last executing test programs:

7.912815953s ago: executing program 1 (id=8542):
r0 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
dup(r0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x2c240, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000440)={r1, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
preadv2(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/17, 0x11}], 0x1, 0xffffffff, 0x7, 0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004010}, 0x400c850)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d3, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0xfffffffe, 0xd3}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000680)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$XFS_IOC_GETBMAP(0xffffffffffffffff, 0xc0205826, &(0x7f00000003c0)={0xffffffffffffff80, 0x8001, 0x5, 0x6, 0xbd})
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_enter(r3, 0x47bc, 0x300, 0x0, 0x0, 0x0)

7.374540284s ago: executing program 0 (id=8544):
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000100)=0x2000004)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x260400, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000080)={0x1d, r2}, 0x10)

7.302745976s ago: executing program 4 (id=8545):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
syz_clone(0xe6543400, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100008000090400101c0300010009210000000122f80409058103"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)={0x38, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2a, 0x9, 0x9, 0x6, 0x8084, 0x3, 0x2, 0x2]}}]}]}]}, 0x38}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0) (async)
r3 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000500)={0x1c, &(0x7f0000000280)={0x20, 0x12, 0x1a, "548f5b7841087daf0804607d159f721a3d46fee1535d2c1557f2"}, 0x0, 0x0, 0x0, 0x0, 0x0})
connect$can_bcm(r2, &(0x7f00000000c0), 0x10) (async)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
sendmmsg$sock(r2, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="05000000eeca06ad54c456350da0a5f21f55e46e", 0x14}, {&(0x7f0000000100)="26373bfbfe0bcd2f21b430a9d6cd4fd9a216e3daba6bff56f74ccf39b3eed7ef2f557f95", 0x24}], 0x2}}, {{&(0x7f0000000000)=@phonet={0x1d, 0x8, 0x7f, 0x4}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="dd1d4d348677b58410a9bc8fc1830ebfc34fe976b4116fccc6ec1e10676fe7a98cd1bf4015d08677f800b502426625a55cb1346cb8da8957", 0x38}], 0x1}}], 0x2, 0x24000800)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

7.136926358s ago: executing program 2 (id=8546):
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000100)=0x2000004)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x260400, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000080)={0x1d, r2}, 0x10) (fail_nth: 3)

7.135341758s ago: executing program 0 (id=8547):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @remote, 0xf}}}, 0x30)
r1 = syz_open_dev$vbi(&(0x7f0000000200), 0x0, 0x2)
r2 = openat$mice(0xffffff9c, &(0x7f0000000000), 0xfc96326038cd3c4f)
ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, &(0x7f0000000180)="47d56a970caf6707517e14fe1694d0eec1e4533cf42d3008c7ba5e1335fb155b3fe717bd70c3c74ede1eaf665c382f8b3aae27469aefe0bab3398a6184610902b12370a9bb0fcdc476e4994cd33e646e86d701d2efa3")
syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb250d6707540288a83e0088641100feff44080281"], 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x84c80, 0x0)
close(r4)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x8})
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000380)=0x7)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x24, 0x2, [@TCA_FQ_ORPHAN_MASK={0x8}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x9}, @TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x1e}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x6}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x18, 0x7ff, 0x6}}}}]}, 0x48}}, 0x814)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r11 = dup(r10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xa0401, 0x0)
r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1fd)
ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, <r13=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r13, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x5, 0x0})
write$UHID_INPUT(r11, &(0x7f0000001080)={0xc, {"a2e3ad21ed0d30f91b5d310987f70e06d038e7ff7fc6e5539b3263298b089b0708356e090890e0878f0e1ac6e7049b3350959bfc9b240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31300d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a204f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b54b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5e3728ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000004000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5182cff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec6800068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000681e6756", 0x1000}}, 0x1006)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000100)={0x6, [0xc, 0x3e, 0x0, 0x7fff, 0x5, 0x800, 0x7, 0xfffa, 0x4, 0x10b7, 0x9, 0x10, 0x400, 0xa, 0x8, 0x8, 0x7, 0x9, 0x7f, 0x7, 0x84, 0xfffe, 0x97, 0xb, 0xfff0, 0x9, 0xfff8, 0x1, 0x4, 0x8, 0xb, 0x5, 0x3, 0x7685, 0x98bd, 0x10, 0x8000, 0x8, 0x1, 0x2, 0x0, 0x5, 0xe9da, 0xf, 0x8, 0x6, 0x0, 0x5e00], 0x6})

6.936111629s ago: executing program 2 (id=8549):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket(0x1d, 0x2, 0x6)
r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x600, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ca32c7329458e68a330a721f000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000674ae874c8a3ac27c779eb0000000000000000000000000000000000000000000000000000000000000000fcffffff00"/144]}, 0xe0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xfffffffd, 0x4, 0xb, 0x8001}})
r5 = open(0x0, 0x64842, 0x389b0d52417bb201)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ff7f000000000000000000000000000002000000240001800c00028005000100a90000001400018208000100ac1414aa0800020000000000"], 0x38}, 0x1, 0x0, 0x0, 0x200488b0}, 0x40c4)
pwritev2(r5, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fchown(r8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x92e82)
sendmsg$sock(r7, &(0x7f0000001540)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x40000c0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x2000081, 0xffffffff})
r9 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r9, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

6.687493443s ago: executing program 0 (id=8550):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r2 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906125a10053c8e288ac4445ff0e999d423cc250e", 0x57}], 0x1, 0x0, 0x0, 0x240001d1}], 0x1, 0x45)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='status\x00')
socket$rxrpc(0x21, 0x2, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000070900010073797a310000000008000540000000020900020073797a31000000000800"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000040)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x10, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0xffff}, {0xf, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x1d0, 0x0, 0x1d0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x15}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x6, {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x419)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r8, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)

6.470000883s ago: executing program 1 (id=8551):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket(0x1d, 0x2, 0x6)
r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = syz_open_dev$video(&(0x7f0000000100), 0x485, 0x40000)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ca32c7329458e68a330a721f000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000674ae874c8a3ac27c779eb0000000000000000000000000000000000000000000000000000000000000000fcffffff00"/144]}, 0xe0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xfffffffd, 0x4, 0xb, 0x8001}})
r5 = open(0x0, 0x64842, 0x389b0d52417bb201)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ff7f000000000000000000000000000002000000240001800c00028005000100a90000001400018208000100ac1414aa0800020000000000"], 0x38}, 0x1, 0x0, 0x0, 0x200488b0}, 0x40c4)
pwritev2(r5, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fchown(r8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x92e82)
sendmsg$sock(r7, &(0x7f0000001540)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x40000c0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x2000081, 0xffffffff})
r9 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r9, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

5.277128286s ago: executing program 2 (id=8552):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x8907, &(0x7f0000000040))

4.978308843s ago: executing program 1 (id=8553):
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002"], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
r1 = openat$cgroup_int(r0, 0x0, 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000000)=0x6, 0x12)
syz_usb_connect$uac1(0x3, 0xa2, &(0x7f0000000040)=ANY=[@ANYBLOB="12011001000000406b1d01014000010203010902900003010380000904000000010100000a24010f00030201020c2402060602040c0032a304090401000001020000090401010101020000072401200404000c2402010201400f0a3b4725090501090000f7090607250183020c00090402000001030000090402010101020000072401"], 0x0)

4.800773115s ago: executing program 4 (id=8554):
socket$inet(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa6e4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x4e14, 0x912a, 0x41, 0x0, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd)
socket$inet6(0xa, 0x1, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f00000021c0)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f0000002180)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = openat$sequencer2(0xffffff9c, 0x0, 0x101400, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r7, 0xc0045401, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
socket$kcm(0x10, 0x2, 0x4)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000100))
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r10 = dup3(r9, r8, 0x0)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x68, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x32}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r9}}, &(0x7f0000000bc0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r8}, @fd={0x66642a85, 0x0, r11}, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000180001092cbd7000ffdbdf2502180008000000080000000008000100ac1414"], 0x24}}, 0x0)

4.760316467s ago: executing program 4 (id=8555):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r2 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906125a10053c8e288ac4445ff0e999d423cc250e", 0x57}], 0x1, 0x0, 0x0, 0x240001d1}], 0x1, 0x45)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='status\x00')
socket$rxrpc(0x21, 0x2, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000070900010073797a310000000008000540000000020900020073797a31000000000800"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000040)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x10, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0xffff}, {0xf, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8, 0x6, 0x1f, 0x1, 0x80000000}, 0x200, 0x0, 0x9, 0x7fff, 0x0, 0x1c, 0xc, 0x0, 0x2, 0x5, {0x1, 0xfffffffd, 0x0, 0x2, 0x7, 0x1}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x1d0, 0x0, 0x1d0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x15}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x6, {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x419)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)

4.098225765s ago: executing program 0 (id=8561):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)={0x28, r1, 0x1, 0xffffffff, 0x25dfdbfd, {0x1e}, [@ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x28}, 0x1, 0x100000000000000}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000006800010020bd7000fddb4cc61676bf7721aa0000073df8fd5df4738b26301f0f5d69a38bbe7adedb4537fcfe89f2f7e99a90e43696"], 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x20000044)

4.044536977s ago: executing program 2 (id=8562):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket(0x1d, 0x2, 0x6)
r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ca32c7329458e68a330a721f000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000674ae874c8a3ac27c779eb0000000000000000000000000000000000000000000000000000000000000000fcffffff00"/144]}, 0xe0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xfffffffd, 0x4, 0xb, 0x8001}})
r5 = open(0x0, 0x64842, 0x389b0d52417bb201)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ff7f000000000000000000000000000002000000240001800c00028005000100a90000001400018208000100ac1414aa0800020000000000"], 0x38}, 0x1, 0x0, 0x0, 0x200488b0}, 0x40c4)
pwritev2(r5, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fchown(r8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x92e82)
sendmsg$sock(r7, &(0x7f0000001540)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x40000c0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x2000081, 0xffffffff})
r9 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r9, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001200add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

3.939942587s ago: executing program 0 (id=8563):
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000001c0)={0x1, 0x5, [@broadcast, @random="0bd0796f4659", @multicast, @local, @empty]})
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
prctl$PR_GET_THP_DISABLE(0x2a)
syz_open_procfs(0x0, &(0x7f0000001140)='map_files\x00')
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000080), 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="2400000011005f0414f9f4070009041f810000000e0000000000000008000f0001000000", 0x24)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
fsetxattr$security_ima(r5, &(0x7f0000000000), &(0x7f0000000080)=ANY=[@ANYBLOB="05597752143398ff0937c5f36200"/28], 0x1c, 0x1)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
move_pages(0x0, 0x3, &(0x7f00000003c0)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f0000000540)=[0x1, 0x1], &(0x7f0000000200), 0x2)
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, 0x0}, 0x0)

3.55963243s ago: executing program 3 (id=8564):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = dup(r0) (async)
r2 = socket$packet(0x11, 0x3, 0x300) (async)
r3 = socket$netlink(0x10, 0x3, 0x12)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'syzkaller0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000002c0)="0503d6fcd3fc140000004788031c09102c28", 0x12, 0x4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) (async)
setsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000b80)={@empty, r4}, 0x14) (async)
r5 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
r6 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYRESHEX=r5], 0x0)
syz_usb_control_io$uac1(r6, 0x0, &(0x7f0000000d80)={0x44, &(0x7f0000000b40)=ANY=[@ANYBLOB="000b0400000092102ef3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000a40)=""/194, &(0x7f00000009c0)=0xc2) (async)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0)
mlock(&(0x7f0000456000/0x2000)=nil, 0x2000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) (async)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) (async)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]}) (async)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
sendmsg$inet_sctp(r0, &(0x7f0000000a00)={&(0x7f00000002c0)=@in={0x2, 0x4e21, @private=0xa010102}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000300)="da2f77", 0x3}], 0x1, &(0x7f0000000940), 0x0, 0x1}, 0x20000081) (async)
r11 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYRESDEC=r7], 0x0)
syz_usb_control_io$uac1(r11, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r11, 0x0, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x20, 0x25, 0x101, 0x70bd25, 0xfefffffb, {0x7}, [@typed={0xc, 0x3, 0x0, 0x0, @u64=0x8000000000000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x40957}, 0x28050) (async)
syz_usb_control_io$rtl8150(r11, 0x0, &(0x7f0000000300)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="2061ba000000"], 0x0, 0x0, 0x0, 0x0})

3.255923252s ago: executing program 4 (id=8565):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002480)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000240)={0x4c, r1, 0x1, 0x70bd2a, 0x25dfdc00, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x30, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd}, @device_b, @device_b, @from_mac=@broadcast, {0x3, 0x7}}, 0x0, @val={0x8c, 0x10, {0x96a, "5d4f7f7d62a8", @short="30e722b9d80daf65"}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040080}, 0x2c048010) (fail_nth: 8)

3.120760937s ago: executing program 1 (id=8566):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000003c0)={'vcan0\x00', <r2=>0x0})
sendmsg$can_bcm(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
getpeername(r3, 0x0, &(0x7f00000000c0))
sendmsg$can_bcm(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4044001)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000004e80)={0x0, 0x0, &(0x7f0000004e40)={&(0x7f0000000280)=ANY=[@ANYBLOB="34170000020101080000000000000000060000050c001980080002002808000caf725e7a"], 0x24}, 0x1, 0x0, 0x0, 0x20048084}, 0x20048000)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
getsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0x0)

3.02654126s ago: executing program 1 (id=8567):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x6c, r1, 0x1, 0x0, 0x3, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x44, @dev={0xfe, 0x80, '\x00', 0x16}, 0xff8}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x8000}}}}]}]}, 0x6c}}, 0x0)

2.398710769s ago: executing program 2 (id=8568):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008004}, 0x80)

2.238235865s ago: executing program 3 (id=8569):
r0 = socket$kcm(0x11, 0x200000000000003, 0x300)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f00000003c0), 0x4)
recvmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0)

1.396433546s ago: executing program 3 (id=8570):
r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x203, 0x80742, 0x41414770, 0x32315659, 0x2, 0x490, 0x1, 0xfffffffd, 0xfeedcafe, 0x3, 0x0, 0x1}})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x2, 0x204, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
shutdown(r1, 0x1)

1.328419607s ago: executing program 3 (id=8571):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r2 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906125a10053c8e288ac4445ff0e999d423cc250e", 0x57}], 0x1, 0x0, 0x0, 0x240001d1}], 0x1, 0x45)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='status\x00')
socket$rxrpc(0x21, 0x2, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000070900010073797a310000000008000540000000020900020073797a31000000000800"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000040)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x10, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0xffff}, {0xf, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x1d0, 0x0, 0x1d0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x15}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x6, {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x419)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r8, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)

500.322074ms ago: executing program 4 (id=8572):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="080003"], 0x80}, 0x1, 0x0, 0x0, 0x20044081}, 0x0)

