last executing test programs:

3m57.568736972s ago: executing program 0 (id=447):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x44}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x24, &(0x7f0000000400)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) (async)
socket$alg(0x26, 0x5, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000640)={0x1, 0x0, @pic={0x9, 0x9, 0x10, 0x6, 0x6, 0xb, 0x10, 0x9, 0x3, 0x2, 0x5, 0xed, 0x7, 0x9, 0x5, 0x1}}) (async)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)={0x1001})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x68, 0x30, 0x871a15abc695fa3d, 0x70bd25, 0x3, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0xfffffffd, 0x0, 0xffffffffffffffff, 0x0, 0x40}}, @TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r5=>0x0}) (rerun: 64)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
sendmsg$nl_route(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="240000001800090400000000000000000a00000000000000000002040000000000000000"], 0x24}}, 0x0) (async, rerun: 64)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x5c52037a}, 0xc) (async)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000340)={0x0, @empty, @broadcast}, &(0x7f00000003c0)=0xc)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000380)={'gre0\x00', r5, 0x10, 0x20, 0x7fffffff, 0x4, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x66, 0x0, 0x6, 0x4, 0x0, @local, @empty}}}})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (async)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)
sendto$inet(r1, 0x0, 0x0, 0x10008095, 0x0, 0x0)

3m55.163308321s ago: executing program 0 (id=457):
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0xc881}, 0x40040d0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)={0x60, 0x10, 0x4, "e34207b4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)={0x20, 0x1, 0x4, "ad610d13"}, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000013c0)={0x44, &(0x7f00000011c0)={0x20, 0x14, 0x4, "0426fd98"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m51.501505091s ago: executing program 0 (id=471):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10100, 0x180)
mknodat(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x784e, &(0x7f0000000480)={0x0, 0xbc02, 0x10, 0x0, 0x30f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000540)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, &(0x7f0000000200)={{0x80000000, 0x0, 0xf5a1c2b8e98148d, [0x6, 0xfffffffe]}, {0x80000000, 0x0, 0x7, [0x3, 0x9]}, 0x2, [0x5, 0x84000000]})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r6)
r8 = syz_io_uring_setup(0x1d9e, &(0x7f00000000c0)={0x0, 0xe876, 0x40, 0x0, 0x2d4}, &(0x7f0000000040), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r8, 0x22, &(0x7f0000000000)={&(0x7f0000003000)={[{0x0, 0x0, 0x3}]}, 0x1}, 0x1)
mprotect(&(0x7f00000a6000/0x1000)=nil, 0x1000, 0x5)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x47bc, 0x0, 0x11, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r11 = dup(r10)
write$FUSE_BMAP(r11, &(0x7f0000000100)={0x18, 0xffffffffffffffda, 0x0, {0x8000000000000009}}, 0x18)
write$FUSE_DIRENTPLUS(r11, &(0x7f0000000140)=ANY=[@ANYRESOCT=r11, @ANYRES32=r9, @ANYRES32=r10], 0x138)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES64=r7, @ANYBLOB="000092753c525f", @ANYRESHEX=r10, @ANYBLOB=',\x00'])

3m50.514291346s ago: executing program 0 (id=473):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
r0 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000380)=@in6={0xa, 0x0, 0x0, @mcast1, 0xe48f}, 0x80, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000004c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r3, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80008, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x31a88d3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r3})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000009, 0x8000, 0x40)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
r6 = getpgrp(0x0)
sendmsg$AUDIT_SET(r5, &(0x7f0000000280)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x3c, 0x3e9, 0x100, 0x70bd26, 0x25dfdbfb, {0x30, 0x1, 0x2, r6, 0x800, 0xc, 0x44, 0x2000007, 0x0, 0x2f03, 0x9}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008001}, 0x2400c080)
fsopen(0x0, 0x1)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f00000004c0), 0x208e24b)

