8, 0x7, 0x1, 0x0, 0x5dd5, 0x5, 0x8, 0x7e, 0x3, 0x5, 0xecbd, 0xffff, 0x47, 0x1, 0x1, 0x5de4, 0x7f, 0x10001, 0x3, 0x3ff, 0xfffff527, 0x2, 0x1, 0x2, 0x4, 0xc4eb, 0xfffffffa, 0x4, 0x7, 0xe70a, 0x3, 0x400, 0xf862, 0x1000, 0x0, 0x0, 0x2, 0x6, 0xd, 0x8, 0x0, 0x6], [0x9, 0x7, 0x2, 0x3, 0x4, 0xd, 0x9, 0x4, 0x15, 0x1, 0x4, 0x7, 0x9071, 0x4, 0x7, 0x80000001, 0x6, 0x35, 0x200, 0x4, 0x5, 0x6, 0x7, 0x800, 0xc, 0xb5b, 0x1d4b, 0x6, 0x4c7c, 0x7, 0x4, 0x1, 0x0, 0x5, 0x6, 0x0, 0xc, 0x3, 0x4b, 0x6, 0x1, 0xeb86d7f, 0x8, 0x7, 0x7, 0x9, 0x2, 0x5, 0x1, 0x99, 0x1, 0x9, 0x80000001, 0x3, 0x0, 0x80000000, 0xea, 0x0, 0x5, 0x5, 0xa, 0xfffffffb, 0x7, 0xfffff000], [0x8, 0x3, 0x8, 0x8ca0, 0x80000001, 0x49, 0x400, 0xdaf1, 0x9, 0x1ff, 0x1ff, 0x9, 0x1, 0x98, 0xf, 0xa, 0x2, 0x2, 0x40, 0x2, 0x9, 0x8, 0x81, 0x6, 0x1, 0x5, 0xffffff81, 0x0, 0xef, 0x0, 0x7, 0x3, 0x2, 0x77, 0xf, 0x7f, 0x8, 0xe81, 0x0, 0xa, 0x0, 0xe0b, 0x3c, 0x0, 0xc01, 0x8000, 0x2, 0xc, 0x400, 0x3, 0x8, 0x80, 0x8, 0x1, 0x8, 0x3, 0x2, 0x7f, 0x8, 0xd5, 0x7, 0x4, 0x1, 0x7], [0xe62, 0x5, 0xe, 0x6, 0x5, 0x0, 0x5, 0xa960, 0xf, 0x4, 0x1, 0x85, 0xfffffffb, 0xffffffff, 0x4, 0x6, 0xa, 0x6, 0x0, 0x3ff, 0x6, 0x8, 0x8, 0x5, 0x75d, 0x9, 0x6, 0x0, 0x4, 0x2, 0xffff, 0x5, 0xcb8a, 0x3, 0x6, 0x5b2b, 0x8000, 0x5, 0x5, 0x56, 0x6, 0x6, 0xfffffe00, 0x400, 0x6, 0x140000, 0x5415, 0x80000001, 0x4a7, 0x0, 0x3, 0x8, 0x9, 0x4, 0x4, 0x5a1, 0x3, 0x1ff, 0x0, 0x5, 0x6, 0x800, 0x19, 0x1]}, 0x45c)

2.745177971s ago: executing program 6 (id=2095):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001a80)=[{0x10, 0x1}], 0x10}}], 0x1, 0x4004804)

2.573408203s ago: executing program 6 (id=2096):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRSYNTHS(r0, 0x40045109, 0x0)

2.573048976s ago: executing program 0 (id=2097):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
r5 = syz_pidfd_open(r0, 0x0)
setns(r5, 0x8020000)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141042, 0x0)
mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x0)

2.498273031s ago: executing program 4 (id=2098):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x600, 0x5)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$TIOCGPGRP(r1, 0x540f, 0x0)
syz_open_procfs(0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2.398976318s ago: executing program 6 (id=2099):
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x212000, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
read$dsp(r0, 0x0, 0x0)

2.118120586s ago: executing program 6 (id=2100):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r1, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)

1.977667726s ago: executing program 5 (id=2101):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b80)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @random="13610680c4c9", {0x0, 0x1}}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1630}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0)

1.833281248s ago: executing program 6 (id=2102):
r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
r1 = dup(r0)
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000340)={0xdf50, 0xa, 0x0, "5cd3eeed5e067578373fb7fa913803d06f3f769c47832031d2387c0cfdbea7e6", 0x55595659})

1.782037576s ago: executing program 5 (id=2103):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6, 0x80}]}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@newchain={0x24, 0x64, 0x800, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0x9}, {0x7, 0x3}, {0x2, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
sendmmsg$unix(r0, &(0x7f00000000c0), 0x3f, 0x0)

1.697788485s ago: executing program 6 (id=2104):
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
userfaultfd(0x801)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), 0x0}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x4003e80, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x3, 0x6, 0xfffa}, 0x1d, [0x8000, 0x8000, 0xf, 0x9, 0x80, 0x1002, 0x3, 0x7f, 0x6, 0x4b, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0x0, 0x4, 0x3, 0x4000, 0x5, 0x4, 0x3, 0x4, 0x6, 0x1, 0x6, 0x400009, 0x2f833685, 0x15bb, 0x2, 0xe661, 0x14, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0xa72, 0x3, 0x7, 0x0, 0x71, 0x7, 0x1, 0x1, 0x7, 0xd08e, 0x3e, 0x7, 0x6, 0x6, 0x20000, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x9, 0xcc8, 0x7, 0x1, 0x40], [0x10000007, 0x3, 0x804, 0x1008000, 0x10, 0xfff7fff0, 0x129432e6, 0x200c7, 0xf9, 0x80d, 0x2bf, 0x6c9, 0x10000007, 0xfffffffc, 0x3, 0x0, 0xd14, 0x6, 0x2f, 0xe, 0x4312, 0x0, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x6, 0x5f31, 0x7f5, 0x81, 0x2, 0x80, 0x9, 0x4, 0x9, 0x8, 0x800000d, 0x6, 0x7, 0x8000, 0x5e, 0xfe000000, 0xffff, 0x2, 0x7b, 0x9, 0x3, 0x3, 0x9, 0x1, 0x7, 0x7fff, 0x9, 0x48c93690, 0x1, 0x2], [0x7, 0xf5fd, 0xa4, 0x5, 0xfffffffb, 0x5, 0x8d2, 0x9, 0x800003, 0x7fff, 0x6c8712a, 0xf4fc, 0xad, 0x4, 0x5, 0x20000005, 0xa00, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0xc8, 0x3e7, 0x7, 0x5, 0x2, 0x2, 0x3, 0x8, 0x8, 0x12843, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x7, 0x3, 0xa2, 0x7, 0x5, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x11, 0x200, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x6, 0xc4, 0xdc, 0xbf, 0x9, 0xa2ed, 0xfffffffe, 0x23], [0x9, 0xbb31, 0x7, 0xb, 0x5, 0x938, 0xd, 0x8020, 0xffffffff, 0x5, 0x0, 0x1fc, 0x6, 0x6, 0x8, 0x57b, 0x101, 0x10000, 0x6, 0x7fff, 0xfffd, 0x4, 0x30002, 0x5, 0x1, 0x2, 0x14c, 0x73a, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xca, 0xee1, 0xfffff000, 0xffff, 0x10000003, 0x7e, 0x100, 0x4, 0xa, 0x2, 0x4, 0x40000006, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xc, 0x7, 0xfffffffe, 0x6, 0x0, 0x4, 0x5, 0xb1e, 0x1, 0x220, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1.669190032s ago: executing program 3 (id=2105):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18)

1.549146112s ago: executing program 5 (id=2106):
socket$netlink(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)

1.474397919s ago: executing program 3 (id=2107):
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x2, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000002840)=ANY=[@ANYBLOB="ffffffffffff0180c20000000800460c002000680000001190780000000000004e1a00089078"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x21, 0x0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000240)='cgroup.clone_children\x00', 0x2, 0x0)
syslog(0x9, &(0x7f00000001c0), 0x0)
sendfile(r4, r4, 0x0, 0x9)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x0, 0x0)

1.271597414s ago: executing program 5 (id=2108):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000440)=[@in={0x2, 0x4e22, @private=0xa010101}]}, &(0x7f00000003c0)=0x10)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000000)=@ethtool_modinfo={0x42, 0x8000, 0x1}})
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000480)={r2, @in={{0x2, 0x0, @empty}}}, 0x90)

1.135497931s ago: executing program 5 (id=2109):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
syz_open_procfs(0x0, &(0x7f0000000000)='task\x00')
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
socket$inet6(0xa, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x40000000, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x20, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x101}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xfffffffe, 0x0, 0x8, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5}}}}]}]}, 0x70}}, 0x20040000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

1.066130182s ago: executing program 0 (id=2110):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x32}}, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r1, &(0x7f0000001b80)=[{&(0x7f0000000140)=""/95, 0x5f}], 0x1, 0x0, 0x0)

897.380459ms ago: executing program 0 (id=2111):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x4d1e, 0x4)
connect$inet(r1, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
sendto(r1, &(0x7f0000000580)="1db4d479c5faee911d50fbdf12a30d564a0e77", 0x13, 0x8094, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x44, 0x0, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000)

425.071955ms ago: executing program 4 (id=2112):
r0 = add_key$user(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x3}, &(0x7f00000003c0)="75989bd405", 0x5, 0xfffffffffffffffb)
r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f0000000540)="a40c3590", 0x4, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000005c0)={0x0, r0, r1}, 0x0, 0x0, 0x0)

193.754614ms ago: executing program 4 (id=2113):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvfrom$packet(r1, 0x0, 0x0, 0x40002120, 0x0, 0x0)

0s ago: executing program 4 (id=2114):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c00)=ANY=[@ANYBLOB="2c000000170a010800000000000000000200000009000100730000000000000005000200"], 0x2c}}, 0x0)

kernel console output (not intermixed with test programs):