499.658763ms ago: executing program 1 (id=8573):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_mr_cache\x00')
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='westwood', 0x8)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030000000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x4000000)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x22b7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0cc5605, &(0x7f0000000380)={0x1, @pix_mp={0x0, 0x0, 0x20303159, 0x0, 0xc, [{}, {0x2, 0x8}, {}, {}, {}, {}, {0x7fff}, {0x4}], 0x0, 0x0, 0x4}})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0x10000, 0xffffffff}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x7, &(0x7f0000130000/0x800000)=nil)
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x4, 0x80)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000180)={0x0, 0xc, 0x3012})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0)
openat$ttynull(0xffffff9c, 0x0, 0xa080, 0x0)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f00000002c0)={{}, "774dc6e936fadaf553ca9bdec6fa608d8a1688c116c199c625992ef14c3ecb11c5aa52fc0d9a347dc70e5ee5db717916d850c38190c4f370d69613a99467af7f7f53e4aea5766d5852f319f723564d2664cb700700227afa84f87a45559cccc40e63a63ec93a6b05e79e306db96200accd7aaeffa4f531ffbe908e79e21da409d9a3f067f7798a55c1775decef135fbe3ecdd84204e55baed98558b8c5f19b80481aea86a81fda8112ac7d52cce0eddf5db3e0b932610be688ca234170e454e7a754f8d143fce01fd6484f9b0476a54884489e7b4083078279e9e344dea159207a4aeaf4078b30eea2cb5351109839292c876cd7076fd06c2688a2d718ebac46aa3dedc18163da292781e88e1623ac3ba2aa6ad7920a4623dc36e7e1d53df6ebe9b98c429d659bad8e5f1080abac829e1310300b26a04947e3e9bc78f6081733c80ab095af88dfef6d1bc1a7d64500a8f1e0a02fefa44345cf62f2ead3324b15461e4767bd50258dbf7c1c19d9f2ecdbaacbeeddbd4c871e5d5e477ffed8ec60aee847f71fe5351339b5fbb5321473cb299354c6233eb945a5ac05e22e4da9f5ce7cb0585dc1074663df99dc556709b0c321b32d0d8c0fd8737d6045fcaef7bd289ecddc414b3224e5d53eecdd4a10559146977e5d03945e3c1a4b8495f04ecdfea0c4316e9a9bfb71f734b6c0ac6e83b79fcc8ecbf2b3678b4afabcd14179c9e93ceed85852f581c7613b718a74a4e2dd3d81be713333eb705f66852e8cfd74261857748451f97116c615a893d49dee89108160638d6e87184ad0f42f355d5dd8375fac923677aad7291d0769d9364a9c161e81560b9044fd4a4f4382cdcb77f5b7c9d729ca9996106b40b9e534bfd52bcee05e2856164a27ee6d6858a503b286fcc8fc78f1c94e2dbb4423f177efc5b07169d8bb13560baa4d5e901ce294f21e0e41f93c91970c38bea429397b730dc13e83b17bd7bc8c3fde24ee78212c17146a5f7c677891f676a3eb19a8fd5bc437d69d72d2724af0b4744e210a8154eaf881ae8ff8e85956d69a073a98f5ae8d9ad6e2c916c9497581cab0f9a75c2db69ea12575aea674c614089dc79dbe21d77cc9f6203963387d4ceaa2ac56de5c4c37d60fc5bb51530a34c0fb1e03d4d581bdc59497f78bd4735bfa0bf449edf41738730589ec937c10526c9ce18d695e89e5450f671b62a39d327a0135f31620e18789d89fe53035b7c5e5d865662f096d225f8e5ce270ee76ccf84c15f6db1fa88fb8117dc3c403a4aa376e1915da4317c2b708ee9cc238ad37e9343a2b09abb8d0600619619b02c3276bf535d61d8a85d3bf3e319e7fd7676e2ba9775b8491ba2c09a64101a0657b085cf7fee165fdd7e202481cc8ef97ef55be22e9f2945e09ad7fcebd58078684a5b02981357d4c7e7d4c48d2ceb12dff02db7c368841eb7d094b2e3f8b1e10ad541aa60561b10cf0d851ce3301be7ee743754d9a75947b4a764aa5376c6c881e538bd77ff76634ed92cf546cc94faf8f257f45915b4aa1d32282f602329387466a8fb0cca0b871acb70502d07ba0fb075a4d296d22063247c6d41d67b911e36afe6dec8baa97f8fd1e094849d3191ca5172c6b07f264a4308679d413aedce2043de2a0dfea94c9a8b91119740a314c1cef7a2c9e4f73381c4f22639a25136c10d655f09e14625348ceefe25d24f2df000d76ae7803a195803c9d9668fc3816e7d2afe58eab1b59bd880c67cf9717eb8c6a76c550a4e41884d4abfec00e923dc5aa99e21361e2590e7a16578ad0ae1331d204404663c9706a8cbf46846465bd66bda605b6b2fc4eadbb8dfcaa1647aa508b79091f278ec8205b37cd36ac93b4f58a2e8ef597d159b32114bd77aab75c3c92a1ace2004b502c6e415e4c5423a586292dbadd8609d73caa054c0dcc7c0808101a895828cd6f0f4edd7ab176f066100ff814c62b44deaf11bcf557cbf18e2f55a01a426a06e330d32ecf039a26235166129767dcc7e562f51a11cb9e834f3dfe49d6eacddfab021bbe9a060887429e888b5bb907adfd1d615f897ffdc8b19e8ad78be3b43443dbd2a68fc88e59a9a5e6e6db14a80c0fb7dfcbf978d8eaaee2df1ec5dc6acbc4e9769a8a2b949bbc95c4d890da2ae8fcda3bdc999a82473f75afdfd40d1d0c9a2a6f812fb926d3713a9cc8391764ee4f4329cbf1e5043bcd2b92671e613a43b67ab662cffe4a7bc3b3ac8378ea842465ab22a3539625448209b4ad18818af5da0632f0d1157f303c02edbc23e25f4dcace79b6142cfe8222a762a663421e7286e187d944d72bdd295d23b720ea0934be47601d107c6ff5d7aa855d928a5ba78f54f9b6f361c3530fe1bb2d2011a99ef376ff289a99534ab648d0aba3f3b17e9b08e5eb1d445e26c9b9ccaf1576a23e8b63081e8f16a6048e9decb1f97ec03af5c3f27fc74290e033af0b7763357bad3262e51af062e1aaffc0d251eecd784c3c9631b4dea854baeeecc480feaf7034737dfa8f0f955de0b7ac10f077df4e62044bfd9e77beadef5716caa07ee86f7054691952de54ab06d37eb04a413cb9f96e8ce0c033ed1d1a239fdb78f5ca7c94013e871e31661636082d2971d31ccf9ca939562064622863092da396c17964e404551d8a7ba2c392620e062d0386acd0b7568ec03b7892bbe8e04e675c153e6d1f426f84835b1fd62db5d72dd64778d255197e2e54bd0f24ea61d814532a5bb45ab068b62e9d192090a283670f205df9cb62b85e75eebcf8d0e0758b882afd89ba450d31f9e9c0672fdad455073d44114dda4082cf06060d149e95017725c39ee90680e8d792341f10895026b9ce3b5fdd0690b41e8a8904fb65d36ab8ca955eaf31b0427f7d2ba4f8ed359a6acb8e1c368f3c9495171c9f7e3f386caa7e8d4b8066aa861d74875f8de2ee5583321cb34b2610a81a6dad55abba658c5fe949c8b04e57da390bd7cbfd03bea0546095417d77d91149c502d3cbcc06ba4cfe04cc77e415f0bbe7a968d8b90c77a3de85fe0e74d74d43a17635ccfed73f456774fb13e1217fa540b35fe77b476cc09759f4e8d5a53e82ced7e28ad9394f185b6cde7d77bdd2c47a02912d9e0ff096de2036bb8ca03accadce55227d5fa6496f6d27c84519cc8b7371dea03286d8cda79c846b421e520925c6eac55291f44011720359aef751ff3efbddb79afb288bd2cc52f3e2bd734a9ae64400cbb67037626d2fd5dd2e2b4d72d53f4ccc10765d6a483067941dcd87dea3f45dc49c4a110d0a1a7f3eaeccab3c1caa3d6bf131ea6ab9820f72e571c9ae55bb0e9959518bffe04f153141000bfc17ac167d0b5359d836865ee10236828dc6c6b7c183bd4fc49409be7807e8a6a7a5b97fdbbd7d999a60091774838caf68d6007ea3598a5f134eda6828c7b6a1efa74ab47c49187cfe61e387f3a1556dc25bd7ffc2f33d36452c5b336ff4d6a59904e010b44a0d6ce7f81517d4982134eddd0cbfd135d06afac2248bd8171bdc8f3f306428ab622df53f257d560555441d2f5abeef9ae3ee0c14bbc7dac7a1ad28fbf49f9c80683bb8e3c71cd7dc4b0e0e62e63f90af4f52e78727035b99ec1163bb77e78433c691945c38928e3ba31a096aa61fc25799a15bf4037574c616b74745d3cf321aa488551e58f4bfc17dd2b2493048d36c6857ae09a2898f5bbc04fecd65455fbf1320c75fbe55a6e5608b94001312e9e8c31eef37e5b70f2482b3ae32beb4ec5bee89dee1cb99fb0c9d00c24624f9b74767fc27e5e16fc2fba10137c863e36cf9ddbd7cc69a0178d1e2234f4453041908a801c6c71131dfcdda60458e58dabe63479dcb86aad30d813d9ca76cd0ac176e970b71b370f92dc45308dd56b6c5cc48d8aeeff9d19963255abd53c50b2f3b68f1caa2f152069fd6ab96f87d16d5065b637b4701fc916c194970850b86cdd8ec98c4a896603fdaaaa1c510a090854e81452d721d42b4a396659ae0b8ddf5462a7c35ffbb247dab5ac6168be80bd9a69a25403ddf5f4594c6cf3b7e310a2660265ab5fa587706ec11c0bccd8f00cb44fbf83b2301fc854703a557eb43ce31fcd0f6768df6359b83d133d260d44de02260452e66209e7ad5ddab6057a3908351376cfb93f8600947c7b8d91c6d8490eae932d2b5a9f5545434c44f56f3d7fd3dbe84dc9ecbdccb4279ddde3bfc5ad00f6d6281374c26f334155068270c461a5e7bb20c32d54522daf528e44260ebac699508316b7acbe47dba74bcdeded45a1e57a8ecfdca61f96019c749649d79887854e5ef2b857946a7f5436df1cf7dd9c94392a9a7a3346c8543bee374651b3a18e5587fbdbdae34d7fbdf8fa31d5f61ba1eeb40ef97a91bcbbf72f5da111d06a1a958727525397b83019ee445e5a6fa7389883154f8a6390c3574f73772d1a6a6c9621398c2754fe3381fcf1fb4cf907b934ee0c34b04581e34140812632a5265c2628bd3c589c3d727eb3d3d06f30f37bc01a02269951240ec94f3a52a72c29ef5bfc21aeced20cbc59a6a224db657fc5340e1db583384af1039c31cbc3836bc50de4b3b5c2082b1a30471de4e0e44b8d38b51b81d043518b6c9fe9ae5c033754c0491edfd6e412f77f5eb2b675aa3f4d1922f174de98edf1ebb000042c14153fb1424b398cbdacb433c168eb8a193902156abb63db75813815589fc4aa93b3c11e15e2f527641edc2df664f451133a8aff1c9332db7dbf92b04bce55ae22baa93cddb39c1310c40267cc5bbe640586f9273fa63c72bd9512e9796625cbbad56d605d0325189125356a5f903be40aa933e8e0aaaf9014ffa85fe306fb0391e12c0c0c1fd0500a7ee84cef5c1ef58707de1f76246f843351d9e3d762549df99aa5cfc3f8081af29d90f281225b050d2e9f9abb91b92f2da318c8167fa2318fa53f58f64e2d8dd7a8754672506ebee3407b3c76c4270f8a453e57665452c2f31a5fe01f2715797d912c31620a12a69116ae248988a4e07b508e8511158b0f7448c26a348d90ca13dc2a46d119e5b3ffe00d7d8b3f08f640e53a8217712e988b100f3a28ef8dd30eb6e63e97d95426407b7ef1e13337574503716a722c73af17bc8b0e15d43ff1134956de8e29bbab40082527fcba59abb92250870e163346eb8ad54819f7fdc0dd2ce949c8966df3684f0e87fad7367bd0e5512391a5f1ff85890ebbe4bc8592ed94bd914a14dcf12f43cfd00b059a721cb67617aa806def6f91ad5546c878073c636bb82835bcc435323328e503726bbbc5f4d075f84f657f69c4b0c437b91e2d612515ba11cc9b4938da1d552b0e630fcae9c5c7a88303d53f6693e9a31cb33d0cb3e22b36c393b66eda79f245c076ad8c5a7b7bc4b13ec070629a56284776ed27ba252745f0e07f497cd087ea00c90504efb678acdd792fb4fdf231410111115b2581a00c6212e41848b455babfd1248a1376284625575da54bc800c10a1b6a4c82d01d38a21dee54c5ae0f8aa2c8df15251196d255dfb07fb97773363717586d5621efe9904c7ffda030038dc36352154241e98d30f1b7395d246afffe9a9abd13578885f7152a10881b4f178803428054f96f9fb30fbbc870ad83a728ab362f1e427358e4636658b8dcfb734b259c4f5ce52e5e0177a9a2a2903c0a2c1390e1305470b1ec4a0ea342a56b73d7de1dc5b1081cb5156e8c6544e63d358b08e1e807d911d69e1a1bb34eecb84927501516e09b448fd4bd3e5c3e9e61fa50b3143e8edbadc6c9be6d500b1e3c0f577519f5ffc0a4d9877085bea"})
syz_emit_ethernet(0x6b, &(0x7f0000000080)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x86dd, 0x5, 0x0, [], "e658df76af"}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4005, &(0x7f0000000200)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2)

496.187888ms ago: executing program 2 (id=8574):
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"])
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
r0 = syz_open_dev$loop(0x0, 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

449.698427ms ago: executing program 0 (id=8575):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r2 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906125a10053c8e288ac4445ff0e999d423cc250e", 0x57}], 0x1, 0x0, 0x0, 0x240001d1}], 0x1, 0x45)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='status\x00')
socket$rxrpc(0x21, 0x2, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000070900010073797a310000000008000540000000020900020073797a31000000000800"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000040)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x10, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0xffff}, {0xf, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8, 0x6, 0x1f, 0x1, 0x80000000}, 0x200, 0x0, 0x9, 0x7fff, 0x0, 0x1c, 0xc, 0x0, 0x2, 0x5, {0x1, 0xfffffffd, 0x0, 0x2, 0x7, 0x1}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x1d0, 0x0, 0x1d0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'macvlan0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x15}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x6, {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x2, 0x6a}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x419)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)

419.763667ms ago: executing program 4 (id=8576):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
r1 = io_uring_setup(0x2c1a, &(0x7f0000000140)={0x0, 0x8eff, 0x400, 0x0, 0x2d3})
io_uring_register$IORING_REGISTER_MEM_REGION(r1, 0x22, &(0x7f00000001c0)={&(0x7f0000000000)={0x0, 0x0, 0x0, 0x13d2, 0x4}, 0x1}, 0x1)
unshare(0x800)
pselect6(0x40, &(0x7f0000000240)={0x9, 0x3, 0x7, 0x3, 0x9, 0x8, 0x3, 0x5}, &(0x7f00000000c0)={0x1d, 0xfffffffffffffffe, 0xfffffffffffffff4, 0x7efc, 0x4, 0x1, 0x2, 0x10000b}, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x3b, &(0x7f0000000140)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c830102030109022900010000000009040000000202010004"], 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x12, 0x0, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
unshare(0x2c000000)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)

176.038768ms ago: executing program 3 (id=8577):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x78bd25, 0x25dfdbfd, {{0xc, 0x0, 0x300}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "bb3b46966cd6de5f5f0166e9e3"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004001}, 0x8000004)

0s ago: executing program 3 (id=8578):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000005c0)={'filter\x00', 0x7, 0x4, 0x3f8, 0x0, 0x1f0, 0x0, 0x318, 0x318, 0x318, 0x4, &(0x7f0000000180), {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @broadcast, @multicast1, 0x1}}}, {{@uncond, 0xbc, 0xe4}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x2, 0x5, 0x1}}}, {{@uncond, 0xbc, 0x128}, @unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0xc, 0x79, 0x9, 0x0, 0x0, "72a35cf68ac9f50f47acd117e6668eeb7210b56f18638af1541f592900b4f39b6298926fc5ed319c1745029bba378ef4a6e0db4f582376029145678cf5214738"}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x444)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
open(&(0x7f0000000080)='./file0\x00', 0x101080, 0x1b1)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x1, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x24000000)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000000206010200000000000000000000000012000300686173683a6e65742c000000000005000500020000000900020094797a300000000014000780080006000000000008001340fffffffc05000100070000003130c6509f5d5dc019b1cb5b280f0e7017d1c5c6017d9a7a338f464958ba58d9c8f0c06a46"], 0x60}}, 0x20000000)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x474283, 0x0, 0x14}, 0x20)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x8020000)
r7 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000280)={'syzkaller1\x00', 0x6bf1c2d5adbaa402})
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r8, &(0x7f0000000b00)={@val={0xa}, @void, @eth={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0xd0, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], {0x4f19, 0x4e20, 0xd0, 0x0, @opaque="6032a60d61027fc56132c70c5b2e374ea5c9f253bf510947670b66f27987c44cc92a4983e3a69d4d66f715db6bc3764c5d931bc54d44513770f4b8bab1f436c8435573795c1f21366220b8b21cf6acdd26fea91dd8728f7d1c0a41155f0da56ee7de80b5f1c653c10b002572c5c4da53d762eb53958e6688b73b8e214e6751ee18257e15bcde775faacada05890f86de2e3f8bd227b6c8631f9e340f3df7da564f3805ecf13af8303b52c516fa111f175b274d20b8f4559a9e06479a313217e7889387906d40e1df"}}}}}}}, 0x10a)
recvmmsg(r7, &(0x7f00000011c0)=[{{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f0000000c40)=""/200, 0xc8}, {0x0}, {0x0}], 0x3}, 0x7dcf}], 0x1, 0x120, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x9d00, &(0x7f0000001dc0)={0xf, 0x84, 0x20000}, 0x20)

kernel console output (not intermixed with test programs):