3m48.258209926s ago: executing program 0 (id=480):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video(&(0x7f0000000000), 0x4, 0x80)
prlimit64(0x0, 0x8, &(0x7f00000002c0)={0xff, 0x10000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x20001)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getpgrp(0x0)
mkdir(&(0x7f0000000080)='./file0/file0\x00', 0xda)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x50)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x5981, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r4, 0x400caed0, &(0x7f00000001c0)={0x2})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000007880)={0x1, 0x58, &(0x7f0000007800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000078c0)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32=r2, @ANYRES32=r5, @ANYRES32, @ANYBLOB="0400000005000000000000000000000000000011ffffffffffffffff"], 0x50)
ioctl$TCXONC(r1, 0x540a, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x2)
socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000001440)={'pimreg1\x00', &(0x7f0000000200)=@ethtool_ringparam={0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffd, 0x0, 0x4}})
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(0xffffffffffffffff)
syslog(0x2, 0x0, 0x0)
r6 = syz_open_dev$media(&(0x7f0000000240), 0x3, 0x100)
ioctl$MEDIA_IOC_ENUM_ENTITIES(r6, 0xc1007c01, &(0x7f0000000100))
syslog(0x4, &(0x7f00000000c0)=""/27, 0x1b)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x3, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x77}, 0x2c)

3m46.526882495s ago: executing program 0 (id=485):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_hwaddr=@broadcast})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r3=>0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x4f8, 0x1d0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x428, 0xffffffff, 0xffffffff, 0x428, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@local, @empty, [0xff000000, 0x0, 0xffffffff, 0xff], [0x0, 0xffffffff, 0x0, 0xff000000], 'veth1_to_bond\x00', 'lo\x00', {0xff}, {}, 0x32, 0x7f, 0xc, 0x40}, 0x0, 0x190, 0x1d0, 0x0, {}, [@common=@srh1={{0x90}, {0x2e, 0xc, 0xd, 0x6, 0x9, @dev={0xfe, 0x80, '\x00', 0x24}, @mcast1, @ipv4={'\x00', '\xff\xff', @local}, [0xffffff00, 0x0, 0xff, 0xffffffff], [0xff, 0xffffff00, 0x0, 0xffffff00], [0x0, 0xffffffff], 0x4, 0x108}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xc0, 0x3, "2f448fd3ab8fc9403e6650b88905be737500822e8357e607a9c5acaafdbc"}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0x0, 0xff000000], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x6, 0x0, 0x74, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x558)
syz_emit_ethernet(0x5e, &(0x7f0000001700)=ANY=[@ANYBLOB="0180c21f00000180c200f63b57feb0d66001012000283a01fc000000000000000000000000000000ff0200000000000000000000000000018900907800000000fc020000000000000000000000000001fe8000000000009e780000000000"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "e4ac9ca106c62afe", "f2156218804f15ca9c273f8143e61d40", "9566657c", "91e33563aedbc284"}, 0x28)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))

3m46.036469544s ago: executing program 32 (id=485):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_hwaddr=@broadcast})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r3=>0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x4f8, 0x1d0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x428, 0xffffffff, 0xffffffff, 0x428, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@local, @empty, [0xff000000, 0x0, 0xffffffff, 0xff], [0x0, 0xffffffff, 0x0, 0xff000000], 'veth1_to_bond\x00', 'lo\x00', {0xff}, {}, 0x32, 0x7f, 0xc, 0x40}, 0x0, 0x190, 0x1d0, 0x0, {}, [@common=@srh1={{0x90}, {0x2e, 0xc, 0xd, 0x6, 0x9, @dev={0xfe, 0x80, '\x00', 0x24}, @mcast1, @ipv4={'\x00', '\xff\xff', @local}, [0xffffff00, 0x0, 0xff, 0xffffffff], [0xff, 0xffffff00, 0x0, 0xffffff00], [0x0, 0xffffffff], 0x4, 0x108}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xc0, 0x3, "2f448fd3ab8fc9403e6650b88905be737500822e8357e607a9c5acaafdbc"}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0x0, 0xff000000], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@inet=@socket1={{0x28}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x6, 0x0, 0x74, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x558)
syz_emit_ethernet(0x5e, &(0x7f0000001700)=ANY=[@ANYBLOB="0180c21f00000180c200f63b57feb0d66001012000283a01fc000000000000000000000000000000ff0200000000000000000000000000018900907800000000fc020000000000000000000000000001fe8000000000009e780000000000"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "e4ac9ca106c62afe", "f2156218804f15ca9c273f8143e61d40", "9566657c", "91e33563aedbc284"}, 0x28)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))

