last executing test programs:

13.009441102s ago: executing program 4 (id=1411):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2041, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x7ffffffc}, 0x8)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
readv(r2, &(0x7f0000000780), 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r1}, @ldst={0x1, 0x2, 0x4, 0x0, 0x0, 0x1}]}, 0x0}, 0x94)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdir(0x0, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file3\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0)
ioctl$RNDADDTOENTCNT(r5, 0x40045201, &(0x7f0000000440)=0x7)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000002600)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000002500)="52047495147ed5ba0691d13e22cbec45fd6813d605cf66b324f14b93b811cf8bd7c515f8ca8c4c881c655c1a4f525264116fd8afc0e018423a7af8919e2a79aeb59bc4352251a44af9a40d716d22edeaa84405c1833695f0efd52c5be98fdf75104999f0f25806858e7fe20855cad8fd2500651b2ce2efaa2c74d13a4a63c4d8bdbab81760915dbb096261d3063ff1c5632a18d2f80ed30ab14966df0d18944eb07ef48bc41c12487a6a2676a054039bd7eb06305ae55f1ab224e480d6cdcb3b1c24f20f6871b063f839ca5be1b1b5fe3fc1077770ca73f29b4d5dcf9e50d9b7d7a4be7c3676b419a4e36d2fc8bca63368b8", 0xf2, r5}, 0x68)
chdir(&(0x7f00000003c0)='./bus\x00')
sendfile(r3, r3, 0x0, 0x200000)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002480)=[{{&(0x7f0000000000)={0xa, 0x4e25, 0xba, @mcast2}, 0x1c, 0x0}}, {{&(0x7f00000000c0)={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x2}, 0x1c, &(0x7f00000022c0)=[{&(0x7f0000000380)}, {&(0x7f0000001080)="84d62c6584622b36b308ed8de0447353809dcd0571c0555ed8acaf9fb85e37f0cdfbffb8cc3058266996364e244b13abb6df92889352c77954ad35ba241f0dfcc8d357cc0727da0c511560060328ce29f54ca640b08944ca7114bf84c34b762dfa16a08e2a8a96da2a203f1219f0d16d1b7d86fff046bd21cb3c4946fb74a9f2f2034545652d9f250e959089a2a2fcfe044072f73edbac89bda1011ac5756304cd810c32b0cf4224e2c723ff39721f5ddd45d53a1971f272a8587423192282e996", 0xc1}, {&(0x7f0000001180)="70c7d43f", 0x4}, {&(0x7f00000011c0)="138845006ad27736d8ff3da736ddb75f277d9ac90abf260c733d552389744387", 0x20}, {&(0x7f0000001200)="4e2f857f57d375f72849c869bcfa50d6ead2af8a4b15044bad599ebb7e00b5643ca1ed780f049e478e", 0x29}, {&(0x7f0000002240)}, {&(0x7f0000002280)="0ce4308b4b71ec", 0x7}], 0x7, &(0x7f0000002340)=[@hopopts_2292={{0x20, 0x29, 0x36, {0xc, 0x0, '\x00', [@enc_lim, @padn={0x1, 0x1, [0x0]}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x584}}, @dontfrag={{0x14}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x3b, 0x1, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @rthdr={{0x28, 0x29, 0x39, {0x62, 0x2, 0x0, 0x8, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}]}}}], 0xa0}}], 0x2, 0x400c800)

12.591614889s ago: executing program 3 (id=1414):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
io_uring_setup(0x7a49, &(0x7f0000000140)={0x0, 0x9265, 0x2000, 0x2, 0x224})
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000002ac0)=[{&(0x7f0000001a00)=""/4096, 0x1000}], 0x1, 0x2, 0xfffffffa)
r4 = socket(0x1e, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x40)
sendmmsg$sock(r4, &(0x7f0000000100)=[{{&(0x7f0000000180)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}}], 0x2, 0x0)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000001000))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="b9800000c00f3235000400000f30440f20c03508000000440f22c036646665f36526f20f22a5430f01c566ba4000edc4a39979250b00000008b9800000c00f3235010000000f30f245ab48b800000000000000800f23c00f21f83500000b000f23f8c481e57dcd", 0x67}], 0x1, 0x10, 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x5b, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}}, 0x80, 0x0, 0x0, 0x0, 0xfe12}, 0x4008881)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

11.937760858s ago: executing program 3 (id=1419):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x88042, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x100008, 0x80000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r3 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102384, 0x18ff0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x18)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000006c0)='net/ip_tables_matches\x00')
pread64(r5, &(0x7f00000000c0)=""/169, 0xa9, 0x4fd9)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffffff}}, 0x0, 0x6, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94)
r6 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r6, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r6, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x77, 0x2, 0x2, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11.919565984s ago: executing program 4 (id=1420):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
socket$unix(0x1, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000080)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r2)
setsockopt(r2, 0x4, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$fou(0x0, r1)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x3}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0xd0}, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, 0x0, 0x90)

10.180513997s ago: executing program 4 (id=1423):
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b10009"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_connect_ath9k(0x3, 0x56, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x38e38e38e38e402, [{{0x9, 0x2, 0xfffffffffffffd08}}]}}, 0x7fe782539b0b)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file2'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}], [], 0x2c})

8.704256219s ago: executing program 1 (id=1426):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x10006, 0x80000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000500)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = io_uring_setup(0x3668, &(0x7f0000000340)={0x0, 0x64b13e, 0x40, 0x3, 0x3b0})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode', @ANYBLOB, @ANYRESDEC=0x0])
listen(r4, 0x5)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)

8.637264219s ago: executing program 3 (id=1427):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="04223d04"], 0x40)
r6 = getpgid(0x0)
mount$bind(&(0x7f0000000100)='.\x00', 0x0, 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x8b101a, 0x0)
syz_pidfd_open(r6, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, 0x0)
setns(0xffffffffffffffff, 0x66020000)
add_key$user(&(0x7f0000000380), &(0x7f0000000940), &(0x7f0000000700)='\x00', 0x1, 0xfffffffffffffffe)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c00000004000000427c000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

6.438039745s ago: executing program 2 (id=1429):
r0 = socket(0x2, 0x80805, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0x0, 0x0, 0x1a4, 0x2a8, 0x2a8, 0x1a4, 0x2a8, 0x3, 0x0, {[{{@ip={@remote, @multicast2, 0xff, 0xffffffff, 'wg1\x00', 'dvmrp0\x00', {}, {}, 0x67, 0x2, 0x1}, 0x0, 0xa0, 0xc0, 0x0, {}, [@common=@addrtype={{0x30}, {0x0, 0x1, 0x1}}]}, @unspec=@TRACE={0x20}}, {{@ip={@rand_addr=0x64010100, @empty, 0xffffffff, 0xffffffff, 'veth0_to_batadv\x00', 'netdevsim0\x00', {}, {}, 0x33}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x7, 0x4], 0x1}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x5, 0x2}, {0xffffffffffffffff, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1)
sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00", @ANYRES64, @ANYBLOB="010025bd7000ffc4d6197fb8a3efd583a56fb6ef2960dbf9ffffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000)
sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c00891a", @ANYRES16=r2, @ANYBLOB="080025bd7000ffdbdf250100000008000200020000000800010003000000080002000200000008000100010000000800020002000000c2e956f35691b6afe8f6246d6b406025e9e58788d0a12a684b2c9e45dd15a6ce5f990ff59b65559a59141caef790efbb0846cf9ec7fb755adb7b1b2c5ccdc3cd910b1b2424b464441f83a81ce78491d9a33596"], 0x3c}, 0x1, 0x0, 0x0, 0x4000040}, 0x44004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f0000000040)='\a\x00\x00\x00\a\x00\x00', 0x7)
sendmsg$IPSET_CMD_TYPE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0xd, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa8}, 0x1, 0x0, 0x0, 0x4040054}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2)

5.544265863s ago: executing program 0 (id=1430):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1\x00', <r1=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb0100180000000000000003000000010000ddfd001000000000000000fe0218b7a1f6b62c0a04f7f700"], 0x0, 0x37}, 0x28) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x37}, 0x28)
socket$nl_route(0x10, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfbc}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) (async, rerun: 32)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000340)=[@in={0x2, 0x4e24, @empty}], 0x10) (rerun: 32)
sendto$inet6(r5, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (async)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9) (async, rerun: 64)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (rerun: 64)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETVESABLANK(r6, 0x4b4b, &(0x7f0000000000))
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000580)={0x0, 0x0, 0x13}, 0x18) (async)
ioctl$CEC_ADAP_G_PHYS_ADDR(0xffffffffffffffff, 0x80026101, &(0x7f0000000080))
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xfff2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c1}, 0x4804) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x300, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xb}, {0xa, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)

5.504176866s ago: executing program 2 (id=1431):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x9]}, 0x8, 0x800)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x8401, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000440)=0x20006)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000300), &(0x7f0000000340)={0x0, 0xfb, 0xfb, 0x4, 0x9d, "e4d9c31fc598db8df7ec7666c8a94bd0", "2a12090cfe2427f2a904958d5362c76321a8b0ce86ea32e2fdcbf90588947a82a684ef2ff535b86b059fab194394426e7729fb42cb53add04eae678d2e3b5fdc954eaadba05b7882044196503f3d6a41c1ca5cd6b507ee6ff51ee6ffe291ca1832240a91d7c07da06a4bc3a6b72c2007b3c2ad7856d6686c22478628d73d1b4d1c665dde0a161790af5654a0cd48139d3f4178d03ae2cfb53507351d33cf6c1295c2d1ff8baec1ee0cc985de5fc6cad2a7915bfe607ec4f5faba816dae88cc95ba0300fc2674c2f5d06946289cb81c473d3f64f4f1fcb3afa57c378c212839d52fe66ef7ae4e"}, 0xfb, 0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x149a82, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1c9, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$PTP_PIN_SETFUNC2(r0, 0x40603d10, &(0x7f0000000240)={'\x00', 0x48, 0x2, 0x8})
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
write$nci(r1, &(0x7f0000000180)=ANY=[], 0x7)
socket$unix(0x1, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000007c0)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close(0x4)
syz_io_uring_setup(0xf02, 0x0, 0x0, 0x0, 0x0)

5.469500657s ago: executing program 4 (id=1432):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x23f, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (fail_nth: 5)

5.380519032s ago: executing program 3 (id=1433):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffee0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0)

5.327897363s ago: executing program 0 (id=1434):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f00000000c0))
request_key(0x0, 0x0, 0x0, 0xffffffffffffffff)
madvise(&(0x7f0000129000/0x2000)=nil, 0x2000, 0xe)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f00000001c0)})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141302)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
getdents(r2, 0x0, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0)
madvise(&(0x7f0000f32000/0x3000)=nil, 0x3000, 0x64)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000350001002bbd7004fedbdb250400000008000400020000000c0005"], 0x28}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080)
ioctl$FE_SET_FRONTEND(r0, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x3, 0x2, 0xa}})
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000002980)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r4, 0xc01864b1, &(0x7f0000000280)={r6, 0x2, 0x1ff, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)

5.190273825s ago: executing program 1 (id=1435):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0x8, 0x3, 0xca0, 0xfffa}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0xd, @private0, 0xc}, @in={0x2, 0x4e24, @private=0xa010100}], 0x12)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000280)='0', 0xfffd, 0x4000854, &(0x7f0000000300)={0xa, 0x4e21, 0xbe7, @loopback, 0x800000c0}, 0x1c)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = open(&(0x7f0000000040)='./bus\x00', 0x8c242, 0x1df2a23c5997fad6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4, &(0x7f0000000080)=0x6, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000b80), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x24, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x40040021}, 0x40080)
sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000f00f88)={{0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x5, 0xffffffffe95bf9a6, 0xffffffffff, 0x3, 0xfffffffffffffffc, 0x2, 0x9, 0x100})
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0)

4.953669981s ago: executing program 3 (id=1436):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002140)={0xf, {"a2e3ad214fc752f91b500e0f30f70e06d038e7ff7fc6e5539b3275078b089b3b08385d090890e0878f0e1ac6e7049b3d6d959bffe8d178708c523c921b1b5b31300d3b5d0736cd3b78130baa61d8e809fc889b0709b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b906000000783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51015f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ff33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f761f13a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a99cc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000029566e78000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebbd633500", 0x1000}}, 0x1006)
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r1, 0xc0106450, &(0x7f0000000000)={<r2=>0x0, 0x1})
socket$tipc(0x1e, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x6a4, 0x2002)
r5 = fsmount(0xffffffffffffffff, 0x1, 0x6)
ioctl$EVIOCSKEYCODE_V2(r5, 0x40284504, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x5, "7d2fe763523b7b43af6b8a3bd1c31a3d2825ef8654330114cac0207e5446e266"})
mkdirat(r5, &(0x7f00000000c0)='./file0\x00', 0x40)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f000001b700)=ANY=[@ANYBLOB="2c0000006a0005062cbd7000fbdbdf25020000000000000004000b0004000b0004000b0008000500", @ANYRES32=0x0, @ANYBLOB="22b95126c8485ec2efa64a220ef05a00445f2471905cdc14d1d9117f3d23f7ea6e713311fe90aab2ee976b6ecd14ccdf664fa3912367146223fd078053d1cbf753425da00500c2a788473be03d381da81bbb2cdf4f02dbc3187f90d72d4d5b7e81db60d1112a54d1d606743be83ce6295fedefdd00b37633fcf5e0d70b1f5c5e216e9a26e97c9ae7cf7501947c18436a4604a2b0e0"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x880)
r7 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r7, 0x114, 0x271b, &(0x7f0000000440)=""/102392, &(0x7f00000000c0)=0x18ff8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, &(0x7f00000002c0), &(0x7f0000000340)=r4}, 0x20)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x2000c000)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000540)={0x2, @win={{0x6, 0x2, 0x3, 0x3}, 0x6, 0x4, &(0x7f0000000340)={{0xe261, 0x5, 0xc949, 0x2}, &(0x7f0000000780)={{0xff, 0xf, 0x4, 0x8000}}}, 0x5, &(0x7f0000000800)="d85418dc260a903e5fcb2d0643fad448ef16f1d5258784eb2aae0675568e4fe9c0fb72f924099f0ea30d5e6cee0dd10fa32f69165a0a1ec5224f08d893d8d94ec2f880f248a8e8c4fc8fdb362e4a68c33fb7927323dda60447af7c02fdfb616136d252859b07d41f54cbb6036c52cfcba924529fa859204d17d7ba7ec6f9aab0a0d65655b033bc4626e1f355fe3bb5776b609b6088e23c89a4602a2b672902a181836e8cb71e9eaedcc01bffabfd6045f5bc85", 0xac}})
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r1, 0xc0106450, &(0x7f0000000100)={r2, 0x0, 0x1})

4.054446292s ago: executing program 1 (id=1437):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x80000001}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x7, 0x9}, 0x8)

3.799496191s ago: executing program 4 (id=1438):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x58, 0x0, 0x2, 0x801, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x86}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000801}, 0x4) (fail_nth: 5)

3.798727846s ago: executing program 0 (id=1439):
socket$inet6_tcp(0xa, 0x1, 0x0)
add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x6)
connect$l2tp(r0, &(0x7f0000000340)={0x2, 0x0, @remote}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bond_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_create_resource$binfmt(0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x132)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x2c)
getdents64(r6, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)="2cde8618b35bda549ffcfa26720028102db521bed9bd37309aa31a460359d5", 0x1f}, 0x1, 0x0, 0x0, 0x4000}, 0x4480)
ioctl$TCSBRKP(r5, 0x5425, 0x0)
gettid()

3.63433774s ago: executing program 3 (id=1440):
syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e10508041125010203010902"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x2c, 0x4, 0x0, {0x2, 0x2, 0x4, 0x0, [0x0, 0x0, 0x0, 0x0]}}, 0x2c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x4, 0x0, 0x0, 0x6}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r3, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/96, 0x87}], 0x1, 0x7, 0xb)

2.927965128s ago: executing program 1 (id=1441):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@private1}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8"]}]}, 0x114}], 0x1}, 0x0) (fail_nth: 5)

2.51774553s ago: executing program 1 (id=1442):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100))
lsm_set_self_attr(0x69, &(0x7f0000000200)=ANY=[@ANYBLOB="bd0000000000000001000000000000002000004b000000000000000000000000d285d23bc0fe9b4a722fd91c84113214a2f3a33a4f924741f54e7bc56f23617ea5df2425b47e047c145ff69717d59bea762cbbb9e2f3ecda572f537bd5b3b2843576f732a4f25dd9d675cb6d8901dae4be77abfeb1e260bcff87765be4aa1a2c4603e4bd583153beb6c5e66d7545dd2d536ad0071cde"], 0x20, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x84040)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000340)={r4, 0x101, 0x3, 0x0, 0x0, [], [0x0, 0x7, 0x0, 0xfffffffc], [0x0, 0x80000006, 0x2], [0x5, 0x0, 0x1, 0x5]})
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0xfffffffa, 0x80000003, 0xb, 0x1fd, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000600)={&(0x7f0000000400)=[0x0], &(0x7f0000000440)=[{}, {}], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x8, 0x1})
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x5c10c0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, <r9=>0x0], &(0x7f0000000280), 0x2, r8})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r8], &(0x7f0000000280), &(0x7f0000000300)=[r9], &(0x7f0000000340)})
r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r10, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r11=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r10, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r12=>0x0], &(0x7f0000000200), 0x1, r11})
ioctl$DRM_IOCTL_MODE_ATOMIC(r10, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r11], &(0x7f0000000200), &(0x7f0000000580)=[r12], 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000700)={&(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, <r13=>0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, r3, 0xfbfbfbfb})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f00000009c0)={&(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x38, 0x5, 0x6})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000a80)={0x7, 0x0, &(0x7f0000000b80)=[<r14=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000b40)={0x100, 0x1, &(0x7f0000000300)=[0x0], &(0x7f00000003c0)=[0xe], &(0x7f0000000ac0)=[r5, r9, r12, r13, 0x0, r14, r3], &(0x7f0000000b00)=[0x8, 0x6, 0x4, 0x6]})
ioctl$DRM_IOCTL_MODE_RMFB(r2, 0xc00464af, &(0x7f0000000180)=r4)
write$cgroup_pid(r1, &(0x7f0000000140), 0x1e)
io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0xfffffffe, 0x183})

2.508318147s ago: executing program 2 (id=1443):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x7000000)

2.507575309s ago: executing program 4 (id=1444):
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000000904000001030000000921050000012205000905810300"], 0x0)
fsopen(0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x12, 0x4, 0x8, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x15, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xeeda3cec741b98db}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x100b, &(0x7f0000003500)=""/4107, 0x0, 0xd}, 0x94)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000be9b2a204705202755af010203010902240001000010000904"], 0x0)
syz_usb_control_io$uac2(r2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="4023f5000000f5"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2.101371325s ago: executing program 2 (id=1445):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x33e, 0x0, 0x0, 0x0, 0x4db, 0x8, 0x2, {0x4, 0x40}, {0x9, 0x1, 0xfffffffd}, {0x1}, {0x3, 0xfffffffc, 0xffffffff}, 0x0, 0x100, 0x10000040, 0x3, 0x0, 0x1, 0x0, 0xfffffc40, 0x2, 0x400, 0x100000, 0x10004, 0x21, 0x4, 0x0, 0x7})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000001c00), 0x400000000000159, 0x40840)
lseek(0xffffffffffffffff, 0x8007, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x1b0, 0x10, 0x713, 0x0, 0x25dfdc00, {{@in=@multicast1, @in6=@mcast2, 0x4e21, 0x0, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0xee00}, {@in6=@private1, 0x4d6, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {}, 0x70bd2c, 0x34ff, 0x2, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}, @algo_aead={0x5e, 0x12, {{'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x90, 0x60, "e61b7e7c37faa65a982ec2c187bd1ae5fb00"}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

2.099324434s ago: executing program 0 (id=1446):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffee0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0)

1.97106086s ago: executing program 0 (id=1447):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
ptrace(0x10, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102392, 0x18ff8)
r1 = syz_open_dev$media(&(0x7f0000000040), 0x0, 0x40)
r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000000)={0x80000000, 0x0, &(0x7f0000000100)=[{{}, {<r3=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000380)={r3, 0x0, &(0x7f0000000080)=[{{<r4=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001980)={{0x80000000, 0x0, 0x4, [0x7, 0x8]}, {r4, 0x0, 0x1, [0xffff, 0x7]}, 0x10000000, [0xf01, 0x9]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800000018000100000000000000000002000000fc04000900090000060015000200008014001680100008800c000380057d010001000052bfa6cb834e6bec05f70009c5842428f2028fd09abb32f58fc2e9e3cb5bcca49b53ce3f77a74d9271687980d12d6f0aca0024bc696bbed600a1958c138085f52d6a85922e740f00005fd2d2f640f76cac89a1ac4b0bfbfb85ab8481405d181730fdd28294a77781b898425563b72ad02e71c7888c0f6ede064efb4e6a0db5b48800ee03bb47b78d8a1957ed2429e11e5fbf9c2dfe83efb7bf42fee7b68b78170e15290fd4fbb132febf0869660df9f81b32abd3dd3558bda181c53efdb2db7ef3cd3e391e4cd3a5f01ab0d83b188c0406acac5715c46022a2bb4e1f52bc5dcce1611bcf000fdd2012253737f6ced13fa08594cf2291ad5ff828350849d6275d57998529424d1323dd52b1cf4ea3233bcfaece3665cd1eac2327115627d44b27c549349fa133274b0b2ae803dc4545af2977145b6d388044367a95b9c6215d572bd6db74b54f171bfa4f8387655b00"/405], 0x38}}, 0x2000a080)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r7}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20)
socket(0xa, 0x1, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
fanotify_mark(0xffffffffffffffff, 0x641, 0x1030, 0xffffffffffffffff, 0x0)

