last executing test programs:

29.19830171s ago: executing program 1 (id=2765):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000425bd7000040000000200000008003f003a00000008000a01"], 0x24}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001c80)={0x1c, r1, 0x1, 0x70bd27, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0)

26.326126918s ago: executing program 1 (id=2776):
socket$inet6_sctp(0xa, 0x1, 0x84)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x8801)
fstatfs(r1, 0x0)
r2 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000240), 0x101000, 0x0)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e24, 0x7, @loopback}, 0x1c)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2)
ioctl$UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000000280)={0x1})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100))
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xa8, &(0x7f0000000400)=ANY=[@ANYBLOB="1b1b"])
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000140)={0x80000042, 0xf5, 0x1}, 0x10)
r8 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r8, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
socket$kcm(0x21, 0x2, 0x2)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x20000800)

23.439182543s ago: executing program 3 (id=2789):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x70bd28, 0x8000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4810}, 0x20004804)

23.386104115s ago: executing program 3 (id=2790):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000cc0)='ns/ipc\x00')
ioctl$FIBMAP(r4, 0x1, &(0x7f0000000d00)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r5)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x48, r6, 0x1, 0x70bd27, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}]}]}, 0x48}}, 0x804)
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x1, {0x0, 0x0, 0x0, r8, {0x3, 0x1}, {0x8, 0x2}, {0x8}}}, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000100)={'syztnl0\x00', <r9=>0x0, 0x7, 0x7800, 0x5ea5, 0xc42d, {{0x1e, 0x4, 0x3, 0x3c, 0x78, 0x68, 0x0, 0x5, 0x29, 0x0, @multicast2, @private=0xa010101, {[@generic={0x7, 0x9, "7f702577f91d80"}, @timestamp={0x44, 0x24, 0xd5, 0x0, 0x8, [0x4, 0x4, 0x6, 0x3, 0xfffffff8, 0x8000, 0x6a3, 0x2]}, @noop, @rr={0x7, 0xb, 0xf6, [@remote, @empty]}, @rr={0x7, 0x1b, 0xd9, [@multicast2, @remote, @empty, @remote, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x86, 0xe, "d9836c54bffde9d3699d4a7c"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000280)={'ip6tnl0\x00', <r10=>0x0, 0x29, 0xc2, 0x9, 0x2, 0x28, @loopback, @empty, 0x700, 0x7800, 0xfff}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'tunl0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x10, 0x700, 0x4, 0x0, {{0x6, 0x4, 0x0, 0x11, 0x18, 0x68, 0x0, 0x3, 0x29, 0x0, @rand_addr=0x64010102, @local, {[@ra={0x94, 0x4, 0x1}]}}}}})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000440)={@remote, <r11=>0x0}, &(0x7f0000000480)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'gretap0\x00', &(0x7f00000004c0)={'syztnl2\x00', <r12=>0x0, 0x8000, 0x8000, 0x6, 0x8, {{0x1c, 0x4, 0x3, 0x3, 0x70, 0x65, 0x0, 0xb6, 0x4, 0x0, @rand_addr=0x64010101, @private=0xa010102, {[@rr={0x7, 0x13, 0xcc, [@multicast2, @multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x37}]}, @end, @generic={0xc1, 0xe, "aad3937f1025b3392feae744"}, @ssrr={0x89, 0x23, 0x72, [@local, @multicast1, @multicast1, @local, @loopback, @remote, @multicast1, @multicast1]}, @timestamp_addr={0x44, 0x14, 0xf0, 0x1, 0x3, [{@dev={0xac, 0x14, 0x14, 0xb}, 0x7}, {@rand_addr=0x64010101}]}]}}}}})
sendmsg$ETHTOOL_MSG_COALESCE_GET(r3, &(0x7f00000006c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000d40)={0x9c, r6, 0x202, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4c081}, 0x800)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d00090509a914"], 0x0)
r13 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1)
write$P9_RVERSION(r13, &(0x7f0000000640)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x5ce)
openat$sysfs(0xffffff9c, &(0x7f0000000c80)='/sys/power/hibernate_compression_threads', 0x480, 0x103)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x4004848)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=ANY=[@ANYBLOB="288c0300ffffffffffffffffffffffffb62c49c0d22789000a004100936d186d46518a13fd1b13973c9a8ac77b838e8db3d2bb80d7a0ee221b79060e1d8d23c84f87a67acf9c91ebb4efb2006c3c8774f5cacd97ce023cf8721cd4824caee6ebbb45dd74c17d27689e7144bf6d6caa150ad58d98b78655054cd57204a7d9346b5bde450b99d2a011237bd8ad390299999b8b9866c98aaa3ca4eb8a940cbfd50f534f9f9f967a8504bb5c634f45f44d08968d6b122114b796f2ece1e92c75c5b3211a04d4d07d4c07c0a8ec80352f608f9fc8275a0b99dc88a9179763eac08e503203f5a93b5ab706c5ddf29eb5414e3ff45e5ea2b839d6606aef7ca3e0fadd2a69b598f0201be8a13a993f63fe45de75a082a645a4b5c55a442f684b2cd0677cee2de69f9d37a82107cb458b3e80732270ef114a9990a09187196195090783b2e93a9c9f2143dcf0b682fb31a7c1c3a1d3536a77ac2e0e710569945368a03ccfdca5d19aebf653420741553fb9df10fd03527d11b7dd969700b29a3143d3e7679b295146bfb24be54c969c6ce014d325938ba685d60131a9e4ab8ea7cc6f3df5d6ed5422a54f21dd13a2f61095f7cd53bb8cdba2ecfc5ef87e63c0d641ae14f25ca922999b1d375554f86245ba9a694828e101262116570ba5881420e790fc8b947f4a21d6a60ea909ee57613b1864156be89e8985c4b05ade6ddbec9534a612c0e4a6c6ffc6d5e505b94336e7537301e8477af981db16c6c788be623dd656a14ed4265d1d5e1ed9c13cec955f300c65680c1cf9fec47695867de6bd1418051b0e35678d61256277755fba53ef5ee31be9c89276b0354956a04915a91c462f567d5234bf3535e53abac63cbb9c68118d68023d0d6edc56ff1bbce8e8add24c564e8e657a2dcb74d3318a17000000609a3a56a929e6aed5665f53a4b9f903dc22ad3a06752167ece59997abfbe454e333bfa4842324e24894f9e82542be7be2899998019d201365fd69c2232d43ebc31fc7e941d920f122842ac6fd091fee06c4266eec9af9c2287a867e354d22802a97172de614ab80e3b395938364201028b8650a8834030ac86bb641bd21e0e23d3ca02cf6c7dbb75dc8d1e6a270abac06941bec1b4b76cee2d66eb408f3919e65f569752f31f6f9e6c8f1599fd755ee813f695eb65853b6ca3b73781b9bfe6258fa796dd720c73785cd66f2029b4dcc884cd182b8b39199d683f0e0ac14effbbcd0d92497d875fb902a6a2211698c04e4ffba4ea2da4516fe5ecb6048276920f4bc4560d9ff0ace5cfbed9320831e38854ad5d6f5ca6cc39f8ce85a854c7bbca5b07617b1b2a330d9f24f2deb139b2023c0d9913e6f1977244fd54f27df22ce78e6db16aab97ab6ab65b004f366002a535e481930018c6bd66f1ac632dd1ef2149950ccf3c29c2a6c0d25152601bc607601846b4f8b64cd5ef6558ba4185bee64e44541ad7431620246ce7718fecff5d599e5c3c591e4120cb1c0342c5c0b15f42f761c133d62cdd9885e82d4f0848d2afa75b49705d705a3f0b648badaefba03ec2707e73c1c0411a8a94e65b0d0a57518de2034d7e79d1c8b86aa28e9efc0cd71934c7b3a8ea7609e0cae42e9ea459c0aa4ff81b53793d4526657b8709999694d0cd748a09ebbac84dbb11d5c3f6e3c03f2adee3b000010005aa7e70fe101536e12674ca600b51a3fd5fd04a192ab132302aad7e7e8896b94b88be8887badae8bc3169eac4b6f773f0cbd38d4b16f25c7744191d784ee8addf02b1aa83961c58db5f24217b061d235c3bf802ce0fb14c1d35642152a891005a5d1100a55a09435a5"], 0x511)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac=@device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

22.196201296s ago: executing program 1 (id=2795):
ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r1, &(0x7f00000000c0)=[{'LINE2', @val={' \'', 'Capture Volume'}}, {'RECLEV', @void}, {'PHONEOUT', @val={' \'', 'Line Capture'}}, {'MIC', @val={' \'', 'Line Capture Switch'}}], 0x8f)
close(r1)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

21.895355602s ago: executing program 3 (id=2798):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000180)={'syz1\x00', {0x3, 0x9, 0x0, 0xfff7}, 0x38, [0xffff, 0x5, 0x7, 0xe9, 0x4, 0x6, 0x5, 0x10, 0x7, 0x950c, 0x1294, 0x8, 0x2, 0x5506fd78, 0x8000, 0xffffffa2, 0x7, 0x1, 0x8, 0x401, 0x8, 0x9, 0x3, 0x222, 0x1, 0xde, 0x10000, 0x7, 0x5, 0xbf7, 0x490, 0x200, 0x6, 0x4, 0xa, 0x7, 0x100, 0x9, 0x3, 0x1, 0x8, 0x5, 0x9, 0x4, 0x4, 0x4, 0xa, 0x0, 0x635dfebb, 0x0, 0xffff0001, 0xd, 0x3, 0x0, 0x7, 0x0, 0x0, 0xae, 0x4, 0xfffffff7, 0xd62, 0x3, 0x2, 0xfffffff9], [0x7, 0x7, 0x7, 0xb, 0xdd6, 0x106, 0x400, 0x7fff, 0x7, 0x52263b86, 0x0, 0x3, 0x5ce3, 0xfffffff7, 0x9, 0x3, 0x4, 0x200, 0xfffffff8, 0xb0, 0x6, 0x8, 0x20000, 0x45, 0x2, 0x0, 0x2, 0x3, 0x3, 0x9, 0x6, 0x9, 0x8, 0x9, 0x385a, 0x3ff8, 0x9, 0x1, 0x4, 0x2, 0x8, 0x4, 0x1, 0x8, 0x3, 0xfffff305, 0x6a2e, 0x2, 0xf4f4, 0x8, 0x2, 0x36, 0xb6, 0x92, 0x0, 0x1, 0xfff, 0xcd32, 0x7, 0x1cd4, 0x5a26, 0x17, 0x80000001, 0x9], [0x4, 0x8000, 0x0, 0x23, 0x0, 0x2, 0x200, 0x0, 0x4, 0x80000000, 0x1, 0x6, 0x51d, 0x9, 0x5, 0xa4, 0x6, 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, 0xe000000, 0xacd, 0x4, 0x7, 0x9, 0x40, 0xc, 0x7, 0x6, 0xa, 0x2, 0x7, 0xb7, 0x2, 0x9, 0x3, 0x0, 0x4, 0x81, 0x5, 0x7, 0xfff, 0xdb91, 0xfffffffc, 0xd, 0x58cb, 0x1, 0x519eb04a, 0xf, 0xdd7, 0x4c, 0xffff, 0x6, 0x6661, 0x4, 0x401, 0x7eedff85, 0x0, 0x1, 0x1, 0xc7fc], [0x7, 0x1, 0xc, 0x1, 0x200, 0x101, 0x101, 0x4, 0x99, 0x4, 0x8001, 0x5, 0xe02c, 0x816b, 0xe, 0x9, 0x101, 0x5, 0x4, 0x200, 0x1, 0x5365, 0x5, 0xb, 0x7, 0x4, 0x5, 0xffff8001, 0x10, 0x3, 0x1, 0xd6, 0x4, 0x8, 0xfcf, 0x8, 0x8, 0x2, 0x6, 0x10001, 0x3919, 0x1d8, 0x1000, 0x1, 0x0, 0x80000000, 0xb, 0xc33, 0x4, 0x7, 0x3, 0xc2e, 0x8, 0x2, 0x8001, 0x1, 0x4, 0x4, 0x2e, 0x8, 0xff, 0x1ff, 0x6, 0x5]}, 0x45c)
r0 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000640))
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_type(r6, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f0000000280), 0x9)
r8 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000c40), 0x12)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r11, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x20000000, 0x0, 0x0, 0x0)

18.517474129s ago: executing program 1 (id=2805):
socket$inet6_sctp(0xa, 0x1, 0x84)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x8801)
fstatfs(r1, 0x0)
r2 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000240), 0x101000, 0x0)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e24, 0x7, @loopback}, 0x1c)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2)
ioctl$UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000000280)={0x1})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000100))
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xa8, &(0x7f0000000400)=ANY=[@ANYBLOB="1b1b"])
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000140)={0x80000042, 0xf5, 0x1}, 0x10)
r8 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r8, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
socket$kcm(0x21, 0x2, 0x2)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x20000800)

12.73747943s ago: executing program 1 (id=2816):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
mknod$loop(0x0, 0xfff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x80800})
listen(r3, 0x5)
io_uring_enter(r4, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240))
bind$packet(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000051c0)={0x2020}, 0x2020)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xadc)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40845}, 0x20000111)

9.215936689s ago: executing program 2 (id=2823):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$null(0xffffff9c, &(0x7f0000000000), 0x88000, 0x0)
timer_getoverrun(r0)
write$P9_RLOPEN(r1, &(0x7f0000000080)={0x18, 0xd, 0x2, {{0x40, 0x4, 0x4}, 0x5}}, 0x18)
r2 = openat$vimc1(0xffffff9c, &(0x7f0000000800), 0x2, 0x0)
ioctl$VIDIOC_G_CROP(r2, 0xc014563b, &(0x7f0000000840)={0xe, {0x7, 0x0, 0x5, 0x8}})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'geneve1\x00', &(0x7f00000000c0)=@ethtool_drvinfo={0x3, "7e2104715fbf4196a6e806e246155d59a2cf9a0096f59519767cfe504887963c", "fddd0a9c52b9a7e237949471cf88ecf0b7b5391979943341e7ba5538ada78aa6", "847d4ece81676a7d00d785add41f95faeb00", "e6b03456a628ff939dc7baa4073ba5fbfa31d466d1e59b478af858369b77be00", "f86114c318381d39aae8145645ef9c56057d96c73b318c34a7fbbfee13cf15ab", "feb100"}})
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f0000000080)=0xf5)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x2, &(0x7f0000000440)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, @sched_cls=0x36, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>r3, {0x5000000}}, './file0\x00'})
ioctl$TCSETA(r4, 0x5406, &(0x7f0000000100)={0xa, 0x95, 0x1, 0xfffd, 0x18, "6722efb131ffd603"})
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES8], 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ff0700000000000000000000650000009100000095"], &(0x7f00000003c0)='GPL\x00', 0xa, 0x1005, &(0x7f0000000980)=""/4101, 0x40f00}, 0x94)
keyctl$read(0xb, 0x0, &(0x7f0000000880)=""/233, 0xe9)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c000000100039040000eb914422ecb016560000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc"], 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x53)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001ac0)=ANY=[@ANYBLOB="1b0000000000b100000000000080000000000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="351c3618939a0676cf5edb214eac4023c0f4ac2abbf45a5f5d51b95bc2770899b2377a3511c09e88f7f02665a55ecbc1c0b183734578277f6814336d2b23679d4351971a21e50172cb2aebfda178bdc9d6e4b7794c41d9b49e02705a742c7333f508f07b6aed567d0b5919a80c1c110452d91df19e790e2b90eda94ce0d3fa2eca3878c07993ac7ed3944671401f104ad5afb40845b1e33a94f84e3f91b21b55c46d8cc92c04", @ANYBLOB="000000000000000000000000000000000000000000000000000000008ca27bf62e9a74f09b4289223f7c9cbd4ace57d24f5e20f72dd9448f76fe33f6ff75810d08bf82baea5e8c14567057c2a8d5c9949afa8bef45a12e18e228a72d2acaea17599e0110a2b7363d9718e52b58fa541d5a7ba50da117f48781f27e3c849bf178258aca37c521a3e670b9b99c78896941f778196206b4d328400600"/170], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003ac0)={0x1, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000dec7000000000000001811000064857f76", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000e000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)

8.199804572s ago: executing program 2 (id=2826):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xfffffffb}, {{}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x20004040)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_clone(0x100011, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="71100800000000009500000000000000bdd8e39302437e529d2e5274372a57a3dc5aa66a55852ef53e958807bd301b57be7ceecaa755605e3adcf47f1a2ed73260f87b1212b5492eeeb6"], &(0x7f00000000c0)='GPL\x00', 0x9}, 0x94)
r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, r4, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x7, 0x4, 0x3d8, 0x0, 0x0, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@arp={@dev={0xac, 0x14, 0x14, 0x3b}, @broadcast, 0xffffffff, 0xff, 0xc, 0xb, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff, 0xff]}}, 0x51c2, 0x5, 0x7, 0x50c3, 0x17, 0x0, 'ip_vti0\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x102}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="4b65ccc62df1", @multicast1, @broadcast, 0x8, 0xffffffff}}}, {{@arp={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 0xb, 0xd, {@mac=@broadcast, {[0xff, 0x0, 0xff, 0xff, 0x0, 0xff]}}, {@empty, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0xb3f3, 0x7, 0x2c00, 0x400, 0x3, 0x9, 'wg2\x00', 'batadv0\x00', {}, {}, 0x0, 0x600}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@remote, @local, @dev={0xac, 0x14, 0x14, 0x1e}, 0x8, 0x1}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x1d}, @empty, 0xffffff00, 0x0, 0xf, 0x0, {@mac=@local, {[0xff, 0xff, 0xff, 0xff]}}, {@mac=@remote, {[0x0, 0xff, 0xff, 0xff, 0x0, 0xff]}}, 0x2, 0x13cc, 0x3, 0x10, 0xff01, 0x800, 'bond_slave_1\x00', 'gretap0\x00', {}, {}, 0x0, 0xc}, 0xbc, 0xe0}, @unspec=@AUDIT={0x24}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
accept4(r6, 0x0, 0x0, 0x800)

7.817986895s ago: executing program 4 (id=2827):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x7, 0x0)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2c, &(0x7f0000000380)={0x2501, {{0xa, 0x4e24, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}}, {{0xa, 0x4e08, 0x4a1, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xa}}}, 0x104)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
pselect6(0x40, &(0x7f0000000300)={0x6, 0x9, 0x98, 0x8, 0x7, 0x6, 0xc1, 0x3}, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x8, 0x4, 0xfb}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000600)=<r8=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x6, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000000700)=""/35, 0x23}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x2}, 0x40002122)

7.631091647s ago: executing program 0 (id=2828):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$pppoe(0x18, 0x1, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0xbcb8, 0x0, 0x1, 0x1000}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000300)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r2, 0x0, 0x0, 0x0, 0x800})
io_uring_enter(r3, 0x3516, 0x3e44, 0x8, 0x0, 0x0)
bind$tipc(r1, &(0x7f0000000440)=@name={0x1e, 0x2, 0x1, {{}, 0x1}}, 0x10)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x1000d, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"})
setgroups(0x1, &(0x7f0000000000)=[0x0])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'netpci0\x00'}})
r7 = socket$inet(0x2, 0x3, 0x30)
getsockopt$inet_mreqsrc(r7, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000240)=0xc)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r9, 0x4048aecb, &(0x7f0000000140))
socket$inet6(0xa, 0x80002, 0x88)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r11 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r11, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r12 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r12, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000000000000002000001dae10088b7090000000000000000852d3c76c0dc04fe1de2a8e6abf56b83bfe7ab3f660af4acedc796746f9af5663e9bcc913b47e5be4a61611b19b39479d0ef3fcda85c6afd7a9ff18318237f9ad5a3d285b69bd1743fe3edeab5d566ccc71863"], 0x14}, 0x1, 0x0, 0x0, 0x4000805}, 0x448c0)

6.804177412s ago: executing program 0 (id=2829):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x7, 0x0)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2c, &(0x7f0000000380)={0x2501, {{0xa, 0x4e24, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}}, {{0xa, 0x4e08, 0x4a1, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xa}}}, 0x104)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
pselect6(0x40, &(0x7f0000000300)={0x6, 0x9, 0x98, 0x8, 0x7, 0x6, 0xc1, 0x3}, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x8, 0x4, 0xfb}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000600)=<r8=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x6, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r9, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000042003303"], 0x14}, 0x1, 0x0, 0x0, 0x4015}, 0x24040004)
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000000700)=""/35, 0x23}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x2}, 0x40002122)

6.109722569s ago: executing program 4 (id=2830):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0d000000ba00000008bb2fe8000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/24], 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000043090100000000009500000000000000b7020000000000007baaf8ff00002000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb702000008000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98000000000000b5080000000000008500000007000000b700000000000000950000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x40e2094757c92727}, 0x94)
syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f0000002f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000180)=[{}, {}, {}, {}], 0x0, 0x0, 0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10)
r9 = accept4(r8, 0x0, 0x0, 0x0)
r10 = io_uring_setup(0x2f82, &(0x7f0000000200)={0x0, 0x446c5, 0x0, 0xfffffffc})
close(r10)
sendmsg$L2TP_CMD_SESSION_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x8190)
read$alg(r9, &(0x7f0000000000)=""/35, 0x23)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xec37, 0x40024}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x24004004)

5.840444499s ago: executing program 2 (id=2831):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f00000002c0)="1b0000001a005f3803000000000000008104008000000000000000", 0x1b)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default uset:syz 00000000000000000128\x00'], 0x2a, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000003c0)=ANY=[@ANYRES16=r0, @ANYBLOB="6434342a9dcd0bdba5b352423e03aaad6411c92edb015fef9ae50acd33ec5468aaa57eabc284447b75175edc754cef70bed991b239b00b6be9af023aa391124afdc1b847753e2f8a8169cc31cace31e571622a234433c85d5f8ad0c486012f922100660b8c68d0867983b6f3ae285f33333ee5634f9b28132b101d6b7b6dc072927fe2dc7c027a637b55eca6fc674e47a7593c56812636f8cdf21de7d24f79b16e522d0d409b0fdd99888b0a90fe66fa9c3d5facad7d3c01d47bfca587c3ec426221c1648a9c36f6efba26b5"], 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0xf0, 0x6, @broadcast}, 0x14)