[  565.083393][T11985] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  565.378445][ T5844] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  565.565772][ T5844] usb 7-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=d6.bb
[  565.588509][ T5922] usb 4-1: new low-speed USB device number 92 using dummy_hcd
[  565.593428][ T5844] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.667104][ T5844] usb 7-1: Product: syz
[  565.685237][ T5844] usb 7-1: Manufacturer: syz
[  565.697700][ T5844] usb 7-1: SerialNumber: syz
[  565.729318][ T5844] usb 7-1: config 0 descriptor??
[  565.765388][ T5844] gspca_main: sn9c2028-2.14.0 probing 0c45:8003
[  565.802396][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  565.839337][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  565.883771][ T5922] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  565.926760][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.962713][ T5844] gspca_sn9c2028: read1 error -71
[  565.973046][ T5922] usb 4-1: config 0 descriptor??
[  565.991378][ T5844] gspca_sn9c2028: read1 error -71
[  566.021637][ T5844] gspca_sn9c2028: read1 error -71
[  566.054098][ T5844] sn9c2028 7-1:0.0: probe with driver sn9c2028 failed with error -71
[  566.120650][ T5844] usb 7-1: USB disconnect, device number 2
[  566.436599][ T5922] lenovo 0003:17EF:6047.001B: unknown main item tag 0x0
[  566.482913][ T5922] lenovo 0003:17EF:6047.001B: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0
[  566.788782][T12012] vivid-000: disconnect
[  566.955393][T12017] fuse: Bad value for 'fd'
[  567.377870][T12005] vivid-000: reconnect
[  567.570987][ T5844] usb 4-1: USB disconnect, device number 92
[  567.978688][ T5921] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  568.140738][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  568.181349][ T5921] usb 7-1: New USB device found, idVendor=0711, idProduct=0920, bcdDevice=38.d2
[  568.202843][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.221468][ T5921] usb 7-1: Product: syz
[  568.231226][ T5921] usb 7-1: Manufacturer: syz
[  568.236185][ T5921] usb 7-1: SerialNumber: syz
[  568.246667][ T5921] usb 7-1: config 0 descriptor??
[  568.256666][ T5921] sisusb 7-1:0.0: Invalid USB2VGA device
[  568.271377][ T5921] sisusb 7-1:0.0: probe with driver sisusb failed with error -22
[  568.372602][T12048] hub 9-0:1.0: USB hub found
[  568.379387][T12048] hub 9-0:1.0: 1 port detected
[  568.615154][T12051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.650533][T12051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.669882][T12051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.681694][T12051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.934557][   T30] audit: type=1326 audit(1749928018.835:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  568.968381][T12051] xt_CT: No such helper "syz0"
[  568.989566][   T30] audit: type=1326 audit(1749928018.835:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  569.183750][   T30] audit: type=1326 audit(1749928018.835:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.349506][   T30] audit: type=1326 audit(1749928018.835:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.444792][   T30] audit: type=1326 audit(1749928018.835:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  569.542416][   T30] audit: type=1326 audit(1749928018.835:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.568606][ T5921] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  569.605597][   T30] audit: type=1326 audit(1749928018.835:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  569.739376][ T5921] usb 5-1: Using ep0 maxpacket: 32
[  569.740596][   T30] audit: type=1326 audit(1749928018.835:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.837720][   T30] audit: type=1326 audit(1749928018.835:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  569.867760][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  569.875446][T12076] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.1653'.
[  569.901978][   T30] audit: type=1326 audit(1749928018.835:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  569.937747][   T30] audit: type=1326 audit(1749928018.835:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.967035][   T30] audit: type=1326 audit(1749928018.835:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  569.978327][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.009123][   T30] audit: type=1326 audit(1749928018.835:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  570.038551][   T30] audit: type=1326 audit(1749928018.835:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  570.066975][   T30] audit: type=1326 audit(1749928018.835:1841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  570.143411][T12079] trusted_key: encrypted_key: insufficient parameters specified
[  570.161579][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  570.162712][   T30] audit: type=1326 audit(1749928018.835:1842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  570.202269][   T30] audit: type=1326 audit(1749928018.885:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  570.227215][   T30] audit: type=1326 audit(1749928018.885:1844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12058 comm="syz.4.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  570.373955][ T5921] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  570.476500][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.589841][ T5921] usb 5-1: config 0 descriptor??
[  571.069891][T12087] vivid-000: disconnect
[  571.166958][ T5922] usb 7-1: USB disconnect, device number 3
[  571.242662][ T5921] usbhid 5-1:0.0: can't add hid device: -71
[  571.252647][ T5921] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  571.297287][ T5921] usb 5-1: USB disconnect, device number 84
[  571.418457][ T2154] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  571.568598][ T2154] usb 4-1: Using ep0 maxpacket: 16
[  571.594097][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  571.680079][ T2154] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  571.747881][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.780287][ T2154] usb 4-1: Product: syz
[  571.784608][ T2154] usb 4-1: Manufacturer: syz
[  571.797044][ T2154] usb 4-1: SerialNumber: syz
[  571.803506][T12083] vivid-000: reconnect
[  571.828932][ T2154] usb 4-1: config 0 descriptor??
[  571.843864][ T2154] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  571.868641][ T2154] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  572.411688][ T5921] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  572.472118][ T2154] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  572.605089][ T5921] usb 7-1: unable to get BOS descriptor or descriptor too short
[  572.634252][ T5921] usb 7-1: not running at top speed; connect to a high speed hub
[  572.675960][ T5921] usb 7-1: config 4 has an invalid interface number: 147 but max is 0
[  572.696851][ T5921] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  572.714409][ T5921] usb 7-1: config 4 has no interface number 0
[  572.724525][ T5921] usb 7-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  572.751191][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.759944][ T5921] usb 7-1: Product: syz
[  572.764176][ T5921] usb 7-1: Manufacturer: syz
[  572.777217][ T5921] usb 7-1: SerialNumber: syz
[  573.031140][ T5921] usb 7-1: Found UVC 0.02 device syz (04f2:b746)
[  573.038082][ T5921] usb 7-1: No streaming interface found for terminal 6.
[  573.087751][ T5921] usb 7-1: USB disconnect, device number 4
[  573.155568][T12132] hub 9-0:1.0: USB hub found
[  573.187615][T12132] hub 9-0:1.0: 1 port detected
[  573.940046][ T2154] em28xx 4-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  573.989418][ T2154] em28xx 4-1:0.0: board has no eeprom
[  574.099323][ T2154] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  574.127932][ T2154] em28xx 4-1:0.0: dvb set to bulk mode.
[  574.175272][ T5920] em28xx 4-1:0.0: Binding DVB extension
[  574.473510][ T5920] em28xx 4-1:0.0: Registering input extension
[  574.516448][ T5921] usb 4-1: USB disconnect, device number 93
[  574.523604][ T5921] em28xx 4-1:0.0: Disconnecting em28xx
[  574.568167][ T5921] em28xx 4-1:0.0: Closing input extension
[  574.641353][ T5921] em28xx 4-1:0.0: Freeing device
[  574.906544][T12160] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1672'.
[  575.085553][T12165] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  575.295746][T12165] sctp: [Deprecated]: syz.5.1672 (pid 12165) Use of struct sctp_assoc_value in delayed_ack socket option.
[  575.295746][T12165] Use struct sctp_sack_info instead
[  575.407059][T12176] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  575.506492][T12175] vivid-000: disconnect
[  575.788378][ T5921] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  575.948625][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  575.974874][ T5921] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  576.012106][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.052151][ T5921] usb 4-1: config 0 descriptor??
[  576.087667][ T5921] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22
[  576.324048][T12168] vivid-000: reconnect
[  576.359187][T12189] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1676'.
[  578.468888][T12216] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1685'.
[  578.691485][ T5921] usb 4-1: USB disconnect, device number 94
[  578.778407][   T43] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  579.028509][   T43] usb 5-1: Using ep0 maxpacket: 32
[  579.280058][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  579.463228][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  579.514284][   T43] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  579.640695][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.841505][   T43] usb 5-1: config 0 descriptor??
[  579.915200][T12237] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1689'.
[  579.960098][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1689'.
[  580.280331][T12216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.508848][ T5922] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  581.688891][ T5922] usb 6-1: Using ep0 maxpacket: 8
[  581.731339][ T5922] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  581.751290][ T5922] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  581.817560][ T5922] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  581.848302][ T5922] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  581.914237][ T5922] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  581.960707][ T5922] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.118518][T12255] FAULT_INJECTION: forcing a failure.
[  582.118518][T12255] name failslab, interval 1, probability 0, space 0, times 0
[  582.136774][T12255] CPU: 0 UID: 0 PID: 12255 Comm: syz.0.1694 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  582.136804][T12255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  582.136821][T12255] Call Trace:
[  582.136830][T12255]  <TASK>
[  582.136839][T12255]  dump_stack_lvl+0x189/0x250
[  582.136871][T12255]  ? __pfx____ratelimit+0x10/0x10
[  582.136891][T12255]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.136910][T12255]  ? __pfx__printk+0x10/0x10
[  582.136941][T12255]  ? __pfx___might_resched+0x10/0x10
[  582.136976][T12255]  should_fail_ex+0x414/0x560
[  582.137006][T12255]  should_failslab+0xa8/0x100
[  582.137025][T12255]  kmem_cache_alloc_noprof+0x73/0x3c0
[  582.137045][T12255]  ? skb_clone+0x212/0x3a0
[  582.137065][T12255]  skb_clone+0x212/0x3a0
[  582.137084][T12255]  ? pfkey_broadcast_one+0x7d/0x360
[  582.137107][T12255]  pfkey_broadcast_one+0x9b/0x360
[  582.137125][T12255]  ? pfkey_broadcast+0x39c/0x3e0
[  582.137147][T12255]  pfkey_broadcast+0x3a9/0x3e0
[  582.137166][T12255]  ? pfkey_broadcast+0x48/0x3e0
[  582.137183][T12255]  pfkey_sendmsg+0xdd8/0x1090
[  582.137206][T12255]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  582.137239][T12255]  ? aa_sock_msg_perm+0x94/0x160
[  582.137266][T12255]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  582.137290][T12255]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  582.137310][T12255]  __sock_sendmsg+0x21c/0x270
[  582.137337][T12255]  ____sys_sendmsg+0x505/0x830
[  582.137357][T12255]  ? __pfx_____sys_sendmsg+0x10/0x10
[  582.137378][T12255]  ? import_iovec+0x74/0xa0
[  582.137400][T12255]  ___sys_sendmsg+0x21f/0x2a0
[  582.137427][T12255]  ? __pfx____sys_sendmsg+0x10/0x10
[  582.137486][T12255]  ? __fget_files+0x2a/0x420
[  582.137500][T12255]  ? __fget_files+0x3a0/0x420
[  582.137520][T12255]  __x64_sys_sendmsg+0x19b/0x260
[  582.137537][T12255]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  582.137572][T12255]  ? __pfx_ksys_write+0x10/0x10
[  582.137588][T12255]  ? rcu_is_watching+0x15/0xb0
[  582.137623][T12255]  ? do_syscall_64+0xbe/0x3b0
[  582.137642][T12255]  do_syscall_64+0xfa/0x3b0
[  582.137652][T12255]  ? lockdep_hardirqs_on+0x9c/0x150
[  582.137670][T12255]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.137682][T12255]  ? clear_bhb_loop+0x60/0xb0
[  582.137700][T12255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.137719][T12255] RIP: 0033:0x7feab038e929
[  582.137738][T12255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.137755][T12255] RSP: 002b:00007feab124e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  582.137776][T12255] RAX: ffffffffffffffda RBX: 00007feab05b5fa0 RCX: 00007feab038e929
[  582.137790][T12255] RDX: 0000000000000000 RSI: 00002000005f5000 RDI: 0000000000000003
[  582.137799][T12255] RBP: 00007feab124e090 R08: 0000000000000000 R09: 0000000000000000
[  582.137806][T12255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.137814][T12255] R13: 0000000000000000 R14: 00007feab05b5fa0 R15: 00007feab06dfa28
[  582.137832][T12255]  </TASK>
[  582.575509][ T5922] usb 6-1: GET_CAPABILITIES returned 0
[  582.587343][ T5922] usbtmc 6-1:16.0: can't read capabilities
[  582.877176][T12251] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90
[  583.163764][   T43] usbhid 5-1:0.0: can't add hid device: -71
[  583.175909][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  583.175929][   T30] audit: type=1326 audit(1749928033.075:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feab038e929 code=0x7ffc0000
[  583.177344][T12265] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  583.258598][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  583.279260][   T30] audit: type=1326 audit(1749928033.075:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feab038d290 code=0x7ffc0000
[  583.340731][ T5920] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[  583.348890][   T43] usb 5-1: USB disconnect, device number 85
[  583.397018][ T5920] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  583.433860][   T30] audit: type=1326 audit(1749928033.075:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7feab038d3df code=0x7ffc0000
[  583.463965][T12265] audit: out of memory in audit_log_start
[  583.548625][   T30] audit: type=1326 audit(1749928033.075:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7feab038e929 code=0x7ffc0000
[  583.572772][T12271] vivid-000: disconnect
[  583.648752][   T30] audit: type=1326 audit(1749928033.415:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7feab038d3df code=0x7ffc0000
[  583.756128][   T30] audit: type=1326 audit(1749928033.415:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7feab038d58a code=0x7ffc0000
[  583.895883][   T30] audit: type=1326 audit(1749928033.415:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feab038e929 code=0x7ffc0000
[  583.958573][   T30] audit: type=1326 audit(1749928033.415:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12262 comm="syz.0.1696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feab038e929 code=0x7ffc0000
[  584.252891][T12266] vivid-000: reconnect
[  584.348406][ T5929] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  584.544457][ T5929] usb 4-1: Using ep0 maxpacket: 8
[  584.634076][ T5929] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  584.654144][ T5929] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  584.678402][ T5929] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  584.707495][ T5929] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  584.743894][ T5929] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  584.766649][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.804400][ T5921] usb 6-1: USB disconnect, device number 49
[  585.076050][ T5929] usb 4-1: GET_CAPABILITIES returned 0
[  585.091174][ T5929] usbtmc 4-1:16.0: can't read capabilities