1.948910912s ago: executing program 1 (id=1448):
syz_create_resource$binfmt(0x0)
r0 = io_uring_setup(0x7a76, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r3})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000080)='ext3\x00', 0x1)
pselect6(0x40, &(0x7f0000000180)={0x5, 0x5, 0x100000000, 0x8, 0x1, 0xffffffff, 0x5, 0x9}, &(0x7f0000000e40)={0x7c, 0xf, 0x9, 0xffffffffffff7912, 0x3, 0x0, 0x5, 0x7}, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = io_uring_setup(0x516, &(0x7f0000000640)={0x0, 0xddab, 0x2, 0x503fa, 0x8100014e})
r9 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f00000000c0)={0x42}, 0x10)
bind$tipc(r9, 0x0, 0x0)
close_range(r8, r9, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f000001be00)={0x3, 0x1, 0x7, 0x4880, <r10=>0xffffffffffffffff})
sendmmsg$unix(0xffffffffffffffff, &(0x7f000001bf00)=[{{&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f000001ba40)=[{&(0x7f000001aa40)="c19421e59dbbba469d13b6ffd355955a56cd1a1b11f86c0a9bf9bd9c3a5f243c558b03c3ef8d0ab859f6bcadc2df777732d605c4b8f24453793fd9f0db1e8b96f01b925d882052539f75d3ab2a570e532b35a48241b52fbcde92b24fe356e6e8b45d797717a6c43df8fe87e5415b27da04d57da77323b6ef54742e1e356063470ee43e61822d0d58db9e95ed5a1b487c18aa3dd07723ac3c6e4b098041d9d4b8763c612203f7fb3f6ee13b64d75a8b585b180a172a8b283240de38a3aa0844471cc223cee8db95f652667f0bf1cadac42d5162122a0a5db352de74afbef72347fd5e1ed2f91df51aa99adec4d2455e0b343ad645095a2f8ab461cb0cd3b0d3e96f92ddcb77b608f213bc0e146577dcbc03267507fe8dd4d5b42915b4e5ba4a100aa29fe3ae58cca5ba3cbe444252501596f6e814ad5962c5392ad4767ba446be57ca2200ae3d8783cfc1544451eb5b521a16126dda00111275233bfb1380f6a11fa917c4dea1d2e260a5f450b7f608f51469d5d62c4809a6c345ba81bbed35b600be8d18ed19f2ad9027b61a82695e0f70f37583b9af1c8b0fc9146a7f732c3a323b27a21f7a37f1cad4fcf05b3d3cf6628a16921905fd44fd5e27a35dbb28a4f76826f77fb3425fdace29401c16fcf152b179c8d578060958f491ef04d6887f302a25baaf67b368ad4bce7092166b02c9f85462503da7003cd19c7277c8a3a473e936b071c53d782676d5f7d14ea2ccf132d42b4aff76c97681fb14c14ef11953e5c39860f8834ba69a036768524e1070c017ee00adbc4bd2f75ea2eaa4ea6ad72f64c49752a430a3c9f219ef4f390bc3000e0aa4de1ca23a7d2feddeb61b1de63cfcaf289447ae252c220f50a8da4d6f3ac529bc4aab6edc1d412eafdc335e81182dc4633600629c7ff37c603264678c0682450a326c6ced6a1892390d004e2a0351fea30b02bc01e2743ec28dc65870d6be68584e3715837d24e0474125f154db022e39dd43f543844368fe85952d7a7410991b36a296d308ed5ea1805e0ad59013fcf5e3d0e2a7eee1eb0b4d52a0296efa9cde5ba421b4b7cb104967cfe13f2b1b575a4c7c15e1773573cc0321ffbc7e01603b9af87d575e1a80001596bf8f1400bd07e0f5c82ff68dedde9b131e6bb6f8eda2bdabd52a1b4ac15f8b9a4b6e8f93100cf5c765e5b1bb31e849b01ea4ad746d1ec6dc58926ed5c6cac239a99da0cc86c0acd0305e48919565bb731f435c43fa3cfc6afbd73ae108c99bb9e5ef0e1e738289ef66aa9a628481fff2ca54692cda1ec5fc3a8d71f56e20a7f0bc31af06318392b53c2e42ae697d945f1a643c702bfeb51d78df3dde88beb92fe501879a9d0a2b3198bb77cddcd650373a5b29b12e774283063bfd05ff56333c95ec078dfeb30ee432be8a236fc8ff8fcffd4a13ccab126fdfabbc59615e378785dc51111a17164c6ef6b0a8274d855d316c56bd345d58917973081b932ef5a71867e37581147dfad24b819f3696fc07e87109ddd6360ee94ebdc1e691c3671b43489071a85555265921f98bdcd8ca8e6444c3f2e44db3f60336822433fa8bed2307db5de6335b3f03cf6866a7146c8f2bdb72cc1785367647b15a5d53e456d5c70507f4a4f2c0481196dba2495b18ab2aa606fd1e213ed4c25d093d4d286b69c9fab82dc42dc2f69f03808be4be59b2b4bd3fb9ab0f9f34f0b95e2f8d2099b1465760ec98c0456342a4024c2e3099069e20c7b157e8b59a0eb5fca67cb80aaeb85288ee156578a420852e796632ba9bc89b6e4c9730207bd19dd71c5c7cc84dbad24e48b7d7adce70c220fa1cef2490f75c9aba6a694f2cd0eb1a90ef697277b10d6e84f611a04dd4feb7711919c423218d787d91b7b714cedb39df40b7f506dc798405d2ba06f0913d9facf1de160744b2432d5004fa77da10ed09d443a7accd8f5f1a4d30c9c9d77b6cf5f0371b8aaaa1083c99802bd99662e9e866bdab2c1f3fdc30d3f77bffa63e3e473ceef775407efdf497629e96722de09c02d4f6631aba39160a14e8a4ba73193b2696d88a0e776e254c8b0a1a890ed94655a7f702505589c67a57dfcf93394bf3954894b8f5a39b5a29952b403b7d850b16caea7ef6ad3e3a33e0d71c45a91880287cabd503227f630cdb61b232917a9d990e2377cc78a29fd02ae65ca9144b409af1dce3b1f7427a476cf525aeaea0a8b8d61e0a917ff737c4959ae7e748b9f76740a0add2dbbf9dfc3894a789d104b7c74d555a0f281a7630a09bead358ffa9a83f47c404278d51b0e529e69c4d97000a29669ce396c45e456651696d8ab814565aa0d918234d9378a5c2433de0960024e6de33f28d178950177afe251701207e62c4939d281cb366e1e1cabd6725d00ba30a3bbed1f0a54aec88f7b76cb8bc74cd635aa7ddad1e64bd0aecda3c974d36b183fc92e9d55558a8ca0de9f174805bc23722dec321a14cb1ce2781ee969ed8ec1d5bbdfc983f4deade3cd71620ce672e761424fcab5d5b71b59a7a4ee765a994e675cfbc4f4390ced201b5b21d5f5bf3c1d7340c314daf705ed6160744d86033a3233b12e3db3a8cd038c9b0facfd852dcbd2a58304e1f7a2fa99de3ef36af72ee59ff5ac9d40274ddb52cb84b6ae982e81ef67e75b2a7511b6d87aa755b25708d0196537044285eb39aa9bc48b3ef2eb95df87e502ec794922155881ba87dc9d252e787a843a519f39642f551b019e90900c16a0aa940072c49da5ef742d77469a10d212def6d6dd273075c1317af21ab4eee02fe40a945636208a4758d001c7930ea07f7fa4f2d87e26847328884513b2d9e9a256ed58481616fd3d9da3e06ee5662baf3f598c7b07466c035d28dd0625edabbf12fa1ec80506ab7b223a35d9290cf", 0x800}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESHEX=r5, @ANYRES32=r6, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r8, @ANYRES32, @ANYRES32=r10, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r0], 0x90, 0x8000}}], 0x1, 0x44040)
ioctl$TCSETSW2(r2, 0x5408, &(0x7f0000000540)={0xff, 0x37, 0xffffffee, 0x7fffffef, 0x0, "b850e43615b1b70500000000000400", 0x81002, 0x2})

810.78532ms ago: executing program 2 (id=1449):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}}, @NFT_MSG_DELTABLE={0x34, 0x2, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWTABLE={0xc4, 0x0, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_USERDATA={0x52, 0x6, "f33d0c0bc750fc2d582d69d10d7e32d0ddf9cce37d280fab80013f2003d05479af58ad67320c457a3209eef539eb788f9a4e3808dc16010634cae8e5d205051f68ce6d0cf03a1306038eb73a4d75"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x134}, 0x1, 0x0, 0x0, 0x4008091}, 0x50054)
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2142, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x24, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_HELP_NAME={0xe, 0x6, 'ftp-20000\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x9eb487cbb07c6a88)
r3 = syz_open_dev$sg(&(0x7f0000000140), 0x7, 0x608002)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0x2, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x28383, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x80000000, 0x2000000007d, 0x0, 0x4, 0x4, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x400, 0xffffffffffffffff, 0x6, 0x4, 0xf, 0x4000000007d5}, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

443.631885ms ago: executing program 0 (id=1450):
socket$kcm(0x2d, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5403340861a22753635010203010902120001000000000904"], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
semtimedop(0x0, &(0x7f00000000c0)=[{0x1, 0x7fff}], 0x1f4, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="944cf7", 0x3}], 0x1}, 0x20000010)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffff"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x10)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x40040)

0s ago: executing program 2 (id=1451):
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
r1 = socket(0x2, 0x1, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x100000002)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000)

kernel console output (not intermixed with test programs):