5.291967446s ago: executing program 0 (id=2832):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000180)={'syz1\x00', {0x3, 0x9, 0x0, 0xfff7}, 0x38, [0xffff, 0x5, 0x7, 0xe9, 0x4, 0x6, 0x5, 0x10, 0x7, 0x950c, 0x1294, 0x8, 0x2, 0x5506fd78, 0x8000, 0xffffffa2, 0x7, 0x1, 0x8, 0x401, 0x8, 0x9, 0x3, 0x222, 0x1, 0xde, 0x10000, 0x7, 0x5, 0xbf7, 0x490, 0x200, 0x6, 0x4, 0xa, 0x7, 0x100, 0x9, 0x3, 0x1, 0x8, 0x5, 0x9, 0x4, 0x4, 0x4, 0xa, 0x0, 0x635dfebb, 0x0, 0xffff0001, 0xd, 0x3, 0x0, 0x7, 0x0, 0x0, 0xae, 0x4, 0xfffffff7, 0xd62, 0x3, 0x2, 0xfffffff9], [0x7, 0x7, 0x7, 0xb, 0xdd6, 0x106, 0x400, 0x7fff, 0x7, 0x52263b86, 0x0, 0x3, 0x5ce3, 0xfffffff7, 0x9, 0x3, 0x4, 0x200, 0xfffffff8, 0xb0, 0x6, 0x8, 0x20000, 0x45, 0x2, 0x0, 0x2, 0x3, 0x3, 0x9, 0x6, 0x9, 0x8, 0x9, 0x385a, 0x3ff8, 0x9, 0x1, 0x4, 0x2, 0x8, 0x4, 0x1, 0x8, 0x3, 0xfffff305, 0x6a2e, 0x2, 0xf4f4, 0x8, 0x2, 0x36, 0xb6, 0x92, 0x0, 0x1, 0xfff, 0xcd32, 0x7, 0x1cd4, 0x5a26, 0x17, 0x80000001, 0x9], [0x4, 0x8000, 0x0, 0x23, 0x0, 0x2, 0x200, 0x0, 0x4, 0x80000000, 0x1, 0x6, 0x51d, 0x9, 0x5, 0xa4, 0x6, 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, 0xe000000, 0xacd, 0x4, 0x7, 0x9, 0x40, 0xc, 0x7, 0x6, 0xa, 0x2, 0x7, 0xb7, 0x2, 0x9, 0x3, 0x0, 0x4, 0x81, 0x5, 0x7, 0xfff, 0xdb91, 0xfffffffc, 0xd, 0x58cb, 0x1, 0x519eb04a, 0xf, 0xdd7, 0x4c, 0xffff, 0x6, 0x6661, 0x4, 0x401, 0x7eedff85, 0x0, 0x1, 0x1, 0xc7fc], [0x7, 0x1, 0xc, 0x1, 0x200, 0x101, 0x101, 0x4, 0x99, 0x4, 0x8001, 0x5, 0xe02c, 0x816b, 0xe, 0x9, 0x101, 0x5, 0x4, 0x200, 0x1, 0x5365, 0x5, 0xb, 0x7, 0x4, 0x5, 0xffff8001, 0x10, 0x3, 0x1, 0xd6, 0x4, 0x8, 0xfcf, 0x8, 0x8, 0x2, 0x6, 0x10001, 0x3919, 0x1d8, 0x1000, 0x1, 0x0, 0x80000000, 0xb, 0xc33, 0x4, 0x7, 0x3, 0xc2e, 0x8, 0x2, 0x8001, 0x1, 0x4, 0x4, 0x2e, 0x8, 0xff, 0x1ff, 0x6, 0x5]}, 0x45c)
r0 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000640))
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_type(r6, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f0000000280), 0x9)
r8 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000c40), 0x12)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r11, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x20000000, 0x0, 0x0, 0x0)

4.696860971s ago: executing program 4 (id=2833):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000240), 0x0}, 0x1c)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002980)={&(0x7f0000000200), &(0x7f0000000600)=""/101, &(0x7f0000000980)="85181cc0c8fee3f9ee1623f4aea3cce50d3637e2cbc798f035d467be80281683b39febd57a8a37b404955e72dd0b412de20ef6b66ad2be69fa5883bb44327db1f6fd21d190761bb54d33eff979ab77c0f925a9a812951e519c396cb35dae6c88468c7d5c040a7105adc528fa4cb350f1ec1ae5b0bb9cd59941cd34c5e997fb4c514c196d30ea688a1c9090da533c999eaeb61c7f3e39d279c0302dc2a545b528faf1cf042bc1e43286c4781c59c2552852b0635ceafb6126e44f1e2cff913ca09b8790335e229afdb01c4e1e25c12bb7214395c6ac690e48da904f685df5d811ecd77f45332ad5805e6da08d14add1b3857686076d40325a447a4723b8f22450b05ab2f142dc3a5ccff0a10496fe1e05fe934bace2923d4c7e3bfb61cae864e2a1a686aa611e31e80aa8542418c267446aaa65d2326dccc687827c316835292be660c8613f9ab32477ecd8881bec76348e251c5272c85fd6849bcc92897a37dc59984c1dfc148a82005d7867dfda3249a60f5e3ae9fc9e4d302c69bde59c829dff45d6ae188e283e9b3cb55e6f3dacdcb9a6c1cdd3e3de9eebbda0da0774083bd18656d54b1c4732e21277f32e41231c2ca3d3a5136f184aeb417c3f40e9891c02d725635a8d25564600f1d9d7bc60669e07b6a062b585dea39a23890db4cf9a1c9f916e95d622e9b29bc2aadc6bf78be0175ef8d15e910e33d121cc6395d34a0a22ffd69fe92013721b787ba1d0d41413e676e0e802a91ef0ab4671dbe95d63cc44491a37d0a5e4e8a9eb469169326def467ffe653ddd9961f0817fe32f51ce00304165ca6e52604593868472e49f76e0558c51f894dde114be713de95e08fc4dabe5e55055c24eeca7907b35565f4512917a18e49405c057671bf990f55ee6e891e4d8c520b0a3e38f9e47c927ca64acf6fc4181d6f722971ff7f991edeea3dadb775243ee982cd2dbb719857f3501607b2e696b6a6de46b4fc5d4a19bc96aa8a900d7af8474c510143bc9f390da7537e787e1ff2f2767247ac5db70d209b1b3b874e68aca3fa26f347577c5a7527d50391ecfa7684fe21adf5d67ef9294f17daf1b89b9b59017d2aced7a8fb8bd25fa6e7ee9d2001005629048770cde706f9ca419d50383ff5a3a3ec96b3307a17fa6610bf58446197f743811493b6a7b1f456e8bb3293abd3b06017d952cb5e3d7458637afa6fcc996db8cb73e76973550d19347ce2e33f1add2b5c2073c076406909857c8778ea14189e8095b639a3900ec983cdc36167d1069ab8c34bcf73ac8914e64174691e638265fc0077cf352b1c474573cdc34fb6e0f6fa813e607227dc8f62ee91ba3c41dc89e6d4193bd5c8f9aac982a7ef6ed6d42e4b6a5afd4e46f7a07e3e9d34ed2a4f279d12166752edabb0d969f6f286ec2a3d9d935181dafc358748548ca69692b600f0e7ceccde22404a70e6aebef9a32f591d38ca913aec09550542ef9d2007b594eeb2d6418d4bffc1fd1d877f8575605546a1f346d450f7753447b8a8961a2f45ec7d72002a1be1e38cfa0cca62fcb1b37e2eeb433f55b36a3675d11ba49f10c28cee12a0000eef9445dd698c7103bb15307590f4aac4836477430d1d851e15919279df1996a304bd9b38e991c728aea752e9bc5960728476b97a11914b0de00ea2b70640dc53bf9d2b42e8598f22ccbace333eb1b6a330651c64fd0ba160f2d81ad9171ee046f28aedc7f3fddf1b1c5591aa398f2026e2015c47dbf84b644d55edd469b0dbbcd015fdfa90a84f2b53491c09b4830dadad0b84f1776674b05e29bd36a2306c0899ed0c7c93663953b06172993fc21cf429f32107ad559d40682bb667427727d576a952804b36d9710909418dfbe3f8e0ca78301d0089e5f7bd1cb2fdbf13d1ef8c7ec3acf46ca2bd1d669d58d7f727ff2f73d0877081b894aab789fd2804924730b512d2113a2d11b9efaa25e99e825fb5c782d2fd7a8cc73cbf9cb143780ba49ed501d78b3d0328c2022855aa59318119256cf37d5b29ce7c2fbbe6a0540b64d97d31ec0dcd750b6e07e80572648e50ac230815a2b4e2fcdb882eb5acb206c3bc74d20f583c167e9c5ef88ea98d5f594087f77540de01e7b9acfb47e3dd1f3ef075cf1fb933c941ff06293993ed6d64c1b6576253af1bd1814f4983c8e9ae29f4f28f42c4b72d65a758aaeb97145848980cdbae26dfb805eda7358bd5058b06aef385d8f70c2c716ea386115490ce2f75e4d7efc5385128a8a62b57e54ed1a4a1a3e2370f977610255aa0148f8a000776d4d340438aff58be0e4e6c15a6197849905a7f466a34e7fdb7e0548e52f0ab9c35f8026f3131e2a6a8a2807766ea8211b2d50a5272effd2c73519ff817d8f319c31cca801157226eae8faa55c4651364962f79bde057eb71fa5e9739dfb9cecf1fe30307a25c95ddfae60ab572636de4e1f061a223b89e121c0dbfaa47769a3833b7df1cdd4a3c102ec8d7a830206406dbb0e1070806b08f1c86a791545fa3a5a9ffe0b10431b950a1bd3f7a70311cf1fcf94fbbe2d1d89c5f8288458f9cee9f01577c4e6628203db231b20a876b5ac375c4cf9c05fad45b7f417f1af53c7d17fb4b51c1327069d75c77ffc2204d9e3573ef68980453b461b4afdfeaf2ec8eb02695599d8447c439e2814244fb92a9f4734166a67ceebfca30a78e2e32aa437b6a9807c4e3aa9d03a41f32dba6387744eeb6433948a23aebf8369e646057a50a51cfe594387aad09df7100a3da075571dd60012722de64990bf757918db38487452d9ffb7684f2a30be776abdc16ea73e1e1f43d24c406757820cf9937d2192567c4edec2eeaf55dbecd4137a5fc156f3a0b331c2ff61c3e4874632", 0x0, 0x6, r0}, 0x38)
openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/pm_test', 0x688100, 0x108)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
writev(r3, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0x2, 0x6)
write$cgroup_pid(r6, &(0x7f0000000000), 0xffffff98)
splice(r2, 0x0, r6, 0x0, 0x80000000, 0x3)
write(r4, 0x0, 0x0)
getrlimit(0x8, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2})
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000200)=0x2)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)

4.249309444s ago: executing program 3 (id=2801):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9da, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x95, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0xff, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x14, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x6, {[@main=@item_4={0x3, 0x0, 0xa, 'bQ\an'}, @global=@item_012={0x0, 0x1, 0x7}]}}, 0x0}, 0x0)