[ T4711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8304'.
[ 2203.198335][T16373] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 2203.392874][T16373] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 2203.406593][T16373] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2203.423051][T16373] usb 5-1: Product: syz
[ 2203.434376][T16373] usb 5-1: Manufacturer: syz
[ 2203.458987][ T5823] usb 3-1: new full-speed USB device number 83 using dummy_hcd
[ 2203.490344][T16373] usb 5-1: SerialNumber: syz
[ 2203.623112][ T5823] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[ 2203.634390][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2203.650607][ T5823] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[ 2203.664029][ T5823] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 2203.674038][ T5823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2203.700299][ T5823] usb 3-1: config 0 descriptor??
[ 2203.718605][ T5823] usbhid 3-1:0.0: can't add hid device: -22
[ 2203.733911][ T5823] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[ 2203.914274][ T4702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8302'.
[ 2203.960118][T16373] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[ 2203.972688][T16373] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[ 2204.017596][T16373] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 2204.029626][T28316] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 2204.037575][T16373] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 2204.048103][T16373] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 2204.058511][T16373] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[ 2204.072439][T16373] usb 5-1: USB disconnect, device number 53
[ 2204.158729][ T4718] syzkaller0: entered promiscuous mode
[ 2204.164498][ T4718] syzkaller0: entered allmulticast mode
[ 2204.173943][ T4718] FAULT_INJECTION: forcing a failure.
[ 2204.173943][ T4718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2204.187493][ T4718] CPU: 1 UID: 0 PID: 4718 Comm: syz.1.8307 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2204.187520][ T4718] Tainted: [L]=SOFTLOCKUP
[ 2204.187527][ T4718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2204.187538][ T4718] Call Trace:
[ 2204.187546][ T4718]  <TASK>
[ 2204.187554][ T4718]  dump_stack_lvl+0xe8/0x150
[ 2204.187586][ T4718]  should_fail_ex+0x412/0x560
[ 2204.187614][ T4718]  _copy_from_user+0x2d/0xb0
[ 2204.187643][ T4718]  kstrtouint_from_user+0xd6/0x180
[ 2204.187669][ T4718]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2204.187708][ T4718]  proc_fail_nth_write+0x8e/0x210
[ 2204.187736][ T4718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2204.187767][ T4718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2204.187794][ T4718]  vfs_write+0x29a/0xb90
[ 2204.187823][ T4718]  ? __pfx_vfs_write+0x10/0x10
[ 2204.187844][ T4718]  ? __fget_files+0x2a/0x420
[ 2204.187875][ T4718]  ? __fget_files+0x3a0/0x420
[ 2204.187899][ T4718]  ? __fget_files+0x2a/0x420
[ 2204.187933][ T4718]  ksys_write+0x150/0x270
[ 2204.187956][ T4718]  ? __pfx_ksys_write+0x10/0x10
[ 2204.187981][ T4718]  ? asm_int80_emulation+0x1a/0x20
[ 2204.188005][ T4718]  do_int80_emulation+0x173/0x4d0
[ 2204.188023][ T4718]  ? trace_irq_disable+0x3b/0x150
[ 2204.188046][ T4718]  ? asm_int80_emulation+0x1a/0x20
[ 2204.188063][ T4718]  ? clear_bhb_loop+0x40/0x90
[ 2204.188081][ T4718]  ? clear_bhb_loop+0x40/0x90
[ 2204.188103][ T4718]  asm_int80_emulation+0x1a/0x20
[ 2204.188120][ T4718] RIP: 0023:0xf71c5cab
[ 2204.188138][ T4718] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 2204.188170][ T4718] RSP: 002b:00000000f54864bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[ 2204.188190][ T4718] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54865d0
[ 2204.188203][ T4718] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 2204.188214][ T4718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2204.188225][ T4718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2204.188237][ T4718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2204.188266][ T4718]  </TASK>
[ 2204.406755][T28316] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2204.416858][T28316] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2204.427214][T28316] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2204.436537][T28316] usb 1-1: config 1 has no interface number 1
[ 2204.442954][T28316] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2204.456082][T28316] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2204.471443][T28316] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2204.490450][T28316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2204.506195][T28316] usb 1-1: Product: syz
[ 2204.515417][T28316] usb 1-1: Manufacturer: syz
[ 2204.547748][T28316] usb 1-1: SerialNumber: syz
[ 2204.627498][ T4725] FAULT_INJECTION: forcing a failure.
[ 2204.627498][ T4725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2204.650615][ T4725] CPU: 0 UID: 0 PID: 4725 Comm: syz.3.8310 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2204.650645][ T4725] Tainted: [L]=SOFTLOCKUP
[ 2204.650652][ T4725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2204.650663][ T4725] Call Trace:
[ 2204.650671][ T4725]  <TASK>
[ 2204.650679][ T4725]  dump_stack_lvl+0xe8/0x150
[ 2204.650712][ T4725]  should_fail_ex+0x412/0x560
[ 2204.650740][ T4725]  strncpy_from_user+0x36/0x2b0
[ 2204.650765][ T4725]  do_getname+0x77/0x250
[ 2204.650793][ T4725]  __se_sys_name_to_handle_at+0x160/0x910
[ 2204.650821][ T4725]  ? __pfx___se_sys_name_to_handle_at+0x10/0x10
[ 2204.650845][ T4725]  ? ksys_write+0x242/0x270
[ 2204.650872][ T4725]  ? __ia32_sys_name_to_handle_at+0x20/0xc0
[ 2204.650897][ T4725]  __do_fast_syscall_32+0x20d/0x640
[ 2204.650919][ T4725]  ? do_fast_syscall_32+0x33/0x70
[ 2204.650937][ T4725]  ? asm_int80_emulation+0x1a/0x20
[ 2204.650955][ T4725]  ? do_int80_emulation+0x274/0x4d0
[ 2204.650973][ T4725]  ? trace_irq_disable+0x3b/0x150
[ 2204.651003][ T4725]  do_fast_syscall_32+0x33/0x70
[ 2204.651022][ T4725]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2204.651043][ T4725] RIP: 0023:0xf6ffef6c
[ 2204.651060][ T4725] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2204.651074][ T4725] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000155
[ 2204.651093][ T4725] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000180
[ 2204.651106][ T4725] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2204.651117][ T4725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2204.651128][ T4725] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2204.651137][ T4725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2204.651161][ T4725]  </TASK>
[ 2204.907520][T28316] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 2204.915230][T28316] usb 1-1: MIDIStreaming interface descriptor not found
[ 2204.930335][ T4730] binder: BC_ATTEMPT_ACQUIRE not supported
[ 2204.939233][T16373] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 2204.951739][ T4730] binder: 4726:4730 ioctl c0306201 80000540 returned -22
[ 2205.014325][T28316] usb 1-1: USB disconnect, device number 51
[ 2205.102584][T16373] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2205.113307][T16373] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2205.123898][T16373] usb 5-1: Product: syz
[ 2205.129513][T16373] usb 5-1: Manufacturer: syz
[ 2205.134735][T16373] usb 5-1: SerialNumber: syz
[ 2205.139391][ T2829] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 2205.168671][T16373] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2205.222340][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2205.252271][T16921] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2205.468058][ T5823] usb 5-1: USB disconnect, device number 54
[ 2206.082031][T28316] usb 3-1: USB disconnect, device number 83
[ 2206.399000][T16921] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 2206.415149][T16921] ath9k_htc: Failed to initialize the device
[ 2206.432469][ T5823] usb 5-1: ath9k_htc: USB layer deinitialized
[ 2206.504637][ T4753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8317'.
[ 2207.216476][ T4758] FAULT_INJECTION: forcing a failure.
[ 2207.216476][ T4758] name failslab, interval 1, probability 0, space 0, times 0
[ 2207.266111][ T4758] CPU: 0 UID: 0 PID: 4758 Comm: syz.2.8319 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2207.266144][ T4758] Tainted: [L]=SOFTLOCKUP
[ 2207.266152][ T4758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2207.266163][ T4758] Call Trace:
[ 2207.266171][ T4758]  <TASK>
[ 2207.266180][ T4758]  dump_stack_lvl+0xe8/0x150
[ 2207.266207][ T4758]  should_fail_ex+0x412/0x560
[ 2207.266223][ T4758]  should_failslab+0xa8/0x100
[ 2207.266239][ T4758]  __kvmalloc_node_noprof+0x178/0x8a0
[ 2207.266256][ T4758]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 2207.266284][ T4758]  alloc_netdev_mqs+0xa6/0x11b0
[ 2207.266303][ T4758]  ? __pfx_vlan_setup+0x10/0x10
[ 2207.266337][ T4758]  rtnl_create_link+0x31f/0xd70
[ 2207.266357][ T4758]  rtnl_newlink_create+0x277/0xb70
[ 2207.266372][ T4758]  ? __pfx___nla_validate_parse+0x10/0x10
[ 2207.266392][ T4758]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 2207.266411][ T4758]  ? __pfx___mutex_lock+0x10/0x10
[ 2207.266440][ T4758]  ? ns_capable+0x89/0xe0
[ 2207.266467][ T4758]  rtnl_newlink+0x1666/0x1be0
[ 2207.266501][ T4758]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2207.266514][ T4758]  ? do_fast_syscall_32+0x33/0x70
[ 2207.266524][ T4758]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2207.266554][ T4758]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2207.266571][ T4758]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2207.266594][ T4758]  ? kmem_cache_free+0x187/0x630
[ 2207.266614][ T4758]  ? nlmon_xmit+0xb0/0x100
[ 2207.266649][ T4758]  ? __lock_acquire+0x6b5/0x2cf0
[ 2207.266665][ T4758]  ? __local_bh_enable_ip+0xd0/0x130
[ 2207.266679][ T4758]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2207.266694][ T4758]  ? __dev_queue_xmit+0x277/0x3890
[ 2207.266704][ T4758]  ? __local_bh_enable_ip+0xd0/0x130
[ 2207.266724][ T4758]  ? __dev_queue_xmit+0x277/0x3890
[ 2207.266768][ T4758]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2207.266791][ T4758]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 2207.266809][ T4758]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 2207.266822][ T4758]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2207.266834][ T4758]  ? ref_tracker_free+0x693/0x840
[ 2207.266847][ T4758]  ? __copy_skb_header+0xa3/0x4a0
[ 2207.266870][ T4758]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2207.266892][ T4758]  ? __skb_clone+0x63/0x7a0
[ 2207.266927][ T4758]  netlink_rcv_skb+0x232/0x4b0
[ 2207.266949][ T4758]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2207.266964][ T4758]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2207.266981][ T4758]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2207.266998][ T4758]  netlink_unicast+0x80f/0x9b0
[ 2207.267022][ T4758]  ? __pfx_netlink_unicast+0x10/0x10
[ 2207.267046][ T4758]  ? netlink_sendmsg+0x650/0xb40
[ 2207.267067][ T4758]  ? skb_put+0x11b/0x210
[ 2207.267095][ T4758]  netlink_sendmsg+0x813/0xb40
[ 2207.267113][ T4758]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2207.267128][ T4758]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2207.267142][ T4758]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2207.267156][ T4758]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2207.267178][ T4758]  ____sys_sendmsg+0xa68/0xad0
[ 2207.267214][ T4758]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2207.267244][ T4758]  ? kstrtoull+0x12f/0x1d0
[ 2207.267262][ T4758]  ___sys_sendmsg+0x2a5/0x360
[ 2207.267279][ T4758]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2207.267295][ T4758]  ? get_pid_task+0x20/0x1f0
[ 2207.267308][ T4758]  ? get_pid_task+0x20/0x1f0
[ 2207.267323][ T4758]  ? get_pid_task+0x20/0x1f0
[ 2207.267367][ T4758]  ? __fget_files+0x2a/0x420
[ 2207.267392][ T4758]  ? __fget_files+0x3a0/0x420
[ 2207.267412][ T4758]  __sys_sendmsg+0x183/0x260
[ 2207.267428][ T4758]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2207.267458][ T4758]  __do_fast_syscall_32+0x20d/0x640
[ 2207.267479][ T4758]  ? do_fast_syscall_32+0x33/0x70
[ 2207.267497][ T4758]  ? asm_int80_emulation+0x1a/0x20
[ 2207.267515][ T4758]  ? do_int80_emulation+0x274/0x4d0
[ 2207.267534][ T4758]  ? trace_irq_disable+0x3b/0x150
[ 2207.267554][ T4758]  do_fast_syscall_32+0x33/0x70
[ 2207.267565][ T4758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2207.267577][ T4758] RIP: 0023:0xf7fd2f6c
[ 2207.267588][ T4758] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2207.267597][ T4758] RSP: 002b:00000000f549650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2207.267614][ T4758] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280
[ 2207.267628][ T4758] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2207.267640][ T4758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2207.267651][ T4758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2207.267663][ T4758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2207.267695][ T4758]  </TASK>
[ 2208.099743][ T4765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8318'.
[ 2208.409278][T28316] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 2208.479017][T16921] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 2208.608863][T28316] usb 3-1: Using ep0 maxpacket: 8
[ 2208.639091][T16921] usb 5-1: Using ep0 maxpacket: 8
[ 2208.646426][T16921] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 2208.654271][T28316] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2208.668601][T28316] usb 3-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[ 2208.679546][T16921] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2208.689872][T28316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2208.698036][T16921] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 2208.710793][T16921] usb 5-1: New USB device found, idVendor=cdac, idProduct=1d07, bcdDevice= a.81
[ 2208.720471][T28316] usb 3-1: config 0 descriptor??
[ 2208.726132][T16921] usb 5-1: New USB device strings: Mfr=28, Product=52, SerialNumber=218
[ 2208.741032][T28316] uvcvideo 3-1:0.0: probe with driver uvcvideo failed with error -22
[ 2208.751846][T16921] usb 5-1: Product: syz
[ 2208.756022][T16921] usb 5-1: Manufacturer: syz
[ 2208.765847][T16921] usb 5-1: SerialNumber: syz
[ 2208.827061][ T4779] syz.3.8324 (4779): drop_caches: 1
[ 2208.985952][ T4779] syz.3.8324 (4779): drop_caches: 1
[ 2209.298098][ T4782] nvme_fabrics: missing parameter 'transport=%s'
[ 2209.304570][ T4782] nvme_fabrics: missing parameter 'nqn=%s'
[ 2209.506455][T28316] usb 3-1: USB disconnect, device number 84
[ 2209.940865][ T4797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8327'.
[ 2209.982238][ T4799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8329'.
[ 2210.000701][ T4800] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8330'.
[ 2210.030253][ T4801] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8330'.
[ 2210.218891][T28316] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 2210.401376][T28316] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[ 2210.423556][T28316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2210.433878][T28316] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[ 2210.449315][T28316] usb 1-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[ 2210.458544][T28316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2210.473821][T28316] usb 1-1: config 0 descriptor??
[ 2210.484594][T28316] usbhid 1-1:0.0: can't add hid device: -22
[ 2210.491208][T28316] usbhid 1-1:0.0: probe with driver usbhid failed with error -22
[ 2210.676562][ T4816] FAULT_INJECTION: forcing a failure.
[ 2210.676562][ T4816] name failslab, interval 1, probability 0, space 0, times 0
[ 2210.994180][ T5823] usb 5-1: USB disconnect, device number 55
[ 2211.009371][ T4816] CPU: 1 UID: 0 PID: 4816 Comm: syz.3.8337 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2211.009399][ T4816] Tainted: [L]=SOFTLOCKUP
[ 2211.009406][ T4816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2211.009417][ T4816] Call Trace:
[ 2211.009424][ T4816]  <TASK>
[ 2211.009432][ T4816]  dump_stack_lvl+0xe8/0x150
[ 2211.009461][ T4816]  should_fail_ex+0x412/0x560
[ 2211.009487][ T4816]  should_failslab+0xa8/0x100
[ 2211.009512][ T4816]  __kmalloc_cache_noprof+0x88/0x660
[ 2211.009534][ T4816]  ? ethnl_tsinfo_start+0xcd/0x2c0
[ 2211.009557][ T4816]  ? __kmalloc_cache_noprof+0x15b/0x660
[ 2211.009581][ T4816]  ethnl_tsinfo_start+0xcd/0x2c0
[ 2211.009603][ T4816]  ? genl_start+0x4a3/0x6c0
[ 2211.009623][ T4816]  genl_start+0x4c3/0x6c0
[ 2211.009651][ T4816]  __netlink_dump_start+0x469/0x7e0
[ 2211.009681][ T4816]  genl_family_rcv_msg_dumpit+0x213/0x310
[ 2211.009712][ T4816]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 2211.009739][ T4816]  ? genl_get_cmd+0x691/0x930
[ 2211.009768][ T4816]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2211.009790][ T4816]  ? __pfx_genl_start+0x10/0x10
[ 2211.009816][ T4816]  ? __pfx_genl_dumpit+0x10/0x10
[ 2211.009832][ T4816]  ? __pfx_genl_done+0x10/0x10
[ 2211.009853][ T4816]  ? __lock_acquire+0x6b5/0x2cf0
[ 2211.009880][ T4816]  genl_rcv_msg+0x5e8/0x7a0
[ 2211.009908][ T4816]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2211.009930][ T4816]  ? __pfx_ethnl_tsinfo_start+0x10/0x10
[ 2211.009950][ T4816]  ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10
[ 2211.009969][ T4816]  ? __pfx_ethnl_tsinfo_done+0x10/0x10
[ 2211.009989][ T4816]  ? __lock_acquire+0x6b5/0x2cf0
[ 2211.010018][ T4816]  netlink_rcv_skb+0x232/0x4b0
[ 2211.010038][ T4816]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2211.010065][ T4816]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2211.010101][ T4816]  ? down_read+0x272/0x2e0
[ 2211.010118][ T4816]  ? genl_rcv+0xd/0x40
[ 2211.010144][ T4816]  genl_rcv+0x28/0x40
[ 2211.010166][ T4816]  netlink_unicast+0x80f/0x9b0
[ 2211.010194][ T4816]  ? __pfx_netlink_unicast+0x10/0x10
[ 2211.010214][ T4816]  ? netlink_sendmsg+0x650/0xb40
[ 2211.010233][ T4816]  ? skb_put+0x11b/0x210
[ 2211.010259][ T4816]  netlink_sendmsg+0x813/0xb40
[ 2211.010287][ T4816]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2211.010310][ T4816]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2211.010333][ T4816]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2211.010354][ T4816]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2211.010373][ T4816]  ____sys_sendmsg+0xa68/0xad0
[ 2211.010406][ T4816]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2211.010433][ T4816]  ? kstrtoull+0x12f/0x1d0
[ 2211.010460][ T4816]  ___sys_sendmsg+0x2a5/0x360
[ 2211.010490][ T4816]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2211.010518][ T4816]  ? get_pid_task+0x20/0x1f0
[ 2211.010535][ T4816]  ? get_pid_task+0x20/0x1f0
[ 2211.010549][ T4816]  ? get_pid_task+0x20/0x1f0
[ 2211.010590][ T4816]  ? __fget_files+0x2a/0x420
[ 2211.010615][ T4816]  ? __fget_files+0x3a0/0x420
[ 2211.010649][ T4816]  __sys_sendmsg+0x183/0x260
[ 2211.010678][ T4816]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2211.010726][ T4816]  __do_fast_syscall_32+0x20d/0x640
[ 2211.010748][ T4816]  ? do_fast_syscall_32+0x33/0x70
[ 2211.010766][ T4816]  ? asm_int80_emulation+0x1a/0x20
[ 2211.010784][ T4816]  ? do_int80_emulation+0x274/0x4d0
[ 2211.010802][ T4816]  ? trace_irq_disable+0x3b/0x150
[ 2211.010839][ T4816]  do_fast_syscall_32+0x33/0x70
[ 2211.010859][ T4816]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2211.010880][ T4816] RIP: 0023:0xf6ffef6c
[ 2211.010897][ T4816] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2211.010914][ T4816] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2211.010933][ T4816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 2211.010945][ T4816] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2211.010957][ T4816] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2211.010968][ T4816] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2211.010979][ T4816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2211.011007][ T4816]  </TASK>
[ 2211.503669][ T4823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8340'.
[ 2211.826712][ T4831] netlink: 64 bytes leftover after parsing attributes in process `syz.4.8342'.
[ 2212.026591][ T4841] FAULT_INJECTION: forcing a failure.
[ 2212.026591][ T4841] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2212.046208][ T4841] CPU: 1 UID: 0 PID: 4841 Comm: syz.2.8347 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2212.046229][ T4841] Tainted: [L]=SOFTLOCKUP
[ 2212.046233][ T4841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2212.046240][ T4841] Call Trace:
[ 2212.046245][ T4841]  <TASK>
[ 2212.046249][ T4841]  dump_stack_lvl+0xe8/0x150
[ 2212.046269][ T4841]  should_fail_ex+0x412/0x560
[ 2212.046286][ T4841]  prepare_alloc_pages+0x22a/0x650
[ 2212.046303][ T4841]  __alloc_frozen_pages_noprof+0x12f/0x380