dor=07d0, idProduct=4101, bcdDevice=ec.5c
[  416.320739][ T5830] usb 3-1: config 0 has no interface number 0
[  416.330366][ T5714] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.341749][ T5830] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  416.355023][ T5714] usb 4-1: Product: syz
[  416.370230][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.379593][ T5714] usb 4-1: Manufacturer: syz
[  416.385348][ T5714] usb 4-1: SerialNumber: syz
[  416.404861][ T5830] usb 3-1: Product: syz
[  416.413804][ T5830] usb 3-1: Manufacturer: syz
[  416.420805][ T5714] usb 4-1: config 0 descriptor??
[  416.434810][ T5830] usb 3-1: SerialNumber: syz
[  416.444165][ T5714] cypress_m8 4-1:0.35: Nokia CA-42 V2 Adapter converter detected
[  416.464468][ T5830] usb 3-1: config 0 descriptor??
[  416.645673][ T9893] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1071'.
[  417.865299][ T5830] dvb_usb_ec168 3-1:0.1: probe with driver dvb_usb_ec168 failed with error -110
[  418.595560][   T30] audit: type=1400 audit(1777434988.894:423): avc:  denied  { mounton } for  pid=9900 comm="syz.2.1074" path="/211/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  418.728578][ T5714] usb 4-1: Nokia CA-42 V2 Adapter converter now attached to ttyUSB0
[  418.762561][ T5714] usb 4-1: USB disconnect, device number 27
[  418.793008][ T5714] nokiaca42v2 ttyUSB0: Nokia CA-42 V2 Adapter converter now disconnected from ttyUSB0
[  418.834002][ T5714] cypress_m8 4-1:0.35: device disconnected
[  418.900383][ T9901] ieee802154 phy0 wpan0: encryption failed: -22
[  419.180187][ T5728] usb 3-1: USB disconnect, device number 22
[  419.355109][ T9926] FAULT_INJECTION: forcing a failure.
[  419.355109][ T9926] name failslab, interval 1, probability 0, space 0, times 0
[  419.369357][  T988] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  419.381698][ T9926] CPU: 0 UID: 0 PID: 9926 Comm: syz.4.1080 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  419.381724][ T9926] Tainted: [L]=SOFTLOCKUP
[  419.381730][ T9926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  419.381740][ T9926] Call Trace:
[  419.381748][ T9926]  <TASK>
[  419.381754][ T9926]  dump_stack_lvl+0x100/0x190
[  419.381780][ T9926]  should_fail_ex.cold+0x5/0xa
[  419.381805][ T9926]  should_failslab+0xc2/0x120
[  419.381824][ T9926]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  419.381849][ T9926]  ? skb_clone+0x190/0x400
[  419.381881][ T9926]  skb_clone+0x190/0x400
[  419.381908][ T9926]  netlink_deliver_tap+0xaed/0xcc0
[  419.381933][ T9926]  netlink_unicast+0x62b/0x850
[  419.381958][ T9926]  ? __pfx_netlink_unicast+0x10/0x10
[  419.381986][ T9926]  netlink_sendmsg+0x8b0/0xda0
[  419.382011][ T9926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.382030][ T9926]  ? __might_fault+0x70/0x140
[  419.382065][ T9926]  ____sys_sendmsg+0x9e1/0xb70
[  419.382082][ T9926]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.382105][ T9926]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.382137][ T9926]  ___sys_sendmsg+0x190/0x1e0
[  419.382160][ T9926]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.382213][ T9926]  __sys_sendmsg+0x170/0x220
[  419.382240][ T9926]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.382277][ T9926]  ? rcu_is_watching+0x12/0xc0
[  419.382308][ T9926]  do_syscall_64+0x10b/0xf80
[  419.382327][ T9926]  ? clear_bhb_loop+0x40/0x90
[  419.382349][ T9926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.382367][ T9926] RIP: 0033:0x7fb79879cdd9
[  419.382382][ T9926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  419.382398][ T9926] RSP: 002b:00007fb7996d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.382415][ T9926] RAX: ffffffffffffffda RBX: 00007fb798a15fa0 RCX: 00007fb79879cdd9
[  419.382426][ T9926] RDX: 00000000000080c0 RSI: 0000200000000000 RDI: 0000000000000003
[  419.382441][ T9926] RBP: 00007fb7996d6090 R08: 0000000000000000 R09: 0000000000000000
[  419.382451][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.382461][ T9926] R13: 00007fb798a16038 R14: 00007fb798a15fa0 R15: 00007ffeaa3adb58
[  419.382486][ T9926]  </TASK>
[  419.689643][  T988] usb 2-1: unable to get BOS descriptor or descriptor too short
[  419.698652][  T988] usb 2-1: config 63 has an invalid interface number: 66 but max is 0
[  419.707281][  T988] usb 2-1: config 63 has an invalid descriptor of length 180, skipping remainder of the config
[  419.721900][  T988] usb 2-1: config 63 has no interface number 0
[  419.728888][  T988] usb 2-1: config 63 interface 66 has no altsetting 0
[  419.756169][  T988] usb 2-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4
[  419.765337][  T988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.774203][  T988] usb 2-1: Product: syz
[  419.779482][  T988] usb 2-1: Manufacturer: syz
[  419.784053][  T988] usb 2-1: SerialNumber: syz
[  420.201794][  T988] uvcvideo 2-1:63.66: Found UVC 0.07 device syz (174f:8acf)
[  420.211860][  T988] uvcvideo 2-1:63.66: No valid video chain found.
[  420.221449][  T988] usb 2-1: USB disconnect, device number 24
[  420.235465][ T5714] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  420.387134][ T5714] usb 5-1: config index 0 descriptor too short (expected 64776, got 68)
[  420.395643][ T5714] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  420.405988][ T5714] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  420.420299][ T5714] usb 5-1: config index 1 descriptor too short (expected 64776, got 68)
[  420.428764][ T5830] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  420.441821][ T5714] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  420.472929][ T5714] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  420.493451][ T5714] usb 5-1: string descriptor 0 read error: -71
[  420.501959][ T5714] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  420.513944][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.543845][ T5714] usb 5-1: can't set config #1, error -71
[  420.571089][ T5714] usb 5-1: USB disconnect, device number 19
[  420.633853][ T5830] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  420.683189][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.873743][ T5830] usb 1-1: Product: syz
[  420.949011][ T5830] usb 1-1: Manufacturer: syz
[  420.971239][ T5830] usb 1-1: SerialNumber: syz
[  420.997950][ T5830] usb 1-1: config 0 descriptor??
[  421.020000][ T5830] ch341 1-1:0.0: ch341-uart converter detected
[  421.244692][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1087'.
[  421.603194][ T9952] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'.
[  421.767833][   T30] audit: type=1400 audit(1777434992.184:424): avc:  denied  { create } for  pid=9953 comm="syz.1.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  421.859095][   T30] audit: type=1400 audit(1777434992.204:425): avc:  denied  { ioctl } for  pid=9953 comm="syz.1.1090" path="socket:[31154]" dev="sockfs" ino=31154 ioctlcmd=0x61f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  422.007524][   T30] audit: type=1400 audit(1777434992.204:426): avc:  denied  { write } for  pid=9953 comm="syz.1.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  422.107882][ T9961] netlink: 'syz.3.1091': attribute type 1 has an invalid length.
[  423.069090][ T5830] usb 1-1: failed to send control message: -110
[  423.098468][ T5830] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  423.247821][ T5830] usb 1-1: USB disconnect, device number 28
[  423.281232][ T5830] ch341 1-1:0.0: device disconnected
[  423.515589][ T9967] FAULT_INJECTION: forcing a failure.
[  423.515589][ T9967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.563483][ T9967] CPU: 1 UID: 0 PID: 9967 Comm: syz.1.1093 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  423.563510][ T9967] Tainted: [L]=SOFTLOCKUP
[  423.563516][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  423.563525][ T9967] Call Trace:
[  423.563528][ T9967]  <TASK>
[  423.563532][ T9967]  dump_stack_lvl+0x100/0x190
[  423.563549][ T9967]  should_fail_ex.cold+0x5/0xa
[  423.563565][ T9967]  _copy_from_user+0x2e/0xd0
[  423.563580][ T9967]  get_user_ifreq+0xe7/0x250
[  423.563591][ T9967]  sock_ioctl+0x467/0x6b0
[  423.563604][ T9967]  ? __pfx_sock_ioctl+0x10/0x10
[  423.563619][ T9967]  ? hook_file_ioctl_common+0x149/0x410
[  423.563638][ T9967]  ? selinux_file_ioctl+0x13b/0x290
[  423.563656][ T9967]  ? selinux_file_ioctl+0xb6/0x290
[  423.563669][ T9967]  ? __pfx_sock_ioctl+0x10/0x10
[  423.563682][ T9967]  __x64_sys_ioctl+0x18e/0x210
[  423.563694][ T9967]  do_syscall_64+0x10b/0xf80
[  423.563706][ T9967]  ? clear_bhb_loop+0x40/0x90
[  423.563719][ T9967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.563729][ T9967] RIP: 0033:0x7fe539d9cdd9
[  423.563739][ T9967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  423.563748][ T9967] RSP: 002b:00007fe53ac07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  423.563759][ T9967] RAX: ffffffffffffffda RBX: 00007fe53a015fa0 RCX: 00007fe539d9cdd9
[  423.563765][ T9967] RDX: 0000200000000340 RSI: 00000000000089f1 RDI: 0000000000000003
[  423.563771][ T9967] RBP: 00007fe53ac07090 R08: 0000000000000000 R09: 0000000000000000
[  423.563777][ T9967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.563783][ T9967] R13: 00007fe53a016038 R14: 00007fe53a015fa0 R15: 00007ffc00365e78
[  423.563796][ T9967]  </TASK>
[  423.919359][ T9965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1092'.
[  425.026412][   T30] audit: type=1400 audit(1777434995.444:427): avc:  denied  { setopt } for  pid=9989 comm="syz.2.1101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  425.295558][ T9995] netlink: 'syz.3.1102': attribute type 1 has an invalid length.
[  427.662112][T10010] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10010 comm=syz.1.1104
[  427.770687][T10009] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  427.777313][T10009] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  427.784952][T10009] vhci_hcd vhci_hcd.0: Device attached
[  428.441363][   T30] audit: type=1400 audit(1777434997.894:428): avc:  denied  { ioctl } for  pid=10002 comm="syz.1.1104" path="socket:[31251]" dev="sockfs" ino=31251 ioctlcmd=0x7453 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  428.493997][T10011] vhci_hcd: connection closed
[  428.502375][   T83] vhci_hcd vhci_hcd.1: stop threads
[  428.557015][   T83] vhci_hcd vhci_hcd.1: release socket
[  428.575219][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  428.677983][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1105'.
[  428.712316][T10005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1103'.
[  429.033394][ T5706] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  429.113598][ T5728] IPVS: starting estimator thread 0...
[  429.218581][ T5706] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  429.245497][T10019] IPVS: using max 41 ests per chain, 98400 per kthread
[  429.258434][ T5706] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.375046][ T5706] usb 5-1: Product: syz
[  429.390449][ T5706] usb 5-1: Manufacturer: syz
[  429.395203][ T5706] usb 5-1: SerialNumber: syz
[  429.413332][ T5706] usb 5-1: config 0 descriptor??
[  429.491682][T10025] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1108'.
[  430.123578][ T5706] ch341 5-1:0.0: ch341-uart converter detected
[  432.170002][ T5706] usb 5-1: failed to send control message: -110
[  432.182065][ T5706] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  432.475878][T10055] syzkaller0: entered promiscuous mode
[  432.486710][T10055] syzkaller0: entered allmulticast mode
[  432.682683][ T7205] usb 5-1: USB disconnect, device number 20
[  432.781873][ T7205] ch341 5-1:0.0: device disconnected
[  433.976058][T10065] netlink: 'syz.2.1120': attribute type 1 has an invalid length.
[  434.824812][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  434.834831][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  435.167687][T10063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1121'.
[  436.403173][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  436.818904][T10077] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1124'.
[  437.155438][ T5706] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  437.407168][   T30] audit: type=1400 audit(1777435007.814:429): avc:  denied  { lock } for  pid=10090 comm="syz.0.1128" path="socket:[32078]" dev="sockfs" ino=32078 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  437.506433][T10092] IPv6: NLM_F_CREATE should be specified when creating new route
[  437.552847][ T5706] usb 3-1: Using ep0 maxpacket: 32
[  437.570467][ T5706] usb 3-1: config 0 has an invalid interface number: 86 but max is 0
[  437.585886][ T5706] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  437.610272][ T5706] usb 3-1: config 0 has no interface number 0
[  437.661133][ T5706] usb 3-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=6a.32
[  437.709387][ T5706] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.731369][ T5706] usb 3-1: Product: syz
[  437.761139][ T5706] usb 3-1: Manufacturer: syz
[  437.797301][ T5706] usb 3-1: SerialNumber: syz
[  437.826147][ T5706] usb 3-1: config 0 descriptor??
[  438.469543][ T5728] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  438.662204][ T5728] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  438.712794][ T5728] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.756096][ T5728] usb 1-1: Product: syz
[  438.783548][ T5728] usb 1-1: Manufacturer: syz
[  438.811295][ T5728] usb 1-1: SerialNumber: syz
[  438.897833][ T5728] usb 1-1: config 0 descriptor??
[  438.941369][ T5728] ch341 1-1:0.0: ch341-uart converter detected
[  438.985543][ T5714] usb 4-1: new low-speed USB device number 28 using dummy_hcd
[  439.168002][ T5714] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  439.180510][ T5714] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  439.191048][ T5714] usb 4-1: config 0 has no interface number 0
[  439.203649][ T5714] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  439.215180][ T5714] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  439.226091][ T5714] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  439.241593][ T5714] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.349331][ T5714] usb 4-1: config 0 descriptor??
[  439.514179][T10109] FAULT_INJECTION: forcing a failure.
[  439.514179][T10109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.529906][T10109] CPU: 1 UID: 0 PID: 10109 Comm: syz.1.1133 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  439.529931][T10109] Tainted: [L]=SOFTLOCKUP
[  439.529937][T10109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  439.529947][T10109] Call Trace:
[  439.529952][T10109]  <TASK>
[  439.529958][T10109]  dump_stack_lvl+0x100/0x190
[  439.529983][T10109]  should_fail_ex.cold+0x5/0xa
[  439.530010][T10109]  _copy_from_iter+0x1f4/0x1690
[  439.530037][T10109]  ? __asan_memset+0x23/0x50
[  439.530062][T10109]  ? __pfx__copy_from_iter+0x10/0x10
[  439.530086][T10109]  ? __pfx___alloc_skb+0x10/0x10
[  439.530109][T10109]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  439.530141][T10109]  netlink_sendmsg+0x808/0xda0
[  439.530167][T10109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.530186][T10109]  ? __might_fault+0x70/0x140
[  439.530220][T10109]  ____sys_sendmsg+0x9e1/0xb70
[  439.530237][T10109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.530259][T10109]  ? __pfx_____sys_sendmsg+0x10/0x10
[  439.530290][T10109]  ___sys_sendmsg+0x190/0x1e0
[  439.530312][T10109]  ? __pfx____sys_sendmsg+0x10/0x10
[  439.530363][T10109]  __sys_sendmsg+0x170/0x220
[  439.530388][T10109]  ? __pfx___sys_sendmsg+0x10/0x10
[  439.530424][T10109]  ? rcu_is_watching+0x12/0xc0
[  439.530454][T10109]  do_syscall_64+0x10b/0xf80
[  439.530473][T10109]  ? clear_bhb_loop+0x40/0x90
[  439.530493][T10109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.530511][T10109] RIP: 0033:0x7fe539d9cdd9
[  439.530526][T10109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  439.530542][T10109] RSP: 002b:00007fe53abe6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  439.530559][T10109] RAX: ffffffffffffffda RBX: 00007fe53a016090 RCX: 00007fe539d9cdd9
[  439.530569][T10109] RDX: 0000000024044040 RSI: 0000200000000200 RDI: 0000000000000003
[  439.530585][T10109] RBP: 00007fe53abe6090 R08: 0000000000000000 R09: 0000000000000000
[  439.530595][T10109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.530604][T10109] R13: 00007fe53a016128 R14: 00007fe53a016090 R15: 00007ffc00365e78
[  439.530628][T10109]  </TASK>
[  439.872563][ T5706] ljca 3-1:0.86: bulk endpoints not found
[  439.885902][ T5706] usb 3-1: USB disconnect, device number 23
[  440.010149][ T5714] usb 4-1: USB disconnect, device number 28
[  440.074022][ T5728] usb 1-1: failed to send control message: -71
[  440.255968][ T5728] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  440.286567][ T5728] usb 1-1: USB disconnect, device number 29
[  440.362132][T10115] ieee802154 phy0 wpan0: encryption failed: -22
[  440.397353][ T5728] ch341 1-1:0.0: device disconnected
[  440.806044][T10121] input: syz1 as /devices/virtual/input/input15
[  441.251780][ T5728] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  441.448591][ T5728] usb 4-1: config 1 has an invalid descriptor of length 44, skipping remainder of the config
[  441.504244][ T5728] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14952, setting to 1024
[  441.612258][ T5728] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  441.688928][ T5728] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  441.852141][ T5728] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  441.978498][ T5728] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  442.019837][ T5728] usb 4-1: SerialNumber: syz
[  442.052316][T10134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1142'.
[  442.061625][T10130] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  442.773299][   T30] audit: type=1400 audit(1777435012.804:430): avc:  denied  { firmware_load } for  pid=10136 comm="syz.0.1143" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  442.880488][T10150] syz.0.1143 (10150) used greatest stack depth: 19376 bytes left
[  443.276970][T10157] ªªªªªª: renamed from vlan0 (while UP)
[  443.335724][T10153] veth7: entered allmulticast mode
[  443.411410][T10163] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10163 comm=syz.0.1145
[  443.717791][T10169] binder: 10165:10169 ioctl 8100587e 200000000340 returned -22
[  444.142671][ T5728] usbtest 4-1:1.0: couldn't get endpoints, -22
[  444.149279][ T5728] usbtest 4-1:1.0: probe with driver usbtest failed with error -22
[  444.165669][ T5714] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  444.178297][ T5728] usb 4-1: USB disconnect, device number 29
[  444.510070][ T5714] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  445.321224][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.329774][ T5714] usb 5-1: Product: syz
[  445.333952][ T5714] usb 5-1: Manufacturer: syz
[  445.338554][ T5714] usb 5-1: SerialNumber: syz
[  445.345406][ T5714] usb 5-1: config 0 descriptor??
[  445.353220][ T5714] ch341 5-1:0.0: ch341-uart converter detected
[  446.156226][T10187] UBIFS error (pid: 10187): cannot open "c:::", error -22
[  447.337241][ T5714] usb 5-1: failed to send control message: -71
[  447.357261][ T5714] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  447.380397][T10201] FAULT_INJECTION: forcing a failure.
[  447.380397][T10201] name failslab, interval 1, probability 0, space 0, times 0
[  447.400080][T10201] CPU: 0 UID: 0 PID: 10201 Comm: syz.1.1156 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  447.400097][T10201] Tainted: [L]=SOFTLOCKUP
[  447.400101][T10201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  447.400107][T10201] Call Trace:
[  447.400111][T10201]  <TASK>
[  447.400115][T10201]  dump_stack_lvl+0x100/0x190
[  447.400133][T10201]  should_fail_ex.cold+0x5/0xa
[  447.400148][T10201]  ? inotify_handle_inode_event+0x1a5/0x6a0
[  447.400160][T10201]  should_failslab+0xc2/0x120
[  447.400172][T10201]  __kmalloc_noprof+0xe0/0x850
[  447.400190][T10201]  inotify_handle_inode_event+0x1a5/0x6a0
[  447.400204][T10201]  ? __pfx_inotify_handle_inode_event+0x10/0x10
[  447.400216][T10201]  fsnotify_handle_inode_event.isra.0+0x1e3/0x410
[  447.400233][T10201]  fsnotify+0x16ca/0x3440
[  447.400251][T10201]  ? __pfx_fsnotify+0x10/0x10
[  447.400271][T10201]  __fsnotify_parent+0x678/0xca0
[  447.400290][T10201]  ? __pfx___fsnotify_parent+0x10/0x10
[  447.400307][T10201]  ? __pfx_shmem_file_read_iter+0x10/0x10
[  447.400322][T10201]  ? kasan_save_stack+0x30/0x50
[  447.400342][T10201]  ? __kasan_kmalloc+0xaa/0xb0
[  447.400357][T10201]  ? ima_calc_file_hash_tfm+0x236/0x350
[  447.400372][T10201]  ? ima_calc_file_hash+0x1e3/0x380
[  447.400388][T10201]  ? __kernel_read+0x5b2/0xac0
[  447.400399][T10201]  __kernel_read+0x5b2/0xac0
[  447.400410][T10201]  ? __pfx___kernel_read+0x10/0x10
[  447.400431][T10201]  integrity_kernel_read+0x7e/0xb0
[  447.400443][T10201]  ? __pfx_integrity_kernel_read+0x10/0x10
[  447.400456][T10201]  ? kasan_save_track+0x14/0x30
[  447.400473][T10201]  ima_calc_file_hash_tfm+0x25e/0x350
[  447.400488][T10201]  ? __pfx_ima_calc_file_hash_tfm+0x10/0x10
[  447.400518][T10201]  ? shmem_huge_global_enabled.isra.0+0x6c/0x210
[  447.400534][T10201]  ? ima_alloc_tfm+0x21a/0x2e0
[  447.400547][T10201]  ? shmem_getattr+0x38e/0x450
[  447.400563][T10201]  ima_calc_file_hash+0x1e3/0x380
[  447.400580][T10201]  ima_collect_measurement+0x94f/0xb30
[  447.400599][T10201]  ? __pfx_ima_collect_measurement+0x10/0x10
[  447.400628][T10201]  ? vfs_getxattr_alloc+0xec/0x350
[  447.400645][T10201]  ? ima_get_hash_algo+0x22d/0x400
[  447.400657][T10201]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  447.400671][T10201]  ? process_measurement+0xdfe/0x2350
[  447.400684][T10201]  process_measurement+0xdfe/0x2350
[  447.400702][T10201]  ? __pfx_process_measurement+0x10/0x10
[  447.400717][T10201]  ? avc_has_perm+0x135/0x1e0
[  447.400734][T10201]  ? __pfx_avc_has_perm+0x10/0x10
[  447.400750][T10201]  ? find_held_lock+0x2b/0x80
[  447.400761][T10201]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  447.400776][T10201]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  447.400804][T10201]  ? __file_map_prot_check+0x3b1/0x550