9.7552959s ago: executing program 1 (id=1281):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r0)

9.416902927s ago: executing program 5 (id=1282):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[], 0xe4}}, 0x0)

8.451405922s ago: executing program 5 (id=1284):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x1d, &(0x7f0000000100), 0x120)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000100), 0x40a40, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
io_setup(0xc9, &(0x7f0000000000))
openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0x44000, 0x70)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
wait4(r6, 0x0, 0x20000000, &(0x7f0000000240))
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000340)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8, @ANYBLOB="05", @ANYRES64, @ANYRES8, @ANYRES16, @ANYRES16], 0x0)

6.645339924s ago: executing program 1 (id=1292):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x24008851}, 0x40040)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c00168008000100bc"], 0x30}}, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c00168008000100bc"], 0x30}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) (async)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5543, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0xff}}}}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) (async)
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff}) (async)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe) (async)
add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "e5e81571c97b166978ff61fcfd2409b2b73e0f936ed774de107de8a9041b5113"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
geteuid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)

6.027171829s ago: executing program 3 (id=1295):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0xe4}}, 0x0)

5.602275077s ago: executing program 3 (id=1296):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000000)={0x1, 0x74a})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$bt_hci(r2, &(0x7f0000000000)=ANY=[], 0x7)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TCSETS(r3, 0x560c, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{0x0, 0x5}, [@TCA_NETEM_RATE={0x14, 0xe, {0x0, 0xa}}]}}}]}, 0x60}}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000180)={{{@in=@initdev, @in=@multicast1}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000300)=0xe8)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001d00070f000000000000000007000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0xffffffffffffff09, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYRES8=r10, @ANYRES32=r10, @ANYBLOB="08002600b41400000a00f300ffffffffffff000008003500000000000a0034000200"/48], 0x4c}, 0x1, 0x0, 0x0, 0x40084}, 0x0)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000000)={0x0, 0x40, 0x5, 0x24, 0x9, 0x29, 0x23ab, 0xcc0f, {<r12=>0x0, @in={{0x2, 0x4e23, @private=0xa010101}}, 0xbc, 0x1, 0x40, 0x9, 0x1}}, &(0x7f00000000c0)=0xb0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r11, 0x84, 0x76, &(0x7f0000000100)={r12, 0xf}, 0x8)

5.218125978s ago: executing program 4 (id=1299):
ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000200)=0x10004)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000300), &(0x7f0000000340)=0x4)
ptrace(0x10, r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0x1, &(0x7f0000000480)=[{0x951a, 0x6, 0x4, 0x9}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000000)={0x5, &(0x7f0000000500)=[{0x0, 0x3, 0x3, 0x4ffff}, {0x2, 0xfb, 0xf, 0x2}, {0x2, 0x6, 0x1, 0x8}, {0x939c, 0x2, 0x1e, 0x5}, {0x40, 0x5, 0x80, 0xf65}]})
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, &(0x7f0000000080)=0x54)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000005c0))
ptrace$poke(0x4, r1, &(0x7f0000000280), 0x5000000000000000)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00')
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000200)={0xfffffffc, 0x40002, 0x2, {0xd, @pix_mp={0x0, 0xffffff7f, 0x20303159, 0x0, 0xb, [{}, {}, {0x5}, {0xfffffffd}, {}, {}, {0x100000, 0x8000002}, {0x3ff}], 0x4, 0x0, 0x4, 0x0, 0x3}}})