[ 2212.046317][ T4841]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2212.046332][ T4841]  ? __pfx_policy_nodemask+0x10/0x10
[ 2212.046347][ T4841]  ? __lock_acquire+0x6b5/0x2cf0
[ 2212.046363][ T4841]  alloc_pages_mpol+0x232/0x4a0
[ 2212.046378][ T4841]  vma_alloc_folio_noprof+0xea/0x210
[ 2212.046392][ T4841]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2212.046410][ T4841]  do_pte_missing+0x1656/0x3750
[ 2212.046430][ T4841]  handle_mm_fault+0x1bec/0x3310
[ 2212.046452][ T4841]  ? handle_mm_fault+0xee/0x3310
[ 2212.046470][ T4841]  ? __pfx_handle_mm_fault+0x10/0x10
[ 2212.046494][ T4841]  ? lock_mm_and_find_vma+0xa7/0x340
[ 2212.046507][ T4841]  do_user_addr_fault+0x75b/0x1340
[ 2212.046528][ T4841]  exc_page_fault+0x6a/0xc0
[ 2212.046545][ T4841]  asm_exc_page_fault+0x26/0x30
[ 2212.046555][ T4841] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 2212.046569][ T4841] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 2212.046578][ T4841] RSP: 0018:ffffc9000e2cf478 EFLAGS: 00050202
[ 2212.046588][ T4841] RAX: ffff8880476a8001 RBX: ffff8880476a8342 RCX: 0000000000000157
[ 2212.046596][ T4841] RDX: 0000000000000000 RSI: ffff8880476a8382 RDI: 0000000080001000
[ 2212.046603][ T4841] RBP: ffffc9000e2cf5f0 R08: ffff8880476a84d8 R09: 1ffff11008ed509b
[ 2212.046610][ T4841] R10: dffffc0000000000 R11: ffffed1008ed509c R12: dffffc0000000000
[ 2212.046618][ T4841] R13: 0000000000000197 R14: 00007ffffffff000 R15: 0000000080001157
[ 2212.046633][ T4841]  _copy_to_iter+0x60a/0x17d0
[ 2212.046655][ T4841]  ? __pfx__copy_to_iter+0x10/0x10
[ 2212.046668][ T4841]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 2212.046683][ T4841]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2212.046692][ T4841]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 2212.046713][ T4841]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 2212.046727][ T4841]  __skb_datagram_iter+0xf8/0x980
[ 2212.046738][ T4841]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 2212.046753][ T4841]  skb_copy_datagram_iter+0xb5/0x270
[ 2212.046765][ T4841]  netlink_recvmsg+0x2c3/0xa50
[ 2212.046780][ T4841]  ? rcu_is_watching+0x15/0xb0
[ 2212.046798][ T4841]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 2212.046813][ T4841]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2212.046827][ T4841]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 2212.046838][ T4841]  ? security_socket_recvmsg+0x7e/0x2c0
[ 2212.046853][ T4841]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 2212.046866][ T4841]  sock_recvmsg+0x22c/0x270
[ 2212.046881][ T4841]  ____sys_recvmsg+0x1e6/0x4a0
[ 2212.046896][ T4841]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 2212.046904][ T4841]  ? get_compat_msghdr+0x34b/0x4c0
[ 2212.046930][ T4841]  ___sys_recvmsg+0x215/0x590
[ 2212.046942][ T4841]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2212.046952][ T4841]  ? ktime_get_ts64+0xa9/0x3f0
[ 2212.046962][ T4841]  ? ktime_get_ts64+0xa9/0x3f0
[ 2212.046981][ T4841]  ? __fget_files+0x3a0/0x420
[ 2212.047000][ T4841]  do_recvmmsg+0x3a5/0x800
[ 2212.047014][ T4841]  ? __pfx_do_recvmmsg+0x10/0x10
[ 2212.047031][ T4841]  ? _copy_from_user+0x94/0xb0
[ 2212.047049][ T4841]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2212.047063][ T4841]  __sys_recvmmsg+0x12f/0x290
[ 2212.047074][ T4841]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 2212.047084][ T4841]  ? ksys_write+0x242/0x270
[ 2212.047098][ T4841]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 2212.047116][ T4841]  __do_fast_syscall_32+0x20d/0x640
[ 2212.047127][ T4841]  ? do_fast_syscall_32+0x33/0x70
[ 2212.047137][ T4841]  ? asm_int80_emulation+0x1a/0x20
[ 2212.047146][ T4841]  ? do_int80_emulation+0x274/0x4d0
[ 2212.047155][ T4841]  ? trace_irq_disable+0x3b/0x150
[ 2212.047172][ T4841]  do_fast_syscall_32+0x33/0x70
[ 2212.047185][ T4841]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2212.047197][ T4841] RIP: 0023:0xf7fd2f6c
[ 2212.047209][ T4841] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2212.047217][ T4841] RSP: 002b:00000000f549650c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 2212.047226][ T4841] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[ 2212.047233][ T4841] RDX: 00000000000003b4 RSI: 0000000000002000 RDI: 0000000080003700
[ 2212.047240][ T4841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2212.047246][ T4841] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2212.047252][ T4841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2212.047266][ T4841]  </TASK>
[ 2212.700935][T16921] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 2212.791234][ T4850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8349'.
[ 2212.943770][T16921] usb 5-1: Using ep0 maxpacket: 16
[ 2212.976635][T16921] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4
[ 2212.986040][T16921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2212.995803][T16921] usb 5-1: Product: syz
[ 2213.003707][T16921] usb 5-1: Manufacturer: syz
[ 2213.012593][T16921] usb 5-1: SerialNumber: syz
[ 2213.022172][T16921] usb 5-1: config 0 descriptor??
[ 2213.040420][T16921] gspca_main: spca508-2.14.0 probing 041e:4018
[ 2213.243344][T16921] gspca_spca508: reg_read err -32
[ 2213.572317][ T4857] FAULT_INJECTION: forcing a failure.
[ 2213.572317][ T4857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2213.586024][ T4857] CPU: 0 UID: 0 PID: 4857 Comm: syz.3.8350 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2213.586052][ T4857] Tainted: [L]=SOFTLOCKUP
[ 2213.586059][ T4857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2213.586070][ T4857] Call Trace:
[ 2213.586079][ T4857]  <TASK>
[ 2213.586087][ T4857]  dump_stack_lvl+0xe8/0x150
[ 2213.586117][ T4857]  should_fail_ex+0x412/0x560
[ 2213.586145][ T4857]  _copy_from_iter+0x1d3/0x1670
[ 2213.586174][ T4857]  ? rcu_is_watching+0x15/0xb0
[ 2213.586205][ T4857]  ? __pfx__copy_from_iter+0x10/0x10
[ 2213.586236][ T4857]  ? netlink_sendmsg+0x650/0xb40
[ 2213.586259][ T4857]  ? skb_put+0x11b/0x210
[ 2213.586287][ T4857]  netlink_sendmsg+0x6c0/0xb40
[ 2213.586319][ T4857]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2213.586346][ T4857]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2213.586371][ T4857]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2213.586393][ T4857]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2213.586415][ T4857]  ____sys_sendmsg+0xa68/0xad0
[ 2213.586450][ T4857]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2213.586481][ T4857]  ? kstrtoull+0x12f/0x1d0
[ 2213.586509][ T4857]  ___sys_sendmsg+0x2a5/0x360
[ 2213.586547][ T4857]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2213.586576][ T4857]  ? get_pid_task+0x20/0x1f0
[ 2213.586594][ T4857]  ? get_pid_task+0x20/0x1f0
[ 2213.586609][ T4857]  ? get_pid_task+0x20/0x1f0
[ 2213.586649][ T4857]  ? __fget_files+0x2a/0x420
[ 2213.586674][ T4857]  ? __fget_files+0x3a0/0x420
[ 2213.586708][ T4857]  __sys_sendmsg+0x183/0x260
[ 2213.586738][ T4857]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2213.586777][ T4857]  ? arch_syscall_is_vdso_sigreturn+0x174/0x1a0
[ 2213.586802][ T4857]  __do_fast_syscall_32+0x20d/0x640
[ 2213.586824][ T4857]  ? do_fast_syscall_32+0x33/0x70
[ 2213.586843][ T4857]  ? asm_int80_emulation+0x1a/0x20
[ 2213.586861][ T4857]  ? do_int80_emulation+0x274/0x4d0
[ 2213.586879][ T4857]  ? trace_irq_disable+0x3b/0x150
[ 2213.586909][ T4857]  do_fast_syscall_32+0x33/0x70
[ 2213.586928][ T4857]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2213.586951][ T4857] RIP: 0023:0xf6ffef6c
[ 2213.586968][ T4857] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2213.586984][ T4857] RSP: 002b:00000000f53ab50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2213.587003][ T4857] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000080
[ 2213.587016][ T4857] RDX: 00000000000000d0 RSI: 0000000000000000 RDI: 0000000000000000
[ 2213.587027][ T4857] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2213.587037][ T4857] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2213.587048][ T4857] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2213.587074][ T4857]  </TASK>
[ 2213.890963][T16921] gspca_spca508: reg_read err -71
[ 2213.897208][T16921] gspca_spca508: reg_read err -71
[ 2213.915770][T16921] gspca_spca508: reg write: error -71
[ 2213.921572][T16921] spca508 5-1:0.0: probe with driver spca508 failed with error -71
[ 2213.949239][T16921] usb 5-1: USB disconnect, device number 56
[ 2214.035613][   T42] usb 1-1: USB disconnect, device number 52
[ 2214.248894][T28316] usb 3-1: new full-speed USB device number 85 using dummy_hcd
[ 2214.440052][T28316] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2214.453419][T28316] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 2214.462572][T28316] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 2214.477865][T28316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2214.493237][T28316] usb 3-1: config 0 descriptor??
[ 2214.502768][T28316] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 2214.509944][T28316] dvb-usb: bulk message failed: -22 (3/0)
[ 2214.521982][T28316] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 2214.527888][ T4873] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2214.532489][T28316] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 2214.551857][T28316] usb 3-1: media controller created
[ 2214.558657][T28316] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2214.573012][T28316] dvb-usb: bulk message failed: -22 (6/0)
[ 2214.582007][T28316] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 2214.591532][T28316] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input287
[ 2214.607624][T28316] dvb-usb: schedule remote query interval to 150 msecs.
[ 2214.615757][T28316] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 2214.637789][ T4873] ip6tnl3: entered allmulticast mode
[ 2214.645868][ T1000] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2214.667097][ T1000] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2214.675142][ T5823] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2214.737108][ T4872] tipc: Disabling bearer <eth:syzkaller0>
[ 2214.762112][T28316] usb 3-1: USB disconnect, device number 85
[ 2214.804128][T28316] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 2215.138988][T32155] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 2215.279221][ T5823] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2215.297915][ T4888] Invalid argument reading file caps for ./file0
[ 2215.308870][T32155] usb 5-1: Using ep0 maxpacket: 8
[ 2215.320457][T32155] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 2215.348996][T32155] usb 5-1: config 179 has no interface number 0
[ 2215.359573][ T5823] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2215.360517][T32155] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 2215.403244][ T4893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8363'.
[ 2215.416844][ T4894] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8365'.
[ 2215.478252][T32155] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 2215.530609][T32155] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 2215.566543][T32155] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 2215.598065][T32155] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 2215.649674][T32155] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 2215.715005][T32155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2215.744089][ T4878] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2215.941517][ T4909] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.8369'.
[ 2216.256861][T28316] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input288
[ 2216.707285][ T4918] tipc: Started in network mode
[ 2216.736804][ T4919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2216.751848][ T4918] tipc: Node identity ba85652bb7c8, cluster identity 4711
[ 2216.785708][ T4918] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2216.793724][ T4919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2216.907741][ T4918] ip6tnl1: entered allmulticast mode
[ 2216.936882][ T1000] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2216.988121][   T42] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2217.003730][ T1000] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2217.026186][ T4916] tipc: Disabling bearer <eth:syzkaller0>
[ 2217.069176][   T42] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2217.689052][   T42] usb 1-1: new full-speed USB device number 53 using dummy_hcd
[ 2217.733208][ T5823] usb 5-1: USB disconnect, device number 57
[ 2217.733337][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 2217.747743][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 2217.774407][ T2829] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2217.861831][   T42] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2217.891114][   T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2217.940109][   T42] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[ 2217.968441][   T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2218.016634][   T42] usb 1-1: config 0 descriptor??
[ 2218.068392][   T42] pegasus_notetaker 1-1:0.0: probe with driver pegasus_notetaker failed with error -22
[ 2218.564010][   T29] kauditd_printk_skb: 68 callbacks suppressed
[ 2218.564027][   T29] audit: type=1326 audit(1772693183.569:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.607088][   T29] audit: type=1326 audit(1772693183.599:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.695951][   T29] audit: type=1326 audit(1772693183.609:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.754846][   T29] audit: type=1326 audit(1772693183.609:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.847381][   T29] audit: type=1326 audit(1772693183.609:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.869101][ T4950] loop5: detected capacity change from 0 to 7
[ 2218.879457][ T4950] Dev loop5: unable to read RDB block 7
[ 2218.885104][ T4950]  loop5: AHDI p1 p2 p3
[ 2218.891326][ T4950] loop5: partition table partially beyond EOD, truncated
[ 2218.898619][ T4950] loop5: p1 start 1601398130 is beyond EOD, truncated
[ 2218.907607][ T4950] loop5: p2 start 1702059890 is beyond EOD, truncated
[ 2218.938867][   T29] audit: type=1326 audit(1772693183.639:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2218.970095][   T29] audit: type=1326 audit(1772693183.639:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2219.000710][   T29] audit: type=1326 audit(1772693183.639:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2219.029544][   T29] audit: type=1326 audit(1772693183.639:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2219.048851][T32155] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 2219.060373][   T29] audit: type=1326 audit(1772693183.639:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.8376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2219.208900][T32155] usb 5-1: Using ep0 maxpacket: 32
[ 2219.222793][T32155] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[ 2219.237907][T32155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2219.246063][T32155] usb 5-1: Product: syz
[ 2219.250885][T32155] usb 5-1: Manufacturer: syz
[ 2219.255552][T32155] usb 5-1: SerialNumber: syz
[ 2219.263151][T32155] usb 5-1: config 0 descriptor??
[ 2219.308042][ T4960] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8383'.
[ 2219.493981][T32155] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 058
[ 2219.748100][ T5823] usb 5-1: USB disconnect, device number 58
[ 2220.359161][   T42] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 2220.471201][T16921] usb 1-1: USB disconnect, device number 53
[ 2220.542934][   T42] usb 3-1: Using ep0 maxpacket: 8
[ 2220.568324][   T42] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 2220.579092][   T42] usb 3-1: config 179 has no interface number 0
[ 2220.585660][   T42] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 2220.597504][   T42] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 2220.612081][   T42] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 2220.624941][   T42] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 2220.637199][   T42] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 2220.658560][   T42] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 2220.673804][ T5823] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 2220.683040][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2220.702886][ T4987] loop5: detected capacity change from 0 to 7
[ 2220.705483][ T4969] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2220.736841][ T4987] Dev loop5: unable to read RDB block 7
[ 2220.755097][ T4987]  loop5: AHDI p1 p2 p3
[ 2220.779985][ T4987] loop5: partition table partially beyond EOD, truncated
[ 2220.799843][ T4987] loop5: p1 start 1601398130 is beyond EOD, truncated
[ 2220.806807][ T4987] loop5: p2 start 1702059890 is beyond EOD, truncated
[ 2220.837432][ T5823] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2220.847910][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2220.874487][ T5823] usb 4-1: Product: syz
[ 2220.879411][ T5823] usb 4-1: Manufacturer: syz
[ 2220.884107][ T5823] usb 4-1: SerialNumber: syz
[ 2220.908120][ T5823] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2220.951018][   T42] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2221.042925][ T5823] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input290
[ 2221.199252][ T2829] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 2221.381521][ T2829] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 2221.419443][ T2829] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 2221.439000][    C1] ip6_tnl_xmit_ctl: 1 callbacks suppressed
[ 2221.439018][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2221.461562][ T2829] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 2221.473583][ T4997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2221.506876][ T4997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2221.536733][ T2829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2221.562324][ T2829] usb 5-1: Product: syz
[ 2221.566792][ T2829] usb 5-1: Manufacturer: syz
[ 2221.572858][ T2829] usb 5-1: SerialNumber: syz
[ 2221.634471][ T2829] usb 5-1: config 0 descriptor??
[ 2221.647636][ T4991] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 2221.683280][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 2221.691805][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 2221.711117][ T4991] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 2221.958727][ T4991] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 2222.075793][ T2829] dm9601 5-1:0.0: probe with driver dm9601 failed with error -71
[ 2222.215470][ T2829] usb 5-1: USB disconnect, device number 59
[ 2222.255506][   T42] usb 4-1: Service connection timeout for: 256
[ 2222.293594][   T42] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 2222.337772][T32155] usb 3-1: USB disconnect, device number 86
[ 2222.340181][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 2222.352149][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 2222.437994][   T42] ath9k_htc: Failed to initialize the device
[ 2222.483030][   T42] usb 4-1: ath9k_htc: USB layer deinitialized
[ 2222.988036][ T5024] FAULT_INJECTION: forcing a failure.
[ 2222.988036][ T5024] name failslab, interval 1, probability 0, space 0, times 0
[ 2223.037624][ T5024] CPU: 0 UID: 0 PID: 5024 Comm: syz.4.8402 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2223.037658][ T5024] Tainted: [L]=SOFTLOCKUP
[ 2223.037664][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2223.037675][ T5024] Call Trace:
[ 2223.037684][ T5024]  <TASK>
[ 2223.037693][ T5024]  dump_stack_lvl+0xe8/0x150
[ 2223.037725][ T5024]  should_fail_ex+0x412/0x560
[ 2223.037754][ T5024]  should_failslab+0xa8/0x100
[ 2223.037771][ T5024]  __kvmalloc_node_noprof+0x178/0x8a0
[ 2223.037784][ T5024]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 2223.037800][ T5024]  alloc_netdev_mqs+0xa6/0x11b0
[ 2223.037811][ T5024]  ? __pfx_vlan_setup+0x10/0x10
[ 2223.037842][ T5024]  rtnl_create_link+0x31f/0xd70
[ 2223.037869][ T5024]  rtnl_newlink_create+0x277/0xb70
[ 2223.037896][ T5024]  ? __pfx___nla_validate_parse+0x10/0x10
[ 2223.037920][ T5024]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 2223.037936][ T5024]  ? __pfx___mutex_lock+0x10/0x10
[ 2223.037952][ T5024]  ? ns_capable+0x89/0xe0
[ 2223.037971][ T5024]  rtnl_newlink+0x1666/0x1be0
[ 2223.038011][ T5024]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2223.038033][ T5024]  ? do_fast_syscall_32+0x33/0x70
[ 2223.038051][ T5024]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2223.038083][ T5024]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2223.038094][ T5024]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2223.038106][ T5024]  ? kmem_cache_free+0x187/0x630
[ 2223.038120][ T5024]  ? nlmon_xmit+0xb0/0x100
[ 2223.038166][ T5024]  ? __lock_acquire+0x6b5/0x2cf0