[  447.400819][T10201]  ima_file_mmap+0x1bb/0x1e0
[  447.400833][T10201]  ? __pfx_ima_file_mmap+0x10/0x10
[  447.400846][T10201]  ? proc_fail_nth_write+0x9f/0x220
[  447.400860][T10201]  security_mmap_file+0x278/0x9b0
[  447.400875][T10201]  vm_mmap_pgoff+0xec/0x470
[  447.400888][T10201]  ? find_held_lock+0x2b/0x80
[  447.400898][T10201]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  447.400909][T10201]  ? __fget_files+0x215/0x3d0
[  447.400927][T10201]  ? __fget_files+0x21f/0x3d0
[  447.400951][T10201]  ksys_mmap_pgoff+0x3cb/0x610
[  447.400965][T10201]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  447.400975][T10201]  ? fput+0x79/0x100
[  447.400989][T10201]  ? ksys_write+0x1ac/0x250
[  447.401000][T10201]  ? __pfx_ksys_write+0x10/0x10
[  447.401012][T10201]  __x64_sys_mmap+0x125/0x190
[  447.401028][T10201]  do_syscall_64+0x10b/0xf80
[  447.401039][T10201]  ? clear_bhb_loop+0x40/0x90
[  447.401052][T10201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.401063][T10201] RIP: 0033:0x7fe539d9cdd9
[  447.401072][T10201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  447.401082][T10201] RSP: 002b:00007fe53ac07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  447.401093][T10201] RAX: ffffffffffffffda RBX: 00007fe53a015fa0 RCX: 00007fe539d9cdd9
[  447.401099][T10201] RDX: 000000000000000c RSI: 000000000000e000 RDI: 00002000002d6000
[  447.401105][T10201] RBP: 00007fe53ac07090 R08: 0000000000000003 R09: 00000000ffff9000
[  447.401111][T10201] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  447.401117][T10201] R13: 00007fe53a016038 R14: 00007fe53a015fa0 R15: 00007ffc00365e78
[  447.401130][T10201]  </TASK>
[  447.410427][ T5714] usb 5-1: USB disconnect, device number 21
[  447.885443][ T5706] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  447.918482][ T5714] ch341 5-1:0.0: device disconnected
[  448.045450][ T5706] usb 4-1: Using ep0 maxpacket: 16
[  448.052280][ T5706] usb 4-1: too many endpoints for config 0 interface 0 altsetting 64: 129, using maximum allowed: 30
[  448.064642][ T5706] usb 4-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  448.099745][ T5706] usb 4-1: config 0 interface 0 altsetting 64 endpoint 0x81 has invalid wMaxPacketSize 0
[  448.126383][ T5706] usb 4-1: config 0 interface 0 altsetting 64 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  448.158088][ T5706] usb 4-1: config 0 interface 0 has no altsetting 0
[  448.168512][ T5706] usb 4-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00
[  448.178435][ T5706] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.215290][ T5706] usb 4-1: config 0 descriptor??
[  449.134773][T10217] syzkaller1: entered promiscuous mode
[  449.173269][T10217] syzkaller1: entered allmulticast mode
[  450.079367][ T5714] usb 4-1: USB disconnect, device number 30
[  451.655973][T10239] netlink: 'syz.0.1164': attribute type 1 has an invalid length.
[  453.033886][T10243] netlink: 'syz.0.1166': attribute type 1 has an invalid length.
[  453.762944][ T5770] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  453.786094][ T5714] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  453.949793][ T5770] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  453.961068][ T5770] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  453.968229][ T5714] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  454.037584][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.047707][ T5714] usb 5-1: Product: syz
[  454.053250][ T5714] usb 5-1: Manufacturer: syz
[  454.059655][ T5714] usb 5-1: SerialNumber: syz
[  454.078190][ T5714] usb 5-1: config 0 descriptor??
[  454.087909][ T5714] ch341 5-1:0.0: ch341-uart converter detected
[  454.088166][ T5770] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  454.133905][ T5770] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  454.144587][ T5770] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  454.255909][ T5770] usb 1-1: SerialNumber: syz
[  454.282293][T10247] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  454.357866][T10267] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1171'.
[  454.372645][   T30] audit: type=1400 audit(1777435024.784:431): avc:  denied  { accept } for  pid=10264 comm="syz.1.1171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  454.814055][T10243] bond3: entered promiscuous mode
[  454.824585][T10243] bond3: entered allmulticast mode
[  454.841077][T10243] 8021q: adding VLAN 0 to HW filter on device bond3
[  454.919115][T10243] veth7: entered promiscuous mode
[  454.921995][T10269] FAULT_INJECTION: forcing a failure.
[  454.921995][T10269] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  454.924994][T10243] veth7: entered allmulticast mode
[  454.939542][T10269] CPU: 0 UID: 0 PID: 10269 Comm: syz.2.1172 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  454.939566][T10269] Tainted: [L]=SOFTLOCKUP
[  454.939571][T10269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  454.939581][T10269] Call Trace:
[  454.939586][T10269]  <TASK>
[  454.939592][T10269]  dump_stack_lvl+0x100/0x190
[  454.939615][T10269]  should_fail_ex.cold+0x5/0xa
[  454.939633][T10269]  ? prepare_alloc_pages+0x16d/0x5f0
[  454.939656][T10269]  should_fail_alloc_page+0xeb/0x140
[  454.939675][T10269]  prepare_alloc_pages+0x1f0/0x5f0
[  454.939692][T10269]  ? post_alloc_hook+0x140/0x170
[  454.939715][T10269]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  454.939741][T10269]  ? check_irq_usage+0xe5/0x810
[  454.939761][T10269]  ? __bfs+0x150/0x2a0
[  454.939775][T10269]  ? __bfs+0x150/0x2a0
[  454.939795][T10269]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  454.939824][T10269]  ? __bfs+0x150/0x2a0
[  454.939844][T10269]  ? check_irq_usage+0xe5/0x810
[  454.939861][T10269]  ? css_rstat_updated+0x1ce/0x5a0
[  454.939881][T10269]  ? __bfs+0x150/0x2a0
[  454.939894][T10269]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  454.939914][T10269]  ? policy_nodemask+0xed/0x4f0
[  454.939932][T10269]  alloc_pages_mpol+0x1fb/0x540
[  454.939950][T10269]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  454.939968][T10269]  ? __lock_acquire+0x4a5/0x2630
[  454.939989][T10269]  folio_alloc_mpol_noprof+0x36/0x260
[  454.940009][T10269]  vma_alloc_folio_noprof+0xed/0x1d0
[  454.940028][T10269]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  454.940053][T10269]  do_anonymous_page+0xb46/0x2050
[  454.940075][T10269]  ? rcu_read_unlock+0x2d/0xb0
[  454.940101][T10269]  __handle_mm_fault+0x1d2c/0x2a00
[  454.940124][T10269]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  454.940148][T10269]  ? __pfx___handle_mm_fault+0x10/0x10
[  454.940170][T10269]  ? pte_offset_map_lock+0x174/0x320
[  454.940187][T10269]  ? find_held_lock+0x2b/0x80
[  454.940208][T10269]  ? follow_page_pte+0x4d0/0x13f0
[  454.940230][T10269]  handle_mm_fault+0x36d/0xa20
[  454.940255][T10269]  __get_user_pages+0x1178/0x32a0
[  454.940279][T10269]  ? down_read_killable+0x307/0x4b0
[  454.940300][T10269]  ? __pfx___get_user_pages+0x10/0x10
[  454.940317][T10269]  ? __pfx_gup_fast_fallback+0x10/0x10
[  454.940340][T10269]  get_user_pages_unlocked+0x1cb/0x7d0
[  454.940362][T10269]  ? __pfx_get_user_pages_unlocked+0x10/0x10
[  454.940379][T10269]  ? get_user_pages_fast_only+0xae/0xf0
[  454.940397][T10269]  ? __pfx_get_user_pages_fast_only+0x10/0x10
[  454.940415][T10269]  ? __pfx___might_resched+0x10/0x10
[  454.940440][T10269]  ? bpf_ksym_find+0x128/0x1c0
[  454.940465][T10269]  hva_to_pfn+0x871/0xd60
[  454.940486][T10269]  ? __lock_acquire+0x4a5/0x2630
[  454.940506][T10269]  ? __pfx_hva_to_pfn+0x10/0x10
[  454.940526][T10269]  ? __lock_acquire+0x4a5/0x2630
[  454.940548][T10269]  ? rcu_is_watching+0x12/0xc0
[  454.940578][T10269]  kvm_follow_pfn+0x291/0x430
[  454.940600][T10269]  __kvm_faultin_pfn+0x11c/0x1a0
[  454.940619][T10269]  ? __pfx___kvm_faultin_pfn+0x10/0x10
[  454.940638][T10269]  ? __pfx_xa_load+0x10/0x10
[  454.940660][T10269]  ? kvm_tdp_mmu_map+0xb07/0x21c0
[  454.940681][T10269]  kvm_mmu_faultin_pfn+0xb73/0x2270
[  454.940711][T10269]  ? __pfx_fast_page_fault+0x10/0x10
[  454.940733][T10269]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[  454.940758][T10269]  ? __kvm_mmu_topup_memory_cache+0x332/0x5f0
[  454.940775][T10269]  ? find_held_lock+0x2b/0x80
[  454.940788][T10269]  ? kvm_tdp_page_fault+0x295/0x3d0
[  454.940811][T10269]  kvm_tdp_page_fault+0x182/0x3d0
[  454.940831][T10269]  kvm_mmu_do_page_fault+0x5a4/0x6c0
[  454.940851][T10269]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  454.940868][T10269]  ? bpf_ksym_find+0x128/0x1c0
[  454.940893][T10269]  ? kernel_text_address+0x8d/0x100
[  454.940911][T10269]  ? __pfx_widen_string+0x10/0x10
[  454.940931][T10269]  ? __kernel_text_address+0xd/0x30
[  454.940950][T10269]  ? unwind_get_return_address+0x59/0xa0
[  454.940977][T10269]  kvm_mmu_page_fault+0x1dd/0x1a70
[  454.941003][T10269]  ? rcu_qs+0x2a/0xe0
[  454.941023][T10269]  ? __pfx_kvm_mmu_page_fault+0x10/0x10
[  454.941047][T10269]  ? mark_held_locks+0x40/0x70
[  454.941064][T10269]  ? irqentry_exit+0x246/0x790
[  454.941081][T10269]  ? lockdep_hardirqs_on+0x78/0x100
[  454.941098][T10269]  ? irqentry_exit+0x246/0x790
[  454.941118][T10269]  handle_ept_violation+0x324/0x7b0
[  454.941141][T10269]  ? __pfx_handle_ept_violation+0x10/0x10
[  454.941162][T10269]  vmx_handle_exit+0x84c/0x1f30
[  454.941186][T10269]  vcpu_run+0x34cf/0x5ca0
[  454.941218][T10269]  ? __pfx_vcpu_run+0x10/0x10
[  454.941246][T10269]  ? rcu_is_watching+0x12/0xc0
[  454.941271][T10269]  ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890
[  454.941293][T10269]  kvm_arch_vcpu_ioctl_run+0x5b6/0x1890
[  454.941321][T10269]  kvm_vcpu_ioctl+0x730/0x1720
[  454.941340][T10269]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  454.941357][T10269]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  454.941376][T10269]  ? do_vfs_ioctl+0x226/0x13e0
[  454.941392][T10269]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  454.941408][T10269]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  454.941439][T10269]  ? __fget_files+0x215/0x3d0
[  454.941456][T10269]  ? hook_file_ioctl_common+0x149/0x410
[  454.941485][T10269]  ? selinux_file_ioctl+0x13b/0x290
[  454.941503][T10269]  ? selinux_file_ioctl+0xb6/0x290
[  454.941523][T10269]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  454.941540][T10269]  __x64_sys_ioctl+0x18e/0x210
[  454.941557][T10269]  do_syscall_64+0x10b/0xf80
[  454.941573][T10269]  ? clear_bhb_loop+0x40/0x90
[  454.941592][T10269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.941607][T10269] RIP: 0033:0x7f5f5c39cdd9
[  454.941621][T10269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.941635][T10269] RSP: 002b:00007f5f5d2b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.941650][T10269] RAX: ffffffffffffffda RBX: 00007f5f5c615fa0 RCX: 00007f5f5c39cdd9
[  454.941659][T10269] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  454.941668][T10269] RBP: 00007f5f5d2b9090 R08: 0000000000000000 R09: 0000000000000000
[  454.941677][T10269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.941685][T10269] R13: 00007f5f5c616038 R14: 00007f5f5c615fa0 R15: 00007ffc57ef29e8
[  454.941707][T10269]  </TASK>
[  455.544187][T10243] bond3: (slave veth7): Enslaving as a backup interface with a down link
[  455.667543][ T5714] usb 5-1: failed to send control message: -71
[  455.675255][ T5714] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  455.709481][ T5714] usb 5-1: USB disconnect, device number 22
[  455.732655][ T5714] ch341 5-1:0.0: device disconnected
[  455.873451][T10247] veth9: entered promiscuous mode
[  455.875402][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  455.887276][T10247] veth9: entered allmulticast mode
[  455.930038][T10247] bond3: (slave veth9): Enslaving as a backup interface with a down link
[  456.267687][ T5770] usbtest 1-1:1.0: couldn't get endpoints, -22
[  456.677399][T10280] UBIFS error (pid: 10280): cannot open "c:::", error -22
[  457.030989][ T5714] vxcan1 speed is unknown, defaulting to 1000
[  457.068746][ T5770] usbtest 1-1:1.0: probe with driver usbtest failed with error -22
[  457.080004][ T5770] usb 1-1: USB disconnect, device number 30
[  458.191283][T10305] netlink: 'syz.1.1181': attribute type 1 has an invalid length.
[  458.303552][T10314] bond2: entered promiscuous mode
[  458.314260][T10314] bond2: entered allmulticast mode
[  458.339627][T10314] 8021q: adding VLAN 0 to HW filter on device bond2
[  458.720350][T10305] veth7: entered promiscuous mode
[  458.726353][T10305] veth7: entered allmulticast mode
[  458.743629][T10314] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=10314 comm=syz.1.1181
[  458.787189][T10305] bond2: (slave veth7): Enslaving as a backup interface with a down link
[  458.816434][T10324] FAULT_INJECTION: forcing a failure.
[  458.816434][T10324] name failslab, interval 1, probability 0, space 0, times 0
[  458.856087][T10324] CPU: 1 UID: 0 PID: 10324 Comm: syz.3.1187 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  458.856114][T10324] Tainted: [L]=SOFTLOCKUP
[  458.856119][T10324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  458.856129][T10324] Call Trace:
[  458.856134][T10324]  <TASK>
[  458.856140][T10324]  dump_stack_lvl+0x100/0x190
[  458.856171][T10324]  should_fail_ex.cold+0x5/0xa
[  458.856197][T10324]  should_failslab+0xc2/0x120
[  458.856216][T10324]  __kmalloc_cache_noprof+0x7a/0x6f0
[  458.856239][T10324]  ? rdma_resolve_ip+0x63/0x6b0
[  458.856255][T10324]  ? do_raw_spin_lock+0x128/0x260
[  458.856284][T10324]  rdma_resolve_ip+0x63/0x6b0
[  458.856299][T10324]  ? __pfx_addr_handler+0x10/0x10
[  458.856319][T10324]  rdma_resolve_addr+0x357/0x20e0
[  458.856336][T10324]  ? xa_load+0x153/0x2c0
[  458.856357][T10324]  ? __pfx_xa_load+0x10/0x10
[  458.856384][T10324]  ? __pfx_rdma_resolve_addr+0x10/0x10
[  458.856405][T10324]  ? __pfx_ucma_get_ctx+0x10/0x10
[  458.856429][T10324]  ? ucma_resolve_ip+0x161/0x220
[  458.856444][T10324]  ucma_resolve_ip+0x161/0x220
[  458.856462][T10324]  ? __pfx_ucma_resolve_ip+0x10/0x10
[  458.856489][T10324]  ? __pfx_ucma_resolve_ip+0x10/0x10
[  458.856506][T10324]  ucma_write+0x1fb/0x330
[  458.856521][T10324]  ? __pfx_ucma_write+0x10/0x10
[  458.856536][T10324]  ? bpf_lsm_file_permission+0x9/0x10
[  458.856561][T10324]  ? security_file_permission+0x76/0x210
[  458.856584][T10324]  ? rw_verify_area+0xce/0x6d0
[  458.856612][T10324]  vfs_write+0x2aa/0x1070
[  458.856631][T10324]  ? __pfx_ucma_write+0x10/0x10
[  458.856648][T10324]  ? __pfx_vfs_write+0x10/0x10
[  458.856664][T10324]  ? find_held_lock+0x2b/0x80
[  458.856680][T10324]  ? __fget_files+0x215/0x3d0
[  458.856700][T10324]  ? __fget_files+0x215/0x3d0
[  458.856725][T10324]  ? __fget_files+0x21f/0x3d0
[  458.856753][T10324]  ksys_write+0x1f8/0x250
[  458.856771][T10324]  ? __pfx_ksys_write+0x10/0x10
[  458.856792][T10324]  ? rcu_is_watching+0x12/0xc0
[  458.856821][T10324]  do_syscall_64+0x10b/0xf80
[  458.856840][T10324]  ? clear_bhb_loop+0x40/0x90
[  458.856861][T10324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.856878][T10324] RIP: 0033:0x7f60ff19cdd9
[  458.856893][T10324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  458.856908][T10324] RSP: 002b:00007f60fd3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  458.856922][T10324] RAX: ffffffffffffffda RBX: 00007f60ff415fa0 RCX: 00007f60ff19cdd9
[  458.856928][T10324] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000004
[  458.856934][T10324] RBP: 00007f60fd3f6090 R08: 0000000000000000 R09: 0000000000000000
[  458.856940][T10324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.856945][T10324] R13: 00007f60ff416038 R14: 00007f60ff415fa0 R15: 00007fffa5e19d28
[  458.856959][T10324]  </TASK>
[  458.915901][ T5728] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  458.927521][T10314] veth9: entered promiscuous mode
[  459.199661][T10314] veth9: entered allmulticast mode
[  459.230425][T10314] bond2: (slave veth9): Enslaving as a backup interface with a down link
[  459.348712][ T5728] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  459.369772][ T5728] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.378437][ T5728] usb 1-1: Product: syz
[  459.383638][ T5728] usb 1-1: Manufacturer: syz
[  459.390153][ T5728] usb 1-1: SerialNumber: syz
[  459.400408][ T5728] usb 1-1: config 0 descriptor??
[  459.681454][ T5728] ch341 1-1:0.0: ch341-uart converter detected
[  460.882542][T10352] netlink: 'syz.3.1192': attribute type 1 has an invalid length.
[  460.906621][ T5728] usb 1-1: failed to send control message: -71
[  460.912853][ T5728] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  460.972247][ T5728] usb 1-1: USB disconnect, device number 31
[  461.009650][ T5728] ch341 1-1:0.0: device disconnected
[  461.096020][T10353] bond3: entered promiscuous mode
[  461.102285][T10360] netlink: 'syz.2.1195': attribute type 1 has an invalid length.
[  461.115466][T10353] bond3: entered allmulticast mode
[  461.129189][T10353] 8021q: adding VLAN 0 to HW filter on device bond3
[  461.233242][T10366] netlink: 'syz.4.1196': attribute type 1 has an invalid length.
[  461.242279][T10347] veth5: entered promiscuous mode
[  461.250622][T10352] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=10352 comm=syz.3.1192
[  461.276181][T10347] veth5: entered allmulticast mode
[  461.284488][T10347] bond3: (slave veth5): Enslaving as a backup interface with a down link
[  461.353492][T10352] veth7: entered promiscuous mode
[  461.360197][T10352] veth7: entered allmulticast mode
[  461.370002][T10352] bond3: (slave veth7): Enslaving as a backup interface with a down link
[  461.416493][ T5770] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  461.568097][ T5714] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  461.577735][ T5770] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  461.590513][ T5770] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  461.601520][ T5770] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  461.803759][ T5770] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  461.904105][  T988] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  461.914274][ T5770] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  461.927572][ T5714] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  461.947833][ T5770] usb 3-1: SerialNumber: syz
[  461.956178][ T5714] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  461.973440][ T5714] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  461.986974][ T5714] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  462.000932][T10364] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  462.021040][ T5714] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  462.035467][ T5714] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  462.045831][ T5714] usb 5-1: SerialNumber: syz
[  462.087796][  T988] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  462.101227][  T988] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  462.122711][  T988] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.156564][  T988] gspca_main: stv0680-2.14.0 probing 041e:4007
[  462.177007][T10376] vxcan1 speed is unknown, defaulting to 1000
[  462.237276][T10360] bond3: entered promiscuous mode
[  462.243557][T10360] bond3: entered allmulticast mode
[  462.255802][T10360] 8021q: adding VLAN 0 to HW filter on device bond3
[  462.276779][T10366] bond5: entered promiscuous mode
[  462.286998][T10366] bond5: entered allmulticast mode
[  462.292430][T10366] 8021q: adding VLAN 0 to HW filter on device bond5
[  462.327775][T10360] veth15: entered promiscuous mode
[  462.337932][T10360] veth15: entered allmulticast mode
[  462.355026][T10360] bond3: (slave veth15): Enslaving as a backup interface with a down link
[  462.381705][T10366] veth15: entered promiscuous mode
[  462.387212][T10366] veth15: entered allmulticast mode
[  462.408412][T10366] bond5: (slave veth15): Enslaving as a backup interface with a down link
[  462.495078][T10364] veth17: entered promiscuous mode
[  462.516617][T10364] veth17: entered allmulticast mode
[  462.529338][T10364] bond3: (slave veth17): Enslaving as a backup interface with a down link
[  462.604831][   T30] audit: type=1400 audit(1777435033.014:432): avc:  denied  { read } for  pid=10377 comm="syz.1.1200" name="btrfs-control" dev="devtmpfs" ino=1315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  462.749176][   T30] audit: type=1400 audit(1777435033.044:433): avc:  denied  { open } for  pid=10377 comm="syz.1.1200" path="/dev/btrfs-control" dev="devtmpfs" ino=1315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  462.774242][   T30] audit: type=1400 audit(1777435033.044:434): avc:  denied  { ioctl } for  pid=10377 comm="syz.1.1200" path="/dev/btrfs-control" dev="devtmpfs" ino=1315 ioctlcmd=0x9427 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  463.257440][  T988] stv0680 1-1:4.0: STV(e): camera ping failed!!
[  463.290214][  T988] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[  463.299851][ T5770] usbtest 3-1:1.0: couldn't get endpoints, -22
[  463.313022][ T5770] usbtest 3-1:1.0: probe with driver usbtest failed with error -22
[  463.321964][  T988] stv0680 1-1:4.0: last error: 212,  command = 0x2b
[  463.330324][T10368] veth17: entered promiscuous mode
[  463.340003][T10368] veth17: entered allmulticast mode
[  463.346771][ T5770] usb 3-1: USB disconnect, device number 24
[  463.359952][T10368] bond5: (slave veth17): Enslaving as a backup interface with a down link
[  463.400273][ T5714] usbtest 5-1:1.0: couldn't get endpoints, -22
[  463.419247][ T5714] usbtest 5-1:1.0: probe with driver usbtest failed with error -22
[  463.439116][ T5714] usb 5-1: USB disconnect, device number 23
[  463.490007][  T988] usb 1-1: USB disconnect, device number 32
[  463.505688][ T5830] usb 2-1: new low-speed USB device number 25 using dummy_hcd
[  463.645509][ T5830] usb 2-1: device descriptor read/64, error -71
[  463.896033][ T5830] usb 2-1: new low-speed USB device number 26 using dummy_hcd
[  464.298978][ T5830] usb 2-1: device descriptor read/64, error -71
[  464.425914][ T5830] usb usb2-port1: attempt power cycle
[  464.587885][  T988] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  464.765964][  T988] usb 3-1: Using ep0 maxpacket: 32
[  464.779169][  T988] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  464.793828][ T5830] usb 2-1: new low-speed USB device number 27 using dummy_hcd