[  585.249964][   T43] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  585.329068][T12282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.344150][T12282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.529638][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  585.550516][   T43] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  585.586991][   T43] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  585.618423][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.665938][   T43] usb 5-1: config 0 descriptor??
[  585.945096][ T5921] usb 4-1: USB disconnect, device number 95
[  585.965450][T12305] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1706'.
[  586.319490][T12311] hub 9-0:1.0: USB hub found
[  586.328552][T12311] hub 9-0:1.0: 1 port detected
[  586.483306][T12314] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1708'.
[  586.558457][T12314] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1708'.
[  586.934981][T12322] vxcan1: entered promiscuous mode
[  587.208611][   T43] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  587.388614][   T43] usb 6-1: Using ep0 maxpacket: 16
[  587.441751][   T43] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  587.540147][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  587.573368][   T43] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  587.600339][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.610707][   T43] usb 6-1: Product: syz
[  587.615104][   T43] usb 6-1: Manufacturer: syz
[  587.622825][   T43] usb 6-1: SerialNumber: syz
[  587.645930][   T43] usb 6-1: config 0 descriptor??
[  587.662253][   T43] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  587.695404][   T43] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  588.265681][T12323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.278000][   T43] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  588.278824][T12323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.300572][   T43] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  588.520558][   T43] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  588.547918][T12330] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1713'.
[  588.548142][   T43] em28xx 6-1:0.0: No AC97 audio processor
[  588.649798][T12330] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1713'.
[  588.760396][   T43] usb 5-1: USB disconnect, device number 86
[  589.092432][ T5929] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  589.268608][ T5929] usb 4-1: Using ep0 maxpacket: 16
[  589.278645][   T43] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  589.279649][ T5929] usb 4-1: config 0 has an invalid interface number: 196 but max is 1
[  589.305058][ T5929] usb 4-1: config 0 has an invalid interface number: 196 but max is 1
[  589.323581][ T5929] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  589.342965][ T5929] usb 4-1: config 0 has no interface number 0
[  589.361988][ T5929] usb 4-1: config 0 interface 196 altsetting 119 endpoint 0xB has an invalid bInterval 248, changing to 11
[  589.383950][ T5929] usb 4-1: config 0 interface 196 altsetting 119 endpoint 0xD has invalid wMaxPacketSize 0
[  589.404640][ T5929] usb 4-1: config 0 interface 196 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  589.435519][ T5929] usb 4-1: config 0 interface 196 has no altsetting 0
[  589.449705][   T43] usb 5-1: Using ep0 maxpacket: 32
[  589.453042][ T5929] usb 4-1: config 0 interface 196 has no altsetting 1
[  589.461417][   T43] usb 5-1: config 0 has an invalid interface number: 111 but max is 1
[  589.480593][   T43] usb 5-1: config 0 has no interface number 1
[  589.484813][ T5929] usb 4-1: New USB device found, idVendor=0a46, idProduct=1269, bcdDevice=1a.0a
[  589.501887][   T43] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  589.506310][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.528328][ T5929] usb 4-1: Product: syz
[  589.528843][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.538374][ T5929] usb 4-1: Manufacturer: syz
[  589.545439][ T5929] usb 4-1: SerialNumber: syz
[  589.561517][ T5929] usb 4-1: config 0 descriptor??
[  589.574528][   T43] usb 5-1: Product: syz
[  589.583100][   T43] usb 5-1: Manufacturer: syz
[  589.587757][   T43] usb 5-1: SerialNumber: syz
[  589.624948][   T43] usb 5-1: config 0 descriptor??
[  589.847611][   T43] snd-usb-6fire 5-1:0.111: unable to receive device firmware state.
[  589.857088][   T43] snd-usb-6fire 5-1:0.111: probe with driver snd-usb-6fire failed with error -71
[  589.898628][   T43] usb 5-1: USB disconnect, device number 87
[  590.134443][ T2154] usb 6-1: USB disconnect, device number 50
[  590.172653][ T2154] em28xx 6-1:0.0: Disconnecting em28xx
[  590.202785][ T2154] em28xx 6-1:0.0: Freeing device
[  590.905465][T12391] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  590.938013][T12391] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  591.787703][T12407] hub 9-0:1.0: USB hub found
[  591.799381][T12407] hub 9-0:1.0: 1 port detected
[  591.888949][ T5921] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  591.984859][ T5929] dm9601 4-1:0.196: probe with driver dm9601 failed with error -22
[  592.207770][ T5929] usb 4-1: USB disconnect, device number 96
[  592.213957][ T5921] usb 7-1: Using ep0 maxpacket: 16
[  592.254353][ T5921] usb 7-1: config index 0 descriptor too short (expected 65472, got 36)
[  592.284481][ T5921] usb 7-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  592.331938][ T5921] usb 7-1: config 255 has an invalid descriptor of length 208, skipping remainder of the config
[  592.355771][ T5921] usb 7-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  592.376280][ T5921] usb 7-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[  592.401544][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.889776][ T5921] usb 7-1: string descriptor 0 read error: -71
[  592.994608][ T5921] usb 7-1: USB disconnect, device number 5
[  593.028487][ T2154] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  593.192097][ T2154] usb 4-1: Using ep0 maxpacket: 32
[  593.286893][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.322835][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  593.343326][ T2154] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  593.371147][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.420173][ T2154] usb 4-1: config 0 descriptor??
[  593.880773][T12420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  594.745517][T12449] loop8: detected capacity change from 0 to 7
[  594.772197][T12449] Dev loop8: unable to read RDB block 7
[  595.207390][T12449]  loop8: unable to read partition table
[  595.284006][T12449] loop8: partition table beyond EOD, truncated
[  595.329578][T12449] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  595.935316][   T43] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  596.101110][   T43] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  596.171669][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  596.236589][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  596.267871][   T43] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  596.447729][ T2154] usbhid 4-1:0.0: can't add hid device: -71
[  596.474854][ T2154] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  596.496532][   T43] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  596.537857][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.563765][ T2154] usb 4-1: USB disconnect, device number 97
[  596.592429][T12479] netlink: 'syz.3.1737': attribute type 4 has an invalid length.
[  596.616049][   T43] usb 6-1: config 0 descriptor??
[  596.961473][   T43] usbhid 6-1:0.0: can't add hid device: -71
[  596.967546][   T43] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  597.051389][   T43] usb 6-1: USB disconnect, device number 51
[  597.262308][T12494] hub 9-0:1.0: USB hub found
[  597.291918][T12494] hub 9-0:1.0: 1 port detected
[  597.541951][T12504] netlink: 208 bytes leftover after parsing attributes in process `syz.5.1742'.
[  598.988355][ T5929] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  599.008195][T12534] netlink: 'syz.4.1747': attribute type 6 has an invalid length.
[  599.128830][T12534] netlink: 'syz.4.1747': attribute type 16 has an invalid length.
[  599.142036][ T5929] usb 7-1: Using ep0 maxpacket: 8
[  599.155561][ T5929] usb 7-1: config 2 has an invalid interface number: 31 but max is 0
[  599.201067][T12534] netlink: 'syz.4.1747': attribute type 17 has an invalid length.
[  599.218440][ T5929] usb 7-1: config 2 has no interface number 0
[  599.278216][ T5929] usb 7-1: config 2 interface 31 has no altsetting 0
[  599.332515][ T5929] usb 7-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  599.345660][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.476723][ T5929] usb 7-1: Product: syz
[  599.491976][T12534] bridge0: port 3(batadv0) entered disabled state
[  599.499043][T12534] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.507474][T12534] bridge0: port 1(
) entered disabled state
[  599.553640][ T5929] usb 7-1: Manufacturer: syz
[  599.560043][ T5929] usb 7-1: SerialNumber: syz
[  599.599051][T12534] batman_adv: batadv0: Interface deactivated: dummy0
[  599.815056][T12534] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  600.033112][T12534] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  600.056098][T12534] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  600.094151][T12534] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  600.214244][T12534] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  600.239526][ T5929] ch9200 7-1:2.31: probe with driver ch9200 failed with error -22
[  600.258953][ T5929] usb 7-1: USB disconnect, device number 6
[  600.373736][T12544] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  601.059833][T12558] netlink: 'syz.0.1754': attribute type 33 has an invalid length.
[  601.150268][T12558] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1754'.
[  601.728397][ T5929] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  601.868651][ T5929] usb 6-1: device descriptor read/64, error -71
[  601.998611][ T5936] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  602.109576][ T5929] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  602.170137][ T5936] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  602.181251][ T5936] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  602.192461][ T5936] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  602.202026][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.210145][ T5936] usb 4-1: Product: syz
[  602.215429][ T5936] usb 4-1: Manufacturer: syz
[  602.220451][ T5936] usb 4-1: SerialNumber: syz
[  602.248558][ T5929] usb 6-1: device descriptor read/64, error -71
[  602.358409][ T5922] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  602.372092][ T5929] usb usb6-port1: attempt power cycle
[  602.440463][ T5936] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  602.462727][ T5936] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  602.480357][ T5936] usb 4-1: USB disconnect, device number 98
[  602.497031][ T5856] udevd[5856]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  602.544337][ T5922] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86
[  602.564617][ T5922] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 65535, setting to 1024
[  602.576977][ T5922] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 1024
[  602.593080][ T5922] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  602.603412][ T5922] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.632522][ T5922] usb 7-1: config 0 descriptor??
[  602.647558][T12580] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[  602.663816][ T5922] gspca_main: spca561-2.14.0 probing abcd:cdee
[  602.707386][T12585] netlink: 'syz.4.1763': attribute type 27 has an invalid length.
[  602.728645][ T5929] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  602.728711][T12585] wg1: left promiscuous mode
[  602.741730][T12585] wg1: left allmulticast mode
[  602.749788][T12585] veth1_to_hsr: left allmulticast mode
[  602.755725][ T5929] usb 6-1: device descriptor read/8, error -71
[  603.008610][ T5929] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  603.024180][T12593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.048146][ T5929] usb 6-1: device descriptor read/8, error -71
[  603.061131][T12593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  603.168974][ T5929] usb usb6-port1: unable to enumerate USB device
[  603.201762][ T5922] spca561 7-1:0.0: probe with driver spca561 failed with error -22
[  603.231860][ T5922] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  603.248357][ T5922] usb 7-1: MIDIStreaming interface descriptor not found
[  603.508852][T10385] usb 4-1: new low-speed USB device number 99 using dummy_hcd
[  603.680934][T10385] usb 4-1: unable to get BOS descriptor or descriptor too short
[  603.709578][T10385] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 512, setting to 8
[  603.726296][T10385] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  603.736570][T10385] usb 4-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  603.751439][T10385] usb 4-1: config 1 interface 0 has no altsetting 0
[  604.122483][T11616] Bluetooth: hci0: unexpected event for opcode 0x1405
[  604.567843][T12635] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1768'.
[  605.360009][T12665] program syz.5.1774 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  605.407772][ T5929] usb 7-1: USB disconnect, device number 7
[  605.769997][T12672] xt_hashlimit: size too large, truncated to 1048576
[  606.098671][ T5936] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  606.174753][T10385] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  606.197828][T10385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.264525][T10385] usb 4-1: can't set config #1, error -71
[  606.270289][ T5936] usb 5-1: Using ep0 maxpacket: 8
[  606.272953][ T5936] usb 5-1: config 0 has an invalid interface number: 79 but max is 0
[  606.317122][T10385] usb 4-1: USB disconnect, device number 99
[  606.352504][ T5936] usb 5-1: config 0 has no interface number 0
[  606.386358][ T5936] usb 5-1: New USB device found, idVendor=102c, idProduct=6251, bcdDevice=7e.68
[  606.478398][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.515356][ T5936] usb 5-1: Product: syz
[  606.537127][ T5936] usb 5-1: Manufacturer: syz
[  606.546803][ T5936] usb 5-1: SerialNumber: syz
[  606.566741][T12680] netlink: 'syz.3.1776': attribute type 9 has an invalid length.
[  606.587603][ T5936] usb 5-1: config 0 descriptor??
[  606.600175][T12680] netlink: 'syz.3.1776': attribute type 6 has an invalid length.
[  606.608602][T12680] netlink: 'syz.3.1776': attribute type 7 has an invalid length.
[  606.640625][ T5936] gspca_main: etoms-2.14.0 probing 102c:6251
[  606.698930][T12680] netlink: 'syz.3.1776': attribute type 8 has an invalid length.
[  606.712603][T12652] fuse: Bad value for 'fd'
[  606.755261][T12682] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1776'.
[  606.802238][T12680] netlink: 'syz.3.1776': attribute type 13 has an invalid length.
[  606.854565][T12682] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1776'.
[  606.945841][ T5936] usb 5-1: USB disconnect, device number 88
[  607.579278][T12696] FAULT_INJECTION: forcing a failure.
[  607.579278][T12696] name failslab, interval 1, probability 0, space 0, times 0
[  607.608421][T12696] CPU: 0 UID: 0 PID: 12696 Comm: syz.4.1780 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  607.608455][T12696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  607.608467][T12696] Call Trace:
[  607.608475][T12696]  <TASK>
[  607.608485][T12696]  dump_stack_lvl+0x189/0x250
[  607.608522][T12696]  ? __pfx____ratelimit+0x10/0x10
[  607.608551][T12696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  607.608579][T12696]  ? __pfx__printk+0x10/0x10
[  607.608601][T12696]  ? __pfx___might_resched+0x10/0x10
[  607.608634][T12696]  ? fs_reclaim_acquire+0x7d/0x100
[  607.608662][T12696]  should_fail_ex+0x414/0x560
[  607.608693][T12696]  should_failslab+0xa8/0x100
[  607.608717][T12696]  __kmalloc_noprof+0xcb/0x4f0
[  607.608735][T12696]  ? tomoyo_encode+0x28b/0x550
[  607.608765][T12696]  tomoyo_encode+0x28b/0x550
[  607.608809][T12696]  tomoyo_realpath_from_path+0x58d/0x5d0
[  607.608849][T12696]  tomoyo_check_open_permission+0x1c1/0x3b0
[  607.608878][T12696]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  607.608905][T12696]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  607.608965][T12696]  ? mnt_get_write_access+0x68/0x2a0
[  607.608993][T12696]  ? tomoyo_file_open+0x165/0x220
[  607.609027][T12696]  security_file_open+0xb1/0x270
[  607.609052][T12696]  do_dentry_open+0x35e/0x1970