3.724779798s ago: executing program 4 (id=2834):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r3, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r5 = dup(r3)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0x400, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r7, &(0x7f0000000000)={0x7, 0x1b, 0x5}, 0xffffffec)
splice(r6, 0x0, r3, 0x0, 0xffff, 0x2)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1005, 0x0, 0x106}}, 0x20)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
syz_fuse_handle_req(r2, &(0x7f00000088c0)="761d830cb682c898eff0bd8cf89f15f4a12940213fdafa0f39ad239dbbe11851c2c7cd20f42c8d001b2cb0a97c0138f8bfeb1a5c117e02b3fbc1cba97a7d02e2d84a1018dab174d3ef91a5d9dc46dabb244d9115c89eff75d2da2e2f7578a4920d9dbe0cbd7c553e52bd778fefcdd2ee42a7e04889538a980f8f4293e8c1009a536db29275381f3b27aad6eb446e127671226111b5d8ef39caa7d016b1602e34eac24bc60a483c8c1a76f9489c9f6ebe2205f966871ee207c097c8d340683b187270a7422ee117f5e75dd70da830ef93c28fd4aa1f7a36d9a017557fc3463a728fd27a36d7923c975777245ac7a9df6e965cbd0c46629372a7631864a9da8cab08301b2a30e8deeac591fa9ba0389e1817a326d5842e1978dc1463f78badbb207551e2e4cdcfa668b3b7bbc9a8b209c673c9b20625cb996b87f313d59271e92df97b9b6b0a80da04d7b70fc8e3669b7a94610f75a69956e37a61342c7bc0bed83b1b961a4bbd8ac0e9ee959e275deff57b196abf2c103088561312a16ce7c5df67777a2ad9b2ecbb1d97af5d0988998e0a444c08f96b80a1ec27c1ea529be76a5836ae15d07b27893e357b1a170e025533f79946407d0fd5ef0e7af0ef5190a459d05b15d749805ac0461f65d6eaba156f9785b993b0ced640bec4fa11cebf4bb5488ce85304b23041373c77357ed0b637264dd251c081d2c575e46b4fd71af12d42335a4eac44222e5ba245e05dca8a16068f6330bd553850dd8a1af9ba69b4541959a25ea91b4662a596f6a4f8560c6aa7173897e0c6ada50d423bb8765b8ba19eb9936fb92edb685bbfe694f1648d88f1f9ef7d8ec7cecf4d9c5db05c9a1298176dc6f76f3145d438ee2dcb91b460027b3cd5f446ccc36e0d8b507f40afb1bc483a5febb9114bb406bd8fa2a5e084ca81d38ba9db65e87de94129db0c6b72d81a5c26ba6d3f703292009e302d560cb7e94c76b4cff0fa646d64f093bca010f2f10357c396bb6192669e6abec240d34b3a18e46961e290e902da0726d6850d832129fbf2b2ebf58116a909692344316d175a42c0433e7cd7124deed863b2bb7882ec571b8d4d9c48bfbd800abd963cf627a8bb7831b304baf62fe2ae1c753cfbbd48bd4548b23d9628eb334be84e2c4328c4791c9582bc5eb825593ddf6ae6dfe4deefcad4781d25ca680ae597e4f2e75eabfff5022bd53e80c069c1219d6dbea31c2ad85c788d5fcae83d964e74b2b5beedf2f411e70e5a37307ada87b129b1e45f09a59bae807b2ad634028906237a6f4f602b8525983ec8db4f018cd3d90066eddd0b83e03d9f8cb12590768700d3e89003c01051bad266be7c5eef0691274e0398333e90dae8f90b8b4d82b11b2a5db02f68f31f1274a4070b5183a1a74ac564f196561dff289860e490bf649051cf2a22677253d81c4300fca4518e9c681c2d2abde8cc7db1532c65fcdab8e6b212c92dd42a623caac3afadd29b61ef0c513c8004f98b744ad95b05cd6832e5d38177dc6e131ef2fb5b22fd010b330474d010177dcfc5c4f39b2f5ad80d95a20c2cb62fb04ca63d930935b7e1ff8912341bb8f9ac3a255a31e0c6a1c68bacb3734d074de72d94c96be9e4e2f80002c8cb0f604c9b10574ab4f12ed47231941cd1c91cf7e96b49548ebe668faa5e14a8c13302be1959618df4feaf704065195bcbf9566b6bd351af8b3bea61812a881f1841ae8873f15625f2c0948a0e134f080d6424f8df0002ffe8744a8accfd346e6464bc9be9793fd3183234aab031076c291e500ecdfc3e9be869c23bf0fb323dabaef6e490a6e3866a1de1312afa5d4686b492e1f9aee230ea1643c0219debaad7b66a8cc3908bf5a3492d6d70126eac292536a6e2e789747725e181dc5276b506fc7c698e59089f09a5648b21463ca11bce12d05abc4b9dd6408a07bd8bc90e25f984d2bdfee8effd51894075783c803addd7312a603fe05060c374bd3cc8a871bc0b4c959a6a2af1571d30ca462c46f08f887de11eccb603d94b6bb4dd177301afb9e7cb62896e1ef7c84c278f50fc066c33f8c1452fa00eb5677091ddd2d8fee7232ec7e461b079737980b0f5dc3edd0533a3995a00b05d223a6e12c03c01ed6d6dc9938d817e29bfa84d13d220aeddb3c4e7200e127e9cf4813537830b08d217fc5c91ad3add289a8f52b278fc05263bb1b6f5e161b5ec299a4020308c85958a4dc6208989ca2af5a29143d3b8150887e6d27fe2a20099ab547ef012bab8728e16cdfc00e7b20dd709714141e3c784301fe3dce23225e30aa208ddb0e3a4bd48f8d0b8273afdf003a687e276717b20ee2659fc1f3a93b3acff5bdbd76748d2765ddc2bb6d48abaac6590ddef219b29e998795fb48d668614551f3cfe4aa11600a6064ca6e2bf5233332378497f249fb8df6a3472a01c7853aeaa4bb0a28518bf66e033e79f6081d5562dfb3e91462605340b5b5caecc9a5e567181b3bea74e3e51cfb3f1a5b4a28bf7aca0a6dc0eca0a655735dde2103c8f4e53ab287be2e2e072de41829c077c4b65c29a51dfd60128836830e35dc51912fb107d3b971447d5c324a84b07537581b4a9536f399ae9b9822cc72388713e74806e8e77411d79c422cf4cbeb6bb32cd5605b0f87ee4d7c29de4c93a9bd01ccf13fa6d737e8e767b15af8abf689c43c43ccc033af76959502af27e9b58241433c3c824cd2148328b7beae98814dedce0196f6e4984916e081c3fc3b42b4baf9b2e41e353a42898a65227d36854970cea9f766578a0657028d101c39843b900dc3af1af4157a41d238a9c681c629d6d019324238831dc62eff0904072c7f0c0444a136ac3e602023152caa5c6879f23b88f20b7adf9ae37d7bc33ed80a7a88eedf6ab8ab719debd84f231babe4c000705db75e3fc25814f16d833237022aabce3bbf6a06d29ddbd25574a4d9194d7389393ac065979751a7a795c7fa8fc6476afefc66990702707578216ba49a1b230e7c19441af251ed03dac43de5e3c52b0b4038d89bb0051fcd31f2e920318c36aab22c5726979a5ca27310a90eb7555c6de045cfd8fc08cf4a6174b7c0865821ab6c5079bdde229cf185dfacd8c89ae89315f0a812802f62084d5193faa673823b80c6f83c61b2958b78a2f09058e37a1aef37c27491d5dae69f88a29fd9633bca6631d6720bd7893437c86bca3af15496c5d6efb8ad10353c0cb1b4715fd819c26d427028b5f10eb9aabb17e332d0db378d7cb1f024f0fafdede09d9cf40f9dbc1106ef509dcb9969dee26a45adbc453b6b0272685813d41b5f60c1ac3d1a3801211b73431b34fe3f231b3a6fb5d2f368f04145fc401c8b36c492c4e255d9eef6e5c906d469e3b326cafb7f49c59de427f3b6dbcbc9108fe421cedc57a66b99d15769dde6891027a7f3c4f12f0c831d666bc9f000a7dc07b8d4cd955983fead67a8757cc3729a94577d3de6e0479a4f69b24547eddfa5ceef2e7aab98348bc7ce0370f02000ddab8bd699f53db7a830837b279e3025591a46d6714ef72a2d2fbdd7bf6b71eb276aed95b77258122aa67806f88ea8969ef030e2e660fd1818cf663dccbb87f1c3f0b70008ed07261ac1dcb68b87ba7b3f8b63ec27e1ad2ca3af753ef3c43bf67bf3880dfa1a11c8940d616b2bfb04daef9dd2039564306f749c5e7dad3b05761e42c3246367fe2b392e7ca267b7a1b33b58135bcd67a2d9a81e7c5afbcc25873399f709f37adf5ceeb8be519e64887245cbf249e6976409c60e31ef41e69e13ee01ed7763f5ee825229c590c170b08464f28d2c989e1a6c701c46912c3f97a7f973bf4eacc8151fcb59ac641f0e83c5e3101c88e8d2710b7aa8cb72f6503a3fccb999a36c609f6d6f8707f6dc0ca025209aed8ecfba36b9ee52e2afc25e35da71fb9d577f80064c768b0003a788577aba71dc524d7808b033d602d870b66cdb339086109fbf2987f0bbe556d5ef4bb753dc4e1893f3937aa8465293beb7e96d00caf416dcc84a80a6ce8ebd01785611c1628310b099f375045e73a341ae06ec5423d59a7f5f9f21c40b52356d65e815ab5a4f74d8d4b7c6350b8bcf12907da2b1f502ce73b0aa73b4efabe91cebe116822177d797806edefaaac9c540ff02440baf9ae4b42c45104f01794461ba3ea1e7f9514e491032f8ba535ad104148be572a41598570843fd6fe90c97e7187fb433303852138f2dff0eb24f756ae378678919eb180822981eef929c724ec2295abfb0eb588fc406faf740ee71d4b285c05cd89ea27feeb6c9d744beacafd2f601d23ad06afcd903f4e9ee3375806afaf21f01ef0a493dcf92ff9d8858105e86029a12cef0bc37f3b54fcebf5646f5f02952efb2d80dd1bb3bab3bc18a31eedd327757a17565d3e267a054a63e1883638d7cbef83a8308ac2e2b7c657c21fa4495ec9506bc0b6c67b7f12a392ee0e557ac06625a5851effac29801c21746dd0bbd2e25d13ab020ed4e133a1eafbd58d26d1a1a3f71f1a958f2ec5c15f5c055c9f1d1ddb33048e48bb9acad7f167f67305ce4bb1dc4a6373b7c1726f5b298a5c7c74d960fe30ff9e1fc0bdc3408640cafb34e2a3a2bcce2ec0ca7bd13edd9f365ce338b63c1bf6c3c6e1d2171ee58dce6075cad284f5e7e466914bcd1afe28546fab2d9f537309a5b36e62de5dadc378aef8591797d3311f8cf5e965242840430ee123b9ac7dcca493a4bcb108eb85a9e52cc33b62b515b95634c57b58b52f72b10b4306e7282349b999e9deb93d867b95f2e14bf20f56c1068e2b0684dc67ffe1dff590145b28bb8dff42e44e6228ec5783662a5a67b34f46863e6711f0e3cacbb88447aee4be56aa318eaa570df303a1c88223cbdf2faa1840ca1e72018136aa3cf9d2ae00be52e5d51600f57a3c7421e15b778229fe8165fc50ed2dc7c577ceba7342ff6996dfd7087a2f61843064889bc505473a3aa7d96dbb7c550f4552331e4b601c1bc3bc1e6a7717264dcec37617dde6017edf48c8b6f9675d3a8978ecdf0bdeb716f9166f0bc7f9de5b47e7ab99ed8624c3f8487bb1fe2b5cce35bfbce2fcde38d0c5100f7819e0bcd360c7bb9f80d4392fa74d938ccd83d6f40d1a55e03a79c45ff68468ca42ac99a4de8c777f952d2ee6138fe62ee4d4a8b76ce799b8a0e7fac09f9610a472635f8b8b1721d1fee535a83722eb87d8c866544b8916f8af56361de6eea4427233cc804fe55ff9b3b2c88bff72115deda64d75fbc72b1742997a291d55251e8b2efffa37ba0e762c7d7bde8a81359d9c6dc2141f86d3eb31c63739f0790178a0e3dc3c1d403834df18c81e68430957249ca3cf55ec376af9d8b049490e890d0fa5782a9d6b23d4c1428037b053eae32bd6732ba96de194f210eb8fc79be3928deace54ad8e473791e7281a89b0d8e27b232269b8c35c85f9ecb72362170839753fb29d9930f39e869e9b07ff85da8a4a57be5b09bcaaf355bcf030f26d2f66a4ec6864c26e901fb3bf6fab435c16b4985cabc2f84d37a51ee8a1378cc7fd480c41826c2f1bdff2cf37ba2bdf2c8cf909968b9fce9af8448aaa63014dcac7a739e1b3ebfe30b6d934120c4bd63d2269becbe9fcf201f1a3009bdaecd4b90cfb3ba7e4d4f190ba0c6235a8d0ea23e451250f0a66fa189a030641d8a49a18807881ebcfeb0176093a158b2deb8837003fe0b1d4bf06e8f9bd7c8efd8775137497027ba997d2f7b4b98ec5b7e0f4614f532b81a6f96048a81da770423e8a952901e32051b0a0cb4e3c0c743ae9112d973480bab294cb7b49bb7a9051bffa60b85311dda853ce405f228a4126f1cb3c84c3b5ca4ef7efcc4e3effa3ba5ec31df051a270a48c1e80d387da573bcf78ba2428cd0126f2dcaf4d9bfd6ad568c2b368ddae77b8f2aaa4e6252c43ac997f0878fc746910b72becfedcd108087f3beea5a5dac569ec678a3a7819c4da0b4fe057952a0fd5c1065411f152f97103d03f0764165870c8886a8186d02f82ee7cbbe8f0cfe45e51bc8b495af35cf54867fbc856b4849a967d1bea98e93cea10c785a05940e83f1b75176fb9914ca914d92c7a7273ac3224a466e1ad6f451afdf98670623e50f1a45efe0ef75208eed5351a80da812a7cdeb46ebed49a224fcdc0bf32c66ea635703673b6800244ad2a6312a538185cf6cfd504b029d442aeba0203b8dcefb5acfd3f05ab59fa3b8a6f00544993682df4ec6213a010817fda6ab2ae011b28169c4ef9ff14c598c5e7026b5c4db1139c55d38024e7de8326855f189a96e400d1e070b60629e011e3670eb08841ed3c2606a9e81f8a847b6d0f08051679effd982173a8127e903509f4cc797f46fb819373982f9673c4b0c1a4b460e6f4a0c1c21a6815c00f9f6e72670fb57a03f53251518e6d9c7e1991ae88d574f3f5d2ed40246930766075434c3e37db8e2cd93af4d43e4b2bf0a4cb9d977f51fc96383d5da825259509e2484a31efb70682ac092324e335180a702cfad9d9f81a6ca5ea8c9176f74f71c51673c6e9e64037b4b13e9236e740adcc0c302f3661635185e9ec1cfdb7cec12db7d1c923cd779bba58994c7ff4f3be3a1eb21c7fd150a774150f2754340b304781c4be6500dbafe53c79c63c1a473c213ad2aff8300391cd6cc530214fc9df616fd4e67fc0d1eea8c2a824aeb11628b42138d4324b354cf7b88b1df675375e8a2735ccd325f5671b5fa22440f37b9958e770d96d869da814fda78550477d32712f862a6668c8c4a2177ab4c50dfce53ce31a0be6172e77785e43097d7a6b7850219a2ec3c31999cf98572c8bf36bef79391d588d17322357e810b5da925c1c439d3ca167bf5960ad91ad25318fa61bda11cb38adaa9ff651916874e16e7f72fecd224341d4c171202a85220f91e1e75a0100838e6f869a789df159074d56fa3e18b5450963dbd5c5321c10c063997b3172d2cfc3aa3edada0b493eab7d02ea10420c87519a522a299f91eddcc3f2e0ca6ad0917e2533a11d8c71eafdafd1c83f65e8fc120ad53ba92a6395052600f3b3a31e8fe88278aedd5d6fa664b35d6f23f0aba7d58694c9b524ac7780091648df0a029f7e8127108f31fbf11d400841321ece7344cad44ebbb0537b06742f5bb698b4e64201feadc473f7eb6bcb37dcf71f4a29bc6f591bb39e64ecf19c05eff3bd31a233d93d089667b9cad49d71fb25822eead10d5e2ea4eb5ca8e4710621cd0541f1014eb3fa226fac163af19f468a4c78daee28ae9429a3e3f6e17dec9804ad55f7b734ca935e604eee5385f1572ba73f375e1c9c5fd46c712fa4333efbc5dcb0349605f9141322da4136566c7bc47ba4c186c92cebe4fd2f2c74c38873170b1ce6806c06f815b63008e42b34b7f63d31ba77bf5de8535c1ea8d13e5d9dd46f951e5e765c5a259547604cd4e72eaa856d415c601e330677aaee9a5871978dd50c2b79252e09dec44c01ab8b3a5ec9a3c867a05a310c4d09f8380b657c297c04cec6a3475ba1bb81e075cbd05390cb8a7f33a614efa66f6d98a69c81f4ecfd2ff47d74f1bb50d33ebc5b6229fa8f17288904c828415968398cf9bd5037cae2965c9b716eb5732c4c71acf061a47850542fa859ca1255129c24712437d7db2aa5585ff21c9f26f36cac60704df53cba9edb19bbd1ce992cb58cdae1be756b9049ffcd4f913ff348e5214cc201508198027d18f3f066a7a5c0470cd0dd72468d8fb4526c26c07e7c4c72119bf3358740394e5dba42dd27229ad93f99c6138fb9f6c1bf29fe5ad58545b526f528389cb689b59e813a4b218c41a607c3e64f18a07d5430ec9a3af83e50b5566c9d4382da9a5d5ec6cb5058a870b228c49d6c05c99935478dd3fc4f98bff4f5e8dc2dbb8f6401e0d1798204cc1e16e69bccc30734e91968b61ec2cd04df14fd59f9f018dda9d7c90409ba707580b53c647971da9919c80886ef39d18a642aa939c69269e9b009a06545bd702380c877211fbd5a11043a72aa5777d7c90a878f3d5b13cffb74cf15cf4b3852c558589efd753ce8f9ec410ef3f8da6501e57f617853b99aeebf33d1daaec0e4dfa48d06bec8221d86daf37e66a7ea881651d782fe7024fc93066aa27a1bbae9215f42548e878c3a349631069284d53b8771892cc58b1d3e37f82e1fdcc55d2f42f7745a5a3424fd7866be4ca37b4e5f446782dc5e30621494453fdbfa19861ef66e7d2919f5105b8df680decbcdc3650ed9789754f9556243fa53ad07eabc4fabb667c634457a012b248260572ed4a89a137e63bb83fa6e8ca22b76c8d451c844afceaf55ca917eeeead551ef32129935c18161c89fd83a7d62816962b7fb86db839c350fb5f00e6eb777ade8c0e678f204f5934875b088e59037e08699fee74462b02410314811ffeff244068b9c0c9181b3bbc7f705541183f109373551429e8ddf3db2b01e9c304a5aa43f9021ec3150507e6762407372b5834d4979fcfd253ac3fbb9d54c4ea1eb665cbf1942ad55cec0b2a183c447d910afecd7611e02f1144b6beb3bf6ae8837c67db01bb9a6146344375baab5bcfff67fb23c0a22f41f8b7453b9d076f0a44897ac01ba98026a687f181d4f7c5195db543b20a8f4e600e719125d67890e5904ba7dab61c0419460dd5def6ce2308be0c3049aa24f60e9401b42490b9c9aebe1d2171102cd9019f9053a4c994d6b184b499b1c3f8bba0ae7ea46ff34a4a1d4b3a90e3c5e079445cf7984123d717f72709849266bc5b39608eb915f0b7ce572fff8eefe486702c6595f091e014a26bad6b9f64dc1fb118c47be183438d29e6dd98b77f97006dca7c8371903441a074d3aeac0e9fd00446cf9c7729e25bc5277ac272da5c050c607adc90057cda447c3710036a8f76b0706ae6cbd28de6cbd331a1ea2e5b1c61fe77176c4bea5d5e46dbb08a12c7100984aa26a02ff7ec83c96f375e65927933846f70e72c4decc0af60eeb11c7bca3ba62adbd0d9fa989b1e7c6e2e7c0f6e47c578914de9d7ba6c107882396420990023809ba3791136a5a97492c677fe90194c86c1c7972ac1f30df2bbccd319721c4fe96231e2f5df4da62992a1469e0a59a94827f3e3f5497e79c2860b0f9f8aeb24bac96adca8c3f9ca4f5d0ef77fa135fc6156ba6145a7a08879d75c0c35011acb19408b5d4af7f38109028a8285f5a31d30da886b70d734f01ef43ee2ff5f7e25f43fe47cff35388bec4e7d381d075f249628d10e74eada1e2af8caec7a3a89528b7d1da329fdfa337b5b507c14503fd89b96a33b52d327d41242456d836f464adc7ae2874dc41052fc86048314d5d31e89b20d16440f13af11a40be5f5524b8730af2c847102c6ef65d6baa2a0a6af98823605e9164f162c196b3b948def8d590a3f4ff19942a2ef8cd06d4b2fbafa4667c4116e146cf6a5116fb6971a2de211f3dc0d64ae99cc37877d7bd87c99a8c2d7dae406dacae89b6b6d44abd5dc6a581ad94dda6c962f0eb56a50c12b93a4312280a8519acbcca7d67fa6b92c75bfda0e257b5b1b0f566ea5ab487c390e02aa5b6cf544f211b98835a2b44e8b41a6418be54a7bb5cae4702aafe7f4d36893cb1d8c810844073c6f8560e0e3e46830cfb34f3ed1c633420a0da9d8bf62ea56fee88c1f0db7cc5997af1ab02c8bc568f4447d19f6c87cca057cd9c1dc6de139b2de4e0b26d8ee38e4019884a453292ca2ab00dbef7219269e61947e57faf1b2c653c0a4995ec58efdff79314a1961170a7f4e0883dfd21257de039986a0ffee0470667b3a5ef7997ea016e3245b293fa46d07f4095a982665dc6fc549104db25182eaf84b417f393d163889e7a2b83fd3aea8b4eeaf75d9550989e9541a1d91e2f968c32584c8a6a790fede715a2bc734dcd5f9b9883075314a9cf7954935b2469bd5cca61d0e0d491a627e51ee555dfc1c9d5ffb143fc7d31ad6e95258d4eaee798fd94fb52434a6f635bf778fce8d4e94885939cc3dc18bcc845850951a64a2267da0747966cbbbd169b60db08da5704f63d95a05ab4d629a29ad36223ed2a9decce89acdfd7cd8f9abbcb12bec072df2b2cafa6c017a25328ed091abb25db2cb8c0f40da5c3751872c70e89274444e337173de974908fa494fe5459a5939b29122895b66f7b6349a13611cf5e74aba8f62fdb8fe6f5a8604b499f7fa3e47c9566a2e48187e474809e845baab6bd4e2f0bf6f794e086e9f03d0eb3a9e4250b209a491cb2db591f2b0351e7733a776ac12396a5c7827b82377fe4a0e3c54722f08ee441e168ee586a0f13401c33b57a612993a6b3fe93594c6964afaeb971825c700943ab60cdb23306f82bf2ec32d05b7c75a35d5e432fa1146f6db1b33ffbfcf3cd9f40598e5a80b633d84c654e462d791d8bb83cfc5615729d5ef1bc33800dd34b8cb7bbf3383055e782877c8806e8f29389e55a27da788e1a08029cfb724ba73cb0ef1a860ff861372b509ec8200f20a5dc5841c5644fb5febe3d2e9733cca528f2b9af0e0b814f97c711b035d7e3fbb1951d8210d330e6bffdf0e2faa19088a89c6a737435c2e8958fd1126e0f2ca325990514f0ca8ec784040bc6e2238b3a548ce3ecd065e08451b049bb55cd000023861ad400d7ff659bbcf6721bbe7128d73b95411a6684a6b12a5277c08df26fcf79eb64ce4b1f6664a445f758cea910ae48bda79165bcd408dedb32b6ab6de7bff43a09f51d4ad29b3acdcc0a6266e8afcdf0e8c8bc3f8ffc85106d278dc95c8f652347ada2034f30886ba78ab80389447f5c99118efd3d58bc43469bf44ae3d3fdd0b33824e69fea0d0fd62b709ee5868fdc29a5963dd4869305eb70e4bad13bd974cc3243d83ee7407cf6e8ea88ea28ec72c4fc827aeb15dac717869b290a3ac94d6e8538ae1b23f9ebffdad3c4b1855d74f450a06eebb1d2bbb154d9cdbc384f5c8116c85daff1af4bf6ed9bc7ed98323ec98a083d56d60d2b500ac65ba2773d01747c74fadfd9ab55dd567fdf2996d9f696374a7835776a1b6b1dc3b4a00467218ae97bb1cd4631ce37f356f494545101cfd84feaa4c20f5a024687d99f074229439182a3cb87b1c3003dd646b60472d0942821209cb90f744436cb86fd8d76506b6a003b232fdf4b5790171cad9d70cd11a017b217904cbc2122ece2972ff87df0f25df761ec0775b5c9f86553267f5d9d666c2bdfcbddf942a687ec1489e3ee1f5846abad42384745e66dd888717b320326b2f90c1633a6cb3d1564a575e0296f1b12f4184a0696fa98946f7497f28440a6b68e959dab767406c2c5583b6ab79bcec82e89f4b36eb624a081096d286ae3910f2a94da414d1317fdbb6cc9f073032ddabe3c15133cc383d76b839531ed107ffdc492a7ea5b8bb4397b90beb45c066968303833674c150cae4b5d3c6edb96bfac63465d18433c4620f91a2d5a66f19a67176ea8ced53d25d1c22d2beb2ff9a97207f47bd16c18cd3ed7693d1e46d16b2786bc59b0818f03a8f35d3823b86bd1eea6ec4e81570be58287eb2789d59c5dbf7e16bbd54414efcbfc90e0ed9f0f55af31ff40c7392c6136e02448608852bab13ec71998aa03a40c6f9ce279cbb7db97d5a7", 0x2000, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x78, 0x0, 0xf, {0x7, 0x7, 0x0, {0x0, 0x9, 0x3, 0x8, 0x0, 0x5, 0x3, 0x8, 0x9, 0xc000, 0xa91, 0x0, 0x0, 0x972}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

3.618116277s ago: executing program 2 (id=2835):
prctl$PR_SET_SYSCALL_USER_DISPATCH_OFF(0x3b, 0x0) (async)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000003c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async)
iopl(0x9)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2710, &(0x7f0000000600)=""/102389, &(0x7f0000000000)=0x18ff5)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103001)
ioctl$SG_IO(r3, 0x2285, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$unix(0x1, 0x5, 0x0) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000040)={0x1c, r4, 0x62c21a4ade68aba1, 0x70bd27, 0x0, {{0x32}, {@void, @val={0x8, 0x3, r6}, @val={0x0, 0x99, {0x5, 0x61}}}}}, 0xb}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) (async)
unshare(0x62040200)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000019600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x202}, 0xc, &(0x7f00000005c0)={&(0x7f0000000400)={0x48, r8, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xf2, 0x45}}}}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x3}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x5}, @NL80211_ATTR_P2P_OPPPS={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x8)

3.339150277s ago: executing program 2 (id=2836):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000180)={'syz1\x00', {0x3, 0x9, 0x0, 0xfff7}, 0x38, [0xffff, 0x5, 0x7, 0xe9, 0x4, 0x6, 0x5, 0x10, 0x7, 0x950c, 0x1294, 0x8, 0x2, 0x5506fd78, 0x8000, 0xffffffa2, 0x7, 0x1, 0x8, 0x401, 0x8, 0x9, 0x3, 0x222, 0x1, 0xde, 0x10000, 0x7, 0x5, 0xbf7, 0x490, 0x200, 0x6, 0x4, 0xa, 0x7, 0x100, 0x9, 0x3, 0x1, 0x8, 0x5, 0x9, 0x4, 0x4, 0x4, 0xa, 0x0, 0x635dfebb, 0x0, 0xffff0001, 0xd, 0x3, 0x0, 0x7, 0x0, 0x0, 0xae, 0x4, 0xfffffff7, 0xd62, 0x3, 0x2, 0xfffffff9], [0x7, 0x7, 0x7, 0xb, 0xdd6, 0x106, 0x400, 0x7fff, 0x7, 0x52263b86, 0x0, 0x3, 0x5ce3, 0xfffffff7, 0x9, 0x3, 0x4, 0x200, 0xfffffff8, 0xb0, 0x6, 0x8, 0x20000, 0x45, 0x2, 0x0, 0x2, 0x3, 0x3, 0x9, 0x6, 0x9, 0x8, 0x9, 0x385a, 0x3ff8, 0x9, 0x1, 0x4, 0x2, 0x8, 0x4, 0x1, 0x8, 0x3, 0xfffff305, 0x6a2e, 0x2, 0xf4f4, 0x8, 0x2, 0x36, 0xb6, 0x92, 0x0, 0x1, 0xfff, 0xcd32, 0x7, 0x1cd4, 0x5a26, 0x17, 0x80000001, 0x9], [0x4, 0x8000, 0x0, 0x23, 0x0, 0x2, 0x200, 0x0, 0x4, 0x80000000, 0x1, 0x6, 0x51d, 0x9, 0x5, 0xa4, 0x6, 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, 0xe000000, 0xacd, 0x4, 0x7, 0x9, 0x40, 0xc, 0x7, 0x6, 0xa, 0x2, 0x7, 0xb7, 0x2, 0x9, 0x3, 0x0, 0x4, 0x81, 0x5, 0x7, 0xfff, 0xdb91, 0xfffffffc, 0xd, 0x58cb, 0x1, 0x519eb04a, 0xf, 0xdd7, 0x4c, 0xffff, 0x6, 0x6661, 0x4, 0x401, 0x7eedff85, 0x0, 0x1, 0x1, 0xc7fc], [0x7, 0x1, 0xc, 0x1, 0x200, 0x101, 0x101, 0x4, 0x99, 0x4, 0x8001, 0x5, 0xe02c, 0x816b, 0xe, 0x9, 0x101, 0x5, 0x4, 0x200, 0x1, 0x5365, 0x5, 0xb, 0x7, 0x4, 0x5, 0xffff8001, 0x10, 0x3, 0x1, 0xd6, 0x4, 0x8, 0xfcf, 0x8, 0x8, 0x2, 0x6, 0x10001, 0x3919, 0x1d8, 0x1000, 0x1, 0x0, 0x80000000, 0xb, 0xc33, 0x4, 0x7, 0x3, 0xc2e, 0x8, 0x2, 0x8001, 0x1, 0x4, 0x4, 0x2e, 0x8, 0xff, 0x1ff, 0x6, 0x5]}, 0x45c)
r0 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000640))
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x20000000, 0x0, 0x0, 0x0)

2.451202752s ago: executing program 0 (id=2837):
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={0x0}, 0x1, 0x0, 0x0, 0x48010}, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$apparmor_current(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="7065726d6861742072694c741a57a29b3078303030303030303030303030303030335e"], 0x1b)
vmsplice(r4, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000240)="73685697ab2c1af93c5e549ee6a524f64317a66eb601e4ac5f22f1f8b749eeb700160c00000000409a7dff259806de995b88317f0188b0c5469f37db90889579f3135d24a7dc0df6d3bc09d8bd67ce775d08fdaf1c26ac8fb15c07f7cfc2c83da633cf248cbfcda8", 0x68}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000780)="d39300d7f6e45ac95cd44bf4b81debe6eb18546761a7349589e9aeca52a601b50120fe4dd27d145a1e12c8391f4a35333ef75a0fe0c9a35135cf53b9ac06238174792d3356cb6de0bb72249f13d7c38d54c90c3709bc3d9218d97e6a7bd3c0e8b236e47cb2d3c9fb5dfe433b598090e8e8817935f2368461f8f8cbc025e8b6ead291ca", 0x83}, {&(0x7f0000000500)="fcd54329fa8cf7316ede8d9dc280adf05575c474ae4cbc805230180075770f35904fe010bd58ed9232fff99e56adbaf262fe34de58121ffb4e3f8d607d32f3e983f9617aad55c51d6ddae763f1463224ed998e2911957835fb9b1927d818538134edd6cf2f3214e444e01ee279bc3ded26f6eaac17055ccc5b61b14aafed1ce59041623e77e5ca902fbe3844ce3c7c5940518b3a45165988451e24260a209c2fbad06a6301f6b9ed2215359ea5cb6d2a7bfb35f9e638d541e6ba0913bd4c3b0b810f41df4c19d4c47225fd322ff6bfa629bf1cc535f0", 0xd6}, {&(0x7f0000000600)="6f1a9204d72f842a3b9b474732fedb2d0962796abba9e95cb504c01b57c7e23207e69b8d7ca7b0a41c0c2513c4dc843d54d077b5c1536488d2208b21f201d5c7442ddb0ad1b76e20fcda31fbb0c0ad7910d877450ff5a73b6de83b99eed8ee1ae3c5403e8e894a7bf77727f1b537c6d75c35601c87d97e505271be83aa05e2431a6a98bfef3d02e7b6d7355ce1b9047b726dae5d301fa5797d09de7b55fc192658431debbb0aed3d8f0f0176bf8632c2b0c1cac3bb544535d638e99e76aa3394adff6f44f4057798dd645a6e60ac590204eccd6b9b48d482ee15fc763182", 0xde}, {&(0x7f00000002c0)="3bb9b2f5f36e3d5e", 0x8}], 0xd, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
open_tree(r6, &(0x7f0000006180)='./mnt\x00', 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
r7 = syz_open_dev$swradio(&(0x7f0000000300), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r7, 0xc0405665, &(0x7f0000000340)={0x0, 0x5})
ioctl$VIDIOC_LOG_STATUS(r7, 0x5646, 0x0)
r8 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc3036bb66682c", 0x7, 0xfffffffffffffffe)
r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000840)="c0444444442a34cac5621b0d3912148dd70038d5599b768381962b47bcf4f7e3bea3996c2c77f36f68d703653e7630c50eab73f043e7179eedb1aaed0070695dd653937b6b4b7adc73c1d0b72c196cdf9277ab2a868119620c359473e3266c65b0f4598ec63768e72e1920f699caa5ae6cec716d671495bbd57150103efcb6a4d83e9651e63f6393170e7c11f02c9a19f211260676f0e796a7f41b2bc4e5be1c7dc258be452e8b15c62800e3b4d522974c20b8bfd72e4f860e57a4b8ec4c9ed4673caa8d7b5172be5e4beb7964c665070aa4323bfb187a87921c5df93358191b7d18ca20178f8e67b4ba7973ae04cf7d88b72084bd8ce679c75b43b83879b2843d2503e4fdf56ab3b680610979355321a8347cae12104199b8309c801d8b9952b18af8a4b1779de13f74a75987833fd5a270bd9ef2ba1de0692ab8980407c49bdb428222a3c1c3cde5a8731f9d5e4c4f", 0x150, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r8, r9, r8}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r10, 0xc018643a, &(0x7f0000000140)={0x4000000})
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000002000000ac"], 0x18)

2.403144584s ago: executing program 3 (id=2838):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x30, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) (fail_nth: 6)

1.820946492s ago: executing program 4 (id=2839):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x7, 0x0)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2c, &(0x7f0000000380)={0x2501, {{0xa, 0x4e24, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}}, {{0xa, 0x4e08, 0x4a1, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xa}}}, 0x104)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
pselect6(0x40, &(0x7f0000000300)={0x6, 0x9, 0x98, 0x8, 0x7, 0x6, 0xc1, 0x3}, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x8, 0x4, 0xfb}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000600)=<r8=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x6, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000000700)=""/35, 0x23}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x2}, 0x40002122)