[  464.811332][  T988] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.838394][ T5830] usb 2-1: device descriptor read/8, error -71
[  464.846062][  T988] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  464.873912][  T988] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  464.904316][  T988] usb 3-1: config 0 interface 0 has no altsetting 0
[  464.923184][  T988] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  464.947860][  T988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.977158][  T988] usb 3-1: config 0 descriptor??
[  465.117586][ T5830] usb 2-1: new low-speed USB device number 28 using dummy_hcd
[  465.176078][ T5830] usb 2-1: device descriptor read/8, error -71
[  465.192005][T10396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.224911][T10396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.242719][T10396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.267571][T10396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.303668][T10396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.312520][ T5830] usb usb2-port1: unable to enumerate USB device
[  465.323953][T10396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.339027][T10396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.360039][T10396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.385539][T10396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.406057][T10396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.545987][ T5714] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  465.813609][ T5714] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  465.844000][ T5714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.863412][ T5714] usb 1-1: Product: syz
[  465.882592][ T5714] usb 1-1: Manufacturer: syz
[  465.927350][ T5714] usb 1-1: SerialNumber: syz
[  465.989048][ T5714] usb 1-1: config 0 descriptor??
[  466.075851][ T5714] ch341 1-1:0.0: ch341-uart converter detected
[  466.076441][T10396] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  466.283521][T10417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1210'.
[  466.546280][  T988] usbhid 3-1:0.0: can't add hid device: -71
[  466.559102][  T988] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  466.593881][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1208'.
[  466.614964][  T988] usb 3-1: USB disconnect, device number 25
[  466.759613][T10421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1211'.
[  467.031568][T10424] FAULT_INJECTION: forcing a failure.
[  467.031568][T10424] name failslab, interval 1, probability 0, space 0, times 0
[  467.044322][T10426] FAULT_INJECTION: forcing a failure.
[  467.044322][T10426] name failslab, interval 1, probability 0, space 0, times 0
[  467.044352][T10426] CPU: 0 UID: 0 PID: 10426 Comm: syz.4.1214 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  467.044375][T10426] Tainted: [L]=SOFTLOCKUP
[  467.044381][T10426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  467.044391][T10426] Call Trace:
[  467.044396][T10426]  <TASK>
[  467.044403][T10426]  dump_stack_lvl+0x100/0x190
[  467.044428][T10426]  should_fail_ex.cold+0x5/0xa
[  467.044451][T10426]  should_failslab+0xc2/0x120
[  467.044468][T10426]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  467.044491][T10426]  ? __alloc_skb+0x140/0x710
[  467.044511][T10426]  ? __alloc_skb+0x5b7/0x710
[  467.044534][T10426]  __alloc_skb+0x140/0x710
[  467.044553][T10426]  ? __alloc_skb+0x5b7/0x710
[  467.044572][T10426]  ? __pfx___alloc_skb+0x10/0x10
[  467.044593][T10426]  ? up_write+0x28c/0x4f0
[  467.044618][T10426]  alloc_skb_with_frags+0xdd/0x760
[  467.044648][T10426]  sock_alloc_send_pskb+0x801/0x980
[  467.044668][T10426]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  467.044689][T10426]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  467.044709][T10426]  ? find_held_lock+0x2b/0x80
[  467.044723][T10426]  ? dev_get_by_index+0x180/0x380
[  467.044743][T10426]  ? dev_get_by_index+0x180/0x380
[  467.044770][T10426]  packet_sendmsg+0x1eda/0x5100
[  467.044797][T10426]  ? __lock_acquire+0x4a5/0x2630
[  467.044819][T10426]  ? sock_has_perm+0x258/0x2f0
[  467.044835][T10426]  ? __pfx_sock_has_perm+0x10/0x10
[  467.044853][T10426]  ? __pfx_packet_sendmsg+0x10/0x10
[  467.044882][T10426]  ____sys_sendmsg+0x9e1/0xb70
[  467.044898][T10426]  ? __pfx_packet_sendmsg+0x10/0x10
[  467.044916][T10426]  ? __pfx_____sys_sendmsg+0x10/0x10
[  467.044943][T10426]  ___sys_sendmsg+0x190/0x1e0
[  467.044963][T10426]  ? __pfx____sys_sendmsg+0x10/0x10
[  467.045006][T10426]  __sys_sendmsg+0x170/0x220
[  467.045028][T10426]  ? __pfx___sys_sendmsg+0x10/0x10
[  467.045059][T10426]  ? rcu_is_watching+0x12/0xc0
[  467.045084][T10426]  do_syscall_64+0x10b/0xf80
[  467.045100][T10426]  ? clear_bhb_loop+0x40/0x90
[  467.045118][T10426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.045134][T10426] RIP: 0033:0x7fb79879cdd9
[  467.045146][T10426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.045160][T10426] RSP: 002b:00007fb7996d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  467.045175][T10426] RAX: ffffffffffffffda RBX: 00007fb798a15fa0 RCX: 00007fb79879cdd9
[  467.045185][T10426] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000008
[  467.045193][T10426] RBP: 00007fb7996d6090 R08: 0000000000000000 R09: 0000000000000000
[  467.045202][T10426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.045216][T10426] R13: 00007fb798a16038 R14: 00007fb798a15fa0 R15: 00007ffeaa3adb58
[  467.045236][T10426]  </TASK>
[  467.345960][T10424] CPU: 1 UID: 0 PID: 10424 Comm: syz.3.1213 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  467.345982][T10424] Tainted: [L]=SOFTLOCKUP
[  467.345986][T10424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  467.345992][T10424] Call Trace:
[  467.345996][T10424]  <TASK>
[  467.346001][T10424]  dump_stack_lvl+0x100/0x190
[  467.346018][T10424]  should_fail_ex.cold+0x5/0xa
[  467.346033][T10424]  ? tomoyo_encode2+0xfb/0x3c0
[  467.346046][T10424]  should_failslab+0xc2/0x120
[  467.346058][T10424]  __kmalloc_noprof+0xe0/0x850
[  467.346075][T10424]  ? d_absolute_path+0x136/0x1b0
[  467.346103][T10424]  tomoyo_encode2+0xfb/0x3c0
[  467.346128][T10424]  tomoyo_encode+0x29/0x50
[  467.346143][T10424]  tomoyo_realpath_from_path+0x18c/0x690
[  467.346160][T10424]  tomoyo_path_number_perm+0x23c/0x580
[  467.346172][T10424]  ? tomoyo_path_number_perm+0x22e/0x580
[  467.346185][T10424]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  467.346210][T10424]  ? find_held_lock+0x2b/0x80
[  467.346221][T10424]  ? __fget_files+0x215/0x3d0
[  467.346233][T10424]  ? hook_file_ioctl_common+0x149/0x410
[  467.346248][T10424]  ? __fget_files+0x215/0x3d0
[  467.346264][T10424]  ? __fget_files+0x21f/0x3d0
[  467.346279][T10424]  security_file_ioctl+0xd3/0x230
[  467.346292][T10424]  __x64_sys_ioctl+0xb7/0x210
[  467.346304][T10424]  do_syscall_64+0x10b/0xf80
[  467.346319][T10424]  ? clear_bhb_loop+0x40/0x90
[  467.346333][T10424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.346343][T10424] RIP: 0033:0x7f60ff19cdd9
[  467.346352][T10424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.346362][T10424] RSP: 002b:00007f60fd3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  467.346373][T10424] RAX: ffffffffffffffda RBX: 00007f60ff415fa0 RCX: 00007f60ff19cdd9
[  467.346379][T10424] RDX: 0000200000000100 RSI: 00000000c050561a RDI: 0000000000000003
[  467.346385][T10424] RBP: 00007f60fd3f6090 R08: 0000000000000000 R09: 0000000000000000
[  467.346391][T10424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.346397][T10424] R13: 00007f60ff416038 R14: 00007f60ff415fa0 R15: 00007fffa5e19d28
[  467.346411][T10424]  </TASK>
[  467.346433][T10424] ERROR: Out of memory at tomoyo_realpath_from_path.
[  467.708174][ T5714] usb 1-1: failed to send control message: -71
[  467.714699][ T5714] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  467.727684][ T5714] usb 1-1: USB disconnect, device number 33
[  467.735977][ T5714] ch341 1-1:0.0: device disconnected
[  473.539579][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'.
[  474.013545][T10495] SELinux: security_context_str_to_sid (5ýÆÉ]ÖS9q#“�ë) failed with errno=-22
[  474.036473][  T988] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  474.090136][T10498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1229'.
[  474.100974][T10498] openvswitch: netlink: Missing key (keys=40, expected=80)
[  474.243330][   T30] audit: type=1400 audit(1777435044.364:435): avc:  denied  { ioctl } for  pid=10488 comm="syz.4.1229" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  474.360057][  T988] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  474.377465][  T988] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.393289][  T988] usb 3-1: Product: syz
[  474.398028][  T988] usb 3-1: Manufacturer: syz
[  474.402682][  T988] usb 3-1: SerialNumber: syz
[  474.516676][  T988] usb 3-1: config 0 descriptor??
[  474.531461][  T988] ch341 3-1:0.0: ch341-uart converter detected
[  474.598587][T10506] netlink: 'syz.3.1232': attribute type 1 has an invalid length.
[  475.957132][T10514] netlink: 'syz.4.1233': attribute type 1 has an invalid length.
[  476.845847][ T5770] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  477.000021][ T5770] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[  477.009355][ T5770] usb 4-1: config 0 has no interface number 0
[  477.022961][ T5770] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  477.033428][ T5770] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.042480][ T5770] usb 4-1: Product: syz
[  477.047886][ T5770] usb 4-1: Manufacturer: syz
[  477.052619][ T5770] usb 4-1: SerialNumber: syz
[  477.072649][ T5770] usb 4-1: config 0 descriptor??
[  477.127240][  T988] usb 3-1: failed to send control message: -71
[  477.140533][  T988] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  477.178622][  T988] usb 3-1: USB disconnect, device number 26
[  477.194495][  T988] ch341 3-1:0.0: device disconnected
[  477.528123][ T5736] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  477.550780][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  477.565536][T10512] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1234'.
[  477.590263][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  477.616297][T10512] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1234'.
[  477.617555][T10524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.638785][T10524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.688038][ T5736] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  477.699519][ T5770] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected
[  477.708586][ T5770] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81
[  477.717090][ T5736] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  477.730711][ T5770] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1
[  477.738961][ T5736] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  477.748518][ T5770] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2
[  477.758004][ T5736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.768941][ T5770] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  477.792795][ T5736] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  477.806868][ T5736] usb 5-1: invalid MIDI out EP 0
[  477.826524][T10526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1237'.
[  478.012545][T10519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.043866][T10519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.120714][ T7205] usb 4-1: USB disconnect, device number 31
[  478.152928][ T7205] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  478.175432][ T5714] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  478.215123][ T7205] keyspan 4-1:0.133: device disconnected
[  478.230832][ T5736] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  478.260514][ T5736] usb 5-1: USB disconnect, device number 24
[  478.396864][ T5714] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  478.419716][ T5714] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  478.818334][ T5714] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.860738][ T5714] gspca_main: stv0680-2.14.0 probing 041e:4007
[  479.735451][ T7205] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  479.905652][ T7205] usb 5-1: Using ep0 maxpacket: 32
[  479.918290][ T7205] usb 5-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config
[  479.929266][ T7205] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  479.961381][ T7205] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  479.972784][   T30] audit: type=1400 audit(1777435050.384:436): avc:  denied  { read append } for  pid=10552 comm="syz.1.1244" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  479.997346][ T7205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  480.007176][ T7205] usb 5-1: SerialNumber: syz
[  480.012358][ T5714] stv0680 3-1:4.0: STV(e): camera ping failed!!
[  480.051014][   T30] audit: type=1400 audit(1777435050.384:437): avc:  denied  { open } for  pid=10552 comm="syz.1.1244" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  480.079189][ T5714] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[  480.116934][ T7205] cdc_ether 5-1:1.0: skipping garbage
[  480.137863][ T5714] stv0680 3-1:4.0: last error: 212,  command = 0x2b
[  480.147398][   T30] audit: type=1400 audit(1777435050.414:438): avc:  denied  { ioctl } for  pid=10552 comm="syz.1.1244" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  480.149019][ T7205] cdc_ether 5-1:1.0: missing cdc ether descriptor
[  480.270079][ T5736] usb 3-1: USB disconnect, device number 27
[  480.425316][ T7205] usb 5-1: USB disconnect, device number 25
[  480.963747][T10568] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1248'.
[  481.439694][T10579] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  481.455265][T10579] block device autoloading is deprecated and will be removed.
[  481.644200][T10584] netlink: 'syz.0.1251': attribute type 1 has an invalid length.
[  481.867647][T10589] FAULT_INJECTION: forcing a failure.
[  481.867647][T10589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.883776][T10589] CPU: 1 UID: 0 PID: 10589 Comm: syz.2.1253 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  481.883803][T10589] Tainted: [L]=SOFTLOCKUP
[  481.883809][T10589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  481.883819][T10589] Call Trace:
[  481.883825][T10589]  <TASK>
[  481.883831][T10589]  dump_stack_lvl+0x100/0x190
[  481.883857][T10589]  should_fail_ex.cold+0x5/0xa
[  481.883881][T10589]  _copy_to_user+0x32/0xd0
[  481.883908][T10589]  simple_read_from_buffer+0xcb/0x170
[  481.883930][T10589]  proc_fail_nth_read+0x1af/0x230
[  481.883949][T10589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  481.883969][T10589]  ? rw_verify_area+0xce/0x6d0
[  481.883993][T10589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  481.884015][T10589]  vfs_read+0x1e4/0xb30
[  481.884036][T10589]  ? __pfx_vfs_read+0x10/0x10
[  481.884052][T10589]  ? __fget_files+0x215/0x3d0
[  481.884079][T10589]  ? __fget_files+0x21f/0x3d0
[  481.884106][T10589]  ksys_read+0x12a/0x250
[  481.884124][T10589]  ? __pfx_ksys_read+0x10/0x10
[  481.884143][T10589]  ? rcu_is_watching+0x12/0xc0
[  481.884171][T10589]  do_syscall_64+0x10b/0xf80
[  481.884190][T10589]  ? clear_bhb_loop+0x40/0x90
[  481.884211][T10589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.884227][T10589] RIP: 0033:0x7f5f5c35d60e
[  481.884240][T10589] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  481.884255][T10589] RSP: 002b:00007f5f5d2b8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  481.884271][T10589] RAX: ffffffffffffffda RBX: 00007f5f5d2b96c0 RCX: 00007f5f5c35d60e
[  481.884281][T10589] RDX: 000000000000000f RSI: 00007f5f5d2b90a0 RDI: 0000000000000005
[  481.884291][T10589] RBP: 00007f5f5d2b9090 R08: 0000000000000000 R09: 0000000000000000
[  481.884300][T10589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.884308][T10589] R13: 00007f5f5c616038 R14: 00007f5f5c615fa0 R15: 00007ffc57ef29e8
[  481.884331][T10589]  </TASK>
[  482.326060][ T5714] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  482.598730][ T5714] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.633545][ T5714] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  482.647176][   T30] audit: type=1400 audit(1777435053.054:439): avc:  denied  { write } for  pid=10594 comm="syz.3.1255" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  482.693198][ T5714] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  482.744089][ T5714] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  482.756952][ T5714] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  482.765945][ T5714] usb 1-1: SerialNumber: syz
[  482.789585][T10583] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  482.970010][   T30] audit: type=1400 audit(1777435053.384:440): avc:  denied  { read } for  pid=10594 comm="syz.3.1255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  483.038041][T10583] bond4: entered promiscuous mode
[  483.049309][T10583] bond4: entered allmulticast mode
[  483.069722][T10583] 8021q: adding VLAN 0 to HW filter on device bond4
[  483.129730][T10584] veth11: entered promiscuous mode
[  483.145317][T10584] veth11: entered allmulticast mode
[  483.186769][T10584] bond4: (slave veth11): Enslaving as a backup interface with a down link
[  483.278193][T10583] veth13: entered promiscuous mode
[  483.305342][T10583] veth13: entered allmulticast mode
[  483.339724][T10583] bond4: (slave veth13): Enslaving as a backup interface with a down link
[  483.342820][   T30] audit: type=1804 audit(1777435053.754:441): pid=10606 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.1258" name="/newroot/266/file1" dev="fuse" ino=1 res=1 errno=0
[  483.458850][   T30] audit: type=1800 audit(1777435053.754:442): pid=10606 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1258" name="/" dev="fuse" ino=1 res=0 errno=0
[  483.546031][ T5714] usbtest 1-1:1.0: couldn't get endpoints, -22
[  483.559372][ T5714] usbtest 1-1:1.0: probe with driver usbtest failed with error -22
[  483.588417][ T5714] usb 1-1: USB disconnect, device number 34
[  483.798905][T10611] netlink: 'syz.4.1259': attribute type 1 has an invalid length.
[  485.169092][T10621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1260'.
[  485.524331][T10622] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1261'.
[  486.253575][T10635] fuse: Unknown parameter 'fd0x0000000000000003'
[  486.422199][T10638] ieee802154 phy0 wpan0: encryption failed: -22
[  487.160062][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1268'.
[  487.841823][T10652] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1270'.
[  487.865711][T10652] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1270'.
[  488.602121][T10664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1272'.
[  490.166076][T10677] netlink: 'syz.0.1274': attribute type 1 has an invalid length.
[  491.621987][T10687] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1277'.
[  491.819768][ T5770] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  492.068330][ T5770] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.096349][ T5770] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.137110][ T5770] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  492.177424][ T5770] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  492.206094][T10704] syzkaller0: entered promiscuous mode
[  492.213931][ T5770] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.224596][T10704] syzkaller0: entered allmulticast mode
[  492.253484][ T5770] usb 5-1: config 0 descriptor??
[  492.664971][   T30] audit: type=1804 audit(1777435063.074:443): pid=10711 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.1282" name="/newroot/255/bus/bus" dev="overlay" ino=1357 res=1 errno=0
[  492.769269][ T5770] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  492.970286][T10682] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  492.990168][ T5770] usb 5-1: USB disconnect, device number 26
[  494.404325][   T30] audit: type=1400 audit(1777435064.764:444): avc:  denied  { mount } for  pid=10732 comm="syz.1.1290" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  495.247489][   T30] audit: type=1400 audit(1777435065.624:445): avc:  denied  { ioctl } for  pid=10754 comm="syz.1.1295" path="/dev/ptyq6" dev="devtmpfs" ino=125 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  495.276904][T10755] comedi comedi1: pcmmio: I/O base address not correctly aligned
[  495.566466][   T30] audit: type=1326 audit(1777435065.984:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.3.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60ff19cdd9 code=0x7ffc0000
[  495.645948][   T30] audit: type=1326 audit(1777435066.004:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.3.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60ff19cdd9 code=0x7ffc0000
[  495.825219][T10768] FAULT_INJECTION: forcing a failure.
[  495.825219][T10768] name failslab, interval 1, probability 0, space 0, times 0
[  495.870149][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  495.877030][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  495.896618][T10768] CPU: 1 UID: 0 PID: 10768 Comm: syz.1.1300 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  495.896644][T10768] Tainted: [L]=SOFTLOCKUP
[  495.896650][T10768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  495.896660][T10768] Call Trace:
[  495.896666][T10768]  <TASK>
[  495.896673][T10768]  dump_stack_lvl+0x100/0x190
[  495.896699][T10768]  should_fail_ex.cold+0x5/0xa
[  495.896724][T10768]  ? lsm_blob_alloc+0x68/0x90
[  495.896749][T10768]  should_failslab+0xc2/0x120
[  495.896769][T10768]  __kmalloc_noprof+0xe0/0x850
[  495.896794][T10768]  ? trace_kmalloc+0xe3/0x110
[  495.896817][T10768]  lsm_blob_alloc+0x68/0x90
[  495.896844][T10768]  security_sk_alloc+0x2d/0x290
[  495.896865][T10768]  sk_prot_alloc+0x12a/0x2a0
[  495.896886][T10768]  sk_alloc+0x36/0xe80
[  495.896917][T10768]  bpf_prog_test_run_skb+0x4db/0x3540
[  495.896943][T10768]  ? find_held_lock+0x2b/0x80
[  495.896962][T10768]  ? __fget_files+0x121/0x3d0
[  495.896994][T10768]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  495.897017][T10768]  ? fput+0x79/0x100