[ 2223.038196][ T5024]  ? __local_bh_enable_ip+0xd0/0x130
[ 2223.038212][ T5024]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2223.038221][ T5024]  ? __dev_queue_xmit+0x277/0x3890
[ 2223.038231][ T5024]  ? __local_bh_enable_ip+0xd0/0x130
[ 2223.038243][ T5024]  ? __dev_queue_xmit+0x277/0x3890
[ 2223.038268][ T5024]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2223.038292][ T5024]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 2223.038320][ T5024]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 2223.038343][ T5024]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2223.038359][ T5024]  ? ref_tracker_free+0x693/0x840
[ 2223.038372][ T5024]  ? __copy_skb_header+0xa3/0x4a0
[ 2223.038388][ T5024]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2223.038400][ T5024]  ? __skb_clone+0x63/0x7a0
[ 2223.038428][ T5024]  netlink_rcv_skb+0x232/0x4b0
[ 2223.038453][ T5024]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2223.038480][ T5024]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2223.038507][ T5024]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2223.038524][ T5024]  netlink_unicast+0x80f/0x9b0
[ 2223.038539][ T5024]  ? __pfx_netlink_unicast+0x10/0x10
[ 2223.038552][ T5024]  ? netlink_sendmsg+0x650/0xb40
[ 2223.038567][ T5024]  ? skb_put+0x11b/0x210
[ 2223.038596][ T5024]  netlink_sendmsg+0x813/0xb40
[ 2223.038628][ T5024]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2223.038652][ T5024]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2223.038669][ T5024]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2223.038681][ T5024]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2223.038693][ T5024]  ____sys_sendmsg+0xa68/0xad0
[ 2223.038719][ T5024]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2223.038749][ T5024]  ? kstrtoull+0x12f/0x1d0
[ 2223.038780][ T5024]  ___sys_sendmsg+0x2a5/0x360
[ 2223.038813][ T5024]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2223.038832][ T5024]  ? get_pid_task+0x20/0x1f0
[ 2223.038842][ T5024]  ? get_pid_task+0x20/0x1f0
[ 2223.038850][ T5024]  ? get_pid_task+0x20/0x1f0
[ 2223.038886][ T5024]  ? __fget_files+0x2a/0x420
[ 2223.038911][ T5024]  ? __fget_files+0x3a0/0x420
[ 2223.038949][ T5024]  __sys_sendmsg+0x183/0x260
[ 2223.038966][ T5024]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2223.038992][ T5024]  __do_fast_syscall_32+0x20d/0x640
[ 2223.039003][ T5024]  ? do_fast_syscall_32+0x33/0x70
[ 2223.039018][ T5024]  ? asm_int80_emulation+0x1a/0x20
[ 2223.039036][ T5024]  ? do_int80_emulation+0x274/0x4d0
[ 2223.039054][ T5024]  ? trace_irq_disable+0x3b/0x150
[ 2223.039084][ T5024]  do_fast_syscall_32+0x33/0x70
[ 2223.039101][ T5024]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2223.039113][ T5024] RIP: 0023:0xf708ef6c
[ 2223.039124][ T5024] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2223.039133][ T5024] RSP: 002b:00000000f547d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2223.039145][ T5024] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000280
[ 2223.039152][ T5024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2223.039168][ T5024] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2223.039179][ T5024] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2223.039190][ T5024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2223.039219][ T5024]  </TASK>
[ 2223.857680][ T5037] FAULT_INJECTION: forcing a failure.
[ 2223.857680][ T5037] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2223.952595][ T5037] CPU: 1 UID: 0 PID: 5037 Comm: syz.2.8406 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2223.952617][ T5037] Tainted: [L]=SOFTLOCKUP
[ 2223.952621][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2223.952628][ T5037] Call Trace:
[ 2223.952633][ T5037]  <TASK>
[ 2223.952638][ T5037]  dump_stack_lvl+0xe8/0x150
[ 2223.952659][ T5037]  should_fail_ex+0x412/0x560
[ 2223.952676][ T5037]  _copy_to_user+0x31/0xb0
[ 2223.952693][ T5037]  simple_read_from_buffer+0xe1/0x170
[ 2223.952711][ T5037]  proc_fail_nth_read+0x1bb/0x230
[ 2223.952727][ T5037]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2223.952743][ T5037]  ? rw_verify_area+0x2a6/0x4d0
[ 2223.952753][ T5037]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2223.952768][ T5037]  vfs_read+0x20c/0xa70
[ 2223.952778][ T5037]  ? fdget_pos+0x246/0x320
[ 2223.952795][ T5037]  ? __pfx___mutex_lock+0x10/0x10
[ 2223.952806][ T5037]  ? __pfx_vfs_read+0x10/0x10
[ 2223.952818][ T5037]  ? __fget_files+0x2a/0x420
[ 2223.952834][ T5037]  ? __fget_files+0x3a0/0x420
[ 2223.952847][ T5037]  ? __fget_files+0x2a/0x420
[ 2223.952865][ T5037]  ksys_read+0x150/0x270
[ 2223.952877][ T5037]  ? __pfx_ksys_read+0x10/0x10
[ 2223.952889][ T5037]  ? asm_int80_emulation+0x1a/0x20
[ 2223.952902][ T5037]  do_int80_emulation+0x173/0x4d0
[ 2223.952913][ T5037]  ? asm_int80_emulation+0x1a/0x20
[ 2223.952922][ T5037]  ? clear_bhb_loop+0x40/0x90
[ 2223.952932][ T5037]  ? clear_bhb_loop+0x40/0x90
[ 2223.952944][ T5037]  asm_int80_emulation+0x1a/0x20
[ 2223.952954][ T5037] RIP: 0023:0xf71d5cab
[ 2223.952970][ T5037] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 2223.952979][ T5037] RSP: 002b:00000000f54964bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 2223.952991][ T5037] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54965d0
[ 2223.952998][ T5037] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 2223.953004][ T5037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2223.953010][ T5037] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2223.953016][ T5037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2223.953030][ T5037]  </TASK>
[ 2224.276522][   T42] usb 4-1: USB disconnect, device number 17
[ 2224.333077][T32155] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 2224.423222][ T5045] loop5: detected capacity change from 0 to 7
[ 2224.430748][ T5045] Dev loop5: unable to read RDB block 7
[ 2224.437024][ T5045]  loop5: AHDI p1 p2 p3
[ 2224.446021][ T5046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8409'.
[ 2224.456920][ T5045] loop5: partition table partially beyond EOD, truncated
[ 2224.473148][ T5045] loop5: p1 start 1601398130 is beyond EOD, truncated
[ 2224.487542][ T5045] loop5: p2 start 1702059890 is beyond EOD, truncated
[ 2224.499412][T32155] usb 5-1: Using ep0 maxpacket: 32
[ 2224.516647][T32155] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 2224.526140][T32155] usb 5-1: config 0 has no interface number 0
[ 2224.567115][T32155] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[ 2224.577037][T32155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2224.596008][T32155] usb 5-1: Product: syz
[ 2224.602115][T32155] usb 5-1: Manufacturer: syz
[ 2224.607453][T32155] usb 5-1: SerialNumber: syz
[ 2224.620269][T32155] usb 5-1: config 0 descriptor??
[ 2224.628612][T32155] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 2224.641213][T32155] usb 5-1: selecting invalid altsetting 1
[ 2224.646954][T32155] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 2224.664046][T32155] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 2224.674614][T32155] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 2224.682999][T32155] usb 5-1: media controller created
[ 2224.696803][T32155] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2224.838877][T16921] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 2224.991595][T16921] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2225.000577][T16921] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2225.008860][ T2829] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 2225.010857][T16921] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2225.027621][T16921] usb 4-1: config 1 has no interface number 1
[ 2225.033771][T16921] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2225.056526][T16921] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2225.092680][T16921] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2225.106819][T16921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2225.116805][T16921] usb 4-1: Product: syz
[ 2225.121267][T16921] usb 4-1: Manufacturer: syz
[ 2225.125995][T16921] usb 4-1: SerialNumber: syz
[ 2225.158823][ T2829] usb 2-1: Using ep0 maxpacket: 16
[ 2225.165978][ T2829] usb 2-1: config 0 has an invalid interface number: 68 but max is 0
[ 2225.174720][ T2829] usb 2-1: config 0 has no interface number 0
[ 2225.182014][ T2829] usb 2-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid maxpacket 254, setting to 64
[ 2225.198604][ T2829] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[ 2225.223371][ T2829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2225.237837][ T2829] usb 2-1: Product: syz
[ 2225.248587][ T5054] FAULT_INJECTION: forcing a failure.
[ 2225.248587][ T5054] name failslab, interval 1, probability 0, space 0, times 0
[ 2225.261269][ T5054] CPU: 1 UID: 0 PID: 5054 Comm: syz.0.8412 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2225.261300][ T5054] Tainted: [L]=SOFTLOCKUP
[ 2225.261307][ T5054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2225.261319][ T5054] Call Trace:
[ 2225.261329][ T5054]  <TASK>
[ 2225.261337][ T5054]  dump_stack_lvl+0xe8/0x150
[ 2225.261369][ T5054]  should_fail_ex+0x412/0x560
[ 2225.261397][ T5054]  should_failslab+0xa8/0x100
[ 2225.261421][ T5054]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 2225.261449][ T5054]  kmem_cache_alloc_noprof+0x87/0x650
[ 2225.261468][ T5054]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 2225.261494][ T5054]  ? kmem_cache_alloc_noprof+0x15a/0x650
[ 2225.261518][ T5054]  radix_tree_node_alloc+0x7e/0x3a0
[ 2225.261550][ T5054]  idr_get_free+0x2b3/0xa70
[ 2225.261588][ T5054]  idr_alloc_u32+0x18d/0x320
[ 2225.261622][ T5054]  ? __pfx_idr_alloc_u32+0x10/0x10
[ 2225.261653][ T5054]  ? net_generic+0x1e/0x240
[ 2225.261683][ T5054]  ? l2tp_tunnel_register+0x148/0x1460
[ 2225.261713][ T5054]  l2tp_tunnel_register+0x162/0x1460
[ 2225.261752][ T5054]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[ 2225.261781][ T5054]  ? do_raw_spin_lock+0x12b/0x2f0
[ 2225.261804][ T5054]  ? pcpu_alloc+0x10/0x360
[ 2225.261838][ T5054]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 2225.261863][ T5054]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2225.261878][ T5054]  ? l2tp_tunnel_create+0x249/0x3e0
[ 2225.261898][ T5054]  ? l2tp_tunnel_create+0x2d3/0x3e0
[ 2225.261921][ T5054]  pppol2tp_connect+0x8b7/0x17c0
[ 2225.261951][ T5054]  ? __pfx_pppol2tp_connect+0x10/0x10
[ 2225.261974][ T5054]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2225.261995][ T5054]  ? hook_socket_connect+0x107/0x190
[ 2225.262016][ T5054]  ? bpf_lsm_socket_connect+0x9/0x20
[ 2225.262035][ T5054]  __sys_connect+0x312/0x450
[ 2225.262058][ T5054]  ? __pfx___sys_connect+0x10/0x10
[ 2225.262097][ T5054]  __ia32_sys_connect+0x7a/0x90
[ 2225.262118][ T5054]  __do_fast_syscall_32+0x20d/0x640
[ 2225.262136][ T5054]  ? do_fast_syscall_32+0x33/0x70
[ 2225.262150][ T5054]  ? asm_int80_emulation+0x1a/0x20
[ 2225.262165][ T5054]  ? do_int80_emulation+0x274/0x4d0
[ 2225.262179][ T5054]  ? trace_irq_disable+0x3b/0x150
[ 2225.262202][ T5054]  do_fast_syscall_32+0x33/0x70
[ 2225.262219][ T5054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2225.262241][ T5054] RIP: 0023:0xf7fc2f6c
[ 2225.262255][ T5054] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2225.262268][ T5054] RSP: 002b:00000000f544450c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[ 2225.262284][ T5054] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080001080
[ 2225.262295][ T5054] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000
[ 2225.262304][ T5054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2225.262313][ T5054] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2225.262322][ T5054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2225.262343][ T5054]  </TASK>
[ 2225.262876][ T2829] usb 2-1: Manufacturer: syz
[ 2225.572253][ T2829] usb 2-1: SerialNumber: syz
[ 2225.580445][ T2829] usb 2-1: config 0 descriptor??
[ 2225.600076][T16921] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 2225.612163][ T2829] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 2225.640361][T16921] usb 4-1: MIDIStreaming interface descriptor not found
[ 2225.769554][T32155] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[ 2225.787258][ T5050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8411'.
[ 2225.797082][ T5050] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8411'.
[ 2225.818098][T32155] zl10353_read_register: readreg error (reg=127, ret==-110)
[ 2225.836663][T32155] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 2225.849531][T16921] usb 4-1: USB disconnect, device number 18
[ 2225.857272][ T5061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2225.894575][ T5061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2225.903027][ T2829] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 2225.961761][ T5061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2225.982060][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2226.008593][ T5061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2226.026219][T32155] usb 5-1: USB disconnect, device number 60
[ 2226.068899][ T2829] usb 3-1: Using ep0 maxpacket: 8
[ 2226.079350][ T2829] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[ 2226.087681][ T2829] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[ 2226.110729][   T42] usb 2-1: USB disconnect, device number 50
[ 2226.117513][  T146] usb 2-1: Failed to submit usb control message: -71
[ 2226.130304][  T146] usb 2-1: unable to send the bmi data to the device: -71
[ 2226.167857][  T146] usb 2-1: unable to get target info from device
[ 2226.177994][ T2829] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 2226.198494][ T2829] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[ 2226.208501][  T146] usb 2-1: could not get target info (-71)
[ 2226.229921][  T146] usb 2-1: could not probe fw (-71)
[ 2226.237379][ T2829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 2226.291144][ T2829] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[ 2226.313777][ T2829] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[ 2226.313806][ T2829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2226.313826][ T2829] usb 3-1: Product: syz
[ 2226.313850][ T2829] usb 3-1: Manufacturer: syz
[ 2226.313865][ T2829] usb 3-1: SerialNumber: syz
[ 2226.316518][ T2829] usb 3-1: config 0 descriptor??
[ 2226.318434][ T2829] hub 3-1:0.0: bad descriptor, ignoring hub
[ 2226.318459][ T2829] hub 3-1:0.0: probe with driver hub failed with error -5
[ 2226.517588][ T5073] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2226.553706][ T5073] syzkaller0: entered promiscuous mode
[ 2226.560260][ T5075] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8418'.
[ 2226.560422][ T5073] syzkaller0: entered allmulticast mode
[ 2226.620428][ T5073] FAULT_INJECTION: forcing a failure.
[ 2226.620428][ T5073] name failslab, interval 1, probability 0, space 0, times 0
[ 2226.633147][ T5073] CPU: 0 UID: 0 PID: 5073 Comm: syz.4.8417 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2226.633177][ T5073] Tainted: [L]=SOFTLOCKUP
[ 2226.633184][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2226.633196][ T5073] Call Trace:
[ 2226.633204][ T5073]  <TASK>
[ 2226.633211][ T5073]  dump_stack_lvl+0xe8/0x150
[ 2226.633243][ T5073]  should_fail_ex+0x412/0x560
[ 2226.633272][ T5073]  should_failslab+0xa8/0x100
[ 2226.633304][ T5073]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 2226.633327][ T5073]  ? __alloc_skb+0x1d0/0x7d0
[ 2226.633351][ T5073]  ? __local_bh_enable_ip+0xd0/0x130
[ 2226.633379][ T5073]  __alloc_skb+0x1d0/0x7d0
[ 2226.633408][ T5073]  ? inet6_rt_notify+0xaf/0x470
[ 2226.633433][ T5073]  inet6_rt_notify+0x170/0x470
[ 2226.633469][ T5073]  fib6_del+0x10af/0x15a0
[ 2226.633513][ T5073]  ? __pfx_fib6_del+0x10/0x10
[ 2226.633540][ T5073]  ? is_bpf_text_address+0x292/0x2b0
[ 2226.633560][ T5073]  ? is_bpf_text_address+0x26/0x2b0
[ 2226.633592][ T5073]  fib6_clean_node+0x29c/0x580
[ 2226.633623][ T5073]  ? __pfx_fib6_clean_node+0x10/0x10
[ 2226.633651][ T5073]  ? stack_trace_save+0xa9/0x100
[ 2226.633669][ T5073]  ? __pfx_stack_trace_save+0x10/0x10
[ 2226.633687][ T5073]  ? kfree+0x1c1/0x630
[ 2226.633711][ T5073]  fib6_walk_continue+0x67b/0x910
[ 2226.633749][ T5073]  __fib6_clean_all+0x35b/0x5a0
[ 2226.633777][ T5073]  ? __fib6_clean_all+0xbd/0x5a0
[ 2226.633801][ T5073]  ? __lock_acquire+0x6b5/0x2cf0
[ 2226.633823][ T5073]  ? __pfx_fib6_ifdown+0x10/0x10
[ 2226.633850][ T5073]  ? __pfx___fib6_clean_all+0x10/0x10
[ 2226.633878][ T5073]  ? __pfx_fib6_clean_node+0x10/0x10
[ 2226.633902][ T5073]  ? __pfx_fib6_ifdown+0x10/0x10
[ 2226.633929][ T5073]  ? do_raw_spin_lock+0x12b/0x2f0
[ 2226.633952][ T5073]  ? __mutex_trylock_common+0x158/0x260
[ 2226.633982][ T5073]  rt6_disable_ip+0x128/0x730
[ 2226.634010][ T5073]  ? rcu_is_watching+0x15/0xb0
[ 2226.634033][ T5073]  ? trace_contention_end+0x3d/0x150
[ 2226.634055][ T5073]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 2226.634083][ T5073]  addrconf_ifdown+0x161/0x1a40
[ 2226.634102][ T5073]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2226.634124][ T5073]  ? tls_dev_event+0x745/0xf00
[ 2226.634147][ T5073]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 2226.634177][ T5073]  addrconf_notify+0x1bc/0x1050
[ 2226.634202][ T5073]  notifier_call_chain+0x1be/0x400
[ 2226.634231][ T5073]  netif_set_mtu_ext+0x5aa/0x800
[ 2226.634252][ T5073]  ? __ia32_compat_sys_ioctl+0x139/0x950
[ 2226.634274][ T5073]  ? __do_fast_syscall_32+0x20d/0x640
[ 2226.634294][ T5073]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[ 2226.634320][ T5073]  ? __mutex_trylock_common+0x158/0x260
[ 2226.634356][ T5073]  netif_set_mtu+0xd7/0x1b0
[ 2226.634379][ T5073]  ? __pfx_netif_set_mtu+0x10/0x10
[ 2226.634411][ T5073]  ? __dev_get_by_name+0xe5/0x140
[ 2226.634432][ T5073]  dev_set_mtu+0x126/0x260
[ 2226.634455][ T5073]  dev_ioctl+0x7b4/0x1150
[ 2226.634478][ T5073]  sock_do_ioctl+0x23e/0x320
[ 2226.634497][ T5073]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 2226.634526][ T5073]  compat_sock_ioctl+0xba6/0xcb0
[ 2226.634547][ T5073]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 2226.634566][ T5073]  ? __fget_files+0x3a0/0x420
[ 2226.634586][ T5073]  ? __fget_files+0x2a/0x420
[ 2226.634608][ T5073]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 2226.634630][ T5073]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2226.634650][ T5073]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 2226.634670][ T5073]  ? __fget_files+0x3a0/0x420
[ 2226.634695][ T5073]  ? fput+0xa0/0xd0
[ 2226.634715][ T5073]  ? ksys_write+0x242/0x270
[ 2226.634740][ T5073]  __do_fast_syscall_32+0x20d/0x640
[ 2226.634757][ T5073]  ? do_fast_syscall_32+0x33/0x70
[ 2226.634771][ T5073]  ? asm_int80_emulation+0x1a/0x20
[ 2226.634785][ T5073]  ? do_int80_emulation+0x274/0x4d0
[ 2226.634800][ T5073]  ? trace_irq_disable+0x3b/0x150
[ 2226.634823][ T5073]  do_fast_syscall_32+0x33/0x70
[ 2226.634839][ T5073]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2226.634856][ T5073] RIP: 0023:0xf708ef6c
[ 2226.634871][ T5073] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2226.634884][ T5073] RSP: 002b:00000000f547d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 2226.634900][ T5073] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922
[ 2226.634910][ T5073] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[ 2226.634919][ T5073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2226.634928][ T5073] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2226.634937][ T5073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2226.634959][ T5073]  </TASK>
[ 2227.082684][ T5073] tipc: Resetting bearer <eth:syzkaller0>
[ 2227.090158][   T42] usb 3-1: USB disconnect, device number 87
[ 2227.133935][ T5072] tipc: Resetting bearer <eth:syzkaller0>
[ 2227.175932][ T5072] tipc: Disabling bearer <eth:syzkaller0>
[ 2227.209145][ T2829] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 2227.312172][ T5089] FAULT_INJECTION: forcing a failure.
[ 2227.312172][ T5089] name failslab, interval 1, probability 0, space 0, times 0
[ 2227.325346][ T5089] CPU: 1 UID: 0 PID: 5089 Comm: syz.4.8424 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2227.325365][ T5089] Tainted: [L]=SOFTLOCKUP
[ 2227.325369][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2227.325376][ T5089] Call Trace:
[ 2227.325380][ T5089]  <TASK>
[ 2227.325385][ T5089]  dump_stack_lvl+0xe8/0x150
[ 2227.325405][ T5089]  should_fail_ex+0x412/0x560
[ 2227.325421][ T5089]  should_failslab+0xa8/0x100
[ 2227.325435][ T5089]  __kmalloc_cache_noprof+0x88/0x660
[ 2227.325447][ T5089]  ? __pfx___nla_validate_parse+0x10/0x10
[ 2227.325461][ T5089]  ? hash_ip_create+0x6d9/0x1460
[ 2227.325478][ T5089]  hash_ip_create+0x6d9/0x1460
[ 2227.325499][ T5089]  ? __pfx_hash_ip_create+0x10/0x10
[ 2227.325514][ T5089]  ? __nla_parse+0x40/0x60
[ 2227.325527][ T5089]  ? __pfx_hash_ip_create+0x10/0x10
[ 2227.325541][ T5089]  ip_set_create+0xae6/0x1a40