[  607.609092][T12696]  vfs_open+0x3b/0x340
[  607.609116][T12696]  ? path_openat+0x2ecd/0x3830
[  607.609146][T12696]  path_openat+0x2ee5/0x3830
[  607.609169][T12696]  ? arch_stack_walk+0xfc/0x150
[  607.609226][T12696]  ? __pfx_path_openat+0x10/0x10
[  607.609251][T12696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.609294][T12696]  do_filp_open+0x1fa/0x410
[  607.609319][T12696]  ? __lock_acquire+0xab9/0xd20
[  607.609345][T12696]  ? __pfx_do_filp_open+0x10/0x10
[  607.609398][T12696]  ? _raw_spin_unlock+0x28/0x50
[  607.609421][T12696]  ? alloc_fd+0x64c/0x6c0
[  607.609455][T12696]  do_sys_openat2+0x121/0x1c0
[  607.609484][T12696]  ? __pfx_do_sys_openat2+0x10/0x10
[  607.609508][T12696]  ? ksys_write+0x22a/0x250
[  607.609532][T12696]  ? __pfx_ksys_write+0x10/0x10
[  607.609548][T12696]  ? rcu_is_watching+0x15/0xb0
[  607.609579][T12696]  __x64_sys_openat+0x138/0x170
[  607.609612][T12696]  do_syscall_64+0xfa/0x3b0
[  607.609631][T12696]  ? lockdep_hardirqs_on+0x9c/0x150
[  607.609657][T12696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.609674][T12696]  ? clear_bhb_loop+0x60/0xb0
[  607.609700][T12696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.609719][T12696] RIP: 0033:0x7fb62478e929
[  607.609737][T12696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.609753][T12696] RSP: 002b:00007fb625571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  607.609785][T12696] RAX: ffffffffffffffda RBX: 00007fb6249b6080 RCX: 00007fb62478e929
[  607.609799][T12696] RDX: 00000000000c6002 RSI: 0000200000001000 RDI: ffffffffffffff9c
[  607.609812][T12696] RBP: 00007fb625571090 R08: 0000000000000000 R09: 0000000000000000
[  607.609824][T12696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  607.609835][T12696] R13: 0000000000000001 R14: 00007fb6249b6080 R15: 00007fb624adfa28
[  607.609866][T12696]  </TASK>
[  607.610034][T12696] ERROR: Out of memory at tomoyo_realpath_from_path.
[  608.347136][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  608.347152][   T30] audit: type=1800 audit(1749928058.235:1898): pid=12696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1780" name="/" dev="fuse" ino=1 res=0 errno=0
[  608.710521][   T30] audit: type=1326 audit(1749928058.615:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  608.822927][   T30] audit: type=1326 audit(1749928058.645:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  608.864344][   T30] audit: type=1326 audit(1749928058.645:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  608.952456][   T30] audit: type=1326 audit(1749928058.645:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  609.019107][   T30] audit: type=1326 audit(1749928058.645:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  609.084370][   T30] audit: type=1326 audit(1749928058.645:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  609.143291][   T30] audit: type=1326 audit(1749928058.645:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  609.334036][   T30] audit: type=1326 audit(1749928058.645:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  609.429652][   T30] audit: type=1326 audit(1749928058.645:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12704 comm="syz.4.1783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  609.596071][T12703] sch_fq: defrate 0 ignored.
[  609.771987][T12723] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1789'.
[  609.798676][T12723] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1789'.
[  610.148592][T10385] usb 4-1: new low-speed USB device number 100 using dummy_hcd
[  610.301109][T10385] usb 4-1: unable to get BOS descriptor or descriptor too short
[  610.364428][T10385] usb 4-1: config 7 has an invalid interface number: 67 but max is 0
[  610.418837][T10385] usb 4-1: config 7 has no interface number 0
[  610.467587][T10385] usb 4-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  610.593453][T10385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.605385][T12750] FAULT_INJECTION: forcing a failure.
[  610.605385][T12750] name failslab, interval 1, probability 0, space 0, times 0
[  610.605450][T12750] CPU: 1 UID: 0 PID: 12750 Comm: syz.0.1798 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  610.605467][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  610.605475][T12750] Call Trace:
[  610.605481][T12750]  <TASK>
[  610.605486][T12750]  dump_stack_lvl+0x189/0x250
[  610.605511][T12750]  ? __pfx____ratelimit+0x10/0x10
[  610.605538][T12750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.605558][T12750]  ? __pfx__printk+0x10/0x10
[  610.605577][T12750]  ? __pfx___might_resched+0x10/0x10
[  610.605595][T12750]  ? fs_reclaim_acquire+0x7d/0x100
[  610.605614][T12750]  should_fail_ex+0x414/0x560
[  610.605634][T12750]  should_failslab+0xa8/0x100
[  610.605649][T12750]  __kmalloc_cache_noprof+0x70/0x3d0
[  610.605661][T12750]  ? drm_atomic_state_alloc+0xa9/0x100
[  610.605684][T12750]  drm_atomic_state_alloc+0xa9/0x100
[  610.605705][T12750]  drm_client_modeset_commit_atomic+0xe2/0x760
[  610.605726][T12750]  ? rcu_is_watching+0x15/0xb0
[  610.605748][T12750]  ? __mutex_lock+0x330/0xe80
[  610.605762][T12750]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  610.605800][T12750]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  610.605828][T12750]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  610.605851][T12750]  drm_fb_helper_pan_display+0x3e7/0xbd0
[  610.605876][T12750]  fb_pan_display+0x39b/0x680
[  610.605889][T12750]  ? __pfx_drm_fb_helper_pan_display+0x10/0x10
[  610.605908][T12750]  bit_update_start+0x4d/0x1e0
[  610.605923][T12750]  fbcon_modechanged+0xc3b/0x13a0
[  610.605950][T12750]  do_fb_ioctl+0x6fd/0x750
[  610.605968][T12750]  ? __pfx_do_fb_ioctl+0x10/0x10
[  610.606009][T12750]  ? __fget_files+0x2a/0x420
[  610.606026][T12750]  ? __fget_files+0x3a0/0x420
[  610.606039][T12750]  ? __fget_files+0x2a/0x420
[  610.606056][T12750]  ? bpf_lsm_file_ioctl+0x9/0x20
[  610.606075][T12750]  ? __pfx_fb_ioctl+0x10/0x10
[  610.606089][T12750]  __se_sys_ioctl+0xf9/0x170
[  610.606110][T12750]  do_syscall_64+0xfa/0x3b0
[  610.606120][T12750]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.606138][T12750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.606151][T12750]  ? clear_bhb_loop+0x60/0xb0
[  610.606166][T12750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.606178][T12750] RIP: 0033:0x7feab038e929
[  610.606190][T12750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.606201][T12750] RSP: 002b:00007feab124e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  610.606216][T12750] RAX: ffffffffffffffda RBX: 00007feab05b5fa0 RCX: 00007feab038e929
[  610.606225][T12750] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  610.606233][T12750] RBP: 00007feab124e090 R08: 0000000000000000 R09: 0000000000000000
[  610.606241][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  610.606248][T12750] R13: 0000000000000000 R14: 00007feab05b5fa0 R15: 00007feab06dfa28
[  610.606268][T12750]  </TASK>
[  610.666260][T10385] usb 4-1: Product: 㯑
[  610.918617][ T5936] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  610.996922][T10385] usb 4-1: USB disconnect, device number 100
[  611.068344][ T5936] usb 6-1: Using ep0 maxpacket: 8
[  611.075404][ T5936] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  611.075437][ T5936] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  611.075454][ T5936] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  611.075469][ T5936] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  611.075497][ T5936] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  611.075511][ T5936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.304859][ T5936] usb 6-1: GET_CAPABILITIES returned 0
[  611.304893][ T5936] usbtmc 6-1:16.0: can't read capabilities
[  611.689223][T12765] fuse: Bad value for 'fd'
[  612.744371][T12774] loop8: detected capacity change from 0 to 16384
[  613.248996][T12777] loop8: detected capacity change from 16384 to 16320
[  613.458851][T10385] usb 4-1: new full-speed USB device number 101 using dummy_hcd
[  613.478547][   T30] kauditd_printk_skb: 46 callbacks suppressed
[  613.478570][   T30] audit: type=1326 audit(1749928063.375:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  613.507091][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.654975][T10385] usb 4-1: device descriptor read/64, error -71
[  613.726444][ T5936] usb 6-1: USB disconnect, device number 56
[  613.797799][   T30] audit: type=1326 audit(1749928063.375:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  614.000641][T10385] usb 4-1: new full-speed USB device number 102 using dummy_hcd
[  614.194981][T10385] usb 4-1: device descriptor read/64, error -71
[  614.358724][T10385] usb usb4-port1: attempt power cycle
[  614.408307][   T30] audit: type=1326 audit(1749928063.375:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  614.798699][   T30] audit: type=1326 audit(1749928063.375:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  614.886715][T10385] usb 4-1: new full-speed USB device number 103 using dummy_hcd
[  614.922058][   T30] audit: type=1326 audit(1749928063.375:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  614.968328][T10385] usb 4-1: device descriptor read/8, error -71
[  615.001673][   T30] audit: type=1326 audit(1749928063.375:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  615.155255][   T30] audit: type=1326 audit(1749928063.415:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  615.325723][T10385] usb 4-1: new full-speed USB device number 104 using dummy_hcd
[  615.361582][T10385] usb 4-1: device descriptor read/8, error -71
[  615.422758][   T30] audit: type=1326 audit(1749928063.415:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb62472ab19 code=0x7ffc0000
[  615.502584][T10385] usb usb4-port1: unable to enumerate USB device
[  615.538643][   T30] audit: type=1326 audit(1749928063.415:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  615.602772][   T30] audit: type=1326 audit(1749928063.415:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.4.1806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb62478e929 code=0x7ffc0000
[  616.340799][T12805] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  616.471617][T12808] FAULT_INJECTION: forcing a failure.
[  616.471617][T12808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  616.519872][T12808] CPU: 1 UID: 0 PID: 12808 Comm: syz.3.1815 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  616.519904][T12808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  616.519916][T12808] Call Trace:
[  616.519925][T12808]  <TASK>
[  616.519921][T12809] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1814'.
[  616.519935][T12808]  dump_stack_lvl+0x189/0x250
[  616.519970][T12808]  ? __pfx____ratelimit+0x10/0x10
[  616.519996][T12808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  616.520023][T12808]  ? __pfx__printk+0x10/0x10
[  616.520055][T12808]  should_fail_ex+0x414/0x560
[  616.520084][T12808]  _copy_to_user+0x31/0xb0
[  616.520106][T12808]  simple_read_from_buffer+0xe1/0x170
[  616.520130][T12808]  proc_fail_nth_read+0x1df/0x250
[  616.520154][T12808]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  616.520179][T12808]  ? rw_verify_area+0x258/0x650
[  616.520205][T12808]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  616.520228][T12808]  vfs_read+0x1fd/0x980
[  616.520260][T12808]  ? __pfx___mutex_lock+0x10/0x10
[  616.520279][T12808]  ? __pfx_vfs_read+0x10/0x10
[  616.520307][T12808]  ? __fget_files+0x2a/0x420
[  616.520331][T12808]  ? __fget_files+0x3a0/0x420
[  616.520350][T12808]  ? __fget_files+0x2a/0x420
[  616.520378][T12808]  ksys_read+0x145/0x250
[  616.520417][T12808]  ? __pfx_ksys_read+0x10/0x10
[  616.520441][T12808]  ? rcu_is_watching+0x15/0xb0
[  616.520473][T12808]  ? do_syscall_64+0xbe/0x3b0
[  616.520494][T12808]  do_syscall_64+0xfa/0x3b0
[  616.520510][T12808]  ? lockdep_hardirqs_on+0x9c/0x150
[  616.520535][T12808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.520554][T12808]  ? clear_bhb_loop+0x60/0xb0
[  616.520577][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.520595][T12808] RIP: 0033:0x7f9899b8d33c
[  616.520613][T12808] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  616.520629][T12808] RSP: 002b:00007f989aaa4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  616.520650][T12808] RAX: ffffffffffffffda RBX: 00007f9899db5fa0 RCX: 00007f9899b8d33c
[  616.520664][T12808] RDX: 000000000000000f RSI: 00007f989aaa40a0 RDI: 0000000000000004
[  616.520676][T12808] RBP: 00007f989aaa4090 R08: 0000000000000000 R09: 0000000000000000
[  616.520687][T12808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  616.520699][T12808] R13: 0000000000000000 R14: 00007f9899db5fa0 R15: 00007f9899edfa28
[  616.520738][T12808]  </TASK>
[  616.806108][T12809] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1814'.
[  616.938346][ T5929] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  617.098771][ T5929] usb 7-1: Using ep0 maxpacket: 32
[  617.241810][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.338353][T10385] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  617.368096][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.378836][ T5929] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  617.387935][ T5929] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.409053][ T5929] usb 7-1: config 0 descriptor??
[  617.489301][T10385] usb 4-1: device descriptor read/64, error -71
[  617.788404][T10385] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  617.847495][T12806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  617.918503][T10385] usb 4-1: device descriptor read/64, error -71
[  618.111307][T10385] usb usb4-port1: attempt power cycle
[  618.468532][T10385] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  618.499003][T10385] usb 4-1: device descriptor read/8, error -71
[  618.800041][T10385] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  618.875527][T10385] usb 4-1: device descriptor read/8, error -71
[  618.878638][ T5936] usb 6-1: new full-speed USB device number 57 using dummy_hcd
[  619.005554][T10385] usb usb4-port1: unable to enumerate USB device
[  619.039897][ T5936] usb 6-1: not running at top speed; connect to a high speed hub
[  619.049525][ T5936] usb 6-1: config 95 has an invalid interface number: 1 but max is 0
[  619.057808][ T5936] usb 6-1: config 95 has no interface number 0
[  619.250289][ T5936] usb 6-1: config 95 interface 1 has no altsetting 0
[  619.264877][ T5936] usb 6-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f
[  619.302381][ T5936] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.329765][ T5936] usb 6-1: Product: syz
[  619.334224][ T5936] usb 6-1: Manufacturer: syz
[  619.354932][ T5936] usb 6-1: SerialNumber: syz
[  619.544078][ T5929] usbhid 7-1:0.0: can't add hid device: -71
[  619.557149][ T5929] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  619.616435][ T5929] usb 7-1: USB disconnect, device number 8
[  619.998347][T10385] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  620.086898][ T5936] usb 6-1: USB disconnect, device number 57
[  620.172380][T10385] usb 5-1: Using ep0 maxpacket: 16
[  620.229079][T10385] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  620.244240][ T5856] udevd[5856]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  620.281023][T10385] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.322780][T10385] usb 5-1: config 0 descriptor??
[  620.352573][T10385] gspca_main: sonixj-2.14.0 probing 0471:0327
[  620.534105][T12838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.569544][T12838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.764392][T12853] netlink: 'syz.0.1827': attribute type 27 has an invalid length.
[  620.886914][T12853] sit0: left promiscuous mode
[  621.418062][T12861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  621.539976][T12861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  621.928488][ T5921] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  622.048605][T10385] gspca_sonixj: reg_r err -110
[  622.053548][T10385] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  622.466993][T12853] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  622.522782][T12853] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  622.569001][ T5921] usb 7-1: Using ep0 maxpacket: 16
[  622.584850][ T5921] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  622.594608][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.614170][ T5921] usb 7-1: Product: syz
[  622.621180][ T5921] usb 7-1: Manufacturer: syz
[  622.638495][ T5921] usb 7-1: SerialNumber: syz
[  622.653536][ T5921] usb 7-1: config 0 descriptor??