[  495.897043][T10768]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  495.897063][T10768]  __sys_bpf+0x1725/0x4b90
[  495.897095][T10768]  ? __pfx___sys_bpf+0x10/0x10
[  495.897118][T10768]  ? proc_fail_nth_write+0x9f/0x220
[  495.897136][T10768]  ? find_held_lock+0x2b/0x80
[  495.897156][T10768]  ? find_held_lock+0x2b/0x80
[  495.897170][T10768]  ? ksys_write+0x190/0x250
[  495.897187][T10768]  ? ksys_write+0x190/0x250
[  495.897210][T10768]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  495.897231][T10768]  ? kernel_write+0x5e3/0x6c0
[  495.897248][T10768]  ? __fget_files+0x215/0x3d0
[  495.897280][T10768]  ? fput+0x79/0x100
[  495.897303][T10768]  ? ksys_write+0x1ac/0x250
[  495.897321][T10768]  ? __pfx_ksys_write+0x10/0x10
[  495.897344][T10768]  __x64_sys_bpf+0x7b/0xc0
[  495.897360][T10768]  ? lockdep_hardirqs_on+0x78/0x100
[  495.897379][T10768]  do_syscall_64+0x10b/0xf80
[  495.897398][T10768]  ? clear_bhb_loop+0x40/0x90
[  495.897420][T10768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.897438][T10768] RIP: 0033:0x7fe539d9cdd9
[  495.897452][T10768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  495.897468][T10768] RSP: 002b:00007fe53ac07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  495.897485][T10768] RAX: ffffffffffffffda RBX: 00007fe53a015fa0 RCX: 00007fe539d9cdd9
[  495.897496][T10768] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[  495.897507][T10768] RBP: 00007fe53ac07090 R08: 0000000000000000 R09: 0000000000000000
[  495.897517][T10768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.897526][T10768] R13: 00007fe53a016038 R14: 00007fe53a015fa0 R15: 00007ffc00365e78
[  495.897551][T10768]  </TASK>
[  497.182977][T10780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1302'.
[  497.571417][T10797] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1307'.
[  497.609833][T10797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1307'.
[  497.758545][T10798] vxcan1 speed is unknown, defaulting to 1000
[  497.810924][T10799] GUP no longer grows the stack in syz.0.1307 (10799): 200000005000-200000008000 (200000004000)
[  498.143272][T10799] CPU: 1 UID: 0 PID: 10799 Comm: syz.0.1307 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  498.143294][T10799] Tainted: [L]=SOFTLOCKUP
[  498.143298][T10799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  498.143308][T10799] Call Trace:
[  498.143313][T10799]  <TASK>
[  498.143317][T10799]  dump_stack_lvl+0x100/0x190
[  498.143334][T10799]  gup_vma_lookup.cold+0x83/0x96
[  498.143352][T10799]  fixup_user_fault+0x253/0x510
[  498.143369][T10799]  fault_in_user_writeable+0x70/0xe0
[  498.143386][T10799]  futex_lock_pi+0x67d/0x7a0
[  498.143400][T10799]  ? __pfx_futex_lock_pi+0x10/0x10
[  498.143424][T10799]  ? irqentry_exit+0x246/0x790
[  498.143440][T10799]  ? __pfx_futex_wake_mark+0x10/0x10
[  498.143454][T10799]  ? do_futex+0xd6/0x350
[  498.143471][T10799]  ? __sanitizer_cov_trace_switch+0x5a/0x90
[  498.143486][T10799]  do_futex+0x18a/0x350
[  498.143502][T10799]  ? __pfx_do_futex+0x10/0x10
[  498.143517][T10799]  ? __vm_munmap+0x1d2/0x390
[  498.143537][T10799]  __x64_sys_futex+0x34f/0x4d0
[  498.143555][T10799]  ? __pfx___x64_sys_futex+0x10/0x10
[  498.143574][T10799]  ? rcu_is_watching+0x12/0xc0
[  498.143592][T10799]  do_syscall_64+0x10b/0xf80
[  498.143604][T10799]  ? clear_bhb_loop+0x40/0x90
[  498.143617][T10799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.143628][T10799] RIP: 0033:0x7f9b8659cdd9
[  498.143638][T10799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  498.143648][T10799] RSP: 002b:00007f9b87388028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  498.143660][T10799] RAX: ffffffffffffffda RBX: 00007f9b86816360 RCX: 00007f9b8659cdd9
[  498.143667][T10799] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  498.143673][T10799] RBP: 00007f9b86632d69 R08: 0000000000000000 R09: 0000000000000000
[  498.143680][T10799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  498.143686][T10799] R13: 00007f9b868163f8 R14: 00007f9b86816360 R15: 00007fffd4139978
[  498.143700][T10799]  </TASK>
[  499.947498][ T5706] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  500.048429][T10828] syzkaller0: entered promiscuous mode
[  500.061293][T10831] xt_hashlimit: size too large, truncated to 1048576
[  500.075175][T10828] syzkaller0: entered allmulticast mode
[  500.117856][ T5706] usb 1-1: Using ep0 maxpacket: 32
[  500.129436][ T5706] usb 1-1: unable to get BOS descriptor or descriptor too short
[  500.153155][ T5706] usb 1-1: New USB device found, idVendor=0499, idProduct=1054, bcdDevice= 0.40
[  500.168445][ T5706] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.184623][ T5706] usb 1-1: Product: syz
[  500.192412][ T5706] usb 1-1: Manufacturer: syz
[  500.210806][ T5706] usb 1-1: SerialNumber: syz
[  500.440460][ T5706] usb 1-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22)
[  500.481744][ T5706] usb 1-1: unit 37 not found!
[  500.515827][ T5706] usb 1-1: unit 0 not found!
[  501.419050][T10847] netlink: 'syz.2.1316': attribute type 1 has an invalid length.
[  502.621856][ T5706] usb 1-1: USB disconnect, device number 35
[  502.704503][ T6671] udevd[6671]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  502.935491][ T7205] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[  503.088959][ T7205] usb 2-1: device descriptor read/64, error -71
[  503.326242][ T7205] usb 2-1: new low-speed USB device number 30 using dummy_hcd
[  503.479537][ T7205] usb 2-1: device descriptor read/64, error -71
[  503.597258][ T7205] usb usb2-port1: attempt power cycle
[  503.965428][ T7205] usb 2-1: new low-speed USB device number 31 using dummy_hcd
[  503.985973][ T7205] usb 2-1: device descriptor read/8, error -71
[  504.035080][T10856] netlink: 'syz.3.1319': attribute type 1 has an invalid length.
[  505.148820][ T7205] usb 2-1: new low-speed USB device number 32 using dummy_hcd
[  505.183797][ T7205] usb 2-1: device descriptor read/8, error -71
[  505.304016][ T7205] usb usb2-port1: unable to enumerate USB device
[  506.197183][T10866] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1322'.
[  506.925123][T10878] FAULT_INJECTION: forcing a failure.
[  506.925123][T10878] name failslab, interval 1, probability 0, space 0, times 0
[  507.060355][T10878] CPU: 0 UID: 0 PID: 10878 Comm: syz.3.1325 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  507.060385][T10878] Tainted: [L]=SOFTLOCKUP
[  507.060392][T10878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  507.060401][T10878] Call Trace:
[  507.060408][T10878]  <TASK>
[  507.060414][T10878]  dump_stack_lvl+0x100/0x190
[  507.060442][T10878]  should_fail_ex.cold+0x5/0xa
[  507.060468][T10878]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  507.060494][T10878]  should_failslab+0xc2/0x120
[  507.060514][T10878]  __kmalloc_noprof+0xe0/0x850
[  507.060546][T10878]  genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  507.060577][T10878]  genl_family_rcv_msg_doit+0xc7/0x300
[  507.060603][T10878]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  507.060637][T10878]  ? bpf_lsm_capable+0x9/0x10
[  507.060656][T10878]  ? security_capable+0x80/0x260
[  507.060680][T10878]  genl_rcv_msg+0x560/0x800
[  507.060706][T10878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  507.060730][T10878]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  507.060757][T10878]  ? __pfx_nl802154_del_llsec_key+0x10/0x10
[  507.060782][T10878]  ? __pfx_nl802154_post_doit+0x10/0x10
[  507.060810][T10878]  ? __lock_acquire+0x4a5/0x2630
[  507.060832][T10878]  ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90
[  507.060859][T10878]  netlink_rcv_skb+0x159/0x420
[  507.060879][T10878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  507.060909][T10878]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  507.060941][T10878]  ? netlink_deliver_tap+0x1ae/0xcc0
[  507.060965][T10878]  genl_rcv+0x28/0x40
[  507.060985][T10878]  netlink_unicast+0x585/0x850
[  507.061010][T10878]  ? __pfx_netlink_unicast+0x10/0x10
[  507.061032][T10878]  ? __alloc_skb+0x4e9/0x710
[  507.061062][T10878]  netlink_sendmsg+0x8b0/0xda0
[  507.061087][T10878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  507.061110][T10878]  ? __might_fault+0x70/0x140
[  507.061144][T10878]  ____sys_sendmsg+0x9e1/0xb70
[  507.061162][T10878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  507.061185][T10878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  507.061211][T10878]  ? preempt_schedule_irq+0x7b/0x90
[  507.061235][T10878]  ___sys_sendmsg+0x190/0x1e0
[  507.061258][T10878]  ? __pfx____sys_sendmsg+0x10/0x10
[  507.061277][T10878]  ? find_held_lock+0x2b/0x80
[  507.061293][T10878]  ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90
[  507.061348][T10878]  __sys_sendmsg+0x170/0x220
[  507.061375][T10878]  ? __pfx___sys_sendmsg+0x10/0x10
[  507.061409][T10878]  ? rcu_is_watching+0x12/0xc0
[  507.061435][T10878]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  507.061460][T10878]  ? rcu_is_watching+0x12/0xc0
[  507.061490][T10878]  do_syscall_64+0x10b/0xf80
[  507.061509][T10878]  ? clear_bhb_loop+0x40/0x90
[  507.061531][T10878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.061550][T10878] RIP: 0033:0x7f60ff19cdd9
[  507.061565][T10878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  507.061582][T10878] RSP: 002b:00007f60fd3f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  507.061600][T10878] RAX: ffffffffffffffda RBX: 00007f60ff415fa0 RCX: 00007f60ff19cdd9
[  507.061612][T10878] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000004
[  507.061622][T10878] RBP: 00007f60fd3f6090 R08: 0000000000000000 R09: 0000000000000000
[  507.061632][T10878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  507.061642][T10878] R13: 00007f60ff416038 R14: 00007f60ff415fa0 R15: 00007fffa5e19d28
[  507.061669][T10878]  </TASK>
[  508.004010][   T30] audit: type=1400 audit(1777435078.414:448): avc:  denied  { execute } for  pid=10884 comm="syz.3.1327" path="/selinux/avc/cache_threshold" dev="selinuxfs" ino=25 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[  508.085113][T10889] binder: BINDER_SET_CONTEXT_MGR already set
[  508.100453][   T30] audit: type=1400 audit(1777435078.494:449): avc:  denied  { map } for  pid=10888 comm="syz.4.1329" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  508.141268][T10889] binder: 10888:10889 ioctl 4018620d 200000004a80 returned -16
[  508.424890][T10893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1330'.
[  508.806898][T10898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  509.526222][ T7205] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  509.762483][ T7205] usb 2-1: config 0 has no interfaces?
[  509.790027][ T7205] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  509.848228][ T7205] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.054253][T10907] ieee802154 phy0 wpan0: encryption failed: -22
[  510.119351][T10908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1335'.
[  510.300443][ T7205] usb 2-1: config 0 descriptor??
[  510.802869][T10917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1337'.
[  511.194725][T10933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1342'.
[  512.338382][T10946] ieee802154 phy0 wpan0: encryption failed: -22
[  512.424276][T10947] fuseblk: Unknown parameter 'appraise_type'
[  512.519252][ T7205] usb 2-1: USB disconnect, device number 33
[  512.771589][T10956] erspan0: entered promiscuous mode
[  512.805947][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1349'.
[  512.822815][T10956] erspan0: left promiscuous mode
[  512.837052][T10958] erspan0: entered promiscuous mode
[  512.877274][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1349'.
[  512.897200][T10956] erspan0: left promiscuous mode
[  513.115141][T10967] netlink: 'syz.3.1351': attribute type 1 has an invalid length.
[  513.273343][T10974] netlink: 'syz.0.1353': attribute type 1 has an invalid length.
[  513.425943][ T5728] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  513.449101][T10978] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  513.585822][ T7205] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  513.602684][ T5728] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.623347][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1357'.
[  513.657586][ T5728] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  513.734565][ T5728] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  513.778771][ T7205] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.798870][ T5728] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  513.816050][ T5728] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  513.820423][ T7205] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  513.824212][ T5728] usb 4-1: SerialNumber: syz
[  513.884998][ T7205] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  513.912960][T10968] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  513.968774][ T7205] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  513.990809][ T7205] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  514.014480][ T7205] usb 1-1: SerialNumber: syz
[  514.032144][T10975] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  514.134598][T10967] bond4: entered promiscuous mode
[  514.150825][T10967] bond4: entered allmulticast mode
[  514.176131][T10967] 8021q: adding VLAN 0 to HW filter on device bond4
[  514.667322][T10967] veth9: entered promiscuous mode
[  514.687366][T10967] veth9: entered allmulticast mode
[  514.720126][T10967] bond4: (slave veth9): Enslaving as a backup interface with a down link
[  514.756857][T10971] bond5: entered promiscuous mode
[  514.766006][ T5830] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  514.784822][T10971] bond5: entered allmulticast mode
[  514.801549][T10971] 8021q: adding VLAN 0 to HW filter on device bond5
[  514.866721][T10974] veth15: entered promiscuous mode
[  514.880921][T10974] veth15: entered allmulticast mode
[  514.894871][T10974] bond5: (slave veth15): Enslaving as a backup interface with a down link
[  514.933250][T10968] veth11: entered promiscuous mode
[  514.946200][T10968] veth11: entered allmulticast mode
[  514.952316][T10968] bond4: (slave veth11): Enslaving as a backup interface with a down link
[  514.967360][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.981026][ T5830] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  515.011524][ T5830] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  515.041463][ T5728] usbtest 4-1:1.0: couldn't get endpoints, -22
[  515.063129][ T5830] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  515.084733][ T5728] usbtest 4-1:1.0: probe with driver usbtest failed with error -22
[  515.096343][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.169941][T10975] veth17: entered promiscuous mode
[  515.203897][T10995] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  515.268099][T10975] veth17: entered allmulticast mode
[  515.313186][ T5728] usb 4-1: USB disconnect, device number 32
[  515.373726][T10975] bond5: (slave veth17): Enslaving as a backup interface with a down link
[  516.233457][ T7205] usbtest 1-1:1.0: couldn't get endpoints, -22
[  516.243016][ T7205] usbtest 1-1:1.0: probe with driver usbtest failed with error -22
[  516.254130][ T7205] usb 1-1: USB disconnect, device number 36
[  516.263361][ T5830] usb 2-1: config 0 descriptor??
[  516.382545][T11000] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1364'.
[  516.557896][   T30] audit: type=1400 audit(1777435086.974:450): avc:  denied  { mount } for  pid=10999 comm="syz.4.1364" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  516.600978][   T30] audit: type=1400 audit(1777435086.994:451): avc:  denied  { read } for  pid=10999 comm="syz.4.1364" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  516.626639][   T30] audit: type=1400 audit(1777435086.994:452): avc:  denied  { open } for  pid=10999 comm="syz.4.1364" path="/292/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  516.651380][ T5728] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  516.691256][T11005] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1365'.
[  516.704136][T11008] FAULT_INJECTION: forcing a failure.
[  516.704136][T11008] name failslab, interval 1, probability 0, space 0, times 0
[  516.729488][ T5830] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  516.734331][T11008] CPU: 0 UID: 0 PID: 11008 Comm: syz.0.1366 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  516.734355][T11008] Tainted: [L]=SOFTLOCKUP
[  516.734361][T11008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  516.734369][T11008] Call Trace:
[  516.734375][T11008]  <TASK>
[  516.734381][T11008]  dump_stack_lvl+0x100/0x190
[  516.734403][T11008]  should_fail_ex.cold+0x5/0xa
[  516.734425][T11008]  should_failslab+0xc2/0x120
[  516.734441][T11008]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  516.734463][T11008]  ? skb_clone+0x190/0x400
[  516.734490][T11008]  skb_clone+0x190/0x400
[  516.734512][T11008]  netlink_deliver_tap+0xaed/0xcc0
[  516.734534][T11008]  netlink_unicast+0x62b/0x850
[  516.734555][T11008]  ? __pfx_netlink_unicast+0x10/0x10
[  516.734579][T11008]  netlink_sendmsg+0x8b0/0xda0
[  516.734601][T11008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  516.734617][T11008]  ? __might_fault+0x70/0x140
[  516.734646][T11008]  ____sys_sendmsg+0x9e1/0xb70
[  516.734661][T11008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  516.734681][T11008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  516.734707][T11008]  ___sys_sendmsg+0x190/0x1e0
[  516.734727][T11008]  ? __pfx____sys_sendmsg+0x10/0x10
[  516.734744][T11008]  ? clockevents_program_event+0x23e/0x820
[  516.734771][T11008]  ? clockevents_program_event+0x23e/0x820
[  516.734818][T11008]  __sys_sendmsg+0x170/0x220
[  516.734841][T11008]  ? __pfx___sys_sendmsg+0x10/0x10
[  516.734862][T11008]  ? irqentry_exit+0x246/0x790
[  516.734893][T11008]  do_syscall_64+0x10b/0xf80
[  516.734908][T11008]  ? clear_bhb_loop+0x40/0x90
[  516.734927][T11008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.734942][T11008] RIP: 0033:0x7f9b8659cdd9
[  516.734955][T11008] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  516.734969][T11008] RSP: 002b:00007f9b8740c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  516.734984][T11008] RAX: ffffffffffffffda RBX: 00007f9b86815fa0 RCX: 00007f9b8659cdd9
[  516.734994][T11008] RDX: 000000000000c020 RSI: 0000200000000000 RDI: 0000000000000003
[  516.735003][T11008] RBP: 00007f9b8740c090 R08: 0000000000000000 R09: 0000000000000000
[  516.735012][T11008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  516.735020][T11008] R13: 00007f9b86816038 R14: 00007f9b86815fa0 R15: 00007fffd4139978
[  516.735042][T11008]  </TASK>
[  516.856337][   T30] audit: type=1400 audit(1777435087.274:453): avc:  denied  { map } for  pid=11010 comm="syz.0.1367" path="socket:[36299]" dev="sockfs" ino=36299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  517.016120][T10992] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.1360'.
[  517.051410][ T5728] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  517.086134][ T5728] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.116901][ T5728] usb 4-1: Product: syz
[  517.154290][ T5728] usb 4-1: Manufacturer: syz
[  517.162734][ T5728] usb 4-1: SerialNumber: syz
[  517.203978][ T5728] usb 4-1: config 0 descriptor??
[  517.215274][ T5728] ch341 4-1:0.0: ch341-uart converter detected
[  517.312034][   T30] audit: type=1400 audit(1777435087.724:454): avc:  denied  { unmount } for  pid=5613 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  517.634541][   T30] audit: type=1400 audit(1777435088.044:455): avc:  denied  { read } for  pid=5273 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  517.656166][T11023] netlink: 'syz.0.1369': attribute type 1 has an invalid length.
[  517.840570][T11023] bond6: entered promiscuous mode
[  518.306093][T11023] bond6: entered allmulticast mode
[  518.316898][T11023] 8021q: adding VLAN 0 to HW filter on device bond6
[  518.328710][ T5728] usb 4-1: failed to send control message: -71
[  518.336083][ T5728] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  518.360747][ T5728] usb 4-1: USB disconnect, device number 33
[  518.378212][T11031] erspan1: entered allmulticast mode
[  518.385680][ T7205] usb 2-1: reset high-speed USB device number 34 using dummy_hcd
[  518.386873][ T5728] ch341 4-1:0.0: device disconnected
[  518.416103][T11031] bond6: (slave erspan1): making interface the new active one
[  518.427278][T11031] erspan1: entered promiscuous mode
[  518.442791][T11031] bond6: (slave erspan1): Enslaving as an active interface with an up link
[  518.676821][T11038] netlink: 'syz.4.1372': attribute type 1 has an invalid length.
[  519.172847][T11042] xt_policy: too many policy elements
[  519.265434][ T5728] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  519.472155][ T5728] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  519.517566][  T988] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  519.530153][ T5728] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  519.555997][ T5728] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  519.610760][ T5830] usb 2-1: USB disconnect, device number 34
[  519.704219][ T5728] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  519.802673][  T988] usb 4-1: config index 0 descriptor too short (expected 931, got 771)
[  519.854738][ T5728] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  519.866970][  T988] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  519.882632][ T5728] usb 5-1: SerialNumber: syz
[  519.893232][  T988] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  519.897608][T11055] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1378'.
[  519.915316][T11038] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  519.929931][  T988] usb 4-1: New USB device found, idVendor=04e8, idProduct=662e, bcdDevice=99.06
[  519.969793][  T988] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.987083][  T988] usb 4-1: Product: syz
[  519.999614][  T988] usb 4-1: Manufacturer: syz
[  520.020021][  T988] usb 4-1: SerialNumber: syz
[  520.133022][T11038] bond6: entered promiscuous mode
[  520.141780][T11038] bond6: entered allmulticast mode