[ 2227.325552][ T5089]  ? ip_set_create+0x4eb/0x1a40
[ 2227.325568][ T5089]  ? __pfx_ip_set_create+0x10/0x10
[ 2227.325595][ T5089]  nfnetlink_rcv_msg+0xc00/0x12c0
[ 2227.325606][ T5089]  ? unwind_get_return_address+0x4d/0x90
[ 2227.325622][ T5089]  ? nfnetlink_rcv_msg+0x229/0x12c0
[ 2227.325642][ T5089]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 2227.325676][ T5089]  netlink_rcv_skb+0x232/0x4b0
[ 2227.325689][ T5089]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 2227.325701][ T5089]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2227.325719][ T5089]  ? bpf_lsm_capable+0x9/0x20
[ 2227.325733][ T5089]  ? security_capable+0x7e/0x2c0
[ 2227.325749][ T5089]  nfnetlink_rcv+0x2c0/0x27b0
[ 2227.325764][ T5089]  ? __local_bh_enable_ip+0xd0/0x130
[ 2227.325778][ T5089]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2227.325788][ T5089]  ? __dev_queue_xmit+0x277/0x3890
[ 2227.325798][ T5089]  ? __local_bh_enable_ip+0xd0/0x130
[ 2227.325810][ T5089]  ? __dev_queue_xmit+0x277/0x3890
[ 2227.325819][ T5089]  ? __dev_queue_xmit+0x1e78/0x3890
[ 2227.325829][ T5089]  ? do_fast_syscall_32+0x33/0x70
[ 2227.325843][ T5089]  ? __dev_queue_xmit+0x277/0x3890
[ 2227.325856][ T5089]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 2227.325870][ T5089]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 2227.325883][ T5089]  ? ref_tracker_free+0x693/0x840
[ 2227.325896][ T5089]  ? __copy_skb_header+0xa3/0x4a0
[ 2227.325912][ T5089]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2227.325924][ T5089]  ? __skb_clone+0x63/0x7a0
[ 2227.325941][ T5089]  ? __skb_clone+0x483/0x7a0
[ 2227.325959][ T5089]  ? skb_clone+0x246/0x3a0
[ 2227.325970][ T5089]  ? __netlink_deliver_tap+0x807/0x850
[ 2227.325983][ T5089]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2227.325998][ T5089]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2227.326014][ T5089]  netlink_unicast+0x80f/0x9b0
[ 2227.326029][ T5089]  ? __pfx_netlink_unicast+0x10/0x10
[ 2227.326042][ T5089]  ? netlink_sendmsg+0x650/0xb40
[ 2227.326053][ T5089]  ? skb_put+0x11b/0x210
[ 2227.326069][ T5089]  netlink_sendmsg+0x813/0xb40
[ 2227.326086][ T5089]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2227.326100][ T5089]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2227.326114][ T5089]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2227.326126][ T5089]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2227.326138][ T5089]  ____sys_sendmsg+0xa68/0xad0
[ 2227.326157][ T5089]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2227.326175][ T5089]  ? kstrtoull+0x12f/0x1d0
[ 2227.326197][ T5089]  ___sys_sendmsg+0x2a5/0x360
[ 2227.326215][ T5089]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2227.326232][ T5089]  ? get_pid_task+0x20/0x1f0
[ 2227.326241][ T5089]  ? get_pid_task+0x20/0x1f0
[ 2227.326249][ T5089]  ? get_pid_task+0x20/0x1f0
[ 2227.326270][ T5089]  ? __fget_files+0x2a/0x420
[ 2227.326285][ T5089]  ? __fget_files+0x3a0/0x420
[ 2227.326303][ T5089]  __sys_sendmsg+0x183/0x260
[ 2227.326320][ T5089]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2227.326345][ T5089]  __do_fast_syscall_32+0x20d/0x640
[ 2227.326357][ T5089]  ? do_fast_syscall_32+0x33/0x70
[ 2227.326367][ T5089]  ? asm_int80_emulation+0x1a/0x20
[ 2227.326376][ T5089]  ? do_int80_emulation+0x274/0x4d0
[ 2227.326386][ T5089]  ? trace_irq_disable+0x3b/0x150
[ 2227.326403][ T5089]  do_fast_syscall_32+0x33/0x70
[ 2227.326414][ T5089]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2227.326426][ T5089] RIP: 0023:0xf708ef6c
[ 2227.326436][ T5089] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2227.326445][ T5089] RSP: 002b:00000000f547d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2227.326457][ T5089] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000440
[ 2227.326465][ T5089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2227.326471][ T5089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2227.326476][ T5089] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2227.326482][ T5089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2227.326497][ T5089]  </TASK>
[ 2227.783530][T16921] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 2227.820259][ T2829] usb 4-1: Using ep0 maxpacket: 16
[ 2227.830651][ T2829] usb 4-1: config 82 has an invalid interface number: 243 but max is 0
[ 2227.839767][ T2829] usb 4-1: config 82 has no interface number 0
[ 2227.845933][ T2829] usb 4-1: config 82 interface 243 has no altsetting 0
[ 2227.859539][ T2829] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=f3.37
[ 2227.868765][ T2829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2227.876753][ T2829] usb 4-1: Product: syz
[ 2227.881559][ T2829] usb 4-1: Manufacturer: syz
[ 2227.886145][ T2829] usb 4-1: SerialNumber: syz
[ 2227.947648][T16921] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[ 2227.949218][ T5093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8425'.
[ 2227.966217][T16921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2227.974591][T16921] usb 2-1: Product: syz
[ 2227.979129][T16921] usb 2-1: Manufacturer: syz
[ 2227.983844][T16921] usb 2-1: SerialNumber: syz
[ 2227.992147][T16921] usb 2-1: config 0 descriptor??
[ 2228.003567][T16921] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 2228.017817][T16921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2228.039630][T16921] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 2228.049453][T16921] usb 2-1: media controller created
[ 2228.071220][T16921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2228.088959][    C1] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2228.173918][ T2829] usbtest 4-1:82.243: couldn't get endpoints, -71
[ 2228.180781][ T2829] usbtest 4-1:82.243: probe with driver usbtest failed with error -71
[ 2228.191123][T16921] DVB: Unable to find symbol mt352_attach()
[ 2228.192237][ T2829] usb 4-1: USB disconnect, device number 19
[ 2228.269647][T16921] DVB: Unable to find symbol nxt6000_attach()
[ 2228.275757][T16921] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 2228.292366][ T5083] dvb-usb: bulk message failed: -22 (7/0)
[ 2228.310756][T16921] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input291
[ 2228.324639][T16921] dvb-usb: schedule remote query interval to 1000 msecs.
[ 2228.332399][T16921] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 2228.339208][   T42] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 2228.352332][ T5099] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2228.362721][ T5099] syzkaller0: entered promiscuous mode
[ 2228.368586][T16921] dvb-usb: bulk message failed: -22 (7/0)
[ 2228.383265][ T5099] syzkaller0: entered allmulticast mode
[ 2228.396159][T16921] dvb-usb: bulk message failed: -22 (7/0)
[ 2228.418243][T16921] usb 2-1: USB disconnect, device number 51
[ 2228.427029][ T5099] FAULT_INJECTION: forcing a failure.
[ 2228.427029][ T5099] name failslab, interval 1, probability 0, space 0, times 0
[ 2228.439750][ T5099] CPU: 0 UID: 0 PID: 5099 Comm: syz.0.8427 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2228.439768][ T5099] Tainted: [L]=SOFTLOCKUP
[ 2228.439772][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2228.439779][ T5099] Call Trace:
[ 2228.439784][ T5099]  <TASK>
[ 2228.439789][ T5099]  dump_stack_lvl+0xe8/0x150
[ 2228.439811][ T5099]  should_fail_ex+0x412/0x560
[ 2228.439830][ T5099]  should_failslab+0xa8/0x100
[ 2228.439846][ T5099]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 2228.439858][ T5099]  ? __alloc_skb+0x1d0/0x7d0
[ 2228.439872][ T5099]  ? __local_bh_enable_ip+0xd0/0x130
[ 2228.439890][ T5099]  __alloc_skb+0x1d0/0x7d0
[ 2228.439905][ T5099]  ? inet6_rt_notify+0xaf/0x470
[ 2228.439920][ T5099]  inet6_rt_notify+0x170/0x470
[ 2228.439940][ T5099]  fib6_del+0x10af/0x15a0
[ 2228.439963][ T5099]  ? __pfx_fib6_del+0x10/0x10
[ 2228.439978][ T5099]  ? is_bpf_text_address+0x292/0x2b0
[ 2228.439990][ T5099]  ? is_bpf_text_address+0x26/0x2b0
[ 2228.440006][ T5099]  fib6_clean_node+0x29c/0x580
[ 2228.440024][ T5099]  ? __pfx_fib6_clean_node+0x10/0x10
[ 2228.440038][ T5099]  ? stack_trace_save+0xa9/0x100
[ 2228.440049][ T5099]  ? __pfx_stack_trace_save+0x10/0x10
[ 2228.440058][ T5099]  ? kfree+0x1c1/0x630
[ 2228.440070][ T5099]  fib6_walk_continue+0x67b/0x910
[ 2228.440091][ T5099]  __fib6_clean_all+0x35b/0x5a0
[ 2228.440106][ T5099]  ? __fib6_clean_all+0xbd/0x5a0
[ 2228.440120][ T5099]  ? __lock_acquire+0x6b5/0x2cf0
[ 2228.440137][ T5099]  ? __pfx_fib6_ifdown+0x10/0x10
[ 2228.440152][ T5099]  ? __pfx___fib6_clean_all+0x10/0x10
[ 2228.440168][ T5099]  ? __pfx_fib6_clean_node+0x10/0x10
[ 2228.440181][ T5099]  ? __pfx_fib6_ifdown+0x10/0x10
[ 2228.440196][ T5099]  ? do_raw_spin_lock+0x12b/0x2f0
[ 2228.440208][ T5099]  ? __mutex_trylock_common+0x158/0x260
[ 2228.440226][ T5099]  rt6_disable_ip+0x128/0x730
[ 2228.440242][ T5099]  ? rcu_is_watching+0x15/0xb0
[ 2228.440257][ T5099]  ? trace_contention_end+0x3d/0x150
[ 2228.440273][ T5099]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 2228.440292][ T5099]  addrconf_ifdown+0x161/0x1a40
[ 2228.440306][ T5099]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2228.440321][ T5099]  ? tls_dev_event+0x745/0xf00
[ 2228.440336][ T5099]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 2228.440356][ T5099]  addrconf_notify+0x1bc/0x1050
[ 2228.440374][ T5099]  notifier_call_chain+0x1be/0x400
[ 2228.440394][ T5099]  netif_set_mtu_ext+0x5aa/0x800
[ 2228.440409][ T5099]  ? __ia32_compat_sys_ioctl+0x139/0x950
[ 2228.440422][ T5099]  ? __do_fast_syscall_32+0x20d/0x640
[ 2228.440435][ T5099]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[ 2228.440451][ T5099]  ? __mutex_trylock_common+0x158/0x260
[ 2228.440475][ T5099]  netif_set_mtu+0xd7/0x1b0
[ 2228.440491][ T5099]  ? __pfx_netif_set_mtu+0x10/0x10
[ 2228.440513][ T5099]  ? __dev_get_by_name+0xe5/0x140
[ 2228.440527][ T5099]  dev_set_mtu+0x126/0x260
[ 2228.440544][ T5099]  dev_ioctl+0x7b4/0x1150
[ 2228.440560][ T5099]  sock_do_ioctl+0x23e/0x320
[ 2228.440573][ T5099]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 2228.440592][ T5099]  compat_sock_ioctl+0xba6/0xcb0
[ 2228.440606][ T5099]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 2228.440620][ T5099]  ? __fget_files+0x3a0/0x420
[ 2228.440635][ T5099]  ? __fget_files+0x2a/0x420
[ 2228.440651][ T5099]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 2228.440667][ T5099]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2228.440681][ T5099]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 2228.440695][ T5099]  ? __fget_files+0x3a0/0x420
[ 2228.440712][ T5099]  ? fput+0xa0/0xd0
[ 2228.440727][ T5099]  ? ksys_write+0x242/0x270
[ 2228.440744][ T5099]  __do_fast_syscall_32+0x20d/0x640
[ 2228.440755][ T5099]  ? do_fast_syscall_32+0x33/0x70
[ 2228.440765][ T5099]  ? asm_int80_emulation+0x1a/0x20
[ 2228.440776][ T5099]  ? do_int80_emulation+0x274/0x4d0
[ 2228.440786][ T5099]  ? trace_irq_disable+0x3b/0x150
[ 2228.440802][ T5099]  do_fast_syscall_32+0x33/0x70
[ 2228.440813][ T5099]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2228.440825][ T5099] RIP: 0023:0xf7fc2f6c
[ 2228.440836][ T5099] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2228.440845][ T5099] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 2228.440856][ T5099] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922
[ 2228.440863][ T5099] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[ 2228.440870][ T5099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2228.440876][ T5099] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2228.440882][ T5099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2228.440896][ T5099]  </TASK>
[ 2228.488023][ T5102] ptrace attach of "./syz-executor exec"[5103] was attempted by "./syz-executor exec"[5102]
[ 2228.500442][ T5099] tipc: Resetting bearer <eth:syzkaller0>
[ 2228.914438][ T5098] tipc: Resetting bearer <eth:syzkaller0>
[ 2228.930793][   T42] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2228.939689][   T42] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2228.957843][ T5098] tipc: Disabling bearer <eth:syzkaller0>
[ 2228.958812][   T42] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2228.998847][   T42] usb 3-1: config 1 has no interface number 1
[ 2229.004992][   T42] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2229.020940][T16921] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 2229.036727][   T42] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2229.056158][   T42] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2229.068608][   T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2229.108384][   T42] usb 3-1: Product: syz
[ 2229.113313][   T42] usb 3-1: Manufacturer: syz
[ 2229.117925][   T42] usb 3-1: SerialNumber: syz
[ 2229.299894][ T2829] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 2229.308183][ T5114] ALSA: seq fatal error: cannot create timer (-22)
[ 2229.349504][   T42] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 2229.357043][   T42] usb 3-1: MIDIStreaming interface descriptor not found
[ 2229.437316][   T42] usb 3-1: USB disconnect, device number 88
[ 2229.468979][ T2829] usb 5-1: Using ep0 maxpacket: 32
[ 2229.488691][ T2829] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 2229.523791][ T2829] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 2229.542637][ T2829] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 2229.555815][ T2829] usb 5-1: Product: syz
[ 2229.561974][ T2829] usb 5-1: Manufacturer: syz
[ 2229.566591][ T2829] usb 5-1: SerialNumber: syz
[ 2229.573308][ T2829] usb 5-1: config 0 descriptor??
[ 2229.580181][ T5108] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2229.985266][T16921] usb 5-1: USB disconnect, device number 61
[ 2230.027805][ T5108] netlink: 'syz.4.8430': attribute type 2 has an invalid length.
[ 2230.054219][ T5108] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2230.070710][ T5124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8435'.
[ 2230.280727][ T5133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8437'.
[ 2230.299106][   T42] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 2230.463885][   T42] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2230.486358][   T42] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2230.498319][   T42] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2230.508229][   T42] usb 1-1: config 1 has no interface number 1
[ 2230.514969][   T42] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2230.528457][   T42] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2230.547212][   T42] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2230.548881][ T2829] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 2230.567710][   T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2230.577943][   T42] usb 1-1: Product: syz
[ 2230.582606][   T42] usb 1-1: Manufacturer: syz
[ 2230.587244][   T42] usb 1-1: SerialNumber: syz
[ 2230.638954][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2230.701823][ T5146] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2230.709696][ T5146] syzkaller0: entered promiscuous mode
[ 2230.715182][ T5146] syzkaller0: entered allmulticast mode
[ 2230.721189][T16921] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 2230.744336][ T2829] usb 2-1: too many configurations: 9, using maximum allowed: 8
[ 2230.775082][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2230.784861][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2230.807684][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2230.816969][   T42] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 2230.825079][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2230.840655][   T42] usb 1-1: MIDIStreaming interface descriptor not found
[ 2230.851901][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2230.872318][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2230.888710][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2230.897908][T16921] usb 4-1: Using ep0 maxpacket: 32
[ 2230.901103][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2230.909146][ T5148] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2230.914220][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2230.933456][ T5148] team0: Port device batadv0 added
[ 2230.958844][T16921] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[ 2230.976428][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2230.978231][T16921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2230.991257][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2231.005422][T16921] usb 4-1: Product: syz
[ 2231.012195][T16921] usb 4-1: Manufacturer: syz
[ 2231.013459][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2231.025368][   T42] usb 1-1: USB disconnect, device number 54
[ 2231.032077][T16921] usb 4-1: SerialNumber: syz
[ 2231.033541][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2231.050583][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2231.062085][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2231.081990][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2231.100875][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2231.119364][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2231.128005][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2231.137949][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2231.150020][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2231.150149][T16921] usb 4-1: config 0 descriptor??
[ 2231.170553][ T2829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 2231.183807][ T2829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 2231.198585][ T2829] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2231.208247][ T2829] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 2231.220060][ T2829] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 2231.228556][ T2829] usb 2-1: Product: syz
[ 2231.233494][ T2829] usb 2-1: Manufacturer: syz
[ 2231.238141][ T2829] usb 2-1: SerialNumber: syz
[ 2231.246159][ T2829] usb 2-1: config 0 descriptor??
[ 2231.256425][ T2829] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[ 2231.407871][T16921] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 020
[ 2231.545269][ T5145] tipc: Resetting bearer <eth:syzkaller0>
[ 2231.559382][   T42] usb 2-1: USB disconnect, device number 52
[ 2231.602312][   T42] yurex 2-1:0.0: USB YUREX #0 now disconnected
[ 2231.613672][ T5164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8445'.
[ 2231.623549][ T5145] tipc: Disabling bearer <eth:syzkaller0>
[ 2231.778635][T16921] usb 4-1: USB disconnect, device number 20
[ 2232.462399][ T5198] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8454'.
[ 2232.498900][T16921] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 2232.523478][ T5198] macvtap1: entered allmulticast mode
[ 2232.560202][ T5198] team0: entered allmulticast mode
[ 2232.587013][ T5198] team_slave_0: entered allmulticast mode
[ 2232.622012][ T5198] team_slave_1: entered allmulticast mode
[ 2232.652601][ T5198] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 2232.691431][T16921] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2232.705726][ T5198] team0: left allmulticast mode
[ 2232.727606][T16921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2232.732684][ T5198] team_slave_0: left allmulticast mode
[ 2232.779570][T16921] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2232.789241][T16921] usb 3-1: config 1 has no interface number 1
[ 2232.811990][ T5198] team_slave_1: left allmulticast mode
[ 2232.818860][T16921] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2232.842182][T16921] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2232.920780][T16921] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2232.931698][T16921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2232.950413][T16921] usb 3-1: Product: syz
[ 2232.964165][T16921] usb 3-1: Manufacturer: syz
[ 2232.979485][T16921] usb 3-1: SerialNumber: syz
[ 2233.107321][ T5202] netlink: 'syz.3.8455': attribute type 7 has an invalid length.
[ 2233.266011][T16921] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[ 2233.290426][ T5204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8456'.
[ 2233.301860][T16921] usb 3-1: MIDIStreaming interface descriptor not found
[ 2233.549298][T16921] usb 3-1: USB disconnect, device number 89
[ 2234.083736][ T5229] FAULT_INJECTION: forcing a failure.
[ 2234.083736][ T5229] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2234.147342][ T5229] CPU: 0 UID: 0 PID: 5229 Comm: syz.1.8466 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2234.147375][ T5229] Tainted: [L]=SOFTLOCKUP
[ 2234.147382][ T5229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2234.147394][ T5229] Call Trace:
[ 2234.147402][ T5229]  <TASK>
[ 2234.147410][ T5229]  dump_stack_lvl+0xe8/0x150
[ 2234.147441][ T5229]  should_fail_ex+0x412/0x560
[ 2234.147469][ T5229]  strncpy_from_user+0x36/0x2b0
[ 2234.147495][ T5229]  do_getname+0x77/0x250
[ 2234.147523][ T5229]  user_path_at+0x2a/0x160
[ 2234.147544][ T5229]  __se_sys_mount+0x2dc/0x420