[  622.734336][T12853] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  622.749612][T12853] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  622.765182][T12853] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  622.775864][T12853] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  622.795697][T12853] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  622.827137][T12853] vlan2: left allmulticast mode
[  622.834976][T12853] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  622.847651][T12853] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  622.857955][T12853] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  622.867367][T12853] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  622.876552][T12853] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  622.895457][T12853] vxlan0: left promiscuous mode
[  623.106166][ T5921] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  623.132597][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  623.156115][T10385] usb 5-1: USB disconnect, device number 89
[  623.176986][ T5921] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  623.197000][ T5921] usb 7-1: media controller created
[  623.269939][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  623.412619][ T5921] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  623.438293][ T5921] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  623.557979][T12883] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0
[  623.572687][T12883] batman_adv: batadv0: Adding interface: ip6gretap0
[  623.579603][T12883] batman_adv: batadv0: The MTU of interface ip6gretap0 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  623.627917][T12883] batman_adv: batadv0: Interface activated: ip6gretap0
[  623.978755][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  623.978780][   T30] audit: type=1326 audit(1749928073.855:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.007498][    C0] vkms_vblank_simulate: vblank timer overrun
[  624.022497][   T30] audit: type=1326 audit(1749928073.855:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.049794][   T30] audit: type=1326 audit(1749928073.855:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.072251][    C0] vkms_vblank_simulate: vblank timer overrun
[  624.134210][   T30] audit: type=1326 audit(1749928073.855:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.156698][    C0] vkms_vblank_simulate: vblank timer overrun
[  624.318678][T12891] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1839'.
[  624.328109][   T30] audit: type=1326 audit(1749928073.855:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.410509][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.417014][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  624.513394][   T30] audit: type=1326 audit(1749928073.855:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.690029][   T30] audit: type=1326 audit(1749928073.855:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.803765][   T30] audit: type=1326 audit(1749928073.855:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.903864][   T30] audit: type=1326 audit(1749928073.855:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  624.974475][   T30] audit: type=1326 audit(1749928073.855:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12884 comm="syz.5.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6eb8f8e929 code=0x7fc00000
[  625.467538][T10385] usb 7-1: USB disconnect, device number 9
[  625.577819][T10385] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  626.077432][T12917] netlink: 'syz.0.1838': attribute type 21 has an invalid length.
[  626.105735][T12916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1845'.
[  626.116386][T12916] netlink: 'syz.6.1845': attribute type 3 has an invalid length.
[  626.131677][T12916] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1845'.
[  626.249241][T12921] FAULT_INJECTION: forcing a failure.
[  626.249241][T12921] name failslab, interval 1, probability 0, space 0, times 0
[  626.315799][T12921] CPU: 1 UID: 0 PID: 12921 Comm: syz.6.1847 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  626.315833][T12921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  626.315846][T12921] Call Trace:
[  626.315854][T12921]  <TASK>
[  626.315864][T12921]  dump_stack_lvl+0x189/0x250
[  626.315903][T12921]  ? __pfx____ratelimit+0x10/0x10
[  626.315934][T12921]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.315967][T12921]  ? __pfx__printk+0x10/0x10
[  626.315998][T12921]  ? __pfx___might_resched+0x10/0x10
[  626.316028][T12921]  ? fs_reclaim_acquire+0x7d/0x100
[  626.316060][T12921]  should_fail_ex+0x414/0x560
[  626.316094][T12921]  should_failslab+0xa8/0x100
[  626.316119][T12921]  __kmalloc_noprof+0xcb/0x4f0
[  626.316139][T12921]  ? security_sk_alloc+0x52/0x390
[  626.316166][T12921]  security_sk_alloc+0x52/0x390
[  626.316192][T12921]  sk_prot_alloc+0x101/0x220
[  626.316223][T12921]  sk_alloc+0x3a/0x370
[  626.316255][T12921]  inet_create+0x76b/0x1000
[  626.316281][T12921]  ? inet_create+0x97/0x1000
[  626.316316][T12921]  __sock_create+0x4b3/0x9f0
[  626.316350][T12921]  udp_sock_create4+0xbe/0x4b0
[  626.316376][T12921]  ? __pfx_udp_sock_create4+0x10/0x10
[  626.316405][T12921]  ? wg_socket_init+0x162/0xa60
[  626.316442][T12921]  wg_socket_init+0x4e5/0xa60
[  626.316473][T12921]  ? wg_socket_init+0x162/0xa60
[  626.316504][T12921]  ? __pfx_wg_socket_init+0x10/0x10
[  626.316533][T12921]  ? trace_contention_end+0x39/0x120
[  626.316556][T12921]  ? __pfx_wg_receive+0x10/0x10
[  626.316591][T12921]  ? __lock_acquire+0xab9/0xd20
[  626.316635][T12921]  ? lockdep_hardirqs_on+0x9c/0x150
[  626.316671][T12921]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  626.316704][T12921]  ? wg_set_device+0x736/0x1fe0
[  626.316737][T12921]  wg_set_device+0x7f8/0x1fe0
[  626.316776][T12921]  ? __pfx___nla_validate_parse+0x10/0x10
[  626.316806][T12921]  ? __pfx_wg_set_device+0x10/0x10
[  626.316868][T12921]  ? __nla_parse+0x40/0x60
[  626.316903][T12921]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  626.316944][T12921]  genl_family_rcv_msg_doit+0x212/0x300
[  626.316985][T12921]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  626.317032][T12921]  ? bpf_lsm_capable+0x9/0x20
[  626.317051][T12921]  ? security_capable+0x7e/0x2e0
[  626.317086][T12921]  genl_rcv_msg+0x60e/0x790
[  626.317125][T12921]  ? __pfx_genl_rcv_msg+0x10/0x10
[  626.317152][T12921]  ? ref_tracker_free+0x63a/0x7d0
[  626.317178][T12921]  ? __pfx_wg_set_device+0x10/0x10
[  626.317204][T12921]  ? __pfx_ref_tracker_free+0x10/0x10
[  626.317245][T12921]  netlink_rcv_skb+0x205/0x470
[  626.317272][T12921]  ? __pfx_genl_rcv_msg+0x10/0x10
[  626.317312][T12921]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  626.317358][T12921]  ? down_read+0x1ad/0x2e0
[  626.317385][T12921]  genl_rcv+0x28/0x40
[  626.317413][T12921]  netlink_unicast+0x758/0x8d0
[  626.317449][T12921]  netlink_sendmsg+0x805/0xb30
[  626.317488][T12921]  ? __pfx_netlink_sendmsg+0x10/0x10
[  626.317518][T12921]  ? aa_sock_msg_perm+0x94/0x160
[  626.317547][T12921]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  626.317572][T12921]  ? __pfx_netlink_sendmsg+0x10/0x10
[  626.317599][T12921]  __sock_sendmsg+0x21c/0x270
[  626.317636][T12921]  ____sys_sendmsg+0x505/0x830
[  626.317670][T12921]  ? __pfx_____sys_sendmsg+0x10/0x10
[  626.317710][T12921]  ? import_iovec+0x74/0xa0
[  626.317738][T12921]  ___sys_sendmsg+0x21f/0x2a0
[  626.317768][T12921]  ? __pfx____sys_sendmsg+0x10/0x10
[  626.317841][T12921]  ? __fget_files+0x2a/0x420
[  626.317864][T12921]  ? __fget_files+0x3a0/0x420
[  626.317901][T12921]  __x64_sys_sendmsg+0x19b/0x260
[  626.317932][T12921]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  626.317971][T12921]  ? __pfx_ksys_write+0x10/0x10
[  626.317989][T12921]  ? rcu_is_watching+0x15/0xb0
[  626.318027][T12921]  ? do_syscall_64+0xbe/0x3b0
[  626.318051][T12921]  do_syscall_64+0xfa/0x3b0
[  626.318069][T12921]  ? lockdep_hardirqs_on+0x9c/0x150
[  626.318097][T12921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.318119][T12921]  ? clear_bhb_loop+0x60/0xb0
[  626.318145][T12921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.318165][T12921] RIP: 0033:0x7f3240f8e929
[  626.318186][T12921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.318204][T12921] RSP: 002b:00007f3241eb8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  626.318227][T12921] RAX: ffffffffffffffda RBX: 00007f32411b5fa0 RCX: 00007f3240f8e929
[  626.318242][T12921] RDX: 00000000000400a0 RSI: 0000200000000340 RDI: 0000000000000003
[  626.318255][T12921] RBP: 00007f3241eb8090 R08: 0000000000000000 R09: 0000000000000000
[  626.318267][T12921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  626.318279][T12921] R13: 0000000000000000 R14: 00007f32411b5fa0 R15: 00007f32412dfa28
[  626.318317][T12921]  </TASK>
[  626.953991][T12921] wireguard: wg1: Could not create IPv4 socket
[  627.209077][T12925] ip6gre1: entered allmulticast mode
[  627.235034][T12909] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1842'.
[  628.463368][T12964] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1856'.
[  628.992183][   T30] kauditd_printk_skb: 480 callbacks suppressed
[  628.992204][   T30] audit: type=1326 audit(1749928078.895:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.078320][   T30] audit: type=1326 audit(1749928078.895:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.180397][   T30] audit: type=1326 audit(1749928078.895:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.287963][   T30] audit: type=1326 audit(1749928078.925:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.498538][   T30] audit: type=1326 audit(1749928078.925:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.529055][   T43] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  629.553375][T12969] netlink: 'syz.4.1859': attribute type 11 has an invalid length.
[  629.649590][   T30] audit: type=1326 audit(1749928078.925:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.722201][   T30] audit: type=1326 audit(1749928078.925:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.722558][   T43] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  629.838341][T10385] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  629.841966][   T30] audit: type=1326 audit(1749928078.925:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.871378][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.890734][   T43] usb 4-1: Product: syz
[  629.894979][   T43] usb 4-1: Manufacturer: syz
[  629.920462][   T43] usb 4-1: SerialNumber: syz
[  629.932717][   T43] usb 4-1: config 0 descriptor??
[  629.937969][   T30] audit: type=1326 audit(1749928078.925:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  629.977794][   T30] audit: type=1326 audit(1749928078.925:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.5.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6eb8f2ab19 code=0x7ffc0000
[  630.016298][T10385] usb 5-1: Using ep0 maxpacket: 32
[  630.038604][T10385] usb 5-1: config 64 has an invalid interface number: 162 but max is 0
[  630.053205][T10385] usb 5-1: config 64 has no interface number 0
[  630.080908][T10385] usb 5-1: New USB device found, idVendor=0413, idProduct=6a05, bcdDevice=58.fc
[  630.098473][T10385] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.124812][T10385] usb 5-1: Product: syz
[  630.133288][T10385] usb 5-1: Manufacturer: syz
[  630.137928][T10385] usb 5-1: SerialNumber: syz
[  630.280934][ T5921] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  630.426105][T10385] usb 5-1: USB disconnect, device number 90
[  630.456943][ T5921] usb 7-1: config 0 has no interfaces?
[  630.466403][ T5921] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  630.496265][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.517296][ T5921] usb 7-1: Product: syz
[  630.532123][ T5921] usb 7-1: Manufacturer: syz
[  630.551533][ T5921] usb 7-1: SerialNumber: syz
[  630.580687][ T5921] usb 7-1: config 0 descriptor??
[  631.206057][   T43] usb 4-1: f81604_read: reg: 100e failed: -EPROTO
[  631.275745][   T43] usb 4-1: f81604_read: reg: 200f failed: -EPROTO
[  631.317487][   T43] usb 4-1: USB disconnect, device number 109
[  631.389704][   T43] usb 4-1: f81604_read: reg: 100f failed: -ENODEV
[  631.534679][T12993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1865'.
[  631.548213][ T5501] usb 4-1: f81604_read: reg: 200f failed: -ENODEV
[  631.579378][ T5501] usb 4-1: f81604_read: reg: 200f failed: -ENODEV
[  631.587708][T12993] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  631.621243][   T43] usb 4-1: f81604_read: reg: 200f failed: -ENODEV
[  631.622290][T12993] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  632.400434][   T43] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  632.568756][   T43] usb 4-1: Using ep0 maxpacket: 16
[  632.603588][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  632.626810][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  632.761832][   T43] usb 4-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[  632.793659][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.834240][   T43] usb 4-1: config 0 descriptor??
[  633.069506][ T5920] usb 7-1: USB disconnect, device number 10
[  634.142541][ T5920] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  634.188353][   T43] zeroplus 0003:0C12:0030.001D: hidraw0: USB HID v0.00 Device [HID 0c12:0030] on usb-dummy_hcd.3-1/input0
[  634.202156][T13026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.207049][   T43] zeroplus 0003:0C12:0030.001D: no inputs found
[  634.281592][T13026] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.295309][   T43] usb 4-1: USB disconnect, device number 110
[  634.371166][ T5920] usb 7-1: config 7 has an invalid interface number: 252 but max is 0
[  634.380343][ T5920] usb 7-1: config 7 has no interface number 0
[  634.386917][ T5920] usb 7-1: config 7 interface 252 has no altsetting 0
[  634.442055][ T5920] usb 7-1: string descriptor 0 read error: -22
[  634.443298][T13027] fido_id[13027]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  634.448856][ T5920] usb 7-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  634.517191][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.958599][ T5921] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  635.254982][T13047] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  635.529704][ T5920] usb 7-1: USB disconnect, device number 11
[  635.633296][ T5921] usb 6-1: config 0 has no interfaces?
[  635.667866][ T5921] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  635.683800][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.694031][ T5921] usb 6-1: Product: syz
[  635.698939][ T5921] usb 6-1: Manufacturer: syz
[  635.704550][ T5921] usb 6-1: SerialNumber: syz
[  635.726129][ T5921] usb 6-1: config 0 descriptor??
[  636.439444][T13033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.449014][T13033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.602406][ T5921] usb 6-1: USB disconnect, device number 58
[  638.686817][T13072] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1883'.
[  638.824269][T13079] hub 9-0:1.0: USB hub found
[  638.829353][T13079] hub 9-0:1.0: 1 port detected
[  639.153741][T13086] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1887'.
[  640.098745][T13100] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1894'.
[  640.138163][T13100] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1894'.
[  640.519509][T13108] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma?
[  641.039070][T10385] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  641.065155][T13123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1901'.
[  641.238479][T10385] usb 5-1: Using ep0 maxpacket: 16
[  641.486302][T10385] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  641.565503][T10385] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  641.713407][T10385] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  641.804143][T10385] usb 5-1: config 1 interface 0 has no altsetting 0
[  641.930040][T10385] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  641.966715][T10385] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.008334][ T5921] usb 4-1: new full-speed USB device number 111 using dummy_hcd
[  642.080322][T10385] usb 5-1: Product: syz
[  642.084553][T10385] usb 5-1: Manufacturer: syz
[  642.090512][T10385] usb 5-1: SerialNumber: syz
[  642.218391][ T5921] usb 4-1: device descriptor read/64, error -71
[  642.323156][T10385] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 91 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  642.473888][ T5921] usb 4-1: new full-speed USB device number 112 using dummy_hcd
[  642.858296][ T5921] usb 4-1: device descriptor read/64, error -71
[  643.077569][ T5921] usb usb4-port1: attempt power cycle