1.715157529s ago: executing program 3 (id=2840):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000280)={[0x60000000000, 0xdb, 0x0, 0x8, 0x2000001, 0x9, 0x2004cb, 0xfffffffffffffff6, 0x2, 0x1136b2e5, 0x9, 0x0, 0x3, 0x7fff, 0x8000000000, 0xfffffffffffffffa], 0x8004005, 0x202})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$SIOCGSKNS(r6, 0x894c, &(0x7f0000000140)={'veth1_vlan\x00', 0x200})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x300, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x1}, {0x1, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4044)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000014d00)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfa, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {}, {0x9, 0x9}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
r10 = getpid()
syz_pidfd_open(r10, 0x0)
ptrace$setopts(0x4206, r10, 0x0, 0x40)
syz_80211_inject_frame(0x0, 0x0, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents64(r11, &(0x7f0000002f40)=""/4090, 0xffa)

1.028948677s ago: executing program 2 (id=2841):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001e00010125bd7000fcffffff010000000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x4048957}, 0x28040)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="11010000733336088dee1edb236100c7000109022d0101100000e90904030003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r2, 0x541b, 0x0)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='kyber_latency\x00', r4, 0x0, 0x5}, 0x18)

917.296681ms ago: executing program 0 (id=2842):
syz_emit_ethernet(0x3e, &(0x7f0000000640)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @local}}}}}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11003d2add0b6162636465666768696a6b00000010002d800a00000002020202020200006c2b671929cb93ce91515253434f2d0f2c3e084dcc785c92db5807a0911eb45581ae69120997488f3038af58fc456273427a7ffd4ca3960da1948dc54e1effe21ef4ef42b5713fb142860cda9eb07805e99b8aa8b1a55257d929290012369219e0cf515a8713849d5d8258e3a308ebb721a8520d53509c384781d1da032916a76959716da1bfe8fadb814d469ee83aa9ea0693aa9e2b0189cfa93d7bc6341bff707c8a8ee73dd79d5c6c070db3896eb56fd4f71d1de39ff5140b85b7d2ced27b2641e82c9650fd400998b1174b439ef70bae32bd00c45c2883c847e25ce5151acce9807b6555f04f3d808d2c8dd045b6c4fb584f0452dd92e3086223b39b838fd1c64169b3345a530b244a769d54a05f091c43e882f52a83becf72d0d6106dfaec65b07322af85061b20d02d0027ea1ae2670be847184c63978b74f595be94cacd"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x44, r4, 0x431, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}]}, 0x44}}, 0x0)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="500000000802110f6501080211000000080211000000000000000000000000006400010000061f12c931c959e8db82848b960c121824"], 0x36)

619.609093ms ago: executing program 4 (id=2843):
mkdirat(0xffffffffffffff9c, &(0x7f0000002300)='./file0\x00', 0x181)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x2)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x1000)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000001240)='./file1\x00', 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x758e, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket(0x2, 0x80805, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000580)={{0x84, @broadcast, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7b}, {@private=0xa010102, 0x4e22, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x36, 0x0, 0x0, 0x4}]}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r7, &(0x7f0000004d40)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}, {{&(0x7f0000000340)={0xa, 0x4e23, 0x4, @private2, 0x58}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000380)="99", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r7, 0x1)
setsockopt(r7, 0x84, 0x82, &(0x7f00000002c0)="1a00000002000000", 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, "06"}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x2c, 0xd, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x47, 0xb2, 0x37, 0x8, 0x19d2, 0x78, 0x61be, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x6, 0x5, 0x80, 0xf3, [{{0x9, 0x4, 0x29, 0x12, 0x0, 0x69, 0xf6, 0x2b, 0x1}}, {{0x9, 0x4, 0x6, 0xf5, 0x0, 0xb0, 0xeb, 0x6e, 0x6}}]}}]}}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000000)=@lang_id={0x4, 0x3, 0x4ad0a08bc5510d75}}, {0xfb, &(0x7f0000000540)=@string={0xfb, 0x3, "bec73dab6210305fcd272c496198346287e3231967c4db76bb93d5aa70c42db2643e983d877541edcfbbc78a0e13ce31de018a7bc874a83d188d1066313e4036bb95159d555c84140cf3e1b8eec8b34ab4d802349a94d931df88ad5bb1b97f6a78b27d7858833a2d9c2d160b3f9ce3d7e9ea3ff2ec36193864d722c152402ce0a77f470da1247145b3867b293a559197e0600eeabd66a929c41da05a65c572e942f92481035b363db24f6029669fa63297cd188f8269f525e41379f49f47ad067b7b5ba9f4420c47bc1f398a13e11852bde7f45bb68a965d5a19d92cf8bb7edc50b84b082272907e927b98285a7c8ffcf6493613286b95f076"}}, {0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="b5a98d201ae5abdc59028fa2213c5b1d267bcf52df"]}]})

449.186141ms ago: executing program 1 (id=2844):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) (fail_nth: 6)

0s ago: executing program 0 (id=2845):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4810}, 0x20004804)

kernel console output (not intermixed with test programs):