[  520.151987][  T988] usb 4-1: config 0 descriptor??
[  520.157562][T11038] 8021q: adding VLAN 0 to HW filter on device bond6
[  520.759035][  T988] usb 4-1: USB disconnect, device number 34
[  521.182333][T11038] veth19: entered promiscuous mode
[  521.406201][T11038] veth19: entered allmulticast mode
[  521.572098][T11038] bond6: (slave veth19): Enslaving as a backup interface with a down link
[  521.922078][T11072] veth21: entered promiscuous mode
[  521.955322][T11072] veth21: entered allmulticast mode
[  521.971717][T11072] bond6: (slave veth21): Enslaving as a backup interface with a down link
[  522.003805][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1382'.
[  522.047253][ T5728] usbtest 5-1:1.0: couldn't get endpoints, -22
[  522.073265][ T5728] usbtest 5-1:1.0: probe with driver usbtest failed with error -22
[  522.097476][ T5728] usb 5-1: USB disconnect, device number 27
[  522.326492][T11081] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1379'.
[  522.396007][ T5770] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  522.545417][ T5830] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  522.545889][ T5770] usb 3-1: Using ep0 maxpacket: 32
[  522.597501][ T5770] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[  522.616256][ T5770] usb 3-1: config 0 has no interface number 0
[  522.632369][ T5770] usb 3-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  522.665757][ T5770] usb 3-1: config 0 interface 89 has no altsetting 0
[  522.704392][ T5770] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[  522.728035][ T5770] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.759239][ T5770] usb 3-1: Product: syz
[  522.769534][ T5830] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  522.784306][ T5830] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  522.784888][ T5770] usb 3-1: Manufacturer: syz
[  522.817587][ T5770] usb 3-1: SerialNumber: syz
[  522.822379][ T5830] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  522.865467][ T5830] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  522.894936][ T5830] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  522.933240][ T5770] usb 3-1: config 0 descriptor??
[  522.940734][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  522.978152][ T5770] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  523.001640][ T5830] usb 1-1: Product: syz
[  523.010215][ T5830] usb 1-1: Manufacturer: syz
[  523.026529][ T5770] em28xx 3-1:0.89: Video interface 89 found:
[  523.046249][ T5830] cdc_wdm 1-1:1.0: skipping garbage
[  523.062849][ T5830] cdc_wdm 1-1:1.0: skipping garbage
[  523.098386][ T5830] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  523.118425][ T5830] cdc_wdm 1-1:1.0: Unknown control protocol
[  523.254154][  T988] usb 1-1: USB disconnect, device number 37
[  523.636812][ T5770] em28xx 3-1:0.89: unknown em28xx chip ID (199)
[  524.741226][ T5770] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  524.744209][T11086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.758146][T11086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.874793][ T5770] em28xx 3-1:0.89: board has no eeprom
[  524.938799][ T5770] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[  524.989375][ T5770] em28xx 3-1:0.89: analog set to bulk mode.
[  525.000841][ T5736] em28xx 3-1:0.89: Registering V4L2 extension
[  525.133968][ T7205] usb 3-1: USB disconnect, device number 28
[  525.174995][ T7205] em28xx 3-1:0.89: Disconnecting em28xx
[  525.322639][T11122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1394'.
[  525.490584][ T5736] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[  525.520397][ T5736] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[  525.543855][ T5736] em28xx 3-1:0.89: No AC97 audio processor
[  525.572193][ T5736] usb 3-1: Decoder not found
[  525.590903][ T5736] em28xx 3-1:0.89: failed to create media graph
[  525.605192][ T5736] em28xx 3-1:0.89: V4L2 device video103 deregistered
[  525.749525][T11129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65308 sclass=netlink_route_socket pid=11129 comm=syz.1.1397
[  525.911557][ T5736] em28xx 3-1:0.89: Registering snapshot button...
[  525.964812][ T5736] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input17
[  526.047069][ T5736] em28xx 3-1:0.89: Remote control support is not available for this card.
[  526.073838][ T7205] em28xx 3-1:0.89: Closing input extension
[  526.103492][ T7205] em28xx 3-1:0.89: Deregistering snapshot button
[  526.161179][T11135] netlink: 'syz.3.1398': attribute type 1 has an invalid length.
[  526.266756][T11136] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1399'.
[  526.310023][   T30] audit: type=1400 audit(1777435096.674:456): avc:  denied  { write } for  pid=11133 comm="syz.4.1399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  526.555446][T11139] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1400'.
[  526.725407][ T5830] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  527.099641][ T5830] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  527.235240][ T5830] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 104
[  527.392365][ T5830] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  527.613232][ T5830] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  527.703259][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  527.789428][ T5830] usb 4-1: SerialNumber: syz
[  527.944592][T11140] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  528.055867][T11152] netlink: 2088 bytes leftover after parsing attributes in process `syz.1.1402'.
[  528.201050][T11152] nbd: must specify at least one socket
[  528.229532][ T7205] em28xx 3-1:0.89: Freeing device
[  528.288713][   T30] audit: type=1400 audit(1777435098.704:457): avc:  denied  { setopt } for  pid=11155 comm="syz.0.1403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  528.664901][   T30] audit: type=1400 audit(1777435098.724:458): avc:  denied  { setopt } for  pid=11155 comm="syz.0.1403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  528.670582][T11156] netlink: 'syz.0.1403': attribute type 4 has an invalid length.
[  528.734293][T11132] bond5: entered promiscuous mode
[  528.755928][T11132] bond5: entered allmulticast mode
[  528.770387][T11132] 8021q: adding VLAN 0 to HW filter on device bond5
[  529.749755][T11135] veth13: entered promiscuous mode
[  529.773835][T11135] veth13: entered allmulticast mode
[  529.787536][T11135] bond5: (slave veth13): Enslaving as a backup interface with a down link
[  529.906724][ T5770] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  530.163402][T11132] veth15: entered promiscuous mode
[  530.183868][T11132] veth15: entered allmulticast mode
[  530.197643][T11132] bond5: (slave veth15): Enslaving as a backup interface with a down link
[  530.516833][ T5770] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  530.522683][ T5830] usbtest 4-1:1.0: couldn't get endpoints, -22
[  530.527575][ T5770] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  530.536156][T11176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1408'.
[  530.553022][ T5770] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  530.568429][ T5770] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  530.577907][ T5830] usbtest 4-1:1.0: probe with driver usbtest failed with error -22
[  530.583792][ T5830] usb 4-1: USB disconnect, device number 35
[  530.586544][ T5770] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.607690][ T5770] usb 1-1: config 0 descriptor??
[  530.816834][T11182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1410'.
[  531.005291][T11156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1403'.
[  531.069443][ T5706] usb 1-1: USB disconnect, device number 38
[  531.486101][   T30] audit: type=1400 audit(1777435101.894:459): avc:  denied  { setopt } for  pid=11183 comm="syz.1.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  531.514085][   T30] audit: type=1400 audit(1777435101.904:460): avc:  denied  { listen } for  pid=11183 comm="syz.1.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  531.536648][   T30] audit: type=1400 audit(1777435101.904:461): avc:  denied  { connect } for  pid=11183 comm="syz.1.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  531.562973][   T30] audit: type=1400 audit(1777435101.904:462): avc:  denied  { accept } for  pid=11183 comm="syz.1.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  531.592580][   T30] audit: type=1400 audit(1777435101.934:463): avc:  denied  { getopt } for  pid=11190 comm="syz.3.1414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  533.017354][T11211] FAULT_INJECTION: forcing a failure.
[  533.017354][T11211] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  533.031267][T11211] CPU: 0 UID: 0 PID: 11211 Comm: syz.1.1418 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  533.031294][T11211] Tainted: [L]=SOFTLOCKUP
[  533.031300][T11211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  533.031311][T11211] Call Trace:
[  533.031317][T11211]  <TASK>
[  533.031324][T11211]  dump_stack_lvl+0x100/0x190
[  533.031350][T11211]  should_fail_ex.cold+0x5/0xa
[  533.031371][T11211]  ? prepare_alloc_pages+0x16d/0x5f0
[  533.031394][T11211]  should_fail_alloc_page+0xeb/0x140
[  533.031416][T11211]  prepare_alloc_pages+0x1f0/0x5f0
[  533.031442][T11211]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  533.031476][T11211]  ? __pfx___schedule+0x10/0x10
[  533.031499][T11211]  ? __lock_acquire+0x4a5/0x2630
[  533.031522][T11211]  ? irqentry_exit+0x246/0x790
[  533.031542][T11211]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  533.031575][T11211]  ? __asan_memcpy+0x3c/0x60
[  533.031604][T11211]  ? __pfx_interleave_nid+0x10/0x10
[  533.031640][T11211]  ? policy_nodemask+0xed/0x4f0
[  533.031661][T11211]  alloc_pages_mpol+0x1fb/0x540
[  533.031681][T11211]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  533.031700][T11211]  ? swap_entry_swapped+0x20c/0x2a0
[  533.031719][T11211]  ? __pfx_swap_entry_swapped+0x10/0x10
[  533.031742][T11211]  folio_alloc_mpol_noprof+0x36/0x260
[  533.031765][T11211]  swap_cache_alloc_folio+0x1a8/0x300
[  533.031793][T11211]  ? __pfx_swap_cache_alloc_folio+0x10/0x10
[  533.031818][T11211]  ? _raw_read_unlock+0x28/0x50
[  533.031835][T11211]  ? mpol_shared_policy_lookup+0xf6/0x150
[  533.031859][T11211]  read_swap_cache_async+0xd9/0x480
[  533.031886][T11211]  ? __pfx_read_swap_cache_async+0x10/0x10
[  533.031919][T11211]  ? find_held_lock+0x2b/0x80
[  533.031936][T11211]  ? madvise_vma_behavior+0x178a/0x2200
[  533.031957][T11211]  ? madvise_vma_behavior+0x178a/0x2200
[  533.031983][T11211]  madvise_vma_behavior+0x17c6/0x2200
[  533.032009][T11211]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  533.032059][T11211]  madvise_walk_vmas+0x2fe/0xa90
[  533.032085][T11211]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  533.032115][T11211]  madvise_do_behavior+0x1ea/0x510
[  533.032139][T11211]  ? __pfx_madvise_do_behavior+0x10/0x10
[  533.032162][T11211]  ? down_read+0x13b/0x450
[  533.032196][T11211]  do_madvise+0x195/0x240
[  533.032218][T11211]  ? __pfx_do_madvise+0x10/0x10
[  533.032237][T11211]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  533.032257][T11211]  ? kernel_write+0x5e3/0x6c0
[  533.032293][T11211]  ? ksys_write+0x1ac/0x250
[  533.032312][T11211]  ? __pfx_ksys_write+0x10/0x10
[  533.032335][T11211]  __x64_sys_madvise+0xa9/0x110
[  533.032356][T11211]  ? lockdep_hardirqs_on+0x78/0x100
[  533.032376][T11211]  do_syscall_64+0x10b/0xf80
[  533.032395][T11211]  ? clear_bhb_loop+0x40/0x90
[  533.032418][T11211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.032435][T11211] RIP: 0033:0x7fe539d9cdd9
[  533.032451][T11211] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  533.032468][T11211] RSP: 002b:00007fe53abc5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  533.032485][T11211] RAX: ffffffffffffffda RBX: 00007fe53a016180 RCX: 00007fe539d9cdd9
[  533.032497][T11211] RDX: 0000000000000003 RSI: 000000000060005f RDI: 0000200000000000
[  533.032507][T11211] RBP: 00007fe53abc5090 R08: 0000000000000000 R09: 0000000000000000
[  533.032517][T11211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.032527][T11211] R13: 00007fe53a016218 R14: 00007fe53a016180 R15: 00007ffc00365e78
[  533.032552][T11211]  </TASK>
[  534.225604][ T5830] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  535.375989][ T5830] usb 5-1: Using ep0 maxpacket: 32
[  535.528998][ T5830] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  535.650067][ T5830] usb 5-1: config 0 has no interface number 0
[  535.658588][ T5830] usb 5-1: config 0 interface 132 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  535.674414][ T5830] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  535.683831][ T5830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.692086][ T5830] usb 5-1: Product: syz
[  535.696727][ T5830] usb 5-1: Manufacturer: syz
[  535.701342][ T5830] usb 5-1: SerialNumber: syz
[  535.719734][ T5830] usb 5-1: config 0 descriptor??
[  537.747858][T11250] FAULT_INJECTION: forcing a failure.
[  537.747858][T11250] name failslab, interval 1, probability 0, space 0, times 0
[  537.762122][T11250] CPU: 1 UID: 0 PID: 11250 Comm: syz.0.1428 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  537.762149][T11250] Tainted: [L]=SOFTLOCKUP
[  537.762155][T11250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  537.762164][T11250] Call Trace:
[  537.762169][T11250]  <TASK>
[  537.762175][T11250]  dump_stack_lvl+0x100/0x190
[  537.762201][T11250]  should_fail_ex.cold+0x5/0xa
[  537.762226][T11250]  should_failslab+0xc2/0x120
[  537.762246][T11250]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  537.762271][T11250]  ? skb_clone+0x190/0x400
[  537.762302][T11250]  skb_clone+0x190/0x400
[  537.762328][T11250]  netlink_deliver_tap+0xaed/0xcc0
[  537.762355][T11250]  netlink_unicast+0x62b/0x850
[  537.762379][T11250]  ? __pfx_netlink_unicast+0x10/0x10
[  537.762407][T11250]  netlink_sendmsg+0x8b0/0xda0
[  537.762432][T11250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  537.762451][T11250]  ? __might_fault+0x70/0x140
[  537.762485][T11250]  ____sys_sendmsg+0x9e1/0xb70
[  537.762503][T11250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  537.762526][T11250]  ? __pfx_____sys_sendmsg+0x10/0x10
[  537.762558][T11250]  ___sys_sendmsg+0x190/0x1e0
[  537.762580][T11250]  ? __pfx____sys_sendmsg+0x10/0x10
[  537.762642][T11250]  __sys_sendmsg+0x170/0x220
[  537.762668][T11250]  ? __pfx___sys_sendmsg+0x10/0x10
[  537.762705][T11250]  ? rcu_is_watching+0x12/0xc0
[  537.762735][T11250]  do_syscall_64+0x10b/0xf80
[  537.762753][T11250]  ? clear_bhb_loop+0x40/0x90
[  537.762774][T11250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.762792][T11250] RIP: 0033:0x7f9b8659cdd9
[  537.762807][T11250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  537.762823][T11250] RSP: 002b:00007f9b8740c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  537.762840][T11250] RAX: ffffffffffffffda RBX: 00007f9b86815fa0 RCX: 00007f9b8659cdd9
[  537.762851][T11250] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  537.762860][T11250] RBP: 00007f9b8740c090 R08: 0000000000000000 R09: 0000000000000000
[  537.762870][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.762880][T11250] R13: 00007f9b86816038 R14: 00007f9b86815fa0 R15: 00007fffd4139978
[  537.762905][T11250]  </TASK>
[  538.430699][   T30] audit: type=1326 audit(1777435108.244:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.559949][ T5830] usb 5-1: USB disconnect, device number 28
[  538.604623][   T30] audit: type=1326 audit(1777435108.244:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.676455][   T30] audit: type=1326 audit(1777435108.244:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.714138][T11259] FAULT_INJECTION: forcing a failure.
[  538.714138][T11259] name failslab, interval 1, probability 0, space 0, times 0
[  538.727534][   T30] audit: type=1326 audit(1777435108.244:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.727579][   T30] audit: type=1326 audit(1777435108.244:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.727624][   T30] audit: type=1326 audit(1777435108.244:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.727660][   T30] audit: type=1326 audit(1777435108.244:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.727694][   T30] audit: type=1326 audit(1777435108.244:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5c39cdd9 code=0x7ffc0000
[  538.847706][T11259] CPU: 1 UID: 0 PID: 11259 Comm: syz.4.1432 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  538.847736][T11259] Tainted: [L]=SOFTLOCKUP
[  538.847742][T11259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  538.847753][T11259] Call Trace:
[  538.847759][T11259]  <TASK>
[  538.847766][T11259]  dump_stack_lvl+0x100/0x190
[  538.847793][T11259]  should_fail_ex.cold+0x5/0xa
[  538.847819][T11259]  should_failslab+0xc2/0x120
[  538.847840][T11259]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  538.847865][T11259]  ? skb_clone+0x190/0x400
[  538.847897][T11259]  skb_clone+0x190/0x400
[  538.847924][T11259]  netlink_deliver_tap+0xaed/0xcc0
[  538.847948][T11259]  netlink_unicast+0x62b/0x850
[  538.847973][T11259]  ? __pfx_netlink_unicast+0x10/0x10
[  538.848001][T11259]  netlink_sendmsg+0x8b0/0xda0
[  538.848026][T11259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  538.848044][T11259]  ? __might_fault+0x70/0x140
[  538.848079][T11259]  ____sys_sendmsg+0x9e1/0xb70
[  538.848098][T11259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  538.848122][T11259]  ? __pfx_____sys_sendmsg+0x10/0x10
[  538.848154][T11259]  ___sys_sendmsg+0x190/0x1e0
[  538.848178][T11259]  ? __pfx____sys_sendmsg+0x10/0x10
[  538.848231][T11259]  __sys_sendmsg+0x170/0x220
[  538.848259][T11259]  ? __pfx___sys_sendmsg+0x10/0x10
[  538.848296][T11259]  ? rcu_is_watching+0x12/0xc0
[  538.848327][T11259]  do_syscall_64+0x10b/0xf80
[  538.848347][T11259]  ? clear_bhb_loop+0x40/0x90
[  538.848370][T11259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.848387][T11259] RIP: 0033:0x7fb79879cdd9
[  538.848402][T11259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  538.848419][T11259] RSP: 002b:00007fb7996d6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  538.848436][T11259] RAX: ffffffffffffffda RBX: 00007fb798a15fa0 RCX: 00007fb79879cdd9
[  538.848448][T11259] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  538.848458][T11259] RBP: 00007fb7996d6090 R08: 0000000000000000 R09: 0000000000000000
[  538.848468][T11259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.848478][T11259] R13: 00007fb798a16038 R14: 00007fb798a15fa0 R15: 00007ffeaa3adb58
[  538.848503][T11259]  </TASK>
[  539.845109][T11276] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  540.424109][T11288] FAULT_INJECTION: forcing a failure.
[  540.424109][T11288] name failslab, interval 1, probability 0, space 0, times 0
[  540.450553][T11288] CPU: 1 UID: 0 PID: 11288 Comm: syz.4.1438 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  540.450596][T11288] Tainted: [L]=SOFTLOCKUP
[  540.450601][T11288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  540.450610][T11288] Call Trace:
[  540.450616][T11288]  <TASK>
[  540.450622][T11288]  dump_stack_lvl+0x100/0x190
[  540.450641][T11288]  should_fail_ex.cold+0x5/0xa
[  540.450657][T11288]  should_failslab+0xc2/0x120
[  540.450669][T11288]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  540.450684][T11288]  ? skb_clone+0x190/0x400
[  540.450703][T11288]  skb_clone+0x190/0x400
[  540.450719][T11288]  netlink_deliver_tap+0xaed/0xcc0
[  540.450734][T11288]  netlink_unicast+0x62b/0x850
[  540.450748][T11288]  ? __pfx_netlink_unicast+0x10/0x10
[  540.450764][T11288]  netlink_sendmsg+0x8b0/0xda0
[  540.450779][T11288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.450790][T11288]  ? __might_fault+0x70/0x140
[  540.450810][T11288]  ____sys_sendmsg+0x9e1/0xb70
[  540.450822][T11288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.450835][T11288]  ? __pfx_____sys_sendmsg+0x10/0x10
[  540.450853][T11288]  ___sys_sendmsg+0x190/0x1e0
[  540.450867][T11288]  ? __pfx____sys_sendmsg+0x10/0x10
[  540.450900][T11288]  __sys_sendmsg+0x170/0x220
[  540.450916][T11288]  ? __pfx___sys_sendmsg+0x10/0x10
[  540.450938][T11288]  ? rcu_is_watching+0x12/0xc0
[  540.450959][T11288]  do_syscall_64+0x10b/0xf80
[  540.450970][T11288]  ? clear_bhb_loop+0x40/0x90
[  540.450983][T11288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.450994][T11288] RIP: 0033:0x7fb79879cdd9
[  540.451005][T11288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  540.451014][T11288] RSP: 002b:00007fb7996b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  540.451025][T11288] RAX: ffffffffffffffda RBX: 00007fb798a16090 RCX: 00007fb79879cdd9
[  540.451031][T11288] RDX: 0000000000000004 RSI: 0000200000000400 RDI: 0000000000000005
[  540.451037][T11288] RBP: 00007fb7996b5090 R08: 0000000000000000 R09: 0000000000000000
[  540.451043][T11288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.451049][T11288] R13: 00007fb798a16128 R14: 00007fb798a16090 R15: 00007ffeaa3adb58
[  540.451063][T11288]  </TASK>
[  541.162111][T11294] FAULT_INJECTION: forcing a failure.
[  541.162111][T11294] name failslab, interval 1, probability 0, space 0, times 0
[  541.175475][ T5706] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  541.203485][T11294] CPU: 0 UID: 0 PID: 11294 Comm: syz.1.1441 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  541.203508][T11294] Tainted: [L]=SOFTLOCKUP
[  541.203511][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  541.203518][T11294] Call Trace:
[  541.203521][T11294]  <TASK>
[  541.203526][T11294]  dump_stack_lvl+0x100/0x190
[  541.203543][T11294]  should_fail_ex.cold+0x5/0xa
[  541.203558][T11294]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  541.203581][T11294]  should_failslab+0xc2/0x120
[  541.203593][T11294]  __kmalloc_noprof+0xe0/0x850
[  541.203612][T11294]  genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0
[  541.203630][T11294]  genl_family_rcv_msg_doit+0xc7/0x300
[  541.203646][T11294]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  541.203664][T11294]  ? bpf_lsm_capable+0x9/0x10
[  541.203675][T11294]  ? security_capable+0x80/0x260
[  541.203689][T11294]  genl_rcv_msg+0x560/0x800