[  643.310978][T10385] usb 5-1: USB disconnect, device number 91
[  643.608626][ T5921] usb 4-1: new full-speed USB device number 113 using dummy_hcd
[  643.648384][ T5921] usb 4-1: device descriptor read/8, error -71
[  643.928393][ T5921] usb 4-1: new full-speed USB device number 114 using dummy_hcd
[  644.132396][T13146] netlink: 'syz.6.1905': attribute type 6 has an invalid length.
[  644.143444][T13146] netlink: 'syz.6.1905': attribute type 16 has an invalid length.
[  644.152401][T13146] netlink: 'syz.6.1905': attribute type 17 has an invalid length.
[  644.458017][T13146] bridge0: port 2(bridge_slave_1) entered disabled state
[  644.465563][T13146] bridge0: port 1(bridge_slave_0) entered disabled state
[  644.848064][T13146] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  644.861863][T13146] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  645.115947][T13114] usblp0: removed
[  645.146480][ T5921] usb 4-1: device descriptor read/8, error -71
[  645.243632][T13146] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  645.258912][ T5921] usb usb4-port1: unable to enumerate USB device
[  645.278420][T13146] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  645.306094][T13146] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  645.334628][T13146] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  645.566487][T13159] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1908'.
[  645.668776][ T5921] usb 4-1: new low-speed USB device number 115 using dummy_hcd
[  645.891388][ T5921] usb 4-1: config 7 has an invalid interface number: 252 but max is 0
[  645.918987][ T5921] usb 4-1: config 7 has no interface number 0
[  645.925158][ T5921] usb 4-1: config 7 interface 252 has no altsetting 0
[  645.938953][   T43] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  645.955892][ T5921] usb 4-1: string descriptor 0 read error: -22
[  645.968497][ T5921] usb 4-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  645.977593][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.118651][   T43] usb 5-1: Using ep0 maxpacket: 8
[  646.141438][   T43] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  646.175218][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  646.248422][ T5920] usb 4-1: USB disconnect, device number 115
[  646.266978][   T43] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  646.359423][   T43] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  646.464732][   T43] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  646.488720][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.724909][   T43] usb 5-1: GET_CAPABILITIES returned 0
[  646.741577][   T43] usbtmc 5-1:16.0: can't read capabilities
[  646.917195][T13187] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  646.988450][   T43] usb 5-1: USB disconnect, device number 92
[  647.153736][T13193] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1921'.
[  647.171684][T13193] fuse: Bad value for 'rootmode'
[  647.785081][T13198] input: syz0 as /devices/virtual/input/input40
[  647.798082][T13199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1923'.
[  647.947601][T13204] FAULT_INJECTION: forcing a failure.
[  647.947601][T13204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  647.961445][T13204] CPU: 1 UID: 0 PID: 13204 Comm: syz.3.1925 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  647.961464][T13204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.961472][T13204] Call Trace:
[  647.961477][T13204]  <TASK>
[  647.961483][T13204]  dump_stack_lvl+0x189/0x250
[  647.961508][T13204]  ? __pfx____ratelimit+0x10/0x10
[  647.961527][T13204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.961547][T13204]  ? __pfx__printk+0x10/0x10
[  647.961568][T13204]  should_fail_ex+0x414/0x560
[  647.961588][T13204]  _copy_to_user+0x31/0xb0
[  647.961602][T13204]  simple_read_from_buffer+0xe1/0x170
[  647.961618][T13204]  proc_fail_nth_read+0x1df/0x250
[  647.961635][T13204]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  647.961652][T13204]  ? rw_verify_area+0x258/0x650
[  647.961671][T13204]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  647.961687][T13204]  vfs_read+0x1fd/0x980
[  647.961709][T13204]  ? __pfx___mutex_lock+0x10/0x10
[  647.961722][T13204]  ? __pfx_vfs_read+0x10/0x10
[  647.961742][T13204]  ? __fget_files+0x2a/0x420
[  647.961759][T13204]  ? __fget_files+0x3a0/0x420
[  647.961771][T13204]  ? __fget_files+0x2a/0x420
[  647.961790][T13204]  ksys_read+0x145/0x250
[  647.961800][T13204]  ? __fget_files+0x3a0/0x420
[  647.961814][T13204]  ? __pfx_ksys_read+0x10/0x10
[  647.961836][T13204]  ? do_syscall_64+0xbe/0x3b0
[  647.961850][T13204]  do_syscall_64+0xfa/0x3b0
[  647.961860][T13204]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.961878][T13204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.961890][T13204]  ? clear_bhb_loop+0x60/0xb0
[  647.961905][T13204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.961917][T13204] RIP: 0033:0x7f9899b8d33c
[  647.961929][T13204] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  647.961940][T13204] RSP: 002b:00007f989aaa4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  647.961955][T13204] RAX: ffffffffffffffda RBX: 00007f9899db5fa0 RCX: 00007f9899b8d33c
[  647.961964][T13204] RDX: 000000000000000f RSI: 00007f989aaa40a0 RDI: 0000000000000005
[  647.961972][T13204] RBP: 00007f989aaa4090 R08: 0000000000000000 R09: 0000000000000000
[  647.961979][T13204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.961987][T13204] R13: 0000000000000000 R14: 00007f9899db5fa0 R15: 00007f9899edfa28
[  647.962006][T13204]  </TASK>
[  648.278401][ T5920] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  648.498464][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  648.507942][ T5920] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  648.519370][ T5920] usb 5-1: New USB device found, idVendor=644f, idProduct=008e, bcdDevice=e0.b8
[  648.528846][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.542556][ T5920] usb 5-1: Product: syz
[  648.546826][ T5920] usb 5-1: Manufacturer: syz
[  648.552153][ T5920] usb 5-1: SerialNumber: syz
[  648.564067][ T5920] usb 5-1: config 0 descriptor??
[  649.455173][T13220] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  649.508532][ T5929] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[  649.670411][ T5929] usb 7-1: config 7 has an invalid interface number: 252 but max is 0
[  649.679139][ T5929] usb 7-1: config 7 has no interface number 0
[  649.685289][ T5929] usb 7-1: config 7 interface 252 has no altsetting 0
[  649.695278][ T5929] usb 7-1: string descriptor 0 read error: -22
[  649.701886][ T5929] usb 7-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0
[  649.712173][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.937763][ T5920] usb 7-1: USB disconnect, device number 12
[  650.345881][T13232] geneve2: entered promiscuous mode
[  650.683691][ T5920] usb 5-1: USB disconnect, device number 93
[  651.703680][T13250] netlink: 'syz.0.1939': attribute type 27 has an invalid length.
[  652.250673][T13252] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  652.731000][ T5920] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  652.807499][T13265] No such timeout policy "syz0"
[  652.888364][ T5920] usb 7-1: Using ep0 maxpacket: 32
[  652.906671][ T5920] usb 7-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=e0.b8
[  652.921250][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.965257][ T5920] usb 7-1: Product: syz
[  652.988525][ T5920] usb 7-1: Manufacturer: syz
[  653.004076][ T5920] usb 7-1: SerialNumber: syz
[  653.034020][ T5920] usb 7-1: config 0 descriptor??
[  653.055242][ T5920] empeg 7-1:0.0: empeg converter detected
[  653.072665][ T5920] usb 7-1: active config #0 != 1 ??
[  653.271065][T13256] input: syz1 as /devices/virtual/input/input41
[  653.346753][ T5920] usb 7-1: USB disconnect, device number 13
[  653.537000][T13278] fuse: Bad value for 'user_id'
[  653.542998][T13278] fuse: Bad value for 'user_id'
[  654.096164][T13289] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1955'.
[  654.217137][T13293] fuse: Bad value for 'group_id'
[  654.239855][T13293] fuse: Bad value for 'group_id'
[  654.526977][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.559415][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.599184][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.683221][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.775267][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.860025][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.942741][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  654.993777][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  655.055334][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1959'.
[  655.128859][ T5922] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  655.288401][ T5922] usb 4-1: device descriptor read/64, error -71
[  655.305021][   T30] kauditd_printk_skb: 979 callbacks suppressed
[  655.305042][   T30] audit: type=1326 audit(1749928105.205:3465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.367468][   T30] audit: type=1326 audit(1749928105.205:3466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.398421][   T30] audit: type=1326 audit(1749928105.205:3467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.476407][   T30] audit: type=1326 audit(1749928105.205:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.551303][   T30] audit: type=1326 audit(1749928105.205:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.578390][ T5922] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  655.618313][   T30] audit: type=1326 audit(1749928105.205:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.713870][T13319] netlink: 'syz.6.1965': attribute type 4 has an invalid length.
[  655.718821][   T30] audit: type=1326 audit(1749928105.205:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.748702][ T5922] usb 4-1: device descriptor read/64, error -71
[  655.798391][   T30] audit: type=1326 audit(1749928105.205:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.851662][   T30] audit: type=1326 audit(1749928105.205:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.889445][ T5922] usb usb4-port1: attempt power cycle
[  655.926666][   T30] audit: type=1326 audit(1749928105.205:3474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13312 comm="syz.0.1962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feab032ab19 code=0x7ffc0000
[  655.967822][T13324] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.975173][T13324] bridge0: port 1() entered disabled state
[  656.038503][   T43] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[  656.124583][T13324] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.248446][ T5922] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  656.388851][   T43] usb 5-1: config 0 has an invalid interface number: 147 but max is 0
[  656.407443][   T43] usb 5-1: config 0 has no interface number 0
[  656.741108][   T43] usb 5-1: config 0 interface 147 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  656.755227][   T43] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.03
[  656.764725][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.775363][T13324] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  656.785343][   T43] usb 5-1: Product: syz
[  656.799402][   T43] usb 5-1: Manufacturer: syz
[  656.812922][   T43] usb 5-1: SerialNumber: syz
[  656.821374][ T5922] usb 4-1: device descriptor read/8, error -71
[  656.844217][   T43] usb 5-1: config 0 descriptor??
[  656.857006][T13322] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  656.922787][   T43] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  657.066091][   T59] usb 5-1: Failed to submit usb control message: -71
[  657.078326][ T5922] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  657.080103][   T43] usb 5-1: USB disconnect, device number 94
[  657.098681][   T59] usb 5-1: unable to send the bmi data to the device: -71
[  657.099156][ T5922] usb 4-1: device descriptor read/8, error -71
[  657.112238][   T59] usb 5-1: unable to get target info from device
[  657.122000][   T59] usb 5-1: could not get target info (-71)
[  657.128022][T13324] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  657.128192][   T59] usb 5-1: could not probe fw (-71)
[  657.140342][T13324] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  657.152663][T13324] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  657.161725][T13324] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  657.221266][ T5922] usb usb4-port1: unable to enumerate USB device
[  658.438607][ T5922] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  658.478607][T10385] usb 5-1: new full-speed USB device number 95 using dummy_hcd
[  658.608599][ T5922] usb 4-1: Using ep0 maxpacket: 32
[  658.620389][ T5922] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.635475][ T5922] usb 4-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  658.651317][ T5922] usb 4-1: config 0 interface 0 has no altsetting 0
[  658.659050][T10385] usb 5-1: config 201 has an invalid interface number: 249 but max is 0
[  658.667594][ T5922] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  658.677180][T10385] usb 5-1: config 201 has no interface number 0
[  658.683865][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.692375][T10385] usb 5-1: config 201 interface 249 altsetting 4 has an endpoint descriptor with address 0xF1, changing to 0x81
[  658.706347][T10385] usb 5-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  658.719276][ T5922] usb 4-1: config 0 descriptor??
[  658.724752][T10385] usb 5-1: config 201 interface 249 altsetting 4 endpoint 0x82 has invalid maxpacket 8208, setting to 64
[  658.737008][T10385] usb 5-1: config 201 interface 249 has no altsetting 0
[  658.753654][T10385] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  658.763163][T10385] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.771415][T10385] usb 5-1: Product: syz
[  658.775956][T10385] usb 5-1: Manufacturer: syz
[  658.781043][T10385] usb 5-1: SerialNumber: syz
[  659.097942][T10385] ath6kl: Failed to submit usb control message: -71
[  659.108359][T10385] ath6kl: unable to send the bmi data to the device: -71
[  659.118639][T10385] ath6kl: Unable to send get target info: -71
[  659.141302][T10385] ath6kl: Failed to init ath6kl core: -71
[  659.160135][T10385] ath6kl_usb 5-1:201.249: probe with driver ath6kl_usb failed with error -71
[  659.220605][ T5922] wacom 0003:056A:0094.001E: Using device in hidraw-only mode
[  659.241806][T10385] usb 5-1: USB disconnect, device number 95
[  659.254806][ T5922] wacom 0003:056A:0094.001E: hidraw0: USB HID v0.05 Device [HID 056a:0094] on usb-dummy_hcd.3-1/input0
[  659.968347][T10385] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  660.308364][T10385] usb 5-1: device descriptor read/64, error -71
[  660.549421][T10385] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  660.709623][T10385] usb 5-1: device descriptor read/64, error -71
[  660.818615][T10385] usb usb5-port1: attempt power cycle
[  661.084602][   T43] usb 4-1: USB disconnect, device number 120
[  661.179119][T10385] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  661.221456][T10385] usb 5-1: device descriptor read/8, error -71
[  661.480080][T10385] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  661.520091][T10385] usb 5-1: device descriptor read/8, error -71
[  661.638924][T10385] usb usb5-port1: unable to enumerate USB device
[  662.218124][T13418] netlink: 'syz.5.2000': attribute type 27 has an invalid length.
[  662.230716][T13418] wg1: left promiscuous mode
[  662.235448][T13418] wg1: left allmulticast mode
[  662.266406][T13418] bridge2: left promiscuous mode
[  662.341251][T13418] vlan2: left allmulticast mode
[  662.354912][T13418] netdevsim netdevsim5 netdevsim0: left allmulticast mode
[  662.371314][T13418] geneve2: left promiscuous mode
[  662.684371][T13433] netlink: 'syz.5.2004': attribute type 1 has an invalid length.
[  662.793533][T13437] __nla_validate_parse: 78 callbacks suppressed
[  662.793548][T13437] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2004'.
[  663.036154][T13433] 8021q: adding VLAN 0 to HW filter on device bond1
[  663.969293][T10385] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  664.144606][T10385] usb 7-1: config 0 has no interfaces?
[  664.156660][T10385] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  664.171557][T10385] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.192724][T13462] sctp: [Deprecated]: syz.0.2011 (pid 13462) Use of int in max_burst socket option.
[  664.192724][T13462] Use struct sctp_assoc_value instead
[  664.208514][T10385] usb 7-1: Product: syz