ckopt+0x10/0x10
[  844.137748][T15225]  ? aa_sock_opt_perm+0xff/0x1a0
[  844.137773][T15225]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  844.137789][T15225]  ? __pfx_smc_setsockopt+0x10/0x10
[  844.137807][T15225]  do_sock_setsockopt+0x17c/0x1b0
[  844.137834][T15225]  __ia32_sys_setsockopt+0x13f/0x1b0
[  844.137861][T15225]  __do_fast_syscall_32+0x1f7/0x570
[  844.137882][T15225]  ? rcu_is_watching+0x15/0xb0
[  844.137900][T15225]  ? do_fast_syscall_32+0x34/0x80
[  844.137925][T15225]  do_fast_syscall_32+0x34/0x80
[  844.137945][T15225]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  844.137965][T15225] RIP: 0023:0xf706d539
[  844.137981][T15225] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  844.137996][T15225] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  844.138015][T15225] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  844.138026][T15225] RDX: 000000000000048c RSI: 00000000800002c0 RDI: 0000000000000018
[  844.138038][T15225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  844.138048][T15225] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  844.138059][T15225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  844.138086][T15225]  </TASK>
[  844.477768][ T5963] usb 2-1: USB disconnect, device number 11
[  844.504540][ T5898] usb 1-1: Using ep0 maxpacket: 16
[  844.514818][ T5898] usb 1-1: config 0 has an invalid interface number: 4 but max is 0
[  844.523541][ T5898] usb 1-1: config 0 has no interface number 0
[  844.531653][ T5898] usb 1-1: config 0 interface 4 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1023
[  844.546714][ T5898] usb 1-1: New USB device found, idVendor=19d2, idProduct=0265, bcdDevice=da.d0
[  844.556431][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.566437][ T5898] usb 1-1: Product: syz
[  844.570602][ T5898] usb 1-1: Manufacturer: syz
[  844.575723][ T5898] usb 1-1: SerialNumber: syz
[  844.582614][ T5898] usb 1-1: config 0 descriptor??
[  844.592801][T15221] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  844.637176][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.663765][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.693415][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.716528][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.726509][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.733603][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.741233][ T5932] cp2112 0003:10C4:EA90.001C: unknown main item tag 0x0
[  844.749730][T15227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2583'.
[  844.774374][ T5932] cp2112 0003:10C4:EA90.001C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  844.848139][ T7078] usb 1-1: USB disconnect, device number 7
[  844.865410][ T5932] cp2112 0003:10C4:EA90.001C: Part Number: 0x82 Device Version: 0xFE
[  845.065801][T15217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  845.074524][T15217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  845.083949][ T5898] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  845.243858][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  845.251577][ T5898] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  845.259674][ T5898] usb 3-1: config 0 has no interface number 0
[  845.268042][ T5898] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  845.277285][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.285135][ T5932] cp2112 0003:10C4:EA90.001C: error setting SMBus config
[  845.285840][ T5898] usb 3-1: Product: syz
[  845.296625][ T7078] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  845.302110][ T5898] usb 3-1: Manufacturer: syz
[  845.310180][ T5898] usb 3-1: SerialNumber: syz
[  845.314818][ T5932] cp2112 0003:10C4:EA90.001C: probe with driver cp2112 failed with error -71
[  845.332114][ T5898] usb 3-1: config 0 descriptor??
[  845.332570][ T5932] usb 5-1: USB disconnect, device number 120
[  845.347945][ T5898] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  845.357470][ T5898] usb 3-1: selecting invalid altsetting 1
[  845.375467][ T5898] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  845.394840][ T5898] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  845.408134][ T5898] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  845.417448][ T5898] usb 3-1: media controller created
[  845.436571][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  845.454323][ T7078] usb 4-1: Using ep0 maxpacket: 32
[  845.461614][ T7078] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  845.471449][ T7078] usb 4-1: config 0 has no interface number 0
[  845.481342][ T7078] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  845.491034][ T7078] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.499109][ T7078] usb 4-1: Product: syz
[  845.503353][ T7078] usb 4-1: Manufacturer: syz
[  845.508958][ T7078] usb 4-1: SerialNumber: syz
[  845.516472][ T7078] usb 4-1: config 0 descriptor??
[  845.530050][ T7078] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  845.538997][ T7078] usb 4-1: selecting invalid altsetting 1
[  845.544859][ T7078] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  845.555681][ T7078] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  845.574317][ T7078] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  845.582650][ T7078] usb 4-1: media controller created
[  845.597414][ T7078] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  845.694016][ T5963] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  845.857086][ T5963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.878548][ T5963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.891294][ T5963] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  845.901480][ T5963] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  845.910590][ T5963] usb 1-1: Manufacturer: syz
[  845.926695][ T5963] usb 1-1: config 0 descriptor??
[  846.234257][ T5932] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  846.357718][T15241] bridge0: port 3(vlan2) entered blocking state
[  846.364852][T15241] bridge0: port 3(vlan2) entered disabled state
[  846.371382][T15241] vlan2: entered allmulticast mode
[  846.376711][ T5932] usb 5-1: device descriptor read/64, error -71
[  846.384504][T15241] bridge0: entered allmulticast mode
[  846.392421][T15241] vlan2: left allmulticast mode
[  846.399523][T15241] bridge0: left allmulticast mode
[  846.534345][ T5898] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  846.542373][ T5898] zl10353_read_register: readreg error (reg=127, ret==-110)
[  846.554247][T15230] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  846.574149][T15234] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  846.601865][ T7078] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  846.611815][ T7078] zl10353_read_register: readreg error (reg=127, ret==-71)
[  846.623079][ T7078] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  846.631365][ T5932] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  846.671317][ T7078] usb 4-1: USB disconnect, device number 3
[  846.763796][ T5932] usb 5-1: device descriptor read/64, error -71
[  846.874557][ T5932] usb usb5-port1: attempt power cycle
[  847.200087][ T5898] usb 3-1: USB disconnect, device number 8
[  847.214201][ T5932] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  847.254503][ T5932] usb 5-1: device descriptor read/8, error -71
[  847.363849][ T5913] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  847.452733][T15256] vivid-007: =================  START STATUS  =================
[  847.460966][T15256] vivid-007: FM Deviation: 75000
[  847.466499][T15256] vivid-007: ==================  END STATUS  ==================
[  847.494760][ T5932] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[  847.524537][ T5932] usb 5-1: device descriptor read/8, error -71
[  847.534104][ T5898] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  847.541664][ T5913] usb 2-1: Using ep0 maxpacket: 8
[  847.550914][ T5913] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  847.570453][ T5913] usb 2-1: config 179 has no interface number 0
[  847.586102][ T5913] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  847.611845][ T5913] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  847.634307][ T5932] usb usb5-port1: unable to enumerate USB device
[  847.647030][ T5913] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  847.674689][ T5913] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  847.696944][ T5913] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  847.710614][ T5913] usb 2-1: config 179 interface 65 has no altsetting 0
[  847.718372][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  847.724278][ T5913] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  847.736074][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  847.748410][ T5898] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65
[  847.757795][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.768941][ T5898] usb 3-1: Product: syz
[  847.775578][ T5898] usb 3-1: Manufacturer: syz
[  847.783956][ T5898] usb 3-1: SerialNumber: syz
[  847.801732][ T5898] usb 3-1: config 0 descriptor??
[  847.819889][ T5898] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  847.882034][ T5913] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input66
[  848.220917][T15250] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2590'.
[  848.249579][T15250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  848.260797][T15250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  848.273300][ T5932] usb 2-1: USB disconnect, device number 12
[  848.426614][ T5898] gspca_vc032x: reg_w err -71
[  848.431466][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.436919][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.442408][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.447866][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.463889][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.469249][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.474630][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.482374][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.489251][ T5963] usbhid 1-1:0.0: can't add hid device: -71
[  848.499845][ T5963] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  848.507910][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.513292][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.528332][ T5963] usb 1-1: USB disconnect, device number 8
[  848.535899][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.541201][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.568679][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.575130][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.580446][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.586055][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.591330][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.598138][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.603418][ T5898] gspca_vc032x: I2c Bus Busy Wait 00
[  848.604493][ T5932] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  848.609055][ T5898] gspca_vc032x: Unknown sensor...
[  848.622840][ T5898] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  848.633450][ T5898] usb 3-1: USB disconnect, device number 9
[  848.767494][ T5932] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  848.777677][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.786022][ T5932] usb 4-1: Product: syz
[  848.790299][ T5932] usb 4-1: Manufacturer: syz
[  848.794955][ T5932] usb 4-1: SerialNumber: syz
[  849.219143][ T5932] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  849.274255][ T5932] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  849.345624][T15268] bridge0: entered promiscuous mode
[  849.363070][T15268] bridge0: port 3(macvtap1) entered blocking state
[  849.375127][T15268] bridge0: port 3(macvtap1) entered disabled state
[  849.382091][T15268] macvtap1: entered allmulticast mode
[  849.387641][T15268] bridge0: entered allmulticast mode
[  849.406906][T15268] macvtap1: left allmulticast mode
[  849.412105][T15268] bridge0: left allmulticast mode
[  849.503809][ T5963] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  849.650105][T15268] bridge0: left promiscuous mode
[  849.666567][ T5963] usb 3-1: Using ep0 maxpacket: 32
[  849.703950][T13577] usb 5-1: new full-speed USB device number 125 using dummy_hcd
[  849.727088][ T5963] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  849.817877][ T5963] usb 3-1: config 1 has no interface number 1
[  849.850478][ T5963] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  849.880073][ T5963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.933483][ T5963] usb 3-1: Product: syz
[  849.945641][ T5963] usb 3-1: Manufacturer: syz
[  849.955724][T13577] usb 5-1: device descriptor read/64, error -71
[  849.963835][ T5963] usb 3-1: SerialNumber: syz
[  850.203878][T13577] usb 5-1: new full-speed USB device number 126 using dummy_hcd
[  850.280531][ T5932] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO
[  850.334782][ T5932] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  850.360582][ T5963] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  850.368844][ T5963] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  850.379803][ T5963] usb 3-1: 2:1 : unsupported sample bitwidth 71 in 38 bytes
[  850.393804][T13577] usb 5-1: device descriptor read/64, error -71
[  850.400597][ T5963] usb 3-1: USB disconnect, device number 10
[  850.421775][ T5932] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  850.425523][T14693] udevd[14693]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  850.463850][   T30] audit: type=1326 audit(1765007220.006:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15281 comm="syz.1.2597" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd1539 code=0x0
[  850.525394][ T5932] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  850.543999][T13577] usb usb5-port1: attempt power cycle
[  850.601692][ T5932] usb 4-1: USB disconnect, device number 4
[  850.893794][T13577] usb 5-1: new full-speed USB device number 127 using dummy_hcd
[  850.938347][T13577] usb 5-1: device descriptor read/8, error -71
[  851.183872][T13577] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  851.243378][T13577] usb 5-1: device descriptor read/8, error -71
[  851.354090][T13577] usb usb5-port1: unable to enumerate USB device
[  852.023875][ T5963] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  852.203831][ T5963] usb 3-1: Using ep0 maxpacket: 32
[  852.218587][ T5963] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  852.233841][ T5963] usb 3-1: config 0 has no interface number 0
[  852.233951][ T7078] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  852.261008][ T5963] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  852.290577][ T5963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.314317][ T5963] usb 3-1: Product: syz
[  852.318539][ T5963] usb 3-1: Manufacturer: syz
[  852.323141][ T5963] usb 3-1: SerialNumber: syz
[  852.354909][ T5963] usb 3-1: config 0 descriptor??
[  852.375451][ T5963] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  852.393756][ T5963] usb 3-1: selecting invalid altsetting 1
[  852.394741][ T7078] usb 4-1: device descriptor read/64, error -71
[  852.399529][ T5963] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  852.425551][ T5963] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  852.446184][ T5963] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  852.463785][ T5963] usb 3-1: media controller created
[  852.500204][ T5963] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  852.674038][ T7078] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  852.803906][ T7078] usb 4-1: device descriptor read/64, error -71
[  852.813897][ T5913] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  852.914155][ T7078] usb usb4-port1: attempt power cycle
[  852.978271][ T5913] usb 5-1: Using ep0 maxpacket: 8
[  852.997570][ T5913] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  853.007750][ T5913] usb 5-1: config 179 has no interface number 0
[  853.014303][ T5913] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  853.033436][ T5913] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  853.045352][ T5913] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  853.057181][ T5913] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  853.074733][ T5913] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  853.089166][ T5913] usb 5-1: config 179 interface 65 has no altsetting 0
[  853.096203][ T5913] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  853.105431][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.140184][ T5913] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input67
[  853.273991][ T7078] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  853.314693][ T7078] usb 4-1: device descriptor read/8, error -71
[  853.361741][T15314] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2608'.
[  853.382409][T15314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  853.391509][T15314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  853.405205][ T5913] usb 5-1: USB disconnect, device number 3
[  853.477765][T15319] vivid-003: =================  START STATUS  =================
[  853.486005][T15319] vivid-003: FM Deviation: 75000
[  853.492934][T15319] vivid-003: ==================  END STATUS  ==================
[  853.563916][ T7078] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  853.584346][ T7078] usb 4-1: device descriptor read/8, error -71
[  853.653960][ T5963] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  853.661279][ T5963] zl10353_read_register: readreg error (reg=127, ret==-110)
[  853.674406][T15292] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  853.694037][ T7078] usb usb4-port1: unable to enumerate USB device
[  854.191877][ T5963] usb 3-1: USB disconnect, device number 11
[  854.203169][ T5913] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  854.376438][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  854.388341][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  854.402915][ T5913] usb 5-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  854.422355][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.459497][ T5913] usb 5-1: config 0 descriptor??
[  854.882525][ T5913] hid_mf 0003:0079:1846.001D: collection stack underflow
[  854.898160][ T5913] hid_mf 0003:0079:1846.001D: item 0 4 0 12 parsing failed
[  854.909565][ T5913] hid_mf 0003:0079:1846.001D: HID parse failed.
[  854.916922][ T5913] hid_mf 0003:0079:1846.001D: probe with driver hid_mf failed with error -22
[  855.134508][ T5913] usb 5-1: USB disconnect, device number 4
[  855.135932][T15337] vivid-001: disconnect
[  855.199788][T15337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2614'.
[  855.346311][T15336] vivid-001: reconnect
[  855.903845][ T5913] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  856.053825][ T5913] usb 1-1: Using ep0 maxpacket: 32
[  856.073480][ T5913] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65
[  856.100651][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.131420][ T5913] usb 1-1: Product: syz
[  856.141531][ T5913] usb 1-1: Manufacturer: syz
[  856.160278][ T5913] usb 1-1: SerialNumber: syz
[  856.174199][ T5913] usb 1-1: config 0 descriptor??
[  856.193189][ T5913] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  856.716880][ T5913] gspca_vc032x: reg_w err -71
[  856.721602][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.735012][T15359] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  856.761623][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.791937][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.797739][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.809569][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.822343][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.832479][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.843854][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.855963][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.872999][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.883119][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.901668][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.911938][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.922051][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.933783][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.944002][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.956929][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.962229][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.978520][ T5913] gspca_vc032x: I2c Bus Busy Wait 00
[  856.991039][ T5913] gspca_vc032x: Unknown sensor...
[  857.000667][ T5913] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  857.016842][ T5913] usb 1-1: USB disconnect, device number 9
[  857.086217][T15361] FAULT_INJECTION: forcing a failure.
[  857.086217][T15361] name failslab, interval 1, probability 0, space 0, times 0
[  857.111156][T15361] CPU: 1 UID: 0 PID: 15361 Comm: syz.4.2621 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  857.111175][T15361] Tainted: [L]=SOFTLOCKUP
[  857.111179][T15361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  857.111185][T15361] Call Trace:
[  857.111190][T15361]  <TASK>
[  857.111195][T15361]  dump_stack_lvl+0x189/0x250
[  857.111211][T15361]  ? __pfx____ratelimit+0x10/0x10
[  857.111222][T15361]  ? __pfx_dump_stack_lvl+0x10/0x10
[  857.111234][T15361]  ? __pfx__printk+0x10/0x10
[  857.111246][T15361]  ? __kasan_kmalloc+0x93/0xb0
[  857.111256][T15361]  ? tipc_setsockopt+0x735/0x970
[  857.111271][T15361]  ? __ia32_sys_setsockopt+0x13f/0x1b0
[  857.111283][T15361]  ? __do_fast_syscall_32+0x1f7/0x570
[  857.111295][T15361]  ? do_fast_syscall_32+0x34/0x80
[  857.111310][T15361]  should_fail_ex+0x414/0x560
[  857.111323][T15361]  should_failslab+0xa8/0x100
[  857.111335][T15361]  __kmalloc_cache_noprof+0x84/0x700
[  857.111351][T15361]  ? tipc_conn_alloc+0x57/0x4a0
[  857.111363][T15361]  tipc_conn_alloc+0x57/0x4a0
[  857.111376][T15361]  tipc_topsrv_kern_subscr+0xf0/0x240
[  857.111385][T15361]  ? tipc_own_addr+0x45/0x2a0
[  857.111397][T15361]  ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10
[  857.111408][T15361]  ? tipc_own_addr+0x45/0x2a0
[  857.111420][T15361]  ? __asan_memset+0x22/0x50
[  857.111435][T15361]  tipc_group_create+0x364/0x500
[  857.111450][T15361]  tipc_sk_join+0x24d/0x6b0
[  857.111459][T15361]  ? lockdep_hardirqs_on+0x98/0x140
[  857.111472][T15361]  ? __pfx_tipc_sk_join+0x10/0x10
[  857.111487][T15361]  tipc_setsockopt+0x735/0x970
[  857.111504][T15361]  ? __pfx_tipc_setsockopt+0x10/0x10
[  857.111519][T15361]  ? aa_sock_opt_perm+0xff/0x1a0
[  857.111533][T15361]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  857.111542][T15361]  ? __pfx_tipc_setsockopt+0x10/0x10
[  857.111557][T15361]  do_sock_setsockopt+0x17c/0x1b0
[  857.111571][T15361]  __ia32_sys_setsockopt+0x13f/0x1b0
[  857.111587][T15361]  __do_fast_syscall_32+0x1f7/0x570
[  857.111599][T15361]  ? rcu_is_watching+0x15/0xb0
[  857.111609][T15361]  ? do_fast_syscall_32+0x34/0x80
[  857.111623][T15361]  do_fast_syscall_32+0x34/0x80
[  857.111635][T15361]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  857.111646][T15361] RIP: 0023:0xf7f43539
[  857.111656][T15361] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  857.111664][T15361] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  857.111675][T15361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000010f
[  857.111681][T15361] RDX: 0000000000000087 RSI: 0000000080000100 RDI: 0000000000000010
[  857.111693][T15361] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  857.111698][T15361] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  857.111704][T15361] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  857.111719][T15361]  </TASK>
[  857.524319][T15365] FAULT_INJECTION: forcing a failure.
[  857.524319][T15365] name failslab, interval 1, probability 0, space 0, times 0
[  857.561984][T15365] CPU: 0 UID: 0 PID: 15365 Comm: syz.4.2623 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  857.562011][T15365] Tainted: [L]=SOFTLOCKUP
[  857.562019][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  857.562028][T15365] Call Trace:
[  857.562036][T15365]  <TASK>
[  857.562043][T15365]  dump_stack_lvl+0x189/0x250
[  857.562067][T15365]  ? __pfx____ratelimit+0x10/0x10
[  857.562086][T15365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  857.562104][T15365]  ? __pfx__printk+0x10/0x10
[  857.562129][T15365]  ? __pfx___might_resched+0x10/0x10
[  857.562145][T15365]  ? fs_reclaim_acquire+0x7d/0x100
[  857.562167][T15365]  should_fail_ex+0x414/0x560
[  857.562189][T15365]  should_failslab+0xa8/0x100
[  857.562211][T15365]  __kmalloc_noprof+0xdf/0x800
[  857.562233][T15365]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  857.562259][T15365]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  857.562283][T15365]  genl_family_rcv_msg_doit+0xb8/0x300
[  857.562307][T15365]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  857.562332][T15365]  ? apparmor_capable+0x137/0x1a0
[  857.562349][T15365]  ? bpf_lsm_capable+0x9/0x20
[  857.562365][T15365]  ? security_capable+0x7e/0x2e0
[  857.562391][T15365]  genl_rcv_msg+0x60e/0x790
[  857.562415][T15365]  ? __pfx_genl_rcv_msg+0x10/0x10
[  857.562431][T15365]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  857.562451][T15365]  ? __pfx_nl80211_set_bss+0x10/0x10
[  857.562470][T15365]  ? __pfx_nl80211_post_doit+0x10/0x10
[  857.562502][T15365]  netlink_rcv_skb+0x208/0x470
[  857.562526][T15365]  ? __pfx_genl_rcv_msg+0x10/0x10
[  857.562546][T15365]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  857.562585][T15365]  ? down_read+0x274/0x2e0
[  857.562604][T15365]  ? genl_rcv+0xd/0x40
[  857.562621][T15365]  genl_rcv+0x28/0x40
[  857.562636][T15365]  netlink_unicast+0x82f/0x9e0
[  857.562664][T15365]  ? __pfx_netlink_unicast+0x10/0x10
[  857.562686][T15365]  ? netlink_sendmsg+0x642/0xb30
[  857.562708][T15365]  ? skb_put+0x11b/0x210
[  857.562732][T15365]  netlink_sendmsg+0x805/0xb30
[  857.562764][T15365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  857.562797][T15365]  ? __import_iovec+0x5d4/0x7f0
[  857.562816][T15365]  ? aa_sock_msg_perm+0xf1/0x1b0
[  857.562839][T15365]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  857.562862][T15365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  857.562886][T15365]  __sock_sendmsg+0x21c/0x270
[  857.562907][T15365]  ____sys_sendmsg+0x505/0x820
[  857.562935][T15365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  857.562961][T15365]  ? kstrtouint+0x6e/0xe0
[  857.562985][T15365]  ___sys_sendmsg+0x21f/0x2a0
[  857.563010][T15365]  ? __pfx____sys_sendmsg+0x10/0x10
[  857.563038][T15365]  ? rcu_read_lock_any_held+0xb3/0x120
[  857.563083][T15365]  ? __fget_files+0x2a/0x420
[  857.563101][T15365]  ? __fget_files+0x3a0/0x420
[  857.563130][T15365]  __sys_sendmsg+0x164/0x220
[  857.563153][T15365]  ? __pfx___sys_sendmsg+0x10/0x10
[  857.563184][T15365]  ? __pfx_ksys_write+0x10/0x10
[  857.563204][T15365]  ? __do_fast_syscall_32+0xbe/0x570
[  857.563225][T15365]  __do_fast_syscall_32+0x1f7/0x570
[  857.563245][T15365]  ? rcu_is_watching+0x15/0xb0
[  857.563261][T15365]  ? do_fast_syscall_32+0x34/0x80
[  857.563286][T15365]  do_fast_syscall_32+0x34/0x80
[  857.563305][T15365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  857.563324][T15365] RIP: 0023:0xf7f43539
[  857.563340][T15365] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  857.563355][T15365] RSP: 002b:00000000f543655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  857.563373][T15365] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800019c0
[  857.563386][T15365] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  857.563396][T15365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  857.563407][T15365] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  857.563417][T15365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  857.563444][T15365]  </TASK>
[  858.189617][T15379] vivid-001: =================  START STATUS  =================
[  858.207570][T15379] vivid-001: FM Deviation: 75000
[  858.248244][T15379] vivid-001: ==================  END STATUS  ==================
[  858.359381][T15367] netlink: 'syz.3.2624': attribute type 16 has an invalid length.
[  858.393879][T15367] netlink: 'syz.3.2624': attribute type 17 has an invalid length.
[  858.433786][T13577] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  858.539511][T15367] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  858.573828][T13577] usb 3-1: device descriptor read/64, error -71
[  858.814105][T13577] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  858.830535][T15385] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2629'.
[  858.964828][T13577] usb 3-1: device descriptor read/64, error -71
[  859.080636][T13577] usb usb3-port1: attempt power cycle
[  859.177633][T15396] vivid-001: =================  START STATUS  =================
[  859.188660][T15396] vivid-001: FM Deviation: 75000
[  859.193657][T15396] vivid-001: ==================  END STATUS  ==================
[  859.357811][T15393] netlink: 'syz.1.2626': attribute type 16 has an invalid length.
[  859.379369][T15393] netlink: 'syz.1.2626': attribute type 17 has an invalid length.
[  859.424025][T13577] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  859.445129][T13577] usb 3-1: device descriptor read/8, error -71
[  859.561712][T15393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  859.684005][T13577] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  859.704494][T13577] usb 3-1: device descriptor read/8, error -71
[  859.818413][T13577] usb usb3-port1: unable to enumerate USB device
[  860.112157][T15406] vivid-007: =================  START STATUS  =================
[  860.120062][T15406] vivid-007: FM Deviation: 75000
[  860.149678][T15406] vivid-007: ==================  END STATUS  ==================
[  861.573990][ T1215] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  861.731030][T15424] netlink: 'syz.2.2639': attribute type 16 has an invalid length.
[  861.744890][T15424] netlink: 'syz.2.2639': attribute type 17 has an invalid length.
[  861.797284][ T1215] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  861.844089][ T1215] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.876518][ T1215] usb 5-1: Product: syz