[ 2234.147575][ T5229]  ? __pfx___se_sys_mount+0x10/0x10
[ 2234.147604][ T5229]  ? __ia32_sys_mount+0x20/0xc0
[ 2234.147631][ T5229]  __do_fast_syscall_32+0x20d/0x640
[ 2234.147653][ T5229]  ? do_fast_syscall_32+0x33/0x70
[ 2234.147671][ T5229]  ? asm_int80_emulation+0x1a/0x20
[ 2234.147689][ T5229]  ? do_int80_emulation+0x274/0x4d0
[ 2234.147707][ T5229]  ? trace_irq_disable+0x3b/0x150
[ 2234.147736][ T5229]  do_fast_syscall_32+0x33/0x70
[ 2234.147756][ T5229]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2234.147778][ T5229] RIP: 0023:0xf7fc5f6c
[ 2234.147794][ T5229] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2234.147810][ T5229] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[ 2234.147830][ T5229] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800020c0
[ 2234.147843][ T5229] RDX: 0000000080000000 RSI: 0000000000400400 RDI: 0000000000000000
[ 2234.147856][ T5229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2234.147867][ T5229] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2234.147879][ T5229] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2234.147905][ T5229]  </TASK>
[ 2235.696899][ T5251] FAULT_INJECTION: forcing a failure.
[ 2235.696899][ T5251] name failslab, interval 1, probability 0, space 0, times 0
[ 2235.755836][ T5251] CPU: 0 UID: 0 PID: 5251 Comm: syz.2.8474 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2235.755859][ T5251] Tainted: [L]=SOFTLOCKUP
[ 2235.755863][ T5251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2235.755870][ T5251] Call Trace:
[ 2235.755875][ T5251]  <TASK>
[ 2235.755880][ T5251]  dump_stack_lvl+0xe8/0x150
[ 2235.755900][ T5251]  should_fail_ex+0x412/0x560
[ 2235.755916][ T5251]  should_failslab+0xa8/0x100
[ 2235.755930][ T5251]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 2235.755942][ T5251]  ? __alloc_skb+0x186/0x7d0
[ 2235.755956][ T5251]  ? __alloc_skb+0x1d0/0x7d0
[ 2235.755968][ T5251]  ? __local_bh_enable_ip+0xd0/0x130
[ 2235.755984][ T5251]  __alloc_skb+0x1d0/0x7d0
[ 2235.755997][ T5251]  ? netlink_ack_tlv_len+0x6c/0x210
[ 2235.756011][ T5251]  netlink_ack+0x146/0xa50
[ 2235.756022][ T5251]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2235.756035][ T5251]  ? ref_tracker_free+0x693/0x840
[ 2235.756048][ T5251]  ? __copy_skb_header+0xa3/0x4a0
[ 2235.756063][ T5251]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2235.756075][ T5251]  ? __skb_clone+0x63/0x7a0
[ 2235.756094][ T5251]  netlink_rcv_skb+0x2b6/0x4b0
[ 2235.756107][ T5251]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2235.756121][ T5251]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2235.756139][ T5251]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2235.756155][ T5251]  netlink_unicast+0x80f/0x9b0
[ 2235.756170][ T5251]  ? __pfx_netlink_unicast+0x10/0x10
[ 2235.756182][ T5251]  ? netlink_sendmsg+0x650/0xb40
[ 2235.756193][ T5251]  ? skb_put+0x11b/0x210
[ 2235.756209][ T5251]  netlink_sendmsg+0x813/0xb40
[ 2235.756226][ T5251]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2235.756240][ T5251]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2235.756255][ T5251]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2235.756268][ T5251]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2235.756280][ T5251]  ____sys_sendmsg+0xa68/0xad0
[ 2235.756300][ T5251]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2235.756322][ T5251]  ___sys_sendmsg+0x2a5/0x360
[ 2235.756342][ T5251]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2235.756359][ T5251]  ? kstrtoull+0x12f/0x1d0
[ 2235.756382][ T5251]  ? __fget_files+0x2a/0x420
[ 2235.756397][ T5251]  ? __fget_files+0x3a0/0x420
[ 2235.756415][ T5251]  __sys_sendmmsg+0x2e7/0x4e0
[ 2235.756435][ T5251]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2235.756463][ T5251]  ? fput+0xa0/0xd0
[ 2235.756477][ T5251]  ? ksys_write+0x242/0x270
[ 2235.756491][ T5251]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 2235.756508][ T5251]  __do_fast_syscall_32+0x20d/0x640
[ 2235.756520][ T5251]  ? do_fast_syscall_32+0x33/0x70
[ 2235.756529][ T5251]  ? asm_int80_emulation+0x1a/0x20
[ 2235.756539][ T5251]  ? do_int80_emulation+0x274/0x4d0
[ 2235.756549][ T5251]  ? trace_irq_disable+0x3b/0x150
[ 2235.756565][ T5251]  do_fast_syscall_32+0x33/0x70
[ 2235.756576][ T5251]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2235.756588][ T5251] RIP: 0023:0xf7fd2f6c
[ 2235.756598][ T5251] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2235.756608][ T5251] RSP: 002b:00000000f549650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 2235.756620][ T5251] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 2235.756627][ T5251] RDX: 0000000000000235 RSI: 0000000000000000 RDI: 0000000000000000
[ 2235.756634][ T5251] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2235.756640][ T5251] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2235.756646][ T5251] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2235.756660][ T5251]  </TASK>
[ 2236.227892][ T5258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8476'.
[ 2236.354614][ T5268] loop5: detected capacity change from 0 to 7
[ 2236.362021][ T5268] Dev loop5: unable to read RDB block 7
[ 2236.367639][ T5268]  loop5: AHDI p1 p2 p3
[ 2236.375346][ T5268] loop5: partition table partially beyond EOD, truncated
[ 2236.382642][ T5268] loop5: p1 start 1601398130 is beyond EOD, truncated
[ 2236.389478][ T5268] loop5: p2 start 1702059890 is beyond EOD, truncated
[ 2236.512997][ T5270] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8478'.
[ 2236.827600][ T5283] team_slave_0: entered promiscuous mode
[ 2236.846106][ T5283] team_slave_0: entered allmulticast mode
[ 2237.032163][ T5285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8483'.
[ 2237.052747][ T5288] sctp: [Deprecated]: syz.0.8485 (pid 5288) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2237.052747][ T5288] Use struct sctp_sack_info instead
[ 2237.073334][ T5288] sctp: [Deprecated]: syz.0.8485 (pid 5288) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2237.073334][ T5288] Use struct sctp_sack_info instead
[ 2237.090152][ T5288] sctp: [Deprecated]: syz.0.8485 (pid 5288) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2237.090152][ T5288] Use struct sctp_sack_info instead
[ 2237.109434][ T5288] sctp: [Deprecated]: syz.0.8485 (pid 5288) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2237.109434][ T5288] Use struct sctp_sack_info instead
[ 2237.520950][ T5303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8487'.
[ 2237.629919][ T5309] FAULT_INJECTION: forcing a failure.
[ 2237.629919][ T5309] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.668854][ T5309] CPU: 0 UID: 0 PID: 5309 Comm: syz.1.8490 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2237.668886][ T5309] Tainted: [L]=SOFTLOCKUP
[ 2237.668894][ T5309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2237.668906][ T5309] Call Trace:
[ 2237.668914][ T5309]  <TASK>
[ 2237.668922][ T5309]  dump_stack_lvl+0xe8/0x150
[ 2237.668954][ T5309]  should_fail_ex+0x412/0x560
[ 2237.668982][ T5309]  should_failslab+0xa8/0x100
[ 2237.669006][ T5309]  ? vm_area_dup+0x2b/0x680
[ 2237.669027][ T5309]  kmem_cache_alloc_noprof+0x87/0x650
[ 2237.669054][ T5309]  vm_area_dup+0x2b/0x680
[ 2237.669078][ T5309]  __split_vma+0x1dc/0xa40
[ 2237.669114][ T5309]  ? __pfx___split_vma+0x10/0x10
[ 2237.669150][ T5309]  ? mas_find+0xb0e/0xd30
[ 2237.669184][ T5309]  vms_gather_munmap_vmas+0x4fa/0x1370
[ 2237.669226][ T5309]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[ 2237.669261][ T5309]  ? mas_find+0xa7d/0xd30
[ 2237.669293][ T5309]  mmap_region+0x85b/0x2240
[ 2237.669321][ T5309]  ? __lock_acquire+0x6b5/0x2cf0
[ 2237.669347][ T5309]  ? __lock_acquire+0x6b5/0x2cf0
[ 2237.669375][ T5309]  ? __pfx_mmap_region+0x10/0x10
[ 2237.669403][ T5309]  ? unwind_next_frame+0xa5/0x23c0
[ 2237.669494][ T5309]  ? security_file_alloc+0x34/0x310
[ 2237.669517][ T5309]  ? kasan_save_track+0x4f/0x80
[ 2237.669553][ T5309]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[ 2237.669601][ T5309]  ? __lock_acquire+0x6b5/0x2cf0
[ 2237.669629][ T5309]  ? rcu_is_watching+0x15/0xb0
[ 2237.669655][ T5309]  ? cap_capable+0x123/0x490
[ 2237.669677][ T5309]  ? security_capable+0xb9/0x2c0
[ 2237.669699][ T5309]  ? shmem_mapping+0xd/0x50
[ 2237.669721][ T5309]  ? memfd_check_seals_mmap+0x165/0x200
[ 2237.669751][ T5309]  do_mmap+0xc39/0x10c0
[ 2237.669788][ T5309]  ? __pfx_do_mmap+0x10/0x10
[ 2237.669811][ T5309]  ? down_write_killable+0x180/0x240
[ 2237.669836][ T5309]  ? __pfx_down_write_killable+0x10/0x10
[ 2237.669857][ T5309]  ? apparmor_mmap_file+0x2da/0x3e0
[ 2237.669882][ T5309]  vm_mmap_pgoff+0x2c9/0x4f0
[ 2237.669915][ T5309]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 2237.669949][ T5309]  ? hugetlb_file_setup+0x42c/0x630
[ 2237.669974][ T5309]  ksys_mmap_pgoff+0x586/0x760
[ 2237.670008][ T5309]  __do_fast_syscall_32+0x20d/0x640
[ 2237.670030][ T5309]  ? do_fast_syscall_32+0x33/0x70
[ 2237.670047][ T5309]  ? asm_int80_emulation+0x1a/0x20
[ 2237.670065][ T5309]  ? do_int80_emulation+0x274/0x4d0
[ 2237.670083][ T5309]  ? trace_irq_disable+0x3b/0x150
[ 2237.670113][ T5309]  do_fast_syscall_32+0x33/0x70
[ 2237.670132][ T5309]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2237.670155][ T5309] RIP: 0023:0xf7fc5f6c
[ 2237.670172][ T5309] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2237.670187][ T5309] RSP: 002b:00000000f539c50c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0
[ 2237.670207][ T5309] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000400000
[ 2237.670220][ T5309] RDX: 0000000000000002 RSI: 00000000000c3072 RDI: 00000000ffffffff
[ 2237.670233][ T5309] RBP: 0000000000200000 R08: 0000000000000000 R09: 0000000000000000
[ 2237.670245][ T5309] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2237.670256][ T5309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2237.670283][ T5309]  </TASK>
[ 2238.447573][ T5321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2238.467864][ T5321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2238.538623][   T29] kauditd_printk_skb: 22 callbacks suppressed
[ 2238.538641][   T29] audit: type=1326 audit(1772693203.539:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2238.624633][   T29] audit: type=1326 audit(1772693203.539:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2238.638950][T16921] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 2238.704502][ T5326] loop5: detected capacity change from 0 to 7
[ 2238.707247][   T29] audit: type=1326 audit(1772693203.549:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2238.777525][ T5326] Dev loop5: unable to read RDB block 7
[ 2238.818006][   T29] audit: type=1326 audit(1772693203.549:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2238.822441][ T5326]  loop5: AHDI p1 p2 p3
[ 2238.887701][ T5326] loop5: partition table partially beyond EOD, truncated
[ 2238.910779][ T5326] loop5: p1 start 1601398130 is beyond EOD, truncated
[ 2238.931485][   T29] audit: type=1326 audit(1772693203.549:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2238.938967][T16921] usb 4-1: Using ep0 maxpacket: 32
[ 2238.967584][ T5326] loop5: p2 start 1702059890 is beyond EOD, truncated
[ 2239.015816][T16921] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2239.016588][   T29] audit: type=1326 audit(1772693203.549:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2239.075278][   T29] audit: type=1326 audit(1772693203.549:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2239.085042][T16921] usb 4-1: config 0 has no interface number 0
[ 2239.103637][   T29] audit: type=1326 audit(1772693203.549:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2239.145887][   T29] audit: type=1326 audit(1772693203.549:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2239.171813][   T29] audit: type=1326 audit(1772693203.549:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5317 comm="syz.4.8494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708ef6c code=0x7ffc0000
[ 2239.203440][T16921] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[ 2239.225531][T16921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2239.250923][T16921] usb 4-1: Product: syz
[ 2239.261802][T16921] usb 4-1: Manufacturer: syz
[ 2239.276013][T16921] usb 4-1: SerialNumber: syz
[ 2239.284896][T16921] usb 4-1: config 0 descriptor??
[ 2239.294808][T16921] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 2239.305914][T16921] usb 4-1: selecting invalid altsetting 1
[ 2239.312203][T16921] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 2239.326797][T16921] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 2239.338118][T16921] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 2239.346901][T16921] usb 4-1: media controller created
[ 2239.425981][T16921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2239.460720][   T42] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 2239.502586][ T5319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2239.523315][ T5319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2239.550890][T16921] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 2239.568162][T16921] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 2239.603056][T16921] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 2239.658842][   T42] usb 5-1: Using ep0 maxpacket: 8
[ 2239.670989][   T42] usb 5-1: config 5 has an invalid interface number: 210 but max is 0
[ 2239.689388][   T42] usb 5-1: config 5 has no interface number 0
[ 2239.711864][   T42] usb 5-1: config 5 interface 210 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[ 2239.717279][T16921] usb 4-1: USB disconnect, device number 21
[ 2239.765535][T16373] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 2239.790832][   T42] usb 5-1: New USB device found, idVendor=0411, idProduct=006e, bcdDevice=18.1d
[ 2239.819181][   T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2239.841814][   T42] usb 5-1: Product: ࠁ
[ 2239.846023][   T42] usb 5-1: Manufacturer: 㐉
[ 2239.876102][   T42] usb 5-1: SerialNumber: 즆贇఻ᡗ﷬⋞貉딸騯쮚⸕ꩅꦀ긳嵽㰷⦷橰ﻀ∵땘ꈆ呭쵄䓛▢篏켕ᝓ䯬䬽⊪䅚꠿ݸ똣ꎚ苇钩⍷㼏華䄰前詈揭범ᘑ꘾ôび뀓伃锒棂⚬ꨕ㧧ꃆ́ᭇ㼺휁艪씯ूﲶ㇦禸䑖㽉칤熘
[ 2239.947770][T16373] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2239.956944][T16373] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2239.977381][T16373] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2239.998829][T16373] usb 2-1: config 1 has no interface number 1
[ 2240.004976][T16373] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2240.058851][T16373] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2240.084655][T16373] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2240.093394][ T5346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8502'.
[ 2240.118125][T16373] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2240.125735][ T5330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2240.159567][ T5330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2240.177760][T16373] usb 2-1: Product: syz
[ 2240.190492][   T42] asix 5-1:5.210: probe with driver asix failed with error -22
[ 2240.223108][   T42] usb 5-1: USB disconnect, device number 62
[ 2240.258623][T16373] usb 2-1: Manufacturer: syz
[ 2240.276735][T16373] usb 2-1: SerialNumber: syz
[ 2240.511648][T16373] usb 2-1: No endpoint at altset 1, falling back to MIDI 1.0
[ 2240.537195][T16373] usb 2-1: MIDIStreaming interface descriptor not found
[ 2240.632076][T16373] usb 2-1: USB disconnect, device number 53
[ 2240.748497][ T7329] udevd[7329]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2240.916632][ T5362] fuse: Bad value for 'user_id'
[ 2240.936570][ T5362] fuse: Bad value for 'user_id'
[ 2241.672854][ T5378] program syz.0.8511 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2242.188667][ T5384] netlink: 96 bytes leftover after parsing attributes in process `syz.4.8514'.
[ 2242.230966][ T5386] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8513'.
[ 2242.318086][ T5386] bond2: option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0)
[ 2242.486579][ T5386] bond2 (unregistering): Released all slaves
[ 2242.936612][ T5411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8520'.
[ 2242.951274][ T2829] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 2242.959157][ T5410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8521'.
[ 2243.069353][ T5410] program syz.0.8521 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2243.120744][ T2829] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2243.151219][ T2829] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2243.196731][ T2829] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2243.244303][ T2829] usb 5-1: config 1 has no interface number 1
[ 2243.270808][ T2829] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2243.327598][ T2829] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2243.349132][T16921] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 2243.393448][ T2829] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2243.431541][ T2829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2243.471467][ T2829] usb 5-1: Product: syz
[ 2243.495816][ T2829] usb 5-1: Manufacturer: syz
[ 2243.517577][ T2829] usb 5-1: SerialNumber: syz
[ 2243.549091][T16921] usb 2-1: Using ep0 maxpacket: 16
[ 2243.588188][T16921] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2243.634964][T16921] usb 2-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[ 2243.695198][T16921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2243.731147][T16921] usb 2-1: Product: syz
[ 2243.748843][T16921] usb 2-1: Manufacturer: syz
[ 2243.761600][T16921] usb 2-1: SerialNumber: syz
[ 2243.774862][ T2829] usb 5-1: No endpoint at altset 1, falling back to MIDI 1.0
[ 2243.799272][ T2829] usb 5-1: MIDIStreaming interface descriptor not found
[ 2243.817896][T16921] usb 2-1: config 0 descriptor??
[ 2244.081324][ T2829] usb 5-1: USB disconnect, device number 63
[ 2244.197441][ T7329] udevd[7329]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2244.291453][ T5407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2244.437098][ T5407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2244.546255][ T5407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2244.674578][ T5428] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8523'.
[ 2244.829229][ T2829] usb 3-1: new full-speed USB device number 90 using dummy_hcd
[ 2244.860086][ T5431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8526'.
[ 2244.942061][ T5407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2245.034795][ T2829] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 2245.042846][ T2829] usb 3-1: can't read configurations, error -71
[ 2245.118012][ T5440] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8528'.
[ 2245.119161][   T42] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[ 2245.293312][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 52, changing to 4
[ 2245.308193][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 13368, setting to 1023
[ 2245.337033][   T42] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[ 2245.346846][   T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2245.359385][   T42] usb 4-1: Product: syz
[ 2245.369464][   T42] usb 4-1: Manufacturer: syz
[ 2245.380777][   T42] usb 4-1: SerialNumber: syz
[ 2245.410829][   T42] usb 4-1: config 0 descriptor??
[ 2245.422587][   T42] hub 4-1:0.0: bad descriptor, ignoring hub
[ 2245.435148][   T42] hub 4-1:0.0: probe with driver hub failed with error -5
[ 2245.469688][   T42] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input294
[ 2245.742638][ T5447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2245.784996][ T5447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2245.856381][ T5447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2245.899327][ T5447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2246.013141][    C0] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71)
[ 2246.078644][T16921] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input295
[ 2246.639082][    C1] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured!
[ 2247.622011][ T5469] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8535'.
[ 2247.743955][ T5474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8537'.
[ 2248.559117][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 2248.722554][ T5481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8548'.
[ 2249.146015][T32155] usb 4-1: USB disconnect, device number 22
[ 2249.178463][T16921] imon:send_packet: packet tx failed (-71)
[ 2249.230535][T16921] imon 2-1:0.0: panel buttons/knobs setup failed
[ 2249.230683][ T2829] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 2249.410476][ T2829] usb 3-1: Using ep0 maxpacket: 32
[ 2249.423554][T16921] rc_core: IR keymap rc-imon-pad not found
[ 2249.449300][ T2829] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 2249.455989][T16921] Registered IR keymap rc-empty
[ 2249.481230][ T2829] usb 3-1: config 0 interface 0 has no altsetting 0