[  664.212707][T10385] usb 7-1: Manufacturer: syz
[  664.217307][T10385] usb 7-1: SerialNumber: syz
[  664.300461][T10385] usb 7-1: config 0 descriptor??
[  664.552807][T13456] pimreg: entered allmulticast mode
[  665.596506][T13480] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2016'.
[  665.950371][ T5920] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  666.120009][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  666.138740][ T5920] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  666.168600][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  666.641336][ T5920] usb 5-1: New USB device found, idVendor=0058, idProduct=5011, bcdDevice= 0.00
[  666.664941][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.692555][ T5920] usb 5-1: config 0 descriptor??
[  666.755201][ T5920] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  667.110165][ T5920] usb 7-1: USB disconnect, device number 14
[  667.189488][T13497] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2020'.
[  667.648722][ T5920] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  667.823972][ T5920] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  667.864473][ T5920] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  667.878547][   T30] kauditd_printk_skb: 206 callbacks suppressed
[  667.878562][   T30] audit: type=1326 audit(1749928117.785:3681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  667.954867][   T30] audit: type=1326 audit(1749928117.785:3682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  667.977785][ T5920] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  668.028479][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.057093][   T30] audit: type=1326 audit(1749928117.785:3683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.144557][ T5920] usb 7-1: config 0 descriptor??
[  668.226226][   T30] audit: type=1326 audit(1749928117.785:3684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.296515][   T30] audit: type=1326 audit(1749928117.785:3685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.347784][   T30] audit: type=1326 audit(1749928117.785:3686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.475272][   T30] audit: type=1326 audit(1749928117.815:3687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.619515][   T30] audit: type=1326 audit(1749928117.815:3688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9899b8e929 code=0x7ffc0000
[  668.648418][   T30] audit: type=1326 audit(1749928117.815:3689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9899b2ab19 code=0x7ffc0000
[  668.678375][   T30] audit: type=1326 audit(1749928117.815:3690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13517 comm="syz.3.2027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9899b8e929 code=0x7ffc0000
[  668.742571][ T5922] usb 5-1: USB disconnect, device number 100
[  668.810872][T13527] bridge2: entered allmulticast mode
[  671.125469][ T5920] usb 7-1: USB disconnect, device number 15
[  671.568417][ T5920] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  671.741178][ T5920] usb 7-1: config 0 has no interfaces?
[  671.749635][ T5920] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  671.789301][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.826895][ T5920] usb 7-1: config 0 descriptor??
[  672.088937][ T5922] usb 7-1: USB disconnect, device number 16
[  672.248373][ T5920] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  672.422735][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  672.429778][ T5920] usb 5-1: no configurations
[  672.434430][ T5920] usb 5-1: can't read configurations, error -22
[  672.565914][T13583] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2043'.
[  672.575694][ T5920] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  672.758538][   T43] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  672.778409][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  672.785076][ T5920] usb 5-1: no configurations
[  672.790298][ T5920] usb 5-1: can't read configurations, error -22
[  672.797914][ T5920] usb usb5-port1: attempt power cycle
[  672.893743][T13586] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.902120][ T5929] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  672.921874][   T43] usb 4-1: New USB device found, idVendor=046d, idProduct=08b4, bcdDevice= e.32
[  672.931214][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.944412][   T43] usb 4-1: Product: syz
[  672.953292][   T43] usb 4-1: Manufacturer: syz
[  672.958016][   T43] usb 4-1: SerialNumber: syz
[  672.967191][   T43] usb 4-1: config 0 descriptor??
[  672.985563][   T43] pwc: Logitech QuickCam Zoom (new model) USB webcam detected.
[  673.108697][ T5929] usb 6-1: Using ep0 maxpacket: 32
[  673.155533][ T5920] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  673.178027][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  673.190053][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  673.191258][T13581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  673.200226][ T5929] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  673.200258][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.203013][ T5929] usb 6-1: config 0 descriptor??
[  673.242706][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  673.252462][T13581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  673.279561][ T5920] usb 5-1: no configurations
[  673.296528][ T5920] usb 5-1: can't read configurations, error -22
[  673.460606][ T5920] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  673.499485][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  673.505667][ T5920] usb 5-1: no configurations
[  673.511623][ T5920] usb 5-1: can't read configurations, error -22
[  673.528034][ T5920] usb usb5-port1: unable to enumerate USB device
[  673.654722][T13583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  673.711373][ T2154] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  673.898607][ T2154] usb 7-1: Using ep0 maxpacket: 32
[  673.940097][ T2154] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  673.948787][ T2154] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  673.965936][ T2154] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  673.975799][ T2154] usb 7-1: config 1 has no interface number 0
[  673.982698][ T2154] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 54, changing to 9
[  674.006342][   T43] pwc: Failed to set LED on/off time (-71)
[  674.014776][ T2154] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 24580, setting to 1024
[  674.026495][   T43] pwc: send_video_command error -71
[  674.032542][   T43] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  674.040436][ T2154] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  674.054297][   T43] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  674.097136][ T2154] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  674.110237][   T43] usb 4-1: USB disconnect, device number 121
[  674.116436][ T2154] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.173511][ T2154] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  674.510872][ T2154] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[  674.926629][ T5922] usb 7-1: USB disconnect, device number 17
[  674.937406][ T5922] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  675.291511][T13600] FAULT_INJECTION: forcing a failure.
[  675.291511][T13600] name failslab, interval 1, probability 0, space 0, times 0
[  675.335921][T13604] netlink: 'syz.0.2052': attribute type 6 has an invalid length.
[  675.344514][T13600] CPU: 0 UID: 0 PID: 13600 Comm: syz.3.2050 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  675.344544][T13600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  675.344557][T13600] Call Trace:
[  675.344565][T13600]  <TASK>
[  675.344575][T13600]  dump_stack_lvl+0x189/0x250
[  675.344618][T13600]  ? __pfx____ratelimit+0x10/0x10
[  675.344648][T13600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.344680][T13600]  ? __pfx__printk+0x10/0x10
[  675.344718][T13600]  should_fail_ex+0x414/0x560
[  675.344750][T13600]  should_failslab+0xa8/0x100
[  675.344774][T13600]  kmem_cache_alloc_noprof+0x73/0x3c0
[  675.344805][T13600]  ? skb_clone+0x212/0x3a0
[  675.344837][T13600]  skb_clone+0x212/0x3a0
[  675.344869][T13600]  __netlink_deliver_tap+0x404/0x850
[  675.344906][T13600]  ? netlink_deliver_tap+0x2e/0x1b0
[  675.344932][T13600]  netlink_deliver_tap+0x19c/0x1b0
[  675.344958][T13600]  netlink_sendskb+0x68/0x140
[  675.344991][T13600]  netlink_rcv_skb+0x28c/0x470
[  675.345016][T13600]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  675.345040][T13600]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  675.345079][T13600]  ? netlink_deliver_tap+0x2e/0x1b0
[  675.345102][T13600]  ? netlink_deliver_tap+0x2e/0x1b0
[  675.345132][T13600]  netlink_unicast+0x758/0x8d0
[  675.345166][T13600]  netlink_sendmsg+0x805/0xb30
[  675.345201][T13600]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.345231][T13600]  ? aa_sock_msg_perm+0x94/0x160
[  675.345260][T13600]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  675.345286][T13600]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.345312][T13600]  __sock_sendmsg+0x21c/0x270
[  675.345347][T13600]  ____sys_sendmsg+0x505/0x830
[  675.345380][T13600]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.345417][T13600]  ? import_iovec+0x74/0xa0
[  675.345442][T13600]  ___sys_sendmsg+0x21f/0x2a0
[  675.345471][T13600]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.345540][T13600]  ? __fget_files+0x2a/0x420
[  675.345562][T13600]  ? __fget_files+0x3a0/0x420
[  675.345597][T13600]  __x64_sys_sendmsg+0x19b/0x260
[  675.345627][T13600]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  675.345664][T13600]  ? __pfx_ksys_write+0x10/0x10
[  675.345680][T13600]  ? rcu_is_watching+0x15/0xb0
[  675.345717][T13600]  ? do_syscall_64+0xbe/0x3b0
[  675.345741][T13600]  do_syscall_64+0xfa/0x3b0
[  675.345758][T13600]  ? lockdep_hardirqs_on+0x9c/0x150
[  675.345786][T13600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.345806][T13600]  ? clear_bhb_loop+0x60/0xb0
[  675.345831][T13600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.345851][T13600] RIP: 0033:0x7f9899b8e929
[  675.345871][T13600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.345889][T13600] RSP: 002b:00007f989aaa4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  675.345912][T13600] RAX: ffffffffffffffda RBX: 00007f9899db5fa0 RCX: 00007f9899b8e929
[  675.345927][T13600] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  675.345941][T13600] RBP: 00007f989aaa4090 R08: 0000000000000000 R09: 0000000000000000
[  675.345953][T13600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.345966][T13600] R13: 0000000000000000 R14: 00007f9899db5fa0 R15: 00007f9899edfa28
[  675.346007][T13600]  </TASK>
[  675.665037][T13604] netlink: 'syz.0.2052': attribute type 16 has an invalid length.
[  675.673173][T13604] netlink: 'syz.0.2052': attribute type 17 has an invalid length.
[  675.836325][ T5929] usbhid 6-1:0.0: can't add hid device: -71
[  675.842458][ T5929] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  675.859503][ T5929] usb 6-1: USB disconnect, device number 60
[  676.738485][   T43] usb 6-1: new full-speed USB device number 61 using dummy_hcd
[  676.897044][T13641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.923875][   T43] usb 6-1: unable to get BOS descriptor or descriptor too short
[  676.938102][   T43] usb 6-1: not running at top speed; connect to a high speed hub
[  676.951628][   T43] usb 6-1: config 7 has an invalid interface number: 180 but max is 0
[  676.970040][   T43] usb 6-1: config 7 has no interface number 0
[  676.979196][T13641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.994879][   T43] usb 6-1: config 7 interface 180 has no altsetting 0
[  677.016705][T13641] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2062'.
[  677.027470][T13648] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2065'.
[  677.046321][   T43] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=3c.f2
[  677.056407][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.065089][   T43] usb 6-1: Product: syz
[  677.070572][   T43] usb 6-1: Manufacturer: ᆊ罾柵枨톐㉁띎뼱瑲ほ웒ຘ䭡듺늿=ሬ㻔㬚遧畾헍⹙雐羚⨁ᗩ堓툭ጃ㾋יⅤ㩩層ᗼ揣꘣㐌룋瀂商羹띀ꇶ䭌溩桳ꠈ줖伟핶⥦珅囧唵뮺㼑鍢嫥㗓뙼凳鼫俧拌᱓践
[  677.096198][   T43] usb 6-1: SerialNumber: syz
[  677.148589][ T5929] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  677.203020][   T30] kauditd_printk_skb: 152 callbacks suppressed
[  677.203040][   T30] audit: type=1326 audit(1749928127.105:3843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3240f8e929 code=0x7ffc0000
[  677.244230][   T30] audit: type=1326 audit(1749928127.105:3844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.305926][   T30] audit: type=1326 audit(1749928127.105:3845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.328870][ T5929] usb 4-1: Using ep0 maxpacket: 16
[  677.334660][   T43] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  677.338669][   T30] audit: type=1326 audit(1749928127.105:3846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.364326][ T5929] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  677.375636][ T5929] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  677.375768][   T43] gspca_topro: reg_w err -71
[  677.385282][   T30] audit: type=1326 audit(1749928127.115:3847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.428443][ T5929] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  677.447877][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.468263][ T5929] usb 4-1: Product: syz
[  677.476679][ T5929] usb 4-1: Manufacturer: syz
[  677.486258][ T5929] usb 4-1: SerialNumber: syz
[  677.507115][   T30] audit: type=1326 audit(1749928127.115:3848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.558972][   T43] gspca_topro: Sensor soi763a
[  677.614060][   T43] usb 6-1: USB disconnect, device number 61
[  677.635025][   T30] audit: type=1326 audit(1749928127.115:3849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.704711][ T5929] usb 4-1: cannot find UAC_HEADER
[  677.732638][   T30] audit: type=1326 audit(1749928127.115:3850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.816412][   T30] audit: type=1326 audit(1749928127.115:3851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.863215][ T5929] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  677.910426][ T5929] usb 4-1: USB disconnect, device number 122
[  677.948407][   T30] audit: type=1326 audit(1749928127.115:3852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13651 comm="syz.6.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3240f2ab19 code=0x7ffc0000
[  677.982409][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  678.016990][T13656] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2067'.
[  678.428339][   T43] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  678.495533][ T5922] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  678.558174][T13669] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2071'.
[  678.567385][T13669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2071'.
[  678.592632][T13669] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  678.602024][T13669] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  678.610896][T13669] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  678.619725][T13669] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  678.688719][ T5922] usb 7-1: Using ep0 maxpacket: 16
[  678.698770][ T5922] usb 7-1: config 0 has an invalid interface number: 214 but max is 0
[  678.707172][ T5922] usb 7-1: config 0 has no interface number 0
[  678.716350][ T5922] usb 7-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  678.745014][ T5922] usb 7-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  678.757571][ T5922] usb 7-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  678.765814][ T5922] usb 7-1: Manufacturer: syz
[  678.775881][ T5922] usb 7-1: SerialNumber: syz
[  678.786578][ T5922] usb 7-1: config 0 descriptor??
[  678.928783][   T43] usb 6-1: Using ep0 maxpacket: 8
[  678.954206][   T43] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  678.968861][   T43] usb 6-1: config 179 has no interface number 0
[  678.975301][   T43] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  678.986637][   T43] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  679.038010][ T5922] usbtouchscreen 7-1:0.214: Failed to read FW rev: -71
[  679.058178][ T5922] usbtouchscreen 7-1:0.214: probe with driver usbtouchscreen failed with error -71
[  679.080042][ T5922] usb 7-1: USB disconnect, device number 18
[  679.084858][   T43] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 20, changing to 8
[  679.341631][   T43] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 57696, setting to 1024