[  541.203705][T11294]  ? __pfx_genl_rcv_msg+0x10/0x10
[  541.203719][T11294]  ? __pfx_nfc_genl_dev_down+0x10/0x10
[  541.203735][T11294]  ? __lock_acquire+0x4a5/0x2630
[  541.203751][T11294]  netlink_rcv_skb+0x159/0x420
[  541.203763][T11294]  ? __pfx_genl_rcv_msg+0x10/0x10
[  541.203778][T11294]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  541.203796][T11294]  ? netlink_deliver_tap+0x1ae/0xcc0
[  541.203809][T11294]  genl_rcv+0x28/0x40
[  541.203822][T11294]  netlink_unicast+0x585/0x850
[  541.203837][T11294]  ? __pfx_netlink_unicast+0x10/0x10
[  541.203854][T11294]  netlink_sendmsg+0x8b0/0xda0
[  541.203868][T11294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.203880][T11294]  ? __might_fault+0x70/0x140
[  541.203899][T11294]  ____sys_sendmsg+0x9e1/0xb70
[  541.203910][T11294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.203924][T11294]  ? __pfx_____sys_sendmsg+0x10/0x10
[  541.203942][T11294]  ___sys_sendmsg+0x190/0x1e0
[  541.203956][T11294]  ? __pfx____sys_sendmsg+0x10/0x10
[  541.203984][T11294]  __sys_sendmsg+0x170/0x220
[  541.204000][T11294]  ? __pfx___sys_sendmsg+0x10/0x10
[  541.204022][T11294]  ? rcu_is_watching+0x12/0xc0
[  541.204040][T11294]  do_syscall_64+0x10b/0xf80
[  541.204051][T11294]  ? clear_bhb_loop+0x40/0x90
[  541.204064][T11294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.204075][T11294] RIP: 0033:0x7fe539d9cdd9
[  541.204085][T11294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  541.204096][T11294] RSP: 002b:00007fe53ac07028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.204107][T11294] RAX: ffffffffffffffda RBX: 00007fe53a015fa0 RCX: 00007fe539d9cdd9
[  541.204113][T11294] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  541.204119][T11294] RBP: 00007fe53ac07090 R08: 0000000000000000 R09: 0000000000000000
[  541.204126][T11294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  541.204132][T11294] R13: 00007fe53a016038 R14: 00007fe53a015fa0 R15: 00007ffc00365e78
[  541.204146][T11294]  </TASK>
[  541.527126][ T5706] usb 4-1: Using ep0 maxpacket: 32
[  541.544768][ T5706] usb 4-1: config 0 has no interfaces?
[  541.562055][ T5706] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  541.609778][ T5706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.634823][ T5706] usb 4-1: Product: syz
[  541.646984][ T5706] usb 4-1: Manufacturer: syz
[  541.652087][ T5706] usb 4-1: SerialNumber: syz
[  541.736089][ T5706] usb 4-1: config 0 descriptor??
[  541.886872][ T7205] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  542.065961][ T7205] usb 5-1: Using ep0 maxpacket: 16
[  542.074792][ T7205] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  542.096224][ T7205] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  542.138657][ T7205] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  543.242178][T11313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1447'.
[  543.259241][ T7205] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.263547][ T7205] usb 5-1: config 0 descriptor??
[  543.906806][T11318] mmap: syz.2.1449 (11318): VmData 37593088 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  544.018458][ T5830] usb 4-1: USB disconnect, device number 36
[  544.078642][T11299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.087488][T11299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.100109][ T7205] mcp2221 0003:04D8:00DD.0009: unexpected long global item
[  544.114785][ T4929] block nbd2: Receive control failed (result -107)
[  544.115084][ T7205] mcp2221 0003:04D8:00DD.0009: can't parse reports
[  544.134620][ T7205] mcp2221 0003:04D8:00DD.0009: probe with driver mcp2221 failed with error -22
[  544.165816][ T5706] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  544.206183][T11322] nbd2: detected capacity change from 0 to 8589934596
[  544.219766][ T6665] 
[  544.222094][ T6665] ======================================================
[  544.229086][ T6665] WARNING: possible circular locking dependency detected
[  544.236170][ T6665] syzkaller #0 Tainted: G             L     
[  544.242137][ T6665] ------------------------------------------------------
[  544.249136][ T6665] udevd/6665 is trying to acquire lock:
[  544.254648][ T6665] ffff888035d0d868 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x428/0x1080
[  544.263661][ T6665] 
[  544.263661][ T6665] but task is already holding lock:
[  544.271000][ T6665] ffff8880287e7178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xba/0x1080
[  544.279757][ T6665] 
[  544.279757][ T6665] which lock already depends on the new lock.
[  544.279757][ T6665] 
[  544.290133][ T6665] 
[  544.290133][ T6665] the existing dependency chain (in reverse order) is:
[  544.299115][ T6665] 
[  544.299115][ T6665] -> #6 (&cmd->lock){+.+.}-{4:4}:
[  544.306293][ T6665]        __mutex_lock+0x1a4/0x1b10
[  544.311381][ T6665]        nbd_queue_rq+0xba/0x1080
[  544.316388][ T6665]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  544.322432][ T6665]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  544.329257][ T6665]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  544.335740][ T6665]        blk_mq_run_hw_queue+0x23c/0x670
[  544.341361][ T6665]        blk_mq_dispatch_list+0x51d/0x1360
[  544.347134][ T6665]        blk_mq_flush_plug_list+0x130/0x600
[  544.352996][ T6665]        __blk_flush_plug+0x2c4/0x4b0
[  544.358341][ T6665]        __submit_bio+0x584/0x6c0
[  544.363340][ T6665]        submit_bio_noacct_nocheck+0x543/0xbf0
[  544.369475][ T6665]        submit_bio_noacct+0xd18/0x2000
[  544.375010][ T6665]        submit_bh_wbc+0x681/0x890
[  544.380113][ T6665]        block_read_full_folio+0x4c8/0x8e0
[  544.385898][ T6665]        filemap_read_folio+0xfc/0x3b0
[  544.391333][ T6665]        do_read_cache_folio+0x2d7/0x6b0
[  544.396956][ T6665]        read_part_sector+0xd1/0x370
[  544.402278][ T6665]        adfspart_check_ICS+0x91/0x7d0
[  544.407741][ T6665]        bdev_disk_changed+0x7a3/0x1250
[  544.413268][ T6665]        blkdev_get_whole+0x187/0x290
[  544.418619][ T6665]        bdev_open+0x2c7/0xe40
[  544.423367][ T6665]        blkdev_open+0x34e/0x4f0
[  544.428279][ T6665]        do_dentry_open+0x6d8/0x1660
[  544.433553][ T6665]        vfs_open+0x82/0x3f0
[  544.438130][ T6665]        path_openat+0x208c/0x31a0
[  544.443226][ T6665]        do_file_open+0x20e/0x430
[  544.448233][ T6665]        do_sys_openat2+0x10d/0x1e0
[  544.453405][ T6665]        __x64_sys_openat+0x12d/0x210
[  544.458763][ T6665]        do_syscall_64+0x10b/0xf80
[  544.463862][ T6665]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.470258][ T6665] 
[  544.470258][ T6665] -> #5 (set->srcu){.+.+}-{0:0}:
[  544.477348][ T6665]        __synchronize_srcu+0xa2/0x300
[  544.482792][ T6665]        blk_mq_quiesce_queue+0x149/0x1c0
[  544.488489][ T6665]        elevator_switch+0x17b/0x7e0
[  544.493747][ T6665]        elevator_change+0x352/0x530
[  544.499013][ T6665]        elevator_set_default+0x29e/0x360
[  544.504720][ T6665]        blk_register_queue+0x48e/0x630
[  544.510237][ T6665]        __add_disk+0x73f/0xe40
[  544.515057][ T6665]        add_disk_fwnode+0x118/0x5c0
[  544.520329][ T6665]        nbd_dev_add+0x77a/0xb10
[  544.525254][ T6665]        nbd_init+0x291/0x2b0
[  544.529923][ T6665]        do_one_initcall+0x121/0x750
[  544.535200][ T6665]        kernel_init_freeable+0x6ea/0x7b0
[  544.540890][ T6665]        kernel_init+0x1f/0x1e0
[  544.545730][ T6665]        ret_from_fork+0x72b/0xd50
[  544.550820][ T6665]        ret_from_fork_asm+0x1a/0x30
[  544.556080][ T6665] 
[  544.556080][ T6665] -> #4 (&q->elevator_lock){+.+.}-{4:4}:
[  544.563882][ T6665]        __mutex_lock+0x1a4/0x1b10
[  544.568985][ T6665]        elevator_change+0x1bc/0x530
[  544.574257][ T6665]        elevator_set_none+0x92/0xf0
[  544.579526][ T6665]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  544.585844][ T6665]        nbd_start_device+0x1a6/0xbd0
[  544.591813][ T6665]        nbd_genl_connect+0xff2/0x1a40
[  544.597273][ T6665]        genl_family_rcv_msg_doit+0x214/0x300
[  544.603329][ T6665]        genl_rcv_msg+0x560/0x800
[  544.608351][ T6665]        netlink_rcv_skb+0x159/0x420
[  544.613627][ T6665]        genl_rcv+0x28/0x40
[  544.618114][ T6665]        netlink_unicast+0x585/0x850
[  544.623382][ T6665]        netlink_sendmsg+0x8b0/0xda0
[  544.628655][ T6665]        ____sys_sendmsg+0x9e1/0xb70
[  544.633923][ T6665]        ___sys_sendmsg+0x190/0x1e0
[  544.639097][ T6665]        __sys_sendmsg+0x170/0x220
[  544.644191][ T6665]        do_syscall_64+0x10b/0xf80
[  544.649295][ T6665]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.655684][ T6665] 
[  544.655684][ T6665] -> #3 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  544.664258][ T6665]        blk_alloc_queue+0x610/0x790
[  544.669531][ T6665]        blk_mq_alloc_queue+0x174/0x290
[  544.675050][ T6665]        __blk_mq_alloc_disk+0x29/0x120
[  544.680580][ T6665]        nbd_dev_add+0x492/0xb10
[  544.685499][ T6665]        nbd_init+0x291/0x2b0
[  544.690148][ T6665]        do_one_initcall+0x121/0x750
[  544.695415][ T6665]        kernel_init_freeable+0x6ea/0x7b0
[  544.701127][ T6665]        kernel_init+0x1f/0x1e0
[  544.705959][ T6665]        ret_from_fork+0x72b/0xd50
[  544.711048][ T6665]        ret_from_fork_asm+0x1a/0x30
[  544.716315][ T6665] 
[  544.716315][ T6665] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  544.723502][ T6665]        fs_reclaim_acquire+0xc4/0x100
[  544.728937][ T6665]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  544.735254][ T6665]        __alloc_skb+0x140/0x710
[  544.740205][ T6665]        tcp_stream_alloc_skb+0x34/0x660
[  544.745829][ T6665]        tcp_sendmsg_locked+0x13cd/0x4500
[  544.751528][ T6665]        tcp_sendmsg+0x2e/0x50
[  544.756274][ T6665]        inet_sendmsg+0xb9/0x140
[  544.761207][ T6665]        sock_write_iter+0x4ea/0x5a0
[  544.766481][ T6665]        vfs_write+0x6ac/0x1070
[  544.771322][ T6665]        ksys_write+0x1f8/0x250
[  544.776155][ T6665]        do_syscall_64+0x10b/0xf80
[  544.781256][ T6665]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.787655][ T6665] 
[  544.787655][ T6665] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[  544.795793][ T6665]        lock_sock_nested+0x41/0xf0
[  544.800973][ T6665]        inet_shutdown+0x67/0x410
[  544.805985][ T6665]        nbd_mark_nsock_dead+0xae/0x5c0
[  544.811511][ T6665]        recv_work+0x5fb/0x8c0
[  544.816264][ T6665]        process_one_work+0xa0e/0x1980
[  544.821717][ T6665]        worker_thread+0x5ef/0xe50
[  544.826809][ T6665]        kthread+0x370/0x450
[  544.831392][ T6665]        ret_from_fork+0x72b/0xd50
[  544.836488][ T6665]        ret_from_fork_asm+0x1a/0x30
[  544.841772][ T6665] 
[  544.841772][ T6665] -> #0 (&nsock->tx_lock){+.+.}-{4:4}:
[  544.849400][ T6665]        __lock_acquire+0x14b8/0x2630
[  544.854756][ T6665]        lock_acquire+0x1b1/0x370
[  544.859760][ T6665]        __mutex_lock+0x1a4/0x1b10
[  544.864855][ T6665]        nbd_queue_rq+0x428/0x1080
[  544.869953][ T6665]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  544.876002][ T6665]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  544.882840][ T6665]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  544.889326][ T6665]        blk_mq_run_hw_queue+0x23c/0x670
[  544.895332][ T6665]        blk_mq_dispatch_list+0x51d/0x1360
[  544.901131][ T6665]        blk_mq_flush_plug_list+0x130/0x600
[  544.907008][ T6665]        __blk_flush_plug+0x2c4/0x4b0
[  544.912368][ T6665]        __submit_bio+0x584/0x6c0
[  544.917379][ T6665]        submit_bio_noacct_nocheck+0x543/0xbf0
[  544.923515][ T6665]        submit_bio_noacct+0xd18/0x2000
[  544.929057][ T6665]        submit_bh_wbc+0x681/0x890
[  544.934165][ T6665]        block_read_full_folio+0x4c8/0x8e0
[  544.939957][ T6665]        filemap_read_folio+0xfc/0x3b0
[  544.945401][ T6665]        do_read_cache_folio+0x2d7/0x6b0
[  544.951036][ T6665]        read_part_sector+0xd1/0x370
[  544.956319][ T6665]        adfspart_check_ICS+0x91/0x7d0
[  544.961764][ T6665]        bdev_disk_changed+0x7a3/0x1250
[  544.967294][ T6665]        blkdev_get_whole+0x187/0x290
[  544.972662][ T6665]        bdev_open+0x2c7/0xe40
[  544.977415][ T6665]        blkdev_open+0x34e/0x4f0
[  544.982329][ T6665]        do_dentry_open+0x6d8/0x1660
[  544.987604][ T6665]        vfs_open+0x82/0x3f0
[  544.992175][ T6665]        path_openat+0x208c/0x31a0
[  544.997273][ T6665]        do_file_open+0x20e/0x430
[  545.002274][ T6665]        do_sys_openat2+0x10d/0x1e0
[  545.007456][ T6665]        __x64_sys_openat+0x12d/0x210
[  545.012802][ T6665]        do_syscall_64+0x10b/0xf80
[  545.017884][ T6665]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.024271][ T6665] 
[  545.024271][ T6665] other info that might help us debug this:
[  545.024271][ T6665] 
[  545.034481][ T6665] Chain exists of:
[  545.034481][ T6665]   &nsock->tx_lock --> set->srcu --> &cmd->lock
[  545.034481][ T6665] 
[  545.046544][ T6665]  Possible unsafe locking scenario:
[  545.046544][ T6665] 
[  545.053972][ T6665]        CPU0                    CPU1
[  545.059316][ T6665]        ----                    ----
[  545.064664][ T6665]   lock(&cmd->lock);
[  545.068635][ T6665]                                lock(set->srcu);
[  545.075034][ T6665]                                lock(&cmd->lock);
[  545.081513][ T6665]   lock(&nsock->tx_lock);
[  545.085912][ T6665] 
[  545.085912][ T6665]  *** DEADLOCK ***
[  545.085912][ T6665] 
[  545.094037][ T6665] 3 locks held by udevd/6665:
[  545.098699][ T6665]  #0: ffff888026ed8350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  545.107995][ T6665]  #1: ffff888020321698 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22e/0x670
[  545.117471][ T6665]  #2: ffff8880287e7178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xba/0x1080
[  545.126397][ T6665] 
[  545.126397][ T6665] stack backtrace:
[  545.132268][ T6665] CPU: 0 UID: 0 PID: 6665 Comm: udevd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  545.132292][ T6665] Tainted: [L]=SOFTLOCKUP
[  545.132297][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  545.132307][ T6665] Call Trace:
[  545.132316][ T6665]  <TASK>
[  545.132322][ T6665]  dump_stack_lvl+0x100/0x190
[  545.132337][ T6665]  print_circular_bug.cold+0x178/0x1c7
[  545.132354][ T6665]  check_noncircular+0x146/0x160
[  545.132369][ T6665]  __lock_acquire+0x14b8/0x2630
[  545.132386][ T6665]  lock_acquire+0x1b1/0x370
[  545.132404][ T6665]  ? nbd_queue_rq+0x428/0x1080
[  545.132420][ T6665]  ? __pfx___might_resched+0x10/0x10
[  545.132442][ T6665]  ? rcu_is_watching+0x12/0xc0
[  545.132465][ T6665]  __mutex_lock+0x1a4/0x1b10
[  545.132477][ T6665]  ? nbd_queue_rq+0x428/0x1080
[  545.132486][ T6665]  ? nbd_queue_rq+0x428/0x1080
[  545.132497][ T6665]  ? __pfx___mutex_lock+0x10/0x10
[  545.132510][ T6665]  ? update_curr_dl_se+0x4aa/0xc90
[  545.132524][ T6665]  ? rcu_read_lock_sched_held+0x40/0x70
[  545.132541][ T6665]  ? update_se+0x571/0x770
[  545.132564][ T6665]  ? nbd_queue_rq+0x428/0x1080
[  545.132578][ T6665]  nbd_queue_rq+0x428/0x1080
[  545.132595][ T6665]  ? __pfx_nbd_queue_rq+0x10/0x10
[  545.132611][ T6665]  blk_mq_dispatch_rq_list+0x422/0x1e70
[  545.132624][ T6665]  ? sbitmap_get+0x1d7/0x360
[  545.132636][ T6665]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  545.132647][ T6665]  ? __blk_mq_alloc_driver_tag+0x27a/0x7a0
[  545.132664][ T6665]  __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  545.132690][ T6665]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  545.132719][ T6665]  blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  545.132742][ T6665]  blk_mq_run_hw_queue+0x23c/0x670
[  545.132759][ T6665]  ? blk_mq_run_hw_queue+0x22e/0x670
[  545.132774][ T6665]  blk_mq_dispatch_list+0x51d/0x1360
[  545.132784][ T6665]  ? __pfx_blk_mq_dispatch_list+0x10/0x10
[  545.132794][ T6665]  ? update_io_ticks+0x137/0x2a0
[  545.132810][ T6665]  ? __pfx_update_io_ticks+0x10/0x10
[  545.132833][ T6665]  blk_mq_flush_plug_list+0x130/0x600
[  545.132848][ T6665]  ? trace_block_plug+0x70/0x220
[  545.132865][ T6665]  ? blk_add_rq_to_plug+0x30a/0x540
[  545.132879][ T6665]  ? __pfx_wbt_track+0x10/0x10
[  545.132897][ T6665]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  545.132907][ T6665]  ? blk_mq_submit_bio+0x9aa/0x2dd0
[  545.132918][ T6665]  __blk_flush_plug+0x2c4/0x4b0
[  545.132934][ T6665]  ? __pfx___blk_flush_plug+0x10/0x10
[  545.132951][ T6665]  __submit_bio+0x584/0x6c0
[  545.132973][ T6665]  ? __pfx___submit_bio+0x10/0x10
[  545.132996][ T6665]  ? __pfx_blk_cgroup_bio_start+0x10/0x10
[  545.133021][ T6665]  ? find_held_lock+0x2b/0x80
[  545.133035][ T6665]  ? submit_bio_noacct_nocheck+0x543/0xbf0
[  545.133050][ T6665]  submit_bio_noacct_nocheck+0x543/0xbf0
[  545.133067][ T6665]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  545.133084][ T6665]  ? __pfx___might_resched+0x10/0x10
[  545.133102][ T6665]  submit_bio_noacct+0xd18/0x2000
[  545.133127][ T6665]  submit_bh_wbc+0x681/0x890
[  545.133151][ T6665]  block_read_full_folio+0x4c8/0x8e0
[  545.133168][ T6665]  ? __pfx_blkdev_get_block+0x10/0x10
[  545.133187][ T6665]  ? __pfx_blkdev_read_folio+0x10/0x10
[  545.133202][ T6665]  filemap_read_folio+0xfc/0x3b0
[  545.133217][ T6665]  ? __pfx_filemap_read_folio+0x10/0x10
[  545.133233][ T6665]  do_read_cache_folio+0x2d7/0x6b0
[  545.133254][ T6665]  ? __pfx_blkdev_read_folio+0x10/0x10
[  545.133279][ T6665]  read_part_sector+0xd1/0x370
[  545.133299][ T6665]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  545.133320][ T6665]  adfspart_check_ICS+0x91/0x7d0
[  545.133334][ T6665]  ? __pfx_seq_buf_printf+0x10/0x10
[  545.133345][ T6665]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  545.133361][ T6665]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  545.133376][ T6665]  bdev_disk_changed+0x7a3/0x1250
[  545.133398][ T6665]  ? nbd_open+0x320/0x700
[  545.133413][ T6665]  ? __pfx_bdev_disk_changed+0x10/0x10
[  545.133436][ T6665]  blkdev_get_whole+0x187/0x290
[  545.133458][ T6665]  bdev_open+0x2c7/0xe40
[  545.133474][ T6665]  blkdev_open+0x34e/0x4f0
[  545.133484][ T6665]  do_dentry_open+0x6d8/0x1660
[  545.133495][ T6665]  ? __pfx_blkdev_open+0x10/0x10
[  545.133505][ T6665]  vfs_open+0x82/0x3f0
[  545.133519][ T6665]  path_openat+0x208c/0x31a0
[  545.133541][ T6665]  ? __pfx_path_openat+0x10/0x10
[  545.133568][ T6665]  do_file_open+0x20e/0x430
[  545.133587][ T6665]  ? __pfx_do_file_open+0x10/0x10
[  545.133608][ T6665]  ? alloc_fd+0x476/0x790
[  545.133621][ T6665]  ? do_getname+0x191/0x390
[  545.133636][ T6665]  do_sys_openat2+0x10d/0x1e0
[  545.133650][ T6665]  ? __pfx_do_sys_openat2+0x10/0x10
[  545.133665][ T6665]  ? __sys_recvmsg+0x18c/0x220
[  545.133690][ T6665]  ? __pfx___sys_recvmsg+0x10/0x10
[  545.133713][ T6665]  __x64_sys_openat+0x12d/0x210
[  545.133735][ T6665]  ? __pfx___x64_sys_openat+0x10/0x10
[  545.133754][ T6665]  ? rcu_is_watching+0x12/0xc0
[  545.133769][ T6665]  do_syscall_64+0x10b/0xf80
[  545.133780][ T6665]  ? clear_bhb_loop+0x40/0x90
[  545.133791][ T6665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.133802][ T6665] RIP: 0033:0x7ffa714a7407
[  545.133814][ T6665] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  545.133829][ T6665] RSP: 002b:00007fff18964dc0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  545.133845][ T6665] RAX: ffffffffffffffda RBX: 00007ffa71beb880 RCX: 00007ffa714a7407
[  545.133855][ T6665] RDX: 00000000000a0800 RSI: 000055a34f3125c0 RDI: ffffffffffffff9c
[  545.133865][ T6665] RBP: 000055a34f0d22c0 R08: 0000000000000000 R09: 0000000000000000
[  545.133874][ T6665] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a34f3140c0
[  545.133882][ T6665] R13: 000055a34f30d8d0 R14: 0000000000000000 R15: 000055a34f3140c0
[  545.133897][ T6665]  </TASK>
[  545.693083][ T5770] usb 5-1: USB disconnect, device number 29
[  545.703377][ T6665] block nbd2: Dead connection, failed to find a fallback
[  545.707390][ T5706] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  545.711312][ T6665] block nbd2: shutting down sockets
[  545.727624][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.737370][ T6665] buffer_io_error: 11 callbacks suppressed
[  545.737806][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.754733][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.764493][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.771564][ T5706] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.772825][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.781005][ T5706] usb 1-1: Product: syz
[  545.798403][ T5706] usb 1-1: Manufacturer: syz
[  545.803038][ T5706] usb 1-1: SerialNumber: syz
[  545.808643][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.813400][ T5706] usb 1-1: config 0 descriptor??
[  545.821485][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.823077][ T5706] ch341 1-1:0.0: ch341-uart converter detected
[  545.831249][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.846962][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.856507][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.864384][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.874103][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.882092][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.891168][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.899137][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.908701][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.916935][ T6665] ldm_validate_partition_table(): Disk read failed.
[  545.923588][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.933062][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.941280][ T6665] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.950849][ T6665] Buffer I/O error on dev nbd2, logical block 0, async page read
[  545.958782][ T6665] Dev nbd2: unable to read RDB block 0
[  545.964504][ T6665]  nbd2: unable to read partition table
[  545.973495][ T6665] ldm_validate_partition_table(): Disk read failed.
[  545.980476][ T6665] Dev nbd2: unable to read RDB block 0
[  545.986642][ T6665]  nbd2: unable to read partition table
[  546.033852][ T5706] usb 1-1: failed to receive control message: -32
[  546.040646][ T5706] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -32
[  547.797438][ T5706] usb 1-1: USB disconnect, device number 39
[  547.805702][ T5706] ch341 1-1:0.0: device disconnected