[  861.880742][ T1215] usb 5-1: Manufacturer: syz
[  861.880761][ T1215] usb 5-1: SerialNumber: syz
[  861.943938][T15424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  862.085953][T15431] vivid-007: =================  START STATUS  =================
[  862.103881][T15431] vivid-007: FM Deviation: 75000
[  862.119133][T15431] vivid-007: ==================  END STATUS  ==================
[  862.589624][ T1215] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  862.604488][ T1215] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  862.624971][ T1215] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  862.641225][ T1215] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  862.793926][ T5913] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  862.803830][ T5963] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  862.963888][ T5913] usb 1-1: Using ep0 maxpacket: 8
[  862.973180][ T5963] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  862.983829][ T5963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.992034][ T5963] usb 3-1: Product: syz
[  862.996502][ T5963] usb 3-1: Manufacturer: syz
[  863.001253][ T5913] usb 1-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  863.012619][ T5963] usb 3-1: SerialNumber: syz
[  863.033789][ T5913] usb 1-1: config 0 interface 0 has no altsetting 0
[  863.050662][ T5913] usb 1-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  863.063664][T15443] vivid-007: =================  START STATUS  =================
[  863.070901][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.080331][T15443] vivid-007: FM Deviation: 75000
[  863.086354][T15443] vivid-007: ==================  END STATUS  ==================
[  863.109319][ T5913] usb 1-1: config 0 descriptor??
[  863.468648][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  863.481508][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  863.540582][ T5913] usbhid 1-1:0.0: can't add hid device: -71
[  863.548201][ T5913] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  863.585756][ T5913] usb 1-1: USB disconnect, device number 10
[  863.928368][T15449] 8021q: VLANs not supported on vcan0
[  864.358248][T15453] netlink: 'syz.0.2645': attribute type 16 has an invalid length.
[  864.367378][T15453] netlink: 'syz.0.2645': attribute type 17 has an invalid length.
[  864.378883][ T1215] usb 5-1: USB disconnect, device number 5
[  864.420430][T15456] tipc: Resetting bearer <eth:syzkaller0>
[  864.472006][T15453] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  864.739699][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  864.973003][T15434] fuse: root generation should be zero
[  864.983533][T15434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  864.993366][T15434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  865.009041][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -EPROTO
[  865.034141][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  865.058291][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  865.167171][ T5963] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  865.180254][ T5963] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  865.230871][ T5963] usb 3-1: USB disconnect, device number 16
[  865.668266][T15479] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.2652'.
[  865.689438][T15479] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  866.209228][T15493] vivid-007: =================  START STATUS  =================
[  866.231814][T15493] vivid-007: FM Deviation: 75000
[  866.238246][T15493] vivid-007: ==================  END STATUS  ==================
[  866.269454][ T5932] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  866.353839][T13577] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  866.473821][ T5932] usb 5-1: Using ep0 maxpacket: 32
[  866.503359][ T5932] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  866.513759][T13577] usb 3-1: Using ep0 maxpacket: 16
[  866.524203][T13577] usb 3-1: too many configurations: 123, using maximum allowed: 8
[  866.542292][ T5932] usb 5-1: config 0 has no interface number 0
[  866.563040][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.595366][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.613516][ T5932] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  866.624681][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.639666][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.662395][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.674681][ T5932] usb 5-1: Product: syz
[  866.682213][ T5932] usb 5-1: Manufacturer: syz
[  866.687493][ T5932] usb 5-1: SerialNumber: syz
[  866.692420][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.711764][ T5932] usb 5-1: config 0 descriptor??
[  866.724499][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.751632][ T5932] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  866.762429][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.793668][T13577] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.843884][T13577] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  866.858184][T13577] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  866.892776][T13577] usb 3-1: SerialNumber: syz
[  866.938670][T13577] usb 3-1: config 0 descriptor??
[  866.966426][T13577] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input68
[  866.991014][ T5932] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  867.002400][ T5932] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  867.175765][T15492] netlink: 'syz.2.2657': attribute type 11 has an invalid length.
[  867.516121][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  867.516527][ T5963] usb 5-1: USB disconnect, device number 6
[  867.540679][ T5963] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  867.580300][ T5963] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  867.593533][ T5963] quatech2 5-1:0.51: device disconnected
[  867.880477][ T5187] bcm5974 3-1:0.0: could not read from device
[  867.907461][T13577] usb 3-1: USB disconnect, device number 17
[  867.913564][ T5187] bcm5974 3-1:0.0: could not read from device
[  867.973826][ T5913] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  868.114216][ T5913] usb 4-1: device descriptor read/64, error -71
[  868.284883][T15515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2664'.
[  868.373992][ T5913] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  868.503766][ T5913] usb 4-1: device descriptor read/64, error -71
[  868.544194][T13577] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  868.624102][ T5913] usb usb4-port1: attempt power cycle
[  868.697128][T13577] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  868.706826][T13577] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  868.721256][T13577] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  868.736307][T13577] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  868.745598][T13577] usb 1-1: Manufacturer: syz
[  868.761751][T13577] usb 1-1: config 0 descriptor??
[  868.856788][T13577] rc_core: IR keymap rc-hauppauge not found
[  868.867197][T13577] Registered IR keymap rc-empty
[  868.877458][T13577] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  868.899116][T13577] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input69
[  868.974260][ T5913] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  868.996376][    C1] igorplugusb 1-1:0.0: Error: urb status = -32
[  869.007566][ T5913] usb 4-1: device descriptor read/8, error -71
[  869.025310][ T5963] usb 1-1: USB disconnect, device number 11
[  869.274008][ T5913] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  869.304398][ T5913] usb 4-1: device descriptor read/8, error -71
[  869.414196][ T5913] usb usb4-port1: unable to enumerate USB device
[  869.798112][T15535] vivid-001: =================  START STATUS  =================
[  869.805899][T15535] vivid-001: FM Deviation: 75000
[  869.810862][T15535] vivid-001: ==================  END STATUS  ==================
[  870.058007][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  870.064640][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  870.133904][ T5913] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  870.294704][ T5913] usb 3-1: Using ep0 maxpacket: 16
[  870.304698][ T5913] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  870.314017][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.322013][ T5913] usb 3-1: Product: syz
[  870.326911][ T5913] usb 3-1: Manufacturer: syz
[  870.331516][ T5913] usb 3-1: SerialNumber: syz
[  870.338147][ T5913] usb 3-1: config 0 descriptor??
[  870.548226][ T5913] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[  870.570264][ T5913] usb 3-1: USB disconnect, device number 18
[  871.073912][ T5898] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  871.223943][ T5898] usb 1-1: Using ep0 maxpacket: 32
[  871.236612][ T5898] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  871.248276][ T5898] usb 1-1: config 0 has no interface number 0
[  871.267938][ T5898] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  871.285078][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.293293][ T5898] usb 1-1: Product: syz
[  871.298634][ T5898] usb 1-1: Manufacturer: syz
[  871.304527][ T5898] usb 1-1: SerialNumber: syz
[  871.311408][ T5898] usb 1-1: config 0 descriptor??
[  871.338734][ T5898] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  871.384042][ T5913] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  871.543354][ T5898] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  871.552995][ T5913] usb 3-1: Using ep0 maxpacket: 8
[  871.561702][ T5913] usb 3-1: config 5 has an invalid interface number: 179 but max is 1
[  871.592564][ T5898] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  871.603944][ T5913] usb 3-1: config 5 has an invalid interface number: 4 but max is 1
[  871.643339][ T5913] usb 3-1: config 5 has an invalid interface number: 46 but max is 1
[  871.683256][ T5913] usb 3-1: config 5 has 3 interfaces, different from the descriptor's value: 2
[  871.765204][ T5913] usb 3-1: config 5 has no interface number 0
[  871.783802][ T5913] usb 3-1: config 5 has no interface number 1
[  871.794746][ T5913] usb 3-1: config 5 has no interface number 2
[  871.811800][ T5913] usb 3-1: config 5 interface 179 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  871.853802][ T5913] usb 3-1: config 5 interface 4 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 7
[  871.883837][ T5913] usb 3-1: config 5 interface 179 has no altsetting 0
[  871.890711][ T5913] usb 3-1: config 5 interface 4 has no altsetting 0
[  871.903798][ T5913] usb 3-1: config 5 interface 46 has no altsetting 0
[  871.939862][ T5913] usb 3-1: New USB device found, idVendor=0960, idProduct=0065, bcdDevice=76.70
[  871.954451][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.962490][ T5913] usb 3-1: Product: syz
[  871.974895][ T5913] usb 3-1: Manufacturer: syz
[  871.979626][ T5913] usb 3-1: SerialNumber: syz
[  872.230887][ T5913] usb 3-1: USB disconnect, device number 19
[  872.654014][T13577] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  872.770088][T15576] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2683'.
[  872.805783][T13577] usb 5-1: unable to get BOS descriptor or descriptor too short
[  872.816947][T13577] usb 5-1: config index 0 descriptor too short (expected 33540, got 36)
[  872.825915][T13577] usb 5-1: config 108 has too many interfaces: 60, using maximum allowed: 32
[  872.834828][T13577] usb 5-1: config 108 has an invalid descriptor of length 0, skipping remainder of the config
[  872.845670][T13577] usb 5-1: config 108 has 1 interface, different from the descriptor's value: 60
[  872.857835][T13577] usb 5-1: config 108 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  872.871409][T13577] usb 5-1: config 108 interface 0 has no altsetting 0
[  872.895241][T13577] usb 5-1: string descriptor 0 read error: -22
[  872.906291][T13577] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  872.926584][T13577] usb 5-1: New USB device strings: Mfr=1, Product=235, SerialNumber=2
[  873.047616][T15580] FAULT_INJECTION: forcing a failure.
[  873.047616][T15580] name failslab, interval 1, probability 0, space 0, times 0
[  873.061310][T15580] CPU: 1 UID: 0 PID: 15580 Comm: syz.2.2684 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  873.061338][T15580] Tainted: [L]=SOFTLOCKUP
[  873.061344][T15580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  873.061354][T15580] Call Trace:
[  873.061361][T15580]  <TASK>
[  873.061368][T15580]  dump_stack_lvl+0x189/0x250
[  873.061393][T15580]  ? __pfx____ratelimit+0x10/0x10
[  873.061412][T15580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  873.061432][T15580]  ? __pfx__printk+0x10/0x10
[  873.061457][T15580]  ? __pfx___might_resched+0x10/0x10
[  873.061475][T15580]  ? fs_reclaim_acquire+0x7d/0x100
[  873.061505][T15580]  should_fail_ex+0x414/0x560
[  873.061528][T15580]  should_failslab+0xa8/0x100
[  873.061549][T15580]  __kmalloc_cache_noprof+0x84/0x700
[  873.061572][T15580]  ? netlink_lookup+0x30/0x200
[  873.061594][T15580]  ? genl_family_rcv_msg_attrs_parse+0x13b/0x2a0
[  873.061613][T15580]  ? genl_start+0x1c9/0x6c0
[  873.061636][T15580]  genl_start+0x1c9/0x6c0
[  873.061653][T15580]  ? netlink_lookup+0x30/0x200
[  873.061682][T15580]  __netlink_dump_start+0x469/0x7e0
[  873.061713][T15580]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  873.061735][T15580]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  873.061752][T15580]  ? genl_get_cmd+0x7d9/0x910
[  873.061772][T15580]  ? __pfx_genl_start+0x10/0x10
[  873.061787][T15580]  ? __pfx_genl_dumpit+0x10/0x10
[  873.061803][T15580]  ? __pfx_genl_done+0x10/0x10
[  873.061835][T15580]  genl_rcv_msg+0x5da/0x790
[  873.061858][T15580]  ? __pfx_genl_rcv_msg+0x10/0x10
[  873.061875][T15580]  ? __pfx_ovs_dp_cmd_dump+0x10/0x10
[  873.061906][T15580]  netlink_rcv_skb+0x208/0x470
[  873.061929][T15580]  ? __pfx_genl_rcv_msg+0x10/0x10
[  873.061948][T15580]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  873.061986][T15580]  ? down_read+0x274/0x2e0
[  873.062003][T15580]  ? genl_rcv+0xd/0x40
[  873.062023][T15580]  genl_rcv+0x28/0x40
[  873.062039][T15580]  netlink_unicast+0x82f/0x9e0
[  873.062068][T15580]  ? __pfx_netlink_unicast+0x10/0x10
[  873.062090][T15580]  ? netlink_sendmsg+0x642/0xb30
[  873.062111][T15580]  ? skb_put+0x11b/0x210
[  873.062135][T15580]  netlink_sendmsg+0x805/0xb30
[  873.062168][T15580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.062194][T15580]  ? __import_iovec+0x5d4/0x7f0
[  873.062212][T15580]  ? aa_sock_msg_perm+0xf1/0x1b0
[  873.062236][T15580]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  873.062259][T15580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.062283][T15580]  __sock_sendmsg+0x21c/0x270
[  873.062304][T15580]  ____sys_sendmsg+0x505/0x820
[  873.062332][T15580]  ? __pfx_____sys_sendmsg+0x10/0x10
[  873.062358][T15580]  ? kstrtouint+0x6e/0xe0
[  873.062392][T15580]  ___sys_sendmsg+0x21f/0x2a0
[  873.062421][T15580]  ? __pfx____sys_sendmsg+0x10/0x10
[  873.062450][T15580]  ? rcu_read_lock_any_held+0xb3/0x120
[  873.062506][T15580]  ? __fget_files+0x2a/0x420
[  873.062526][T15580]  ? __fget_files+0x3a0/0x420
[  873.062556][T15580]  __sys_sendmsg+0x164/0x220
[  873.062580][T15580]  ? __pfx___sys_sendmsg+0x10/0x10
[  873.062610][T15580]  ? __pfx_ksys_write+0x10/0x10
[  873.062630][T15580]  ? __do_fast_syscall_32+0xbe/0x570
[  873.062654][T15580]  __do_fast_syscall_32+0x1f7/0x570
[  873.062675][T15580]  ? rcu_is_watching+0x15/0xb0
[  873.062692][T15580]  ? do_fast_syscall_32+0x34/0x80
[  873.062717][T15580]  do_fast_syscall_32+0x34/0x80
[  873.062738][T15580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  873.062757][T15580] RIP: 0023:0xf701d539
[  873.062773][T15580] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  873.062787][T15580] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  873.062812][T15580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  873.062823][T15580] RDX: 0000000004008094 RSI: 0000000000000000 RDI: 0000000000000000
[  873.062833][T15580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  873.062843][T15580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  873.062853][T15580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  873.062880][T15580]  </TASK>
[  873.542562][T15578] vivid-003: =================  START STATUS  =================
[  873.550714][T15578] vivid-003: FM Deviation: 75000
[  873.556142][T15578] vivid-003: ==================  END STATUS  ==================
[  873.681563][T15570] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2681'.
[  873.895831][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  873.903482][ T5963] usb 1-1: USB disconnect, device number 12
[  873.915962][ T5963] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  873.927526][ T5913] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  873.941450][ T5963] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  873.964328][ T5963] quatech2 1-1:0.51: device disconnected
[  874.084046][ T5913] usb 3-1: Using ep0 maxpacket: 8
[  874.091635][ T5913] usb 3-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  874.103363][ T5913] usb 3-1: config 0 interface 0 has no altsetting 0
[  874.112950][ T5913] usb 3-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  874.122653][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.132810][ T5913] usb 3-1: config 0 descriptor??
[  874.225389][ T5963] usb 5-1: USB disconnect, device number 7
[  874.243822][T13577] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  874.495024][T13577] usb 4-1: Using ep0 maxpacket: 32
[  874.507189][T13577] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  874.529350][T13577] usb 4-1: config 0 has no interface number 0
[  874.551105][ T5913] usbhid 3-1:0.0: can't add hid device: -71
[  874.561643][T13577] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  874.575572][ T5913] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  874.578197][T13577] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.598806][T13577] usb 4-1: Product: syz
[  874.600963][ T5913] usb 3-1: USB disconnect, device number 20
[  874.604050][T13577] usb 4-1: Manufacturer: syz
[  874.621480][T13577] usb 4-1: SerialNumber: syz
[  874.656182][T13577] usb 4-1: config 0 descriptor??
[  874.685753][T13577] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  874.703774][T13577] usb 4-1: selecting invalid altsetting 1
[  874.716777][T13577] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  874.757269][T13577] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  874.781749][T13577] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  874.810155][T13577] usb 4-1: media controller created
[  874.847459][T13577] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  875.975426][T15589] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  876.024360][T13577] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  876.031420][T13577] zl10353_read_register: readreg error (reg=127, ret==-71)
[  876.059846][T13577] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  876.196018][T13577] usb 4-1: USB disconnect, device number 13
[  877.415862][T15632] vivid-001: =================  START STATUS  =================
[  877.434436][T15632] vivid-001: FM Deviation: 75000
[  877.439482][T15632] vivid-001: ==================  END STATUS  ==================
[  878.663811][ T5898] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  878.855293][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  878.869829][ T5898] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  878.906153][ T5898] usb 3-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  878.916600][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.940308][ T5898] usb 3-1: config 0 descriptor??
[  878.980800][ T5898] dvb-usb: found a 'TeVii S662' in warm state.
[  879.028900][ T5898] dw2102: su3000_power_ctrl: 1, initialized 0
[  879.055198][ T5898] dvb-usb: bulk message failed: -22 (2/0)
[  879.104355][ T5898] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  879.117158][ T5898] dvbdev: DVB: registering new adapter (TeVii S662)
[  879.126568][ T5898] usb 3-1: media controller created
[  879.134931][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.206285][ T5898] dw2102: i2c transfer failed.
[  879.220582][T15641] dvb-usb: bulk message failed: -22 (4/0)
[  879.233985][T15641] dw2102: i2c transfer failed.
[  879.261314][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.281654][ T5898] dw2102: i2c transfer failed.
[  879.288772][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.297297][ T5898] dw2102: i2c transfer failed.
[  879.314777][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.326931][ T5898] dw2102: i2c transfer failed.
[  879.338293][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.344834][ T5898] dw2102: i2c transfer failed.
[  879.350348][ T5898] dvb-usb: bulk message failed: -22 (6/0)
[  879.357005][ T5898] dw2102: i2c transfer failed.
[  879.361863][ T5898] dvb-usb: MAC address: 02:02:02:02:02:02
[  879.472343][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  879.569707][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[  879.601312][ T5898] dw2102: command 0x0e transfer failed.
[  879.630181][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[  879.653925][ T5898] dw2102: command 0x0e transfer failed.
[  879.983844][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[  880.015479][ T5898] dw2102: command 0x0e transfer failed.
[  880.049804][ T5898] dvb-usb: bulk message failed: -22 (3/0)
[  880.107791][ T5898] dw2102: command 0x0e transfer failed.
[  880.170985][ T5898] dvb-usb: bulk message failed: -22 (1/0)
[  880.208477][ T5898] dw2102: command 0x51 transfer failed.
[  880.233148][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[  880.278173][ T5898] dw2102: i2c probe for address 0x68 failed.
[  880.323895][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[  880.353776][ T5898] dw2102: i2c probe for address 0x69 failed.
[  880.399055][ T5898] dvb-usb: bulk message failed: -22 (5/0)
[  880.426677][ T5898] dw2102: i2c probe for address 0x6a failed.
[  880.467273][ T5898] dw2102: probing for demodulator failed. Is the external power switched on?
[  880.497154][ T5898] dvb-usb: no frontend was attached by 'TeVii S662'
[  880.679835][ T5898] rc_core: IR keymap rc-tt-1500 not found
[  880.703714][ T5898] Registered IR keymap rc-empty
[  880.721098][ T5898] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  880.755069][ T5898] input: TeVii S662 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input70
[  880.827136][ T5898] dvb-usb: schedule remote query interval to 250 msecs.
[  880.865843][ T5898] dw2102: su3000_power_ctrl: 0, initialized 1
[  880.905412][ T5898] dvb-usb: TeVii S662 successfully initialized and connected.
[  880.942348][ T5898] usb 3-1: USB disconnect, device number 21
[  881.117295][ T5898] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  881.334663][T15673] FAULT_INJECTION: forcing a failure.
[  881.334663][T15673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  881.361263][T15673] CPU: 0 UID: 0 PID: 15673 Comm: syz.0.2710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  881.361290][T15673] Tainted: [L]=SOFTLOCKUP
[  881.361297][T15673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  881.361307][T15673] Call Trace:
[  881.361314][T15673]  <TASK>
[  881.361321][T15673]  dump_stack_lvl+0x189/0x250
[  881.361345][T15673]  ? __pfx____ratelimit+0x10/0x10
[  881.361371][T15673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  881.361389][T15673]  ? __pfx__printk+0x10/0x10
[  881.361420][T15673]  should_fail_ex+0x414/0x560
[  881.361441][T15673]  _copy_to_user+0x31/0xb0
[  881.361463][T15673]  kvm_arch_dev_ioctl+0x7af/0x8f0
[  881.361479][T15673]  ? __pfx_kvm_arch_dev_ioctl+0x10/0x10
[  881.361496][T15673]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  881.361545][T15673]  kvm_dev_ioctl+0x597/0x1570
[  881.361567][T15673]  ? __fget_files+0x2a/0x420
[  881.361589][T15673]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  881.361608][T15673]  ? __fget_files+0x2a/0x420
[  881.361630][T15673]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  881.361650][T15673]  __ia32_compat_sys_ioctl+0x543/0x840
[  881.361674][T15673]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  881.361695][T15673]  ? __fget_files+0x3a0/0x420
[  881.361719][T15673]  ? fput+0xa0/0xd0
[  881.361737][T15673]  ? ksys_write+0x22a/0x250
[  881.361750][T15673]  ? exc_page_fault+0x82/0x100
[  881.361768][T15673]  ? __pfx_ksys_write+0x10/0x10
[  881.361787][T15673]  ? __do_fast_syscall_32+0xbe/0x570
[  881.361811][T15673]  __do_fast_syscall_32+0x1f7/0x570
[  881.361830][T15673]  ? rcu_is_watching+0x15/0xb0
[  881.361848][T15673]  ? do_fast_syscall_32+0x34/0x80
[  881.361873][T15673]  do_fast_syscall_32+0x34/0x80
[  881.361893][T15673]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  881.361912][T15673] RIP: 0023:0xf7f06539
[  881.361926][T15673] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  881.361941][T15673] RSP: 002b:00000000f53f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  881.361960][T15673] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c004ae02
[  881.361972][T15673] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  881.361983][T15673] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  881.361991][T15673] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  881.362000][T15673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  881.362025][T15673]  </TASK>
[  881.963789][T13577] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  881.974928][ T1215] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  882.133737][ T1215] usb 1-1: Using ep0 maxpacket: 8
[  882.153541][ T1215] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  882.163867][T13577] usb 5-1: Using ep0 maxpacket: 16
[  882.182863][ T1215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.191447][ T1215] usb 1-1: Product: syz
[  882.196584][ T1215] usb 1-1: Manufacturer: syz
[  882.201388][T13577] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  882.233399][T13577] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  882.246938][ T1215] usb 1-1: SerialNumber: syz
[  882.269241][T13577] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.305717][T13577] usb 5-1: config 0 descriptor??
[  882.477432][ T1215] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  884.662854][T13577] usbhid 5-1:0.0: can't add hid device: -71
[  884.677410][T13577] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  884.702651][T13577] usb 5-1: USB disconnect, device number 8
[  884.759230][ T5898] usb 1-1: USB disconnect, device number 13
[  884.773086][ T5898] usblp0: removed
[  885.143859][T13577] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  885.323809][T13577] usb 5-1: Using ep0 maxpacket: 8
[  885.349567][T13577] usb 5-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  885.372335][T13577] usb 5-1: config 0 interface 0 has no altsetting 0
[  885.380722][T13577] usb 5-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  885.392857][T13577] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.406302][T13577] usb 5-1: config 0 descriptor??
[  885.845487][T13577] usbhid 5-1:0.0: can't add hid device: -71
[  885.858262][T13577] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  885.883826][ T5898] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  885.901117][T13577] usb 5-1: USB disconnect, device number 9
[  886.043833][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  886.057613][ T5898] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  886.073301][ T5898] usb 3-1: config 0 has no interface number 0
[  886.090537][ T5898] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  886.109266][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.141653][ T5898] usb 3-1: Product: syz
[  886.155319][ T5898] usb 3-1: Manufacturer: syz
[  886.159923][ T5898] usb 3-1: SerialNumber: syz
[  886.187513][ T5898] usb 3-1: config 0 descriptor??
[  886.203439][ T5898] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  886.434268][ T5898] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  886.475502][ T5898] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  886.844856][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  886.845188][ T1215] usb 3-1: USB disconnect, device number 22
[  886.911002][ T1215] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  886.976592][ T1215] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  887.029624][ T1215] quatech2 3-1:0.51: device disconnected
[  887.689872][T15760] kvm: user requested TSC rate below hardware speed
[  887.694025][ T1215] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  887.711664][   T30] audit: type=1326 audit(1765007257.256:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15756 comm="syz.2.2733" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x0
[  887.894490][ T1215] usb 1-1: Using ep0 maxpacket: 16
[  887.905425][ T1215] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  887.933935][ T1215] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  887.981307][ T1215] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  887.999773][ T1215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  888.039324][ T1215] usb 1-1: Product: syz
[  888.053825][ T1215] usb 1-1: Manufacturer: syz
[  888.068632][ T1215] usb 1-1: SerialNumber: syz
[  888.537183][ T1215] usb 1-1: 0:2 : does not exist
[  888.843847][T13577] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  888.946484][T15753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  888.994177][T15753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  889.024283][T13577] usb 3-1: Using ep0 maxpacket: 32
[  889.043162][ T1215] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  889.053068][T13577] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  889.113645][T13577] usb 3-1: config 0 has no interface number 0
[  889.146434][T13577] usb 3-1: config 0 interface 12 has no altsetting 0
[  889.167235][ T1215] usb 1-1: USB disconnect, device number 14
[  889.178867][T13577] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  889.233825][T13577] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.241859][T13577] usb 3-1: Product: syz