[ 2249.491284][T16921] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 2249.513357][T32155] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0
[ 2249.523723][ T2829] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[ 2249.534387][ T5494] sctp: [Deprecated]: syz.3.8541 (pid 5494) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2249.534387][ T5494] Use struct sctp_sack_info instead
[ 2249.563408][T16921] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 2249.577664][T32155] hid-generic 0000:0000:0000.002E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 2249.604284][ T2829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2249.633782][T16921] imon:send_packet: packet tx failed (-71)
[ 2249.649610][ T2829] usb 3-1: config 0 descriptor??
[ 2249.709119][T16921] imon 2-1:0.0: remote input dev register failed
[ 2249.747763][T16921] imon 2-1:0.0: imon_init_intf0: rc device setup failed
[ 2249.801133][T16921] imon 2-1:0.0: unable to initialize intf0, err 0
[ 2249.858210][T16921] imon:imon_probe: failed to initialize context!
[ 2249.864935][T16921] imon 2-1:0.0: unable to register, err -19
[ 2249.870968][T32155] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 2249.888278][ T5501] netlink: 'syz.2.8540': attribute type 1 has an invalid length.
[ 2249.931430][T16921] usb 2-1: USB disconnect, device number 54
[ 2249.995946][ T2829] usbhid 3-1:0.0: can't add hid device: -71
[ 2250.037718][ T2829] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2250.069224][T32155] usb 4-1: Using ep0 maxpacket: 8
[ 2250.106009][T32155] usb 4-1: config 53 has an invalid interface number: 101 but max is 0
[ 2250.141964][ T2829] usb 3-1: USB disconnect, device number 92
[ 2250.163318][T32155] usb 4-1: config 53 has an invalid descriptor of length 0, skipping remainder of the config
[ 2250.199251][ T5512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8543'.
[ 2250.216039][T32155] usb 4-1: config 53 has no interface number 0
[ 2250.243161][ T5512] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8543'.
[ 2250.256146][T32155] usb 4-1: config 53 interface 101 altsetting 0 has an endpoint descriptor with address 0xC2, changing to 0x82
[ 2250.278248][ T5511] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8543'.
[ 2250.296220][ T5512] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8543'.
[ 2250.317823][T32155] usb 4-1: config 53 interface 101 altsetting 0 endpoint 0x82 has invalid maxpacket 33307, setting to 1024
[ 2250.392929][T32155] usb 4-1: config 53 interface 101 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 2250.438790][T32155] usb 4-1: config 53 interface 101 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2250.468823][T32155] usb 4-1: config 53 interface 101 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2250.487151][T32155] usb 4-1: New USB device found, idVendor=0bfd, idProduct=011b, bcdDevice=33.a1
[ 2250.500323][ T5521] FAULT_INJECTION: forcing a failure.
[ 2250.500323][ T5521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2250.514219][T32155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2250.523296][ T5521] CPU: 0 UID: 0 PID: 5521 Comm: syz.2.8546 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2250.523324][ T5521] Tainted: [L]=SOFTLOCKUP
[ 2250.523330][ T5521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2250.523341][ T5521] Call Trace:
[ 2250.523349][ T5521]  <TASK>
[ 2250.523357][ T5521]  dump_stack_lvl+0xe8/0x150
[ 2250.523387][ T5521]  should_fail_ex+0x412/0x560
[ 2250.523414][ T5521]  _copy_to_user+0x31/0xb0
[ 2250.523440][ T5521]  simple_read_from_buffer+0xe1/0x170
[ 2250.523470][ T5521]  proc_fail_nth_read+0x1bb/0x230
[ 2250.523498][ T5521]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2250.523523][ T5521]  ? rw_verify_area+0x2a6/0x4d0
[ 2250.523541][ T5521]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2250.523566][ T5521]  vfs_read+0x20c/0xa70
[ 2250.523583][ T5521]  ? __local_bh_enable_ip+0xd0/0x130
[ 2250.523609][ T5521]  ? raw_bind+0x589/0x7c0
[ 2250.523633][ T5521]  ? __pfx_vfs_read+0x10/0x10
[ 2250.523654][ T5521]  ? __sys_bind+0x306/0x410
[ 2250.523678][ T5521]  ? __pfx___sys_bind+0x10/0x10
[ 2250.523708][ T5521]  ksys_read+0x150/0x270
[ 2250.523730][ T5521]  ? __pfx_ksys_read+0x10/0x10
[ 2250.523753][ T5521]  ? asm_int80_emulation+0x1a/0x20
[ 2250.523777][ T5521]  do_int80_emulation+0x173/0x4d0
[ 2250.523808][ T5521]  ? trace_irq_disable+0x3b/0x150
[ 2250.523833][ T5521]  ? asm_int80_emulation+0x1a/0x20
[ 2250.523850][ T5521]  ? clear_bhb_loop+0x40/0x90
[ 2250.523866][ T5521]  ? clear_bhb_loop+0x40/0x90
[ 2250.523888][ T5521]  asm_int80_emulation+0x1a/0x20
[ 2250.523906][ T5521] RIP: 0023:0xf71d5cab
[ 2250.523923][ T5521] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 2250.523939][ T5521] RSP: 002b:00000000f54964bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 2250.523959][ T5521] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54965d0
[ 2250.523971][ T5521] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 2250.523983][ T5521] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2250.523994][ T5521] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2250.524005][ T5521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2250.524029][ T5521]  </TASK>
[ 2250.524163][ T5523] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2250.525766][T32155] usb 4-1: Product: syz
[ 2250.805967][T32155] usb 4-1: Manufacturer: syz
[ 2250.828196][ T5522] tipc: Disabling bearer <eth:syzkaller0>
[ 2250.837159][T32155] usb 4-1: SerialNumber: syz
[ 2250.852874][ T5496] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 2250.858896][T16921] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 2251.022383][T16921] usb 5-1: Using ep0 maxpacket: 16
[ 2251.035397][T16921] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2251.062927][T16921] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2251.138885][T16921] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 2251.140318][ T5494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2251.185191][ T5533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8550'.
[ 2251.216580][ T5494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2251.251055][T16921] usb 5-1: config 0 interface 0 has no altsetting 0
[ 2251.291103][T16921] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 2251.350684][T16921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2251.403488][T16921] usb 5-1: config 0 descriptor??
[ 2251.851739][ T5519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2251.879041][ T5539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2251.890269][ T5519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2251.916262][ T5539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2252.236208][T16921] usbhid 5-1:0.0: can't add hid device: -71
[ 2252.249165][T16921] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2252.287409][T16921] usb 5-1: USB disconnect, device number 64
[ 2252.300924][T32155] kvaser_usb 4-1:53.101: CMD_MAP_CHANNEL_REQ failed for CAN0
[ 2252.337213][T32155] kvaser_usb 4-1:53.101: error -EMSGSIZE: Failed to initialize card
[ 2252.352042][T32155] kvaser_usb 4-1:53.101: probe with driver kvaser_usb failed with error -90
[ 2252.409115][T32155] usb 4-1: USB disconnect, device number 23
[ 2252.881234][T32155] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 2253.024561][ T5553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8555'.
[ 2253.050552][T32155] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2253.076756][T32155] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2253.345742][T32155] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2253.485251][T32155] usb 2-1: config 1 has no interface number 1
[ 2253.496811][T32155] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2253.563599][T32155] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2253.603066][T32155] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2253.612731][T32155] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2253.621290][T32155] usb 2-1: Product: syz
[ 2253.625697][T32155] usb 2-1: Manufacturer: syz
[ 2253.630651][T32155] usb 2-1: SerialNumber: syz
[ 2253.734566][ T5572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8563'.
[ 2253.873258][T32155] usb 2-1: No endpoint at altset 1, falling back to MIDI 1.0
[ 2253.892374][T32155] usb 2-1: MIDIStreaming interface descriptor not found
[ 2253.962047][ T5572] syzkaller0: entered promiscuous mode
[ 2253.989068][ T5572] syzkaller0: entered allmulticast mode
[ 2254.137100][T32155] usb 2-1: USB disconnect, device number 55
[ 2254.360480][   T42] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 2254.538619][   T42] usb 4-1: Using ep0 maxpacket: 8
[ 2254.556781][   T42] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 2254.586206][   T42] usb 4-1: config 179 has no interface number 0
[ 2254.615515][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 2254.647810][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 2254.683193][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 2254.718310][   T42] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 2254.730717][   T42] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 2254.754299][   T42] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 2254.773031][   T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2254.802961][ T5576] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2255.050149][ T5576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2255.070870][ T5576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2255.259162][T16921] usb 4-1: USB disconnect, device number 24
[ 2255.259162][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 2255.259206][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 2256.418065][ T5599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8571'.
[ 2257.021671][ T5586] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 2257.135851][ T5603] netlink: 96 bytes leftover after parsing attributes in process `syz.4.8572'.
[ 2257.360499][ T5615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8575'.
[ 2257.479107][   T24] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 2257.519980][   T30] INFO: task kworker/1:3:19212 blocked for more than 143 seconds.
[ 2257.530549][   T30]       Tainted: G             L      syzkaller #0
[ 2257.558193][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2257.596255][   T30] task:kworker/1:3     state:D stack:22656 pid:19212 tgid:19212 ppid:2      task_flags:0x4208060 flags:0x00080000
[ 2257.641160][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2257.667196][   T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[ 2257.676647][   T30] Workqueue: usb_hub_wq hub_event
[ 2257.688220][   T30] Call Trace:
[ 2257.693090][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2257.706720][   T24] usb 5-1: Product: syz
[ 2257.712225][   T24] usb 5-1: Manufacturer: syz
[ 2257.712815][   T30]  <TASK>
[ 2257.722717][ T5621] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8578'.
[ 2257.731934][   T24] usb 5-1: SerialNumber: syz
[ 2257.751175][   T24] usb 5-1: config 0 descriptor??
[ 2257.767834][   T24] ims_pcu 5-1:0.0: Missing CDC union descriptor
[ 2257.779180][   T30]  __schedule+0x15dd/0x52d0
[ 2257.784461][   T30]  ? __pfx___schedule+0x10/0x10
[ 2257.790084][   T30]  ? schedule+0x90/0x360
[ 2257.795492][   T24] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[ 2257.804046][   T30]  schedule+0x164/0x360
[ 2257.814677][   T30]  schedule_preempt_disabled+0x13/0x30
[ 2257.837508][   T30]  __mutex_lock+0x7fe/0x1300
[ 2257.869861][   T30]  ? __mutex_lock+0x5ac/0x1300
[ 2257.890196][   T30]  ? hub_event+0x21a2/0x4f30
[ 2257.900576][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 2257.908872][   T30]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2257.914939][   T30]  hub_event+0x21a2/0x4f30
[ 2257.926473][   T30]  ? __lock_acquire+0x6b5/0x2cf0
[ 2257.937169][   T30]  ? __pfx_hub_event+0x10/0x10
[ 2257.948388][   T30]  ? process_scheduled_works+0xa25/0x1830
[ 2257.954474][   T30]  ? process_scheduled_works+0xa25/0x1830
[ 2257.961776][   T30]  process_scheduled_works+0xb02/0x1830
[ 2257.979849][   T24] usb 5-1: USB disconnect, device number 65
[ 2257.999738][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[ 2258.057718][   T30]  ? assign_work+0x3d5/0x5e0
[ 2258.081502][   T30]  worker_thread+0xa50/0xfc0
[ 2258.108266][   T30]  kthread+0x388/0x470
[ 2258.112864][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 2258.118032][   T30]  ? __pfx_kthread+0x10/0x10
[ 2258.124358][   T30]  ret_from_fork+0x51e/0xb90
[ 2258.129364][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[ 2258.135442][   T30]  ? __switch_to+0xc7d/0x1450
[ 2258.142995][   T30]  ? __pfx_kthread+0x10/0x10
[ 2258.149944][   T30]  ret_from_fork_asm+0x1a/0x30
[ 2258.155905][   T30]  </TASK>
[ 2258.162073][   T30] 
[ 2258.162073][   T30] Showing all locks held in the system:
[ 2258.177171][   T30] 2 locks held by kworker/u8:0/12:
[ 2258.183816][   T30]  #0: ffff88801cbd6948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[ 2258.210433][   T30]  #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[ 2258.221612][   T30] 1 lock held by khungtaskd/30:
[ 2258.226990][   T30]  #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 2258.239319][   T30] 2 locks held by getty/5581:
[ 2258.244643][   T30]  #0: ffff8880321fd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 2258.257513][   T30]  #1: ffffc900033332f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[ 2258.269923][   T30] 1 lock held by syz-executor/5808:
[ 2258.275408][   T30]  #0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: tcp_recvmsg+0x1f2/0x7f0
[ 2258.287740][   T30] 5 locks held by kworker/0:8/16926:
[ 2258.294360][   T30]  #0: ffff888021edb148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[ 2258.308981][   T30]  #1: ffffc9000c287c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[ 2258.321498][   T30]  #2: ffff88802ac97198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30
[ 2258.333757][   T30]  #3: ffff88802a351518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30
[ 2258.347486][   T30]  #4: ffff88802a6b3368 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21a2/0x4f30
[ 2258.360089][   T30] 5 locks held by kworker/1:3/19212:
[ 2258.365387][   T30]  #0: ffff888021edb148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[ 2258.377243][   T30]  #1: ffffc9000c0ffc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[ 2258.389558][   T30]  #2: ffff88802acb1198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30
[ 2258.400763][   T30]  #3: ffff88802acb6518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x217a/0x4f30
[ 2258.413317][   T30]  #4: ffff88802a6b3368 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21a2/0x4f30
[ 2258.424983][   T30] 2 locks held by syz.0.8575/5613:
[ 2258.431673][   T30] 2 locks held by syz.3.8578/5620:
[ 2258.437226][   T30]  #0: ffff88803699d288 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 2258.448307][   T30]  #1: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
[ 2258.459787][   T30] 1 lock held by syz.3.8578/5625:
[ 2258.464810][   T30]  #0: ffff8880a970c420 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 2258.474141][   T30] 
[ 2258.481410][   T30] =============================================
[ 2258.481410][   T30] 
[ 2258.499175][   T30] NMI backtrace for cpu 1
[ 2258.499196][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2258.499222][   T30] Tainted: [L]=SOFTLOCKUP
[ 2258.499229][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2258.499241][   T30] Call Trace:
[ 2258.499249][   T30]  <TASK>
[ 2258.499256][   T30]  dump_stack_lvl+0xe8/0x150
[ 2258.499287][   T30]  nmi_cpu_backtrace+0x274/0x2d0
[ 2258.499310][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 2258.499336][   T30]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 2258.499360][   T30]  sys_info+0x135/0x170
[ 2258.499379][   T30]  watchdog+0xfd9/0x1030
[ 2258.499410][   T30]  ? watchdog+0x21a/0x1030
[ 2258.499442][   T30]  kthread+0x388/0x470
[ 2258.499461][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2258.499485][   T30]  ? __pfx_kthread+0x10/0x10
[ 2258.499503][   T30]  ret_from_fork+0x51e/0xb90
[ 2258.499529][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[ 2258.499551][   T30]  ? __switch_to+0xc7d/0x1450
[ 2258.499576][   T30]  ? __pfx_kthread+0x10/0x10
[ 2258.499593][   T30]  ret_from_fork_asm+0x1a/0x30
[ 2258.499633][   T30]  </TASK>
[ 2258.499640][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 2258.617243][    C0] NMI backtrace for cpu 0
[ 2258.617262][    C0] CPU: 0 UID: 0 PID: 5808 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2258.617285][    C0] Tainted: [L]=SOFTLOCKUP
[ 2258.617292][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2258.617303][    C0] RIP: 0010:kasan_check_range+0x1c8/0x2c0
[ 2258.617329][    C0] Code: 49 01 dc 4d 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 0e 41 80 3b 00 75 7c 49 ff c3 49 ff cc 75 f2 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 45 84 ff 0f 85 a1 00
[ 2258.617344][    C0] RSP: 0000:ffffc9000387fbd8 EFLAGS: 00000056
[ 2258.617360][    C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81cd7cbc
[ 2258.617372][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff901190b0
[ 2258.617383][    C0] RBP: dffffc0000000000 R08: ffffffff901190b7 R09: 1ffffffff2023216
[ 2258.617396][    C0] R10: dffffc0000000000 R11: fffffbfff2023217 R12: 0000000000000001
[ 2258.617409][    C0] R13: 1ffff110170c78f0 R14: fffffbfff2023217 R15: 1ffffffff2023216
[ 2258.617422][    C0] FS:  0000000000000000(0000) GS:ffff888125464000(0063) knlGS:0000000056a554c0
[ 2258.617436][    C0] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 2258.617449][    C0] CR2: 00000000f7455108 CR3: 0000000076128000 CR4: 00000000003526f0
[ 2258.617463][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2258.617473][    C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2258.617491][    C0] Call Trace:
[ 2258.617498][    C0]  <TASK>
[ 2258.617507][    C0]  trace_irq_enable+0x2c/0x150
[ 2258.617533][    C0]  trace_hardirqs_on+0x18/0x40
[ 2258.617557][    C0]  __free_object+0x442/0x5e0
[ 2258.617577][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 2258.617604][    C0]  debug_object_free+0x2d7/0x490
[ 2258.617626][    C0]  hrtimer_nanosleep+0x2c5/0x390
[ 2258.617651][    C0]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[ 2258.617677][    C0]  ? __pfx_hrtimer_wakeup+0x10/0x10
[ 2258.617701][    C0]  ? __pfx_get_old_timespec32+0x10/0x10
[ 2258.617727][    C0]  __se_sys_clock_nanosleep_time32+0x35d/0x3b0
[ 2258.617754][    C0]  ? __pfx___se_sys_clock_nanosleep_time32+0x10/0x10
[ 2258.617784][    C0]  __do_fast_syscall_32+0x20d/0x640
[ 2258.617802][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2258.617817][    C0]  ? do_fast_syscall_32+0x33/0x70
[ 2258.617834][    C0]  ? irqentry_exit+0x10e/0x620
[ 2258.617851][    C0]  do_fast_syscall_32+0x33/0x70
[ 2258.617868][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2258.617889][    C0] RIP: 0023:0xf707ef6c
[ 2258.617903][    C0] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2258.617917][    C0] RSP: 002b:00000000ff97baa0 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
[ 2258.617934][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[ 2258.617945][    C0] RDX: 00000000ff97bb24 RSI: 00000000ff97bb1c RDI: 0000000000000000
[ 2258.617956][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2258.617966][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2258.617976][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2258.617994][    C0]  </TASK>
[ 2258.934140][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 2258.941013][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2258.951671][   T30] Tainted: [L]=SOFTLOCKUP
[ 2258.955983][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2258.966024][   T30] Call Trace:
[ 2258.969291][   T30]  <TASK>
[ 2258.972210][   T30]  vpanic+0x56c/0xa60
[ 2258.976189][   T30]  ? __pfx___schedule+0x10/0x10
[ 2258.981036][   T30]  ? __pfx_vpanic+0x10/0x10
[ 2258.985530][   T30]  ? __pfx_console_unlock+0x10/0x10
[ 2258.990823][   T30]  panic+0xc5/0xd0
[ 2258.994556][   T30]  ? __pfx_panic+0x10/0x10
[ 2258.998960][   T30]  ? preempt_schedule_thunk+0x16/0x30
[ 2259.004319][   T30]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 2259.010457][   T30]  watchdog+0x1023/0x1030
[ 2259.014776][   T30]  ? watchdog+0x21a/0x1030
[ 2259.019181][   T30]  kthread+0x388/0x470
[ 2259.023230][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2259.027890][   T30]  ? __pfx_kthread+0x10/0x10
[ 2259.032461][   T30]  ret_from_fork+0x51e/0xb90
[ 2259.037040][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[ 2259.042139][   T30]  ? __switch_to+0xc7d/0x1450
[ 2259.046815][   T30]  ? __pfx_kthread+0x10/0x10
[ 2259.051393][   T30]  ret_from_fork_asm+0x1a/0x30
[ 2259.056161][   T30]  </TASK>
[ 2259.059535][   T30] Kernel Offset: disabled
[ 2259.063865][   T30] Rebooting in 86400 seconds..