[  679.359502][   T43] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  679.408174][   T43] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  679.436123][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.488802][T13658] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  679.723532][   T43] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input43
[  679.913520][T13658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.949005][T13658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.300377][T13658] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2068'.
[  680.377976][T13658] openvswitch: netlink: Flow key attr not present in new flow.
[  680.430447][T13677] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2072'.
[  680.535523][   T43] usb 6-1: USB disconnect, device number 62
[  680.535571][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  680.535602][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  680.570947][   T43] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  680.782806][ T5929] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  680.856177][T13685] ip6gre2: entered promiscuous mode
[  680.864972][T13685] ip6gre2: entered allmulticast mode
[  680.948790][ T5929] usb 7-1: Using ep0 maxpacket: 32
[  680.984327][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  681.014158][ T5929] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  681.092269][ T5929] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  681.205730][ T5929] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.256123][ T5929] usb 7-1: config 0 descriptor??
[  681.261508][ T5922] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  681.262972][T13698] kernel profiling enabled (shift: 63)
[  681.293206][T13698] profiling shift: 63 too large
[  681.478365][ T5922] usb 5-1: Using ep0 maxpacket: 16
[  681.530652][ T5922] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  681.571524][ T5922] usb 5-1: config 1 has no interface number 0
[  681.577823][ T5922] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  681.603240][ T5922] usb 5-1: config 1 interface 105 has no altsetting 0
[  681.621175][ T5922] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  681.635137][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.644115][ T5922] usb 5-1: Product: syz
[  681.649250][ T5922] usb 5-1: Manufacturer: syz
[  681.653995][ T5922] usb 5-1: SerialNumber: syz
[  681.664315][T13690] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  681.753301][T13677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  681.941570][ T5922] aqc111 5-1:1.105: probe with driver aqc111 failed with error -22
[  683.779731][ T5929] usbhid 7-1:0.0: can't add hid device: -71
[  683.805273][ T5929] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  683.831297][ T5929] usb 7-1: USB disconnect, device number 19
[  684.047963][   T43] usb 5-1: USB disconnect, device number 105
[  684.994166][T13762] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0
[  685.144790][T13764] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2106'.
[  685.458516][ T5922] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  685.628505][ T5922] usb 4-1: Using ep0 maxpacket: 32
[  685.636046][ T5922] usb 4-1: config 0 interface 0 has no altsetting 0
[  685.652446][ T5922] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  685.666368][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.682967][ T5922] usb 4-1: Product: syz
[  685.687365][ T5922] usb 4-1: Manufacturer: syz
[  685.712454][ T5922] usb 4-1: SerialNumber: syz
[  685.743904][ T5922] usb 4-1: config 0 descriptor??
[  685.789037][ T5929] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  685.839252][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  685.845644][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  685.968352][ T5929] usb 6-1: Using ep0 maxpacket: 16
[  686.091204][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.148797][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.169057][ T5929] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  686.188771][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.224053][ T5929] usb 6-1: config 0 descriptor??
[  686.452869][T13770] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2109'.
[  686.462131][T13770] netlink: 'syz.5.2109': attribute type 7 has an invalid length.
[  686.478063][T13770] netlink: 'syz.5.2109': attribute type 8 has an invalid length.
[  686.502898][T13770] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2109'.
[  686.536605][T13770] team0: entered promiscuous mode
[  686.566674][T13770] team_slave_0: entered promiscuous mode
[  686.582900][T13770] team_slave_1: entered promiscuous mode
[  686.596880][T13770] vlan2: entered promiscuous mode
[  686.607419][T13770] 
[  686.609794][T13770] ======================================================
[  686.616868][T13770] WARNING: possible circular locking dependency detected
[  686.623915][T13770] 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 Not tainted
[  686.631054][T13770] ------------------------------------------------------
[  686.638097][T13770] syz.5.2109/13770 is trying to acquire lock:
[  686.644209][T13770] ffff88802981cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_set_promiscuity+0x10e/0x260
[  686.654750][T13770] 
[  686.654750][T13770] but task is already holding lock:
[  686.662147][T13770] ffff88805a17ce00 (team->team_lock_key#4){+.+.}-{4:4}, at: team_change_rx_flags+0x38/0x220
[  686.672329][T13770] 
[  686.672329][T13770] which lock already depends on the new lock.
[  686.672329][T13770] 
[  686.682762][T13770] 
[  686.682762][T13770] the existing dependency chain (in reverse order) is:
[  686.691813][T13770] 
[  686.691813][T13770] -> #1 (team->team_lock_key#4){+.+.}-{4:4}:
[  686.700015][T13770]        lock_acquire+0x120/0x360
[  686.705147][T13770]        __mutex_lock+0x182/0xe80
[  686.710185][T13770]        team_device_event+0x182/0xa20
[  686.715654][T13770]        notifier_call_chain+0x1b3/0x3e0
[  686.721301][T13770]        dev_close_many+0x29c/0x410
[  686.726513][T13770]        vlan_device_event+0x1748/0x1d00
[  686.732156][T13770]        notifier_call_chain+0x1b3/0x3e0
[  686.737806][T13770]        __dev_notify_flags+0x18d/0x2e0
[  686.743365][T13770]        netif_change_flags+0xe8/0x1a0
[  686.748839][T13770]        do_setlink+0xc55/0x41c0
[  686.753794][T13770]        rtnl_newlink+0x149f/0x1c70
[  686.759003][T13770]        rtnetlink_rcv_msg+0x7cf/0xb70
[  686.764475][T13770]        netlink_rcv_skb+0x205/0x470
[  686.769793][T13770]        netlink_unicast+0x758/0x8d0
[  686.775087][T13770]        netlink_sendmsg+0x805/0xb30
[  686.780385][T13770]        __sock_sendmsg+0x21c/0x270
[  686.785604][T13770]        ____sys_sendmsg+0x505/0x830
[  686.790901][T13770]        ___sys_sendmsg+0x21f/0x2a0
[  686.796110][T13770]        __x64_sys_sendmsg+0x19b/0x260
[  686.801582][T13770]        do_syscall_64+0xfa/0x3b0
[  686.806616][T13770]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.813042][T13770] 
[  686.813042][T13770] -> #0 (&dev_instance_lock_key#20){+.+.}-{4:4}:
[  686.821587][T13770]        validate_chain+0xb9b/0x2140
[  686.826883][T13770]        __lock_acquire+0xab9/0xd20
[  686.832092][T13770]        lock_acquire+0x120/0x360
[  686.837150][T13770]        __mutex_lock+0x182/0xe80
[  686.842206][T13770]        dev_set_promiscuity+0x10e/0x260
[  686.847861][T13770]        __dev_set_promiscuity+0x531/0x740
[  686.853689][T13770]        netif_set_promiscuity+0x50/0xe0
[  686.859427][T13770]        dev_set_promiscuity+0x126/0x260
[  686.865069][T13770]        team_change_rx_flags+0x123/0x220
[  686.870802][T13770]        __dev_set_promiscuity+0x531/0x740
[  686.876617][T13770]        netif_set_promiscuity+0x50/0xe0
[  686.882259][T13770]        dev_set_promiscuity+0x126/0x260
[  686.887901][T13770]        hsr_add_port+0x549/0x890
[  686.892942][T13770]        hsr_dev_finalize+0x685/0xaa0
[  686.898324][T13770]        hsr_newlink+0x7d7/0x940
[  686.903312][T13770]        rtnl_newlink_create+0x310/0xb00
[  686.908971][T13770]        rtnl_newlink+0x16d6/0x1c70
[  686.914184][T13770]        rtnetlink_rcv_msg+0x7cf/0xb70
[  686.919726][T13770]        netlink_rcv_skb+0x205/0x470
[  686.925058][T13770]        netlink_unicast+0x758/0x8d0
[  686.930366][T13770]        netlink_sendmsg+0x805/0xb30
[  686.935676][T13770]        __sock_sendmsg+0x21c/0x270
[  686.940903][T13770]        ____sys_sendmsg+0x505/0x830
[  686.946204][T13770]        ___sys_sendmsg+0x21f/0x2a0
[  686.951412][T13770]        __x64_sys_sendmsg+0x19b/0x260
[  686.956888][T13770]        do_syscall_64+0xfa/0x3b0
[  686.961931][T13770]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.968358][T13770] 
[  686.968358][T13770] other info that might help us debug this:
[  686.968358][T13770] 
[  686.978596][T13770]  Possible unsafe locking scenario:
[  686.978596][T13770] 
[  686.986051][T13770]        CPU0                    CPU1
[  686.991420][T13770]        ----                    ----
[  686.996794][T13770]   lock(team->team_lock_key#4);
[  687.001753][T13770]                                lock(&dev_instance_lock_key#20);
[  687.009588][T13770]                                lock(team->team_lock_key#4);
[  687.017069][T13770]   lock(&dev_instance_lock_key#20);
[  687.022378][T13770] 
[  687.022378][T13770]  *** DEADLOCK ***
[  687.022378][T13770] 
[  687.030529][T13770] 3 locks held by syz.5.2109/13770:
[  687.035738][T13770]  #0: ffffffff8fa324b0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  687.045264][T13770]  #1: ffffffff8f50fe08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  687.054333][T13770]  #2: ffff88805a17ce00 (team->team_lock_key#4){+.+.}-{4:4}, at: team_change_rx_flags+0x38/0x220
[  687.064895][T13770] 
[  687.064895][T13770] stack backtrace:
[  687.070796][T13770] CPU: 0 UID: 0 PID: 13770 Comm: syz.5.2109 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  687.070817][T13770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  687.070828][T13770] Call Trace:
[  687.070834][T13770]  <TASK>
[  687.070841][T13770]  dump_stack_lvl+0x189/0x250
[  687.070870][T13770]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.070893][T13770]  ? __pfx__printk+0x10/0x10
[  687.070910][T13770]  ? print_lock_name+0xde/0x100
[  687.070927][T13770]  print_circular_bug+0x2ee/0x310
[  687.070944][T13770]  check_noncircular+0x134/0x160
[  687.070962][T13770]  validate_chain+0xb9b/0x2140
[  687.070977][T13770]  ? console_unlock+0x21b/0x270
[  687.070992][T13770]  ? __pfx_console_unlock+0x10/0x10
[  687.071008][T13770]  ? irq_work_queue+0xbc/0x140
[  687.071032][T13770]  __lock_acquire+0xab9/0xd20
[  687.071056][T13770]  ? dev_set_promiscuity+0x10e/0x260
[  687.071074][T13770]  lock_acquire+0x120/0x360
[  687.071095][T13770]  ? dev_set_promiscuity+0x10e/0x260
[  687.071116][T13770]  __mutex_lock+0x182/0xe80
[  687.071130][T13770]  ? dev_set_promiscuity+0x10e/0x260
[  687.071151][T13770]  ? dev_set_promiscuity+0x10e/0x260
[  687.071169][T13770]  ? __pfx___mutex_lock+0x10/0x10
[  687.071182][T13770]  ? netdev_info+0x10a/0x160
[  687.071202][T13770]  ? __pfx_netdev_info+0x10/0x10
[  687.071221][T13770]  ? do_raw_spin_lock+0x121/0x290
[  687.071240][T13770]  dev_set_promiscuity+0x10e/0x260
[  687.071259][T13770]  ? __pfx_vlan_dev_change_rx_flags+0x10/0x10
[  687.071280][T13770]  __dev_set_promiscuity+0x531/0x740
[  687.071299][T13770]  ? do_raw_spin_unlock+0x122/0x240
[  687.071318][T13770]  netif_set_promiscuity+0x50/0xe0
[  687.071337][T13770]  dev_set_promiscuity+0x126/0x260
[  687.071356][T13770]  team_change_rx_flags+0x123/0x220
[  687.071381][T13770]  ? __pfx_team_change_rx_flags+0x10/0x10
[  687.071404][T13770]  __dev_set_promiscuity+0x531/0x740
[  687.071424][T13770]  netif_set_promiscuity+0x50/0xe0
[  687.071443][T13770]  dev_set_promiscuity+0x126/0x260
[  687.071463][T13770]  hsr_add_port+0x549/0x890
[  687.071487][T13770]  hsr_dev_finalize+0x685/0xaa0
[  687.071509][T13770]  hsr_newlink+0x7d7/0x940
[  687.071530][T13770]  ? validate_linkmsg+0x765/0x950
[  687.071553][T13770]  ? __pfx_hsr_newlink+0x10/0x10
[  687.071574][T13770]  ? __pfx_hsr_newlink+0x10/0x10
[  687.071595][T13770]  rtnl_newlink_create+0x310/0xb00
[  687.071615][T13770]  ? __pfx_aa_get_newest_label+0x10/0x10
[  687.071636][T13770]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  687.071654][T13770]  ? rtnl_newlink+0x8db/0x1c70
[  687.071671][T13770]  ? __pfx___mutex_lock+0x10/0x10
[  687.071687][T13770]  ? ns_capable+0x8a/0xf0
[  687.071711][T13770]  rtnl_newlink+0x16d6/0x1c70
[  687.071731][T13770]  ? __pfx_rtnl_newlink+0x10/0x10
[  687.071750][T13770]  ? __lock_acquire+0xab9/0xd20
[  687.071780][T13770]  ? __lock_acquire+0xab9/0xd20
[  687.071808][T13770]  ? is_bpf_text_address+0x26/0x2b0
[  687.071832][T13770]  ? is_bpf_text_address+0x292/0x2b0
[  687.071855][T13770]  ? is_bpf_text_address+0x26/0x2b0
[  687.071878][T13770]  ? kernel_text_address+0xa5/0xe0
[  687.071903][T13770]  ? __lock_acquire+0xab9/0xd20
[  687.071930][T13770]  ? __pfx_rtnl_newlink+0x10/0x10
[  687.071945][T13770]  rtnetlink_rcv_msg+0x7cf/0xb70
[  687.071963][T13770]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  687.071978][T13770]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  687.071999][T13770]  netlink_rcv_skb+0x205/0x470
[  687.072017][T13770]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  687.072033][T13770]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  687.072054][T13770]  ? netlink_deliver_tap+0x2e/0x1b0
[  687.072072][T13770]  ? netlink_deliver_tap+0x2e/0x1b0
[  687.072091][T13770]  netlink_unicast+0x758/0x8d0
[  687.072109][T13770]  netlink_sendmsg+0x805/0xb30
[  687.072130][T13770]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.072150][T13770]  ? aa_sock_msg_perm+0x94/0x160
[  687.072169][T13770]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  687.072190][T13770]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.072209][T13770]  __sock_sendmsg+0x21c/0x270
[  687.072234][T13770]  ____sys_sendmsg+0x505/0x830
[  687.072254][T13770]  ? __pfx_____sys_sendmsg+0x10/0x10
[  687.072276][T13770]  ? import_iovec+0x74/0xa0
[  687.072293][T13770]  ___sys_sendmsg+0x21f/0x2a0
[  687.072313][T13770]  ? __pfx____sys_sendmsg+0x10/0x10
[  687.072343][T13770]  ? __fget_files+0x2a/0x420
[  687.072360][T13770]  ? __fget_files+0x3a0/0x420
[  687.072379][T13770]  __x64_sys_sendmsg+0x19b/0x260
[  687.072399][T13770]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  687.072422][T13770]  ? rcu_is_watching+0x15/0xb0
[  687.072448][T13770]  ? do_syscall_64+0xbe/0x3b0
[  687.072463][T13770]  do_syscall_64+0xfa/0x3b0
[  687.072477][T13770]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.072493][T13770]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  687.072509][T13770]  ? clear_bhb_loop+0x60/0xb0
[  687.072527][T13770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.072542][T13770] RIP: 0033:0x7f6eb8f8e929
[  687.072557][T13770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.072572][T13770] RSP: 002b:00007f6eb9ec4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  687.072589][T13770] RAX: ffffffffffffffda RBX: 00007f6eb91b5fa0 RCX: 00007f6eb8f8e929
[  687.072601][T13770] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 000000000000000f
[  687.072612][T13770] RBP: 00007f6eb9010b39 R08: 0000000000000000 R09: 0000000000000000
[  687.072623][T13770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  687.072633][T13770] R13: 0000000000000000 R14: 00007f6eb91b5fa0 R15: 00007f6eb92dfa28
[  687.072649][T13770]  </TASK>
[  687.613588][T13770] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  687.614121][T13785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2114'.
[  687.627748][T13770] bond0: entered promiscuous mode
[  687.635107][T13770] bond_slave_0: entered promiscuous mode
[  687.641224][T13770] bond_slave_1: entered promiscuous mode
[  687.675272][T13770] erspan0: entered promiscuous mode
[  687.709237][T13770] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network
[  687.726764][T13770] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network
[  687.736908][T13770] hsr1: Interlink (erspan0) is not up; please bring it up to get a fully working HSR network
[  687.738839][ T5922] gs_usb 4-1:0.0: Couldn't send data format (err=-110)
[  687.755046][ T5922] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110
[  687.792034][T13770] 8021q: adding VLAN 0 to HW filter on device hsr1
[  687.812137][ T5929] usbhid 6-1:0.0: can't add hid device: -71
[  687.818401][ T5929] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  687.827831][ T5929] usb 6-1: USB disconnect, device number 63
[  688.783172][   T43] usb 4-1: USB disconnect, device number 123