[  889.305616][T13577] usb 3-1: Manufacturer: syz
[  889.318467][T14714] udevd[14714]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  889.327912][T13577] usb 3-1: SerialNumber: syz
[  889.372836][T13577] usb 3-1: config 0 descriptor??
[  890.260324][T15780] netlink: 'syz.4.2740': attribute type 16 has an invalid length.
[  890.269501][T15780] netlink: 'syz.4.2740': attribute type 17 has an invalid length.
[  890.292545][T15780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  890.963883][ T5913] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  890.985334][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  891.113872][ T5913] usb 2-1: device descriptor read/64, error -32
[  891.130283][T15806] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2747'.
[  891.364444][ T5913] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  891.408802][T13577] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  891.421357][T13577] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  891.441059][T13577] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  891.461175][T13577] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  891.493974][T13577] usb 3-1: USB disconnect, device number 23
[  891.594311][ T5913] usb 2-1: Using ep0 maxpacket: 32
[  891.630320][ T5913] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  891.646047][ T5913] usb 2-1: config 0 has no interface number 0
[  891.711960][ T5913] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  891.733968][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  891.752259][ T5913] usb 2-1: Product: syz
[  891.762542][ T5913] usb 2-1: Manufacturer: syz
[  891.768960][ T5913] usb 2-1: SerialNumber: syz
[  891.778190][ T5913] usb 2-1: config 0 descriptor??
[  891.786948][ T5913] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  892.083384][ T5913] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  892.098687][ T5913] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  892.144775][T15822] fuse: Unknown parameter '
[  892.144775][T15822] '
[  892.152003][T15823] fuse: Unknown parameter '
[  892.152003][T15823] '
[  893.082608][T15828] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  893.118471][T15828] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  893.173087][T15828] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  893.201676][T15828] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  893.232069][T15828] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  893.263019][T15828] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  893.292667][T15828] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  893.343964][T15828] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  895.253804][ T1215] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  895.428134][ T1215] usb 3-1: Using ep0 maxpacket: 8
[  895.449782][ T1215] usb 3-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  895.480993][ T1215] usb 3-1: config 0 interface 0 has no altsetting 0
[  895.501700][ T1215] usb 3-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  895.533794][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  895.556572][ T1215] usb 3-1: config 0 descriptor??
[  895.941363][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  895.941866][T13577] usb 2-1: USB disconnect, device number 14
[  895.985444][T13577] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  896.036330][T13577] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  896.057571][T13577] quatech2 2-1:0.51: device disconnected
[  896.078242][T15896] FAULT_INJECTION: forcing a failure.
[  896.078242][T15896] name failslab, interval 1, probability 0, space 0, times 0
[  896.120273][T15896] CPU: 0 UID: 0 PID: 15896 Comm: syz.3.2761 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  896.120301][T15896] Tainted: [L]=SOFTLOCKUP
[  896.120308][T15896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  896.120319][T15896] Call Trace:
[  896.120327][T15896]  <TASK>
[  896.120335][T15896]  dump_stack_lvl+0x189/0x250
[  896.120360][T15896]  ? __pfx____ratelimit+0x10/0x10
[  896.120379][T15896]  ? __pfx_dump_stack_lvl+0x10/0x10
[  896.120400][T15896]  ? __pfx__printk+0x10/0x10
[  896.120429][T15896]  ? __pfx___might_resched+0x10/0x10
[  896.120448][T15896]  ? fs_reclaim_acquire+0x7d/0x100
[  896.120470][T15896]  should_fail_ex+0x414/0x560
[  896.120494][T15896]  should_failslab+0xa8/0x100
[  896.120515][T15896]  __kmalloc_cache_noprof+0x84/0x700
[  896.120538][T15896]  ? kvm_vcpu_compat_ioctl+0x203/0x390
[  896.120558][T15896]  ? __ia32_compat_sys_ioctl+0x543/0x840
[  896.120581][T15896]  ? __do_fast_syscall_32+0x1f7/0x570
[  896.120600][T15896]  ? kvm_hv_vcpu_init+0x86/0xaf0
[  896.120626][T15896]  kvm_hv_vcpu_init+0x86/0xaf0
[  896.120650][T15896]  kvm_hv_get_msr_common+0xf4/0x14e0
[  896.120678][T15896]  ? __pfx_kvm_hv_get_msr_common+0x10/0x10
[  896.120703][T15896]  ? kvm_find_user_return_msr+0xcc/0xe0
[  896.120724][T15896]  ? kvm_get_msr_common+0x21a/0x3130
[  896.120740][T15896]  ? vmx_get_msr+0x1095/0x1660
[  896.120760][T15896]  __kvm_get_msr+0x31a/0x530
[  896.120784][T15896]  ? __pfx___kvm_get_msr+0x10/0x10
[  896.120813][T15896]  ? __pfx_do_get_msr+0x10/0x10
[  896.120831][T15896]  kvm_get_msr_ignored_check+0x2a/0x400
[  896.120853][T15896]  ? __pfx_do_get_msr+0x10/0x10
[  896.120871][T15896]  msr_io+0x423/0x8d0
[  896.120891][T15896]  ? __pfx_do_get_msr+0x10/0x10
[  896.120910][T15896]  ? __pfx_msr_io+0x10/0x10
[  896.120930][T15896]  ? __srcu_check_read_flavor+0x106/0x250
[  896.120954][T15896]  kvm_arch_vcpu_ioctl+0x11d1/0x2a70
[  896.120972][T15896]  ? __lock_acquire+0x6b6/0x2cf0
[  896.120988][T15896]  ? kvm_arch_vcpu_ioctl+0x1194/0x2a70
[  896.121009][T15896]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  896.121034][T15896]  ? __lock_acquire+0x6b6/0x2cf0
[  896.121054][T15896]  ? __lock_acquire+0x6b6/0x2cf0
[  896.121110][T15896]  ? is_bpf_text_address+0x26/0x2b0
[  896.121139][T15896]  ? is_bpf_text_address+0x292/0x2b0
[  896.121162][T15896]  ? is_bpf_text_address+0x26/0x2b0
[  896.121187][T15896]  ? kernel_text_address+0xa5/0xe0
[  896.121210][T15896]  ? __kernel_text_address+0xd/0x40
[  896.121236][T15896]  ? __lock_acquire+0x6b6/0x2cf0
[  896.121272][T15896]  ? format_decode+0xd0/0xe10
[  896.121301][T15896]  ? __mutex_trylock_common+0x153/0x260
[  896.121324][T15896]  ? __pfx___mutex_trylock_common+0x10/0x10
[  896.121343][T15896]  ? __do_fast_syscall_32+0x1f7/0x570
[  896.121363][T15896]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  896.121386][T15896]  ? rcu_is_watching+0x15/0xb0
[  896.121407][T15896]  ? trace_contention_end+0x39/0x100
[  896.121428][T15896]  ? __mutex_lock+0x335/0x1350
[  896.121461][T15896]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  896.121485][T15896]  ? __pfx___mutex_lock+0x10/0x10
[  896.121511][T15896]  ? kasan_quarantine_put+0xdd/0x220
[  896.121533][T15896]  ? lockdep_hardirqs_on+0x98/0x140
[  896.121561][T15896]  kvm_vcpu_ioctl+0x74d/0xe90
[  896.121589][T15896]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  896.121608][T15896]  ? do_vfs_ioctl+0xbe8/0x1430
[  896.121634][T15896]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  896.121693][T15896]  kvm_vcpu_compat_ioctl+0x203/0x390
[  896.121719][T15896]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  896.121741][T15896]  ? __fget_files+0x3a0/0x420
[  896.121760][T15896]  ? __fget_files+0x2a/0x420
[  896.121783][T15896]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  896.121806][T15896]  __ia32_compat_sys_ioctl+0x543/0x840
[  896.121834][T15896]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  896.121859][T15896]  ? __fget_files+0x3a0/0x420
[  896.121886][T15896]  ? fput+0xa0/0xd0
[  896.121907][T15896]  ? ksys_write+0x22a/0x250
[  896.121922][T15896]  ? exc_page_fault+0x82/0x100
[  896.121942][T15896]  ? __pfx_ksys_write+0x10/0x10
[  896.121962][T15896]  ? __do_fast_syscall_32+0xbe/0x570
[  896.121987][T15896]  __do_fast_syscall_32+0x1f7/0x570
[  896.122008][T15896]  ? rcu_is_watching+0x15/0xb0
[  896.122032][T15896]  ? do_fast_syscall_32+0x34/0x80
[  896.122058][T15896]  do_fast_syscall_32+0x34/0x80
[  896.122078][T15896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  896.122098][T15896] RIP: 0023:0xf706d539
[  896.122115][T15896] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  896.122131][T15896] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  896.122150][T15896] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae88
[  896.122163][T15896] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  896.122174][T15896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  896.122184][T15896] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  896.122195][T15896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  896.122223][T15896]  </TASK>
[  896.624585][ T1215] usbhid 3-1:0.0: can't add hid device: -71
[  896.640509][ T1215] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  896.674414][ T1215] usb 3-1: USB disconnect, device number 24
[  897.295814][T15928] netlink: 'syz.4.2769': attribute type 16 has an invalid length.
[  897.328617][T15928] netlink: 'syz.4.2769': attribute type 17 has an invalid length.
[  897.426330][T15937] vivid-007: =================  START STATUS  =================
[  897.435372][T15937] vivid-007: FM Deviation: 75000
[  897.450655][T15937] vivid-007: ==================  END STATUS  ==================
[  897.634248][T15928] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  897.843942][T15324] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  898.037716][T15324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  898.065895][T15324] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  898.099126][T15324] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  898.123826][T15324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.178177][T15324] usb 3-1: config 0 descriptor??
[  898.212274][T15956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  898.236130][T15956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  898.690755][T15942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  898.725454][T15942] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  899.026253][T15971] FAULT_INJECTION: forcing a failure.
[  899.026253][T15971] name failslab, interval 1, probability 0, space 0, times 0
[  899.056023][T15971] CPU: 1 UID: 0 PID: 15971 Comm: syz.3.2775 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  899.056056][T15971] Tainted: [L]=SOFTLOCKUP
[  899.056062][T15971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  899.056072][T15971] Call Trace:
[  899.056078][T15971]  <TASK>
[  899.056086][T15971]  dump_stack_lvl+0x189/0x250
[  899.056109][T15971]  ? __pfx____ratelimit+0x10/0x10
[  899.056127][T15971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  899.056146][T15971]  ? __pfx__printk+0x10/0x10
[  899.056174][T15971]  ? __pfx___might_resched+0x10/0x10
[  899.056191][T15971]  ? fs_reclaim_acquire+0x7d/0x100
[  899.056214][T15971]  should_fail_ex+0x414/0x560
[  899.056237][T15971]  should_failslab+0xa8/0x100
[  899.056259][T15971]  __kmalloc_noprof+0xdf/0x800
[  899.056290][T15971]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  899.056317][T15971]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  899.056345][T15971]  genl_family_rcv_msg_doit+0xb8/0x300
[  899.056371][T15971]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  899.056406][T15971]  ? apparmor_capable+0x137/0x1a0
[  899.056426][T15971]  ? bpf_lsm_capable+0x9/0x20
[  899.056444][T15971]  ? security_capable+0x7e/0x2e0
[  899.056471][T15971]  genl_rcv_msg+0x60e/0x790
[  899.056495][T15971]  ? __pfx_genl_rcv_msg+0x10/0x10
[  899.056512][T15971]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  899.056531][T15971]  ? __pfx_nl80211_trigger_scan+0x10/0x10
[  899.056553][T15971]  ? __pfx_nl80211_post_doit+0x10/0x10
[  899.056587][T15971]  netlink_rcv_skb+0x208/0x470
[  899.056611][T15971]  ? __pfx_genl_rcv_msg+0x10/0x10
[  899.056631][T15971]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  899.056670][T15971]  ? down_read+0x274/0x2e0
[  899.056689][T15971]  ? genl_rcv+0xd/0x40
[  899.056708][T15971]  genl_rcv+0x28/0x40
[  899.056724][T15971]  netlink_unicast+0x82f/0x9e0
[  899.056754][T15971]  ? __pfx_netlink_unicast+0x10/0x10
[  899.056778][T15971]  ? netlink_sendmsg+0x642/0xb30
[  899.056798][T15971]  ? skb_put+0x11b/0x210
[  899.056823][T15971]  netlink_sendmsg+0x805/0xb30
[  899.056854][T15971]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.056880][T15971]  ? __import_iovec+0x5d4/0x7f0
[  899.056899][T15971]  ? aa_sock_msg_perm+0xf1/0x1b0
[  899.056921][T15971]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  899.056945][T15971]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.056969][T15971]  __sock_sendmsg+0x21c/0x270
[  899.056990][T15971]  ____sys_sendmsg+0x505/0x820
[  899.057018][T15971]  ? __pfx_____sys_sendmsg+0x10/0x10
[  899.057045][T15971]  ? kstrtouint+0x6e/0xe0
[  899.057070][T15971]  ___sys_sendmsg+0x21f/0x2a0
[  899.057094][T15971]  ? __pfx____sys_sendmsg+0x10/0x10
[  899.057123][T15971]  ? rcu_read_lock_any_held+0xb3/0x120
[  899.057170][T15971]  ? __fget_files+0x2a/0x420
[  899.057189][T15971]  ? __fget_files+0x3a0/0x420
[  899.057218][T15971]  __sys_sendmsg+0x164/0x220
[  899.057242][T15971]  ? __pfx___sys_sendmsg+0x10/0x10
[  899.057273][T15971]  ? __pfx_ksys_write+0x10/0x10
[  899.057293][T15971]  ? __do_fast_syscall_32+0xbe/0x570
[  899.057318][T15971]  __do_fast_syscall_32+0x1f7/0x570
[  899.057338][T15971]  ? rcu_is_watching+0x15/0xb0
[  899.057356][T15971]  ? do_fast_syscall_32+0x34/0x80
[  899.057388][T15971]  do_fast_syscall_32+0x34/0x80
[  899.057409][T15971]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  899.057429][T15971] RIP: 0023:0xf706d539
[  899.057444][T15971] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  899.057459][T15971] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  899.057478][T15971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  899.057489][T15971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  899.057498][T15971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  899.057508][T15971] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  899.057519][T15971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  899.057547][T15971]  </TASK>
[  899.059384][T15971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  899.340744][T15324] hid-thrustmaster 0003:044F:B65D.001E: unknown main item tag 0x0
[  899.525161][T15324] hid-thrustmaster 0003:044F:B65D.001E: hidraw0: USB HID v0.f0 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0
[  899.564095][T15324] hid-thrustmaster 0003:044F:B65D.001E: Wrong number of endpoints?
[  900.083769][T15324] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  900.256491][T15324] usb 2-1: Using ep0 maxpacket: 32
[  900.304080][T15324] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  900.312327][T15324] usb 2-1: config 0 has no interface number 0
[  900.318570][ T5898] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  900.358212][T15324] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  900.368369][T15324] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  900.397828][T15324] usb 2-1: Product: syz
[  900.402071][T15324] usb 2-1: Manufacturer: syz
[  900.406879][ T5913] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  900.417022][T15324] usb 2-1: SerialNumber: syz
[  900.434461][T15324] usb 2-1: config 0 descriptor??
[  900.449562][T15324] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  900.477277][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  900.489780][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.500042][ T5898] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  900.510770][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.532845][ T5898] usb 5-1: config 0 descriptor??
[  900.565865][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  900.577683][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.589173][ T5913] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  900.598867][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.611298][ T5913] usb 1-1: config 0 descriptor??
[  900.655364][T15324] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  900.686664][T15324] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  900.804304][    C0] hid-thrustmaster 0003:044F:B65D.001E: URB to get model id failed with error -108
[  901.010433][T16004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.035517][ T5913] hid-thrustmaster 0003:044F:B65D.001F: unknown main item tag 0x0
[  901.059571][T16004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  901.070256][ T5913] hid-thrustmaster 0003:044F:B65D.001F: hidraw1: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0
[  901.104752][ T5913] hid-thrustmaster 0003:044F:B65D.001F: Wrong number of endpoints?
[  901.240673][T15993] FAULT_INJECTION: forcing a failure.
[  901.240673][T15993] name failslab, interval 1, probability 0, space 0, times 0
[  901.290358][T15993] CPU: 0 UID: 0 PID: 15993 Comm: syz.0.2781 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  901.290378][T15993] Tainted: [L]=SOFTLOCKUP
[  901.290381][T15993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  901.290390][T15993] Call Trace:
[  901.290395][T15993]  <TASK>
[  901.290400][T15993]  dump_stack_lvl+0x189/0x250
[  901.290416][T15993]  ? __pfx____ratelimit+0x10/0x10
[  901.290428][T15993]  ? __pfx_dump_stack_lvl+0x10/0x10
[  901.290440][T15993]  ? __pfx__printk+0x10/0x10
[  901.290461][T15993]  ? __pfx___might_resched+0x10/0x10
[  901.290474][T15993]  ? fs_reclaim_acquire+0x7d/0x100
[  901.290487][T15993]  should_fail_ex+0x414/0x560
[  901.290502][T15993]  should_failslab+0xa8/0x100
[  901.290515][T15993]  kmem_cache_alloc_noprof+0x88/0x710
[  901.290529][T15993]  ? security_file_alloc+0x34/0x330
[  901.290543][T15993]  security_file_alloc+0x34/0x330
[  901.290554][T15993]  init_file+0x93/0x2f0
[  901.290571][T15993]  alloc_empty_file+0x6e/0x1d0
[  901.290584][T15993]  path_openat+0x108/0x3dd0
[  901.290603][T15993]  ? stack_trace_save+0x9c/0xe0
[  901.290618][T15993]  ? __pfx_stack_trace_save+0x10/0x10
[  901.290632][T15993]  ? stack_depot_save_flags+0x40/0x850
[  901.290648][T15993]  ? kasan_save_track+0x4f/0x80
[  901.290656][T15993]  ? kasan_save_track+0x3e/0x80
[  901.290663][T15993]  ? __kasan_slab_alloc+0x6c/0x80
[  901.290672][T15993]  ? kmem_cache_alloc_noprof+0x37d/0x710
[  901.290684][T15993]  ? getname_flags+0xb8/0x540
[  901.290694][T15993]  ? do_sys_openat2+0xbc/0x200
[  901.290706][T15993]  ? __pfx_path_openat+0x10/0x10
[  901.290721][T15993]  ? __lock_acquire+0x6b6/0x2cf0
[  901.290739][T15993]  do_filp_open+0x1fa/0x410
[  901.290754][T15993]  ? __pfx_do_filp_open+0x10/0x10
[  901.290778][T15993]  ? _raw_spin_unlock+0x28/0x50
[  901.290787][T15993]  ? alloc_fd+0x64c/0x6c0
[  901.290804][T15993]  do_sys_openat2+0x121/0x200
[  901.290817][T15993]  ? __pfx_do_sys_openat2+0x10/0x10
[  901.290831][T15993]  ? ksys_write+0x22a/0x250
[  901.290840][T15993]  ? __pfx_ksys_write+0x10/0x10
[  901.290850][T15993]  __ia32_compat_sys_openat+0x131/0x160
[  901.290866][T15993]  __do_fast_syscall_32+0x1f7/0x570
[  901.290877][T15993]  ? lockdep_hardirqs_on+0x98/0x140
[  901.290888][T15993]  ? do_fast_syscall_32+0x34/0x80
[  901.290899][T15993]  ? irqentry_exit+0x10f/0x660
[  901.290911][T15993]  do_fast_syscall_32+0x34/0x80
[  901.290923][T15993]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  901.290934][T15993] RIP: 0023:0xf7f06539
[  901.290943][T15993] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  901.290951][T15993] RSP: 002b:00000000f53f6100 EFLAGS: 00000206 ORIG_RAX: 0000000000000127
[  901.290962][T15993] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f53f6150
[  901.290969][T15993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7396ff4
[  901.290975][T15993] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  901.290980][T15993] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  901.290986][T15993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  901.291000][T15993]  </TASK>
[  902.019319][    C0] hid-thrustmaster 0003:044F:B65D.001F: URB to get model id failed with error -71
[  902.064950][ T5913] usb 1-1: USB disconnect, device number 15
[  902.085066][ T5932] usb 3-1: USB disconnect, device number 25
[  902.151975][T16011] FAULT_INJECTION: forcing a failure.
[  902.151975][T16011] name failslab, interval 1, probability 0, space 0, times 0
[  902.168842][T16011] CPU: 1 UID: 0 PID: 16011 Comm: syz.3.2786 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  902.168870][T16011] Tainted: [L]=SOFTLOCKUP
[  902.168877][T16011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  902.168887][T16011] Call Trace:
[  902.168895][T16011]  <TASK>
[  902.168902][T16011]  dump_stack_lvl+0x189/0x250
[  902.168928][T16011]  ? __pfx____ratelimit+0x10/0x10
[  902.168947][T16011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  902.168965][T16011]  ? __pfx__printk+0x10/0x10
[  902.168995][T16011]  ? __pfx___might_resched+0x10/0x10
[  902.169019][T16011]  should_fail_ex+0x414/0x560
[  902.169035][T16011]  should_failslab+0xa8/0x100
[  902.169057][T16011]  __kmalloc_noprof+0xdf/0x800
[  902.169079][T16011]  ? kfree+0x4d/0x660
[  902.169097][T16011]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  902.169123][T16011]  tomoyo_realpath_from_path+0xe3/0x5d0
[  902.169147][T16011]  ? tomoyo_domain+0xd8/0x130
[  902.169179][T16011]  tomoyo_path2_perm+0x265/0x680
[  902.169197][T16011]  ? tomoyo_path2_perm+0x235/0x680
[  902.169218][T16011]  ? __pfx_tomoyo_path2_perm+0x10/0x10
[  902.169285][T16011]  tomoyo_path_rename+0x114/0x190
[  902.169313][T16011]  ? __pfx_tomoyo_path_rename+0x10/0x10
[  902.169343][T16011]  ? _raw_spin_unlock+0x28/0x50
[  902.169362][T16011]  security_path_rename+0x250/0x490
[  902.169391][T16011]  do_renameat2+0x4c4/0x8e0
[  902.169424][T16011]  ? __pfx_do_renameat2+0x10/0x10
[  902.169451][T16011]  ? strncpy_from_user+0x150/0x2c0
[  902.169479][T16011]  ? getname_flags+0x1e5/0x540
[  902.169495][T16011]  __ia32_sys_renameat2+0xce/0xe0
[  902.169513][T16011]  __do_fast_syscall_32+0x1f7/0x570
[  902.169535][T16011]  ? rcu_is_watching+0x15/0xb0
[  902.169555][T16011]  ? do_fast_syscall_32+0x34/0x80
[  902.169580][T16011]  do_fast_syscall_32+0x34/0x80
[  902.169600][T16011]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  902.169612][T16011] RIP: 0023:0xf706d539
[  902.169621][T16011] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  902.169630][T16011] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000161
[  902.169642][T16011] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000600
[  902.169649][T16011] RDX: 00000000ffffff9c RSI: 0000000080000640 RDI: 0000000000000002
[  902.169658][T16011] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  902.169669][T16011] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  902.169679][T16011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  902.169710][T16011]  </TASK>
[  902.169753][T16011] ERROR: Out of memory at tomoyo_realpath_from_path.
[  902.249789][T16012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  902.454641][T16012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  902.479164][T16014] netlink: 'syz.3.2787': attribute type 1 has an invalid length.
[  902.607960][ T5898] usbhid 5-1:0.0: can't add hid device: -71
[  902.634138][ T5898] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  902.664304][ T5898] usb 5-1: USB disconnect, device number 10
[  902.812144][T16027] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2791'.
[  902.893775][ T5932] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  903.059527][ T5932] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  903.075080][ T5932] usb 4-1: config 0 interface 0 has no altsetting 0
[  903.086666][ T5932] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  903.104019][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  903.113020][ T5932] usb 4-1: Product: syz
[  903.121794][ T5932] usb 4-1: Manufacturer: syz
[  903.131782][ T5932] usb 4-1: SerialNumber: syz
[  903.150786][ T5932] usb 4-1: config 0 descriptor??
[  903.185344][ T5932] usb 4-1: selecting invalid altsetting 0
[  903.404584][T16023] usb 4-1: cannot submit urb 0, error -2: endpoint not enabled
[  903.476918][T16022] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  903.487990][ T5898] usb 4-1: USB disconnect, device number 14
[  903.660022][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  903.670849][ T5913] usb 2-1: USB disconnect, device number 15
[  903.679227][ T5913] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  903.706077][ T5913] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  903.723208][ T5913] quatech2 2-1:0.51: device disconnected
[  904.168471][T16047] vivid-001: =================  START STATUS  =================
[  904.176266][T16047] vivid-001: FM Deviation: 75000
[  904.196569][T16047] vivid-001: ==================  END STATUS  ==================
[  904.215786][ T5932] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  904.403783][ T5932] usb 3-1: Using ep0 maxpacket: 16
[  904.420184][ T5932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  904.464557][ T5932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  904.515834][ T5932] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  904.574924][ T5932] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  904.605893][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.641564][ T5932] usb 3-1: config 0 descriptor??
[  905.127813][ T5932] microsoft 0003:045E:07DA.0020: collection stack underflow
[  905.151339][ T5932] microsoft 0003:045E:07DA.0020: item 0 2 0 12 parsing failed
[  905.181153][ T5932] microsoft 0003:045E:07DA.0020: parse failed
[  905.213259][ T5932] microsoft 0003:045E:07DA.0020: probe with driver microsoft failed with error -22
[  905.466803][T16042] netlink: 'syz.2.2796': attribute type 8 has an invalid length.
[  905.622833][ T5932] usb 3-1: USB disconnect, device number 26
[  906.626141][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  906.636515][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  906.654515][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  906.662449][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  906.670220][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  906.708957][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  906.738751][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  906.746101][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  906.762906][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  906.774819][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  906.793294][ T1215] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  906.953747][ T1215] usb 5-1: Using ep0 maxpacket: 32
[  906.989932][ T1215] usb 5-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice= d.65
[  907.014357][ T1215] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.046500][ T1215] usb 5-1: Product: syz
[  907.066585][ T1215] usb 5-1: Manufacturer: syz
[  907.081438][ T1215] usb 5-1: SerialNumber: syz
[  907.130186][ T1215] usb 5-1: config 0 descriptor??
[  907.148071][ T1215] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  907.560833][ T3230] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  907.594026][ T3230] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.731856][ T1215] gspca_vc032x: reg_w err -71
[  907.742820][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.746888][ T3230] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  907.755547][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.770385][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.770434][ T3230] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.776432][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.799053][ T5932] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  907.810308][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.817180][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.823799][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.829580][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.835667][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.841418][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.847015][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.852304][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.857968][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.863280][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.868802][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.874337][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.879814][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.885169][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.890618][ T1215] gspca_vc032x: I2c Bus Busy Wait 00
[  907.896364][ T1215] gspca_vc032x: Unknown sensor...
[  907.914192][ T1215] vc032x 5-1:0.0: probe with driver vc032x failed with error -22
[  907.959065][ T1215] usb 5-1: USB disconnect, device number 11
[  907.983837][ T5932] usb 2-1: Using ep0 maxpacket: 32
[  907.993561][ T3230] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  908.006754][ T5932] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  908.017804][ T5932] usb 2-1: config 0 has no interface number 0
[  908.024053][ T3230] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.061127][T16066] chnl_net:caif_netlink_parms(): no params data found
[  908.066174][ T5932] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  908.077306][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.085342][ T5932] usb 2-1: Product: syz
[  908.089577][ T5932] usb 2-1: Manufacturer: syz
[  908.094569][ T5932] usb 2-1: SerialNumber: syz
[  908.103542][ T5932] usb 2-1: config 0 descriptor??
[  908.275676][ T3230] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  908.287213][ T3230] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.460717][ T5932] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  908.660984][T16093] FAULT_INJECTION: forcing a failure.
[  908.660984][T16093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  908.714794][T16066] bridge0: port 1(bridge_slave_0) entered blocking state
[  908.722091][T16066] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.731143][T16066] bridge_slave_0: entered allmulticast mode
[  908.740230][T16066] bridge_slave_0: entered promiscuous mode
[  908.761131][T16093] CPU: 1 UID: 0 PID: 16093 Comm: syz.2.2807 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  908.761158][T16093] Tainted: [L]=SOFTLOCKUP
[  908.761165][T16093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  908.761176][T16093] Call Trace:
[  908.761183][T16093]  <TASK>
[  908.761190][T16093]  dump_stack_lvl+0x189/0x250
[  908.761214][T16093]  ? __pfx____ratelimit+0x10/0x10
[  908.761233][T16093]  ? __pfx_dump_stack_lvl+0x10/0x10
[  908.761252][T16093]  ? __pfx__printk+0x10/0x10
[  908.761275][T16093]  ? __might_fault+0xb0/0x130
[  908.761312][T16093]  should_fail_ex+0x414/0x560
[  908.761336][T16093]  fpu__restore_sig+0x9ce/0x10d0
[  908.761368][T16093]  ? __pfx_fpu__restore_sig+0x10/0x10
[  908.761415][T16093]  ia32_restore_sigcontext+0x449/0x5b0
[  908.761433][T16093]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  908.761456][T16093]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  908.761491][T16093]  ? _raw_spin_unlock_irq+0x23/0x50
[  908.761508][T16093]  ? lockdep_hardirqs_on+0x98/0x140
[  908.761530][T16093]  __ia32_compat_sys_rt_sigreturn+0x1a9/0x260
[  908.761546][T16093]  ? __task_pid_nr_ns+0x28/0x490
[  908.761569][T16093]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  908.761592][T16093]  ? do_int80_emulation+0xec/0x410
[  908.761614][T16093]  ? asm_int80_emulation+0x1a/0x20
[  908.761630][T16093]  do_int80_emulation+0x126/0x410
[  908.761657][T16093]  ? clear_bhb_loop+0x60/0xb0
[  908.761673][T16093]  ? clear_bhb_loop+0x60/0xb0
[  908.761693][T16093]  asm_int80_emulation+0x1a/0x20
[  908.761708][T16093] RIP: 0023:0xf701d539
[  908.761723][T16093] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  908.761738][T16093] RSP: 002b:00000000f53ec590 EFLAGS: 00000206
[  908.761753][T16093] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 00000000f53ec610
[  908.761765][T16093] RDX: 0000000000000001 RSI: 00000000f73b6ff4 RDI: 0000000000000000
[  908.761775][T16093] RBP: 00000000f73e5018 R08: 0000000000000000 R09: 0000000000000000
[  908.761787][T16093] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  908.761797][T16093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  908.761824][T16093]  </TASK>
[  908.765421][T16066] bridge0: port 2(bridge_slave_1) entered blocking state
[  908.878596][ T5832] Bluetooth: hci5: command tx timeout
[  908.881565][T16066] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.065844][ T5932] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  909.097142][ T5932] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  909.101531][T16066] bridge_slave_1: entered allmulticast mode
[  909.114624][T16066] bridge_slave_1: entered promiscuous mode
[  909.214246][T16099] vivid-001: =================  START STATUS  =================
[  909.231161][T16099] vivid-001: FM Deviation: 75000
[  909.237473][T16098] vivid-009: =================  START STATUS  =================
[  909.245883][T16098] vivid-009: FM Deviation: 75000
[  909.256402][T16099] vivid-001: ==================  END STATUS  ==================
[  909.271237][T16098] vivid-009: ==================  END STATUS  ==================
[  909.369135][T16066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  909.417882][T16103] netlink: 'syz.2.2811': attribute type 16 has an invalid length.
[  909.460999][T16103] netlink: 'syz.2.2811': attribute type 17 has an invalid length.
[  909.561824][T16066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  909.656426][T16103] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  909.722792][ T3230] bridge_slave_1: left allmulticast mode
[  909.753216][ T3230] bridge_slave_1: left promiscuous mode
[  909.780379][ T3230] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.825922][ T3230] bridge_slave_0: left allmulticast mode
[  909.852235][ T3230] bridge_slave_0: left promiscuous mode
[  909.878260][ T3230] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.933802][ T5832] Bluetooth: hci5: command tx timeout
[  911.732083][ T3230] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  911.752061][ T3230] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  911.778872][ T3230] bond0 (unregistering): Released all slaves
[  911.812497][ T3230] bond1 (unregistering): Released all slaves
[  912.060886][ T3230] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface
[  912.082244][ T3230] veth0_to_bond: left promiscuous mode
[  912.095209][ T3230] veth0_to_bond: left allmulticast mode
[  912.113471][ T3230] bond2 (unregistering): Released all slaves
[  912.286000][T16066] team0: Port device team_slave_0 added
[  912.292665][ T3230] tipc: Left network mode
[  912.307785][T16066] team0: Port device team_slave_1 added
[  912.477968][T16125] loop2: detected capacity change from 0 to 7
[  912.498363][T16125] Dev loop2: unable to read RDB block 7
[  912.510787][T16125]  loop2: AHDI p1 p2 p3
[  912.515279][T16125] loop2: partition table partially beyond EOD, truncated
[  912.522491][T16125] loop2: p1 start 1601398130 is beyond EOD, truncated
[  912.536733][T16125] loop2: p2 start 1702059890 is beyond EOD, truncated
[  912.754618][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  912.762620][ T5932] usb 2-1: USB disconnect, device number 16
[  912.779982][ T5932] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  912.880069][T16066] batman_adv: batadv0: Adding interface: batadv_slave_0
[  912.910207][ T5932] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  912.929060][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  912.971091][ T5932] quatech2 2-1:0.51: device disconnected
[  912.989979][T16066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  913.013901][ T5832] Bluetooth: hci5: command tx timeout
[  913.102866][T16066] batman_adv: batadv0: Adding interface: batadv_slave_1
[  913.112580][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  913.151760][T16066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  913.596709][T16066] hsr_slave_0: entered promiscuous mode
[  913.603032][T16066] hsr_slave_1: entered promiscuous mode
[  913.610553][T16066] debugfs: 'hsr0' already exists in 'hsr'
[  913.623834][T16066] Cannot create hsr debugfs directory
[  913.861895][T16155] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2817'.
[  913.942120][ T3230] hsr_slave_0: left promiscuous mode
[  913.952057][ T3230] hsr_slave_1: left promiscuous mode
[  913.990525][ T3230] veth1_vlan: left promiscuous mode
[  914.005926][ T3230] veth0_vlan: left promiscuous mode
[  914.031080][T16163] FAULT_INJECTION: forcing a failure.
[  914.031080][T16163] name failslab, interval 1, probability 0, space 0, times 0
[  914.063563][T16163] CPU: 1 UID: 0 PID: 16163 Comm: syz.4.2817 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  914.063582][T16163] Tainted: [L]=SOFTLOCKUP
[  914.063586][T16163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  914.063592][T16163] Call Trace:
[  914.063597][T16163]  <TASK>
[  914.063603][T16163]  dump_stack_lvl+0x189/0x250
[  914.063619][T16163]  ? __pfx____ratelimit+0x10/0x10
[  914.063631][T16163]  ? __pfx_dump_stack_lvl+0x10/0x10
[  914.063667][T16163]  ? __pfx__printk+0x10/0x10
[  914.063692][T16163]  ? __pfx___might_resched+0x10/0x10
[  914.063713][T16163]  should_fail_ex+0x414/0x560
[  914.063734][T16163]  should_failslab+0xa8/0x100
[  914.063753][T16163]  kmem_cache_alloc_noprof+0x88/0x710
[  914.063773][T16163]  ? apparmor_capable+0x137/0x1a0
[  914.063789][T16163]  ? skb_clone+0x212/0x3a0
[  914.063813][T16163]  skb_clone+0x212/0x3a0
[  914.063833][T16163]  ? nfnetlink_rcv+0x4ba/0x2590
[  914.063856][T16163]  nfnetlink_rcv+0x4ec/0x2590
[  914.063870][T16163]  ? __local_bh_enable_ip+0x12d/0x1c0
[  914.063881][T16163]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  914.063894][T16163]  ? __dev_queue_xmit+0x289/0x3140
[  914.063904][T16163]  ? __dev_queue_xmit+0x1955/0x3140
[  914.063912][T16163]  ? ___sys_sendmsg+0x21f/0x2a0
[  914.063928][T16163]  ? __dev_queue_xmit+0x289/0x3140
[  914.063939][T16163]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  914.063959][T16163]  ? ref_tracker_free+0x63a/0x7d0
[  914.063970][T16163]  ? __asan_memcpy+0x40/0x70
[  914.063984][T16163]  ? __pfx_ref_tracker_free+0x10/0x10
[  914.064002][T16163]  ? skb_clone+0x246/0x3a0
[  914.064017][T16163]  ? __netlink_deliver_tap+0x807/0x850
[  914.064031][T16163]  ? netlink_deliver_tap+0x2e/0x1b0
[  914.064052][T16163]  netlink_unicast+0x82f/0x9e0
[  914.064076][T16163]  ? __pfx_netlink_unicast+0x10/0x10
[  914.064089][T16163]  ? netlink_sendmsg+0x642/0xb30
[  914.064102][T16163]  ? skb_put+0x11b/0x210
[  914.064115][T16163]  netlink_sendmsg+0x805/0xb30
[  914.064134][T16163]  ? __pfx_netlink_sendmsg+0x10/0x10
[  914.064149][T16163]  ? __import_iovec+0x5d4/0x7f0
[  914.064166][T16163]  ? aa_sock_msg_perm+0xf1/0x1b0
[  914.064188][T16163]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  914.064209][T16163]  ? __pfx_netlink_sendmsg+0x10/0x10
[  914.064232][T16163]  __sock_sendmsg+0x21c/0x270
[  914.064249][T16163]  ____sys_sendmsg+0x505/0x820
[  914.064265][T16163]  ? __pfx_____sys_sendmsg+0x10/0x10
[  914.064280][T16163]  ? kstrtouint+0x6e/0xe0
[  914.064293][T16163]  ___sys_sendmsg+0x21f/0x2a0
[  914.064307][T16163]  ? __pfx____sys_sendmsg+0x10/0x10
[  914.064323][T16163]  ? rcu_read_lock_any_held+0xb3/0x120
[  914.064349][T16163]  ? __fget_files+0x2a/0x420
[  914.064361][T16163]  ? __fget_files+0x3a0/0x420
[  914.064377][T16163]  __sys_sendmsg+0x164/0x220
[  914.064391][T16163]  ? __pfx___sys_sendmsg+0x10/0x10
[  914.064409][T16163]  ? __secure_computing+0xe2/0x2a0
[  914.064423][T16163]  __do_fast_syscall_32+0x1f7/0x570
[  914.064435][T16163]  ? rcu_is_watching+0x15/0xb0
[  914.064446][T16163]  ? do_fast_syscall_32+0x34/0x80
[  914.064460][T16163]  do_fast_syscall_32+0x34/0x80
[  914.064472][T16163]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  914.064483][T16163] RIP: 0023:0xf7f43539
[  914.064493][T16163] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  914.064502][T16163] RSP: 002b:00000000f53f455c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  914.064513][T16163] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800000c0
[  914.064520][T16163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  914.064526][T16163] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  914.064532][T16163] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  914.064537][T16163] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  914.064551][T16163]  </TASK>
[  914.758555][ T3230] pim6reg (unregistering): left allmulticast mode
[  915.063529][T16169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2820'.
[  915.103957][ T5832] Bluetooth: hci5: command tx timeout
[  915.323811][ T5932] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  915.372242][T16177] vivid-005: =================  START STATUS  =================
[  915.380067][T16177] vivid-005: FM Deviation: 75000
[  915.385865][T16177] vivid-005: ==================  END STATUS  ==================
[  915.503941][ T5932] usb 1-1: Using ep0 maxpacket: 8
[  915.535151][ T5932] usb 1-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  915.551566][ T5932] usb 1-1: config 0 interface 0 has no altsetting 0
[  915.568608][ T5932] usb 1-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  915.579910][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.591476][ T5932] usb 1-1: config 0 descriptor??
[  915.608695][ T3230] team0 (unregistering): Port device team_slave_1 removed
[  915.699505][ T3230] team0 (unregistering): Port device team_slave_0 removed
[  916.254722][ T5932] usbhid 1-1:0.0: can't add hid device: -71
[  916.260745][ T5932] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  916.279481][ T5932] usb 1-1: USB disconnect, device number 16
[  916.843874][T16185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  916.887122][T16185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  917.097981][ T3230] IPVS: stop unused estimator thread 0...
[  917.306350][T16200] vivid-001: =================  START STATUS  =================
[  917.323959][T16200] vivid-001: FM Deviation: 75000
[  917.329161][T16200] vivid-001: ==================  END STATUS  ==================
[  918.111203][T16066] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  918.262356][T16066] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  918.450727][T16228] tipc: Can't bind to reserved service type 0
[  918.494932][T16228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2828'.
[  918.508090][T16066] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  919.015988][T16066] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  919.690485][T16066] 8021q: adding VLAN 0 to HW filter on device bond0
[  919.771415][T16066] 8021q: adding VLAN 0 to HW filter on device team0
[  919.793002][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state
[  919.800187][ T5948] bridge0: port 1(bridge_slave_0) entered forwarding state
[  919.848397][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state
[  919.855611][ T5948] bridge0: port 2(bridge_slave_1) entered forwarding state
[  919.976880][T16066] 8021q: adding VLAN 0 to HW filter on device batadv0
[  920.094851][T16066] veth0_vlan: entered promiscuous mode
[  920.145966][T16066] veth1_vlan: entered promiscuous mode
[  920.238082][T16066] veth0_macvtap: entered promiscuous mode
[  920.255477][T16066] veth1_macvtap: entered promiscuous mode
[  920.298105][T16066] batman_adv: batadv0: Interface activated: batadv_slave_0
[  920.376421][T16066] batman_adv: batadv0: Interface activated: batadv_slave_1
[  920.450648][ T3230] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  920.478195][ T3230] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  920.493254][ T3230] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  920.510013][ T3230] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  920.694076][ T1215] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  920.843894][ T1215] usb 3-1: Using ep0 maxpacket: 16
[  920.863475][ T1215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  920.896638][ T1215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  920.907562][ T1215] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  920.991359][ T1215] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  921.023907][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.093290][ T1215] usb 3-1: config 0 descriptor??
[  921.473974][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.486753][T16286] netlink: 'syz.4.2833': attribute type 16 has an invalid length.
[  921.506077][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  921.513628][T16286] netlink: 'syz.4.2833': attribute type 17 has an invalid length.
[  921.570087][T16286] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  921.611734][ T3230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.620344][ T3230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  921.787796][ T1215] usbhid 3-1:0.0: can't add hid device: -71
[  921.810228][ T1215] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  921.838685][ T1215] usb 3-1: USB disconnect, device number 27
[  922.013825][ T5898] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  922.183919][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  922.204360][ T5898] usb 4-1: config 0 interface 0 altsetting 149 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  922.243466][ T5898] usb 4-1: config 0 interface 0 has no altsetting 0
[  922.273935][ T5898] usb 4-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  922.293429][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.378080][ T5898] usb 4-1: config 0 descriptor??
[  923.015204][ T5898] usbhid 4-1:0.0: can't add hid device: -71
[  923.043561][ T5898] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  923.093392][ T5898] usb 4-1: USB disconnect, device number 15
[  923.648022][T16324] FAULT_INJECTION: forcing a failure.
[  923.648022][T16324] name failslab, interval 1, probability 0, space 0, times 0
[  923.676597][T16324] CPU: 0 UID: 0 PID: 16324 Comm: syz.3.2838 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  923.676628][T16324] Tainted: [L]=SOFTLOCKUP
[  923.676634][T16324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  923.676645][T16324] Call Trace:
[  923.676653][T16324]  <TASK>
[  923.676662][T16324]  dump_stack_lvl+0x189/0x250
[  923.676686][T16324]  ? __pfx____ratelimit+0x10/0x10
[  923.676705][T16324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  923.676723][T16324]  ? __pfx__printk+0x10/0x10
[  923.676749][T16324]  ? __pfx___might_resched+0x10/0x10
[  923.676768][T16324]  ? fs_reclaim_acquire+0x7d/0x100
[  923.676789][T16324]  should_fail_ex+0x414/0x560
[  923.676809][T16324]  should_failslab+0xa8/0x100
[  923.676822][T16324]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  923.676837][T16324]  ? __alloc_skb+0x255/0x430
[  923.676848][T16324]  ? napi_skb_cache_get+0x4a5/0x780
[  923.676858][T16324]  ? napi_skb_cache_get+0x151/0x780
[  923.676872][T16324]  __alloc_skb+0x255/0x430
[  923.676885][T16324]  ? __pfx___alloc_skb+0x10/0x10
[  923.676899][T16324]  ? netlink_ack_tlv_len+0x6c/0x210
[  923.676914][T16324]  netlink_ack+0x146/0xa50
[  923.676936][T16324]  netlink_rcv_skb+0x28c/0x470
[  923.676950][T16324]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  923.676964][T16324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  923.676983][T16324]  ? bpf_lsm_capable+0x9/0x20
[  923.676994][T16324]  ? security_capable+0x7e/0x2e0
[  923.677010][T16324]  nfnetlink_rcv+0x282/0x2590
[  923.677022][T16324]  ? __local_bh_enable_ip+0x12d/0x1c0
[  923.677033][T16324]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  923.677045][T16324]  ? __dev_queue_xmit+0x289/0x3140
[  923.677053][T16324]  ? __dev_queue_xmit+0x289/0x3140
[  923.677069][T16324]  ? __dev_queue_xmit+0x1955/0x3140
[  923.677077][T16324]  ? ___sys_sendmsg+0x21f/0x2a0
[  923.677093][T16324]  ? __dev_queue_xmit+0x289/0x3140
[  923.677104][T16324]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  923.677119][T16324]  ? __pfx___dev_queue_xmit+0x10/0x10
[  923.677131][T16324]  ? ref_tracker_free+0x63a/0x7d0
[  923.677141][T16324]  ? __asan_memcpy+0x40/0x70
[  923.677155][T16324]  ? __pfx_ref_tracker_free+0x10/0x10
[  923.677173][T16324]  ? skb_clone+0x246/0x3a0
[  923.677189][T16324]  ? __netlink_deliver_tap+0x807/0x850
[  923.677202][T16324]  ? netlink_deliver_tap+0x2e/0x1b0
[  923.677218][T16324]  ? netlink_deliver_tap+0x2e/0x1b0
[  923.677235][T16324]  netlink_unicast+0x82f/0x9e0
[  923.677252][T16324]  ? __pfx_netlink_unicast+0x10/0x10
[  923.677265][T16324]  ? netlink_sendmsg+0x642/0xb30
[  923.677277][T16324]  ? skb_put+0x11b/0x210
[  923.677291][T16324]  netlink_sendmsg+0x805/0xb30
[  923.677309][T16324]  ? __pfx_netlink_sendmsg+0x10/0x10
[  923.677324][T16324]  ? __import_iovec+0x5d4/0x7f0
[  923.677335][T16324]  ? aa_sock_msg_perm+0xf1/0x1b0
[  923.677349][T16324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  923.677363][T16324]  ? __pfx_netlink_sendmsg+0x10/0x10
[  923.677377][T16324]  __sock_sendmsg+0x21c/0x270
[  923.677389][T16324]  ____sys_sendmsg+0x505/0x820
[  923.677404][T16324]  ? __pfx_____sys_sendmsg+0x10/0x10
[  923.677419][T16324]  ? kstrtouint+0x6e/0xe0
[  923.677432][T16324]  ___sys_sendmsg+0x21f/0x2a0
[  923.677446][T16324]  ? __pfx____sys_sendmsg+0x10/0x10
[  923.677462][T16324]  ? rcu_read_lock_any_held+0xb3/0x120
[  923.677488][T16324]  ? __fget_files+0x2a/0x420
[  923.677499][T16324]  ? __fget_files+0x3a0/0x420
[  923.677515][T16324]  __sys_sendmsg+0x164/0x220
[  923.677529][T16324]  ? __pfx___sys_sendmsg+0x10/0x10
[  923.677546][T16324]  ? __pfx_ksys_write+0x10/0x10
[  923.677557][T16324]  ? __do_fast_syscall_32+0xbe/0x570
[  923.677571][T16324]  __do_fast_syscall_32+0x1f7/0x570
[  923.677583][T16324]  ? rcu_is_watching+0x15/0xb0
[  923.677593][T16324]  ? do_fast_syscall_32+0x34/0x80
[  923.677607][T16324]  do_fast_syscall_32+0x34/0x80
[  923.677619][T16324]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  923.677631][T16324] RIP: 0023:0xf700d539
[  923.677640][T16324] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  923.677649][T16324] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  923.677660][T16324] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  923.677667][T16324] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  923.677673][T16324] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  923.677678][T16324] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  923.677684][T16324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  923.677698][T16324]  </TASK>
[  924.409847][T16334] vivid-001: =================  START STATUS  =================
[  924.447724][T16334] vivid-001: FM Deviation: 75000
[  924.477283][T16334] vivid-001: ==================  END STATUS  ==================
[  925.081008][T16326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  925.115240][T16339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  925.160658][T16339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  925.344041][T13577] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  925.503942][T13577] usb 3-1: Using ep0 maxpacket: 8
[  925.518023][T13577] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  925.526885][T13577] usb 3-1: config 16 has an invalid interface number: 3 but max is 0
[  925.535931][T13577] usb 3-1: config 16 has no interface number 0
[  925.542242][T13577] usb 3-1: config 16 interface 3 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  925.552661][T13577] usb 3-1: config 16 interface 3 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  925.562627][T13577] usb 3-1: config 16 interface 3 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  925.573002][T13577] usb 3-1: config 16 interface 3 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  925.587159][T13577] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  925.596437][T13577] usb 3-1: New USB device strings: Mfr=0, Product=199, SerialNumber=0
[  925.604689][T13577] usb 3-1: Product: syz
[  925.639896][T16345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  925.656009][T16345] FAULT_INJECTION: forcing a failure.
[  925.656009][T16345] name failslab, interval 1, probability 0, space 0, times 0
[  925.668763][T16345] CPU: 1 UID: 0 PID: 16345 Comm: syz.1.2844 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  925.668790][T16345] Tainted: [L]=SOFTLOCKUP
[  925.668801][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  925.668808][T16345] Call Trace:
[  925.668813][T16345]  <TASK>
[  925.668818][T16345]  dump_stack_lvl+0x189/0x250
[  925.668838][T16345]  ? __pfx____ratelimit+0x10/0x10
[  925.668849][T16345]  ? __pfx_dump_stack_lvl+0x10/0x10
[  925.668861][T16345]  ? __pfx__printk+0x10/0x10
[  925.668877][T16345]  ? __pfx___might_resched+0x10/0x10
[  925.668887][T16345]  ? fs_reclaim_acquire+0x7d/0x100
[  925.668900][T16345]  should_fail_ex+0x414/0x560
[  925.668912][T16345]  should_failslab+0xa8/0x100
[  925.668924][T16345]  kmem_cache_alloc_lru_noprof+0x8d/0x6e0
[  925.668939][T16345]  ? __d_alloc+0x37/0x6f0
[  925.668955][T16345]  __d_alloc+0x37/0x6f0
[  925.668970][T16345]  d_alloc_pseudo+0x21/0xc0
[  925.668983][T16345]  alloc_file_pseudo+0xcc/0x210
[  925.668997][T16345]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  925.669010][T16345]  ? _raw_spin_unlock+0x28/0x50
[  925.669020][T16345]  ? alloc_fd+0x64c/0x6c0
[  925.669034][T16345]  sock_alloc_file+0xb8/0x2e0
[  925.669044][T16345]  ? __sys_socket+0x12e/0x320
[  925.669058][T16345]  __sys_socket+0x13e/0x320
[  925.669073][T16345]  __ia32_compat_sys_socketcall+0x6df/0x9d0
[  925.669089][T16345]  ? __fget_files+0x3a0/0x420
[  925.669101][T16345]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  925.669116][T16345]  ? fput+0xa0/0xd0
[  925.669128][T16345]  ? ksys_write+0x22a/0x250
[  925.669138][T16345]  ? __pfx_ksys_write+0x10/0x10
[  925.669151][T16345]  ? __do_fast_syscall_32+0xbe/0x570
[  925.669166][T16345]  __do_fast_syscall_32+0x1f7/0x570
[  925.669178][T16345]  ? rcu_is_watching+0x15/0xb0
[  925.669189][T16345]  ? do_fast_syscall_32+0x34/0x80
[  925.669203][T16345]  do_fast_syscall_32+0x34/0x80
[  925.669215][T16345]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  925.669226][T16345] RIP: 0023:0xf7fd1539
[  925.669236][T16345] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  925.669245][T16345] RSP: 002b:00000000f54c54d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  925.669256][T16345] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f54c54e0
[  925.669263][T16345] RDX: 00000000f7466ff4 RSI: 0000000000000036 RDI: 0000000000000000
[  925.669269][T16345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  925.669275][T16345] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  925.669281][T16345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  925.669295][T16345]  </TASK>
[  925.669388][T16345] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff888079880c40
[  925.669388][T16345] fs sockfs mode 140777 opflags 0x8 flags 0x0 state 0x300 count 0
[  925.703792][ T5898] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  925.707444][T16345] ------------[ cut here ]------------
[  925.863831][ T5898] usb 5-1: device descriptor read/64, error -71
[  925.880336][T16345] kernel BUG at fs/inode.c:1971!
[  925.882680][T13577] usb 3-1: usb_control_msg returned -32
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  926.005462][T13577] usbtmc 3-1:16.3: can't read capabilities
[  926.064576][T16345] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  926.070855][T16345] CPU: 1 UID: 0 PID: 16345 Comm: syz.1.2844 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  926.081774][T16345] Tainted: [L]=SOFTLOCKUP
[  926.086078][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  926.096111][T16345] RIP: 0010:iput+0xfc9/0x1030
[  926.100776][T16345] Code: 8b 7c 24 18 48 c7 c6 60 ec 79 8b e8 d1 5f e7 fe 90 0f 0b e8 29 73 80 ff 48 8b 7c 24 18 48 c7 c6 00 ec 79 8b e8 b8 5f e7 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[  926.120362][T16345] RSP: 0018:ffffc9000c1ffc90 EFLAGS: 00010282
[  926.126591][T16345] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 8f02246618a10c00
[  926.134562][T16345] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  926.142519][T16345] RBP: 1ffffffff1ed7eae R08: ffffc9000c1ff947 R09: 1ffff9200183ff28
[  926.150478][T16345] R10: dffffc0000000000 R11: fffff5200183ff29 R12: 1ffff1100f3101c8
[  926.158443][T16345] R13: ffff888079880e40 R14: 0000000000000200 R15: 1ffffffff1f02e54
[  926.166405][T16345] FS:  0000000000000000(0000) GS:ffff888126187000(0063) knlGS:00000000f54c6b40
[  926.175324][T16345] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  926.181904][T16345] CR2: 00000000f7f06e40 CR3: 000000002e32a000 CR4: 00000000003526f0
[  926.189877][T16345] Call Trace:
[  926.193145][T16345]  <TASK>
[  926.196061][T16345]  ? do_raw_spin_unlock+0x122/0x240
[  926.201251][T16345]  __sys_socket+0x2bf/0x320
[  926.205741][T16345]  __ia32_compat_sys_socketcall+0x6df/0x9d0
[  926.211623][T16345]  ? __fget_files+0x3a0/0x420
[  926.216295][T16345]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  926.222708][T16345]  ? fput+0xa0/0xd0
[  926.226502][T16345]  ? ksys_write+0x22a/0x250
[  926.230993][T16345]  ? __pfx_ksys_write+0x10/0x10
[  926.235827][T16345]  ? __do_fast_syscall_32+0xbe/0x570
[  926.241103][T16345]  __do_fast_syscall_32+0x1f7/0x570
[  926.246294][T16345]  ? rcu_is_watching+0x15/0xb0
[  926.251047][T16345]  ? do_fast_syscall_32+0x34/0x80
[  926.256056][T16345]  do_fast_syscall_32+0x34/0x80
[  926.260892][T16345]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  926.267199][T16345] RIP: 0023:0xf7fd1539
[  926.271248][T16345] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  926.290836][T16345] RSP: 002b:00000000f54c54d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  926.299247][T16345] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f54c54e0
[  926.307198][T16345] RDX: 00000000f7466ff4 RSI: 0000000000000036 RDI: 0000000000000000
[  926.315148][T16345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  926.323097][T16345] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  926.331047][T16345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  926.339009][T16345]  </TASK>
[  926.342037][T16345] Modules linked in:
[  926.346686][T16345] ---[ end trace 0000000000000000 ]---
[  926.368459][T16345] RIP: 0010:iput+0xfc9/0x1030
[  926.373514][T16345] Code: 8b 7c 24 18 48 c7 c6 60 ec 79 8b e8 d1 5f e7 fe 90 0f 0b e8 29 73 80 ff 48 8b 7c 24 18 48 c7 c6 00 ec 79 8b e8 b8 5f e7 fe 90 <0f> 0b 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fb ff ff 4c 89 ef
[  926.404264][ T5898] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  926.415215][T16348] loop2: detected capacity change from 0 to 7
[  926.453140][T16345] RSP: 0018:ffffc9000c1ffc90 EFLAGS: 00010282
[  926.459734][T16345] RAX: 000000000000009f RBX: dffffc0000000000 RCX: 8f02246618a10c00
[  926.468733][T16345] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  926.494040][T10633] vhci_hcd: connection reset by peer
[  926.503876][ T1004] vhci_hcd: stop threads
[  926.508128][ T1004] vhci_hcd: release socket
[  926.527294][ T1004] vhci_hcd: disconnect device
[  926.543821][ T5898] usb 5-1: device descriptor read/64, error -71
[  926.573812][ T7327] vhci_hcd: vhci_device speed not set
[  926.630363][T16348] Dev loop2: unable to read RDB block 7
[  926.685131][ T5898] usb usb5-port1: attempt power cycle
[  926.698197][T16348]  loop2: AHDI p1 p2 p3
[  926.723918][T16348] loop2: partition table partially beyond EOD, truncated
[  926.763194][T16348] loop2: p1 start 1601398130 is beyond EOD, truncated
[  926.793826][T16348] loop2: p2 start 1702059890 is beyond EOD, truncated
[  926.994546][T16345] RBP: 1ffffffff1ed7eae R08: ffffc9000c1ff947 R09: 1ffff9200183ff28
[  927.002546][T16345] R10: dffffc0000000000 R11: fffff5200183ff29 R12: 1ffff1100f3101c8
[  927.010904][T16345] R13: ffff888079880e40 R14: 0000000000000200 R15: 1ffffffff1f02e54
[  927.021261][T16345] FS:  0000000000000000(0000) GS:ffff888126187000(0063) knlGS:00000000f54c6b40
[  927.031202][T16345] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  927.038143][T16345] CR2: 00007f0fc1d4b000 CR3: 000000002e32a000 CR4: 00000000003526f0
[  927.054215][T16345] Kernel panic - not syncing: Fatal exception
[  927.060661][T16345] Kernel Offset: disabled
[  927.064969][T16345] Rebooting in 86400 seconds..