4.893049253s ago: executing program 5 (id=1300):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0)
setrlimit(0xb, &(0x7f0000000340)={0xa00000000, 0x7abc})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_extract_tcp_res(&(0x7f0000000300), 0x4, 0xfffffff8)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x34, 0x1, 0x70bd2d, 0x25dbdbfe, {0x1}, [@typed={0x8, 0x7, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x34, 0x4, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0xba}]}, 0x6d}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)

4.618189768s ago: executing program 3 (id=1302):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x1e0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x20000010)
socket(0x840000000002, 0x3, 0x6)
close(0x3)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001ac0)={r3, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='\b\x00\x00\x00\x00', @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48)
r5 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$int_in(r5, 0x5452, &(0x7f0000000240)=0x3)
sendmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818)
ioctl$AUTOFS_IOC_FAIL(r5, 0x9361, 0xca95)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x4000)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118)

4.591726647s ago: executing program 4 (id=1303):
pipe(&(0x7f0000000200))
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (fail_nth: 5)

4.1259693s ago: executing program 4 (id=1304):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/11], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd4f, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r8 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
io_setup(0x3fe, &(0x7f00000001c0)=<r9=>0x0)
io_getevents(r9, 0x1, 0x3, &(0x7f00000004c0)=[{}, {}, {}], 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x3a155000)
io_submit(r9, 0x1, &(0x7f0000000280)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r8, 0x0}])
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb7020000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
r11 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r12=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(0x0, 0x0, r12)
setregid(0x0, r12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r10}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)

3.86528149s ago: executing program 1 (id=1306):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc)
syz_usb_connect(0x0, 0x34, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000092e1300833280102d52a0000000109022200010000000009040000000e010000082403"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x8, 0x1, @val=0x5}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)=ANY=[@ANYRES16=r1, @ANYRES64=r0, @ANYRES32=0x41424344, @ANYBLOB="5002000190780000"], 0x0)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c10000000010000000000", 0x58}], 0x1)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0xfffffffc, {0x60, 0x0, 0x0, r9, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0xfffffffffffffe2d, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newchain={0x988, 0x64, 0x20, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x4, 0x5}, {0xfff0}, {0x0, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_FLOWER_KEY_ICMPV4_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_UDP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV4_SRC={0x8, 0x1b, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_MPLS_TC={0x5, 0x45, 0x3}]}}, @TCA_RATE={0x6, 0x5, {0x9, 0x9}}, @TCA_CHAIN={0x8, 0xb, 0x400}, @TCA_CHAIN={0x8, 0xb, 0x7222}, @filter_kind_options=@f_u32={{0x8}, {0x8d8, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0x10}}, @TCA_U32_SEL={0x144, 0x5, {0xb, 0xf, 0x5, 0xa7, 0x8, 0x846, 0x1, 0x74, [{0x9, 0x12, 0x400, 0xffffff00}, {0x5, 0x6, 0x80000001, 0x5}, {0x50d5, 0x1, 0x7, 0xa8b}, {0x5, 0x8, 0x401, 0x8}, {0x80000001, 0x2, 0x80, 0x7}, {0x5, 0x0, 0x921, 0x76}, {0x1230eeab, 0x4, 0x5, 0x4}, {0x0, 0x8, 0x8, 0x4}, {0x7f, 0x7, 0x8, 0x6}, {0x10000, 0x5, 0x4f93, 0x400}, {0x2, 0x1, 0x1776, 0xffff}, {0x9, 0x0, 0x0, 0x5}, {0x9, 0x9, 0x8, 0x4}, {0x9, 0x4, 0x39d, 0x5e4}, {0x1, 0x4, 0x9, 0x4e}, {0x4, 0x5fa, 0xff, 0x8}, {0x5fa, 0x8, 0x7f, 0x7ff}, {0xfffffffc, 0x0, 0x7}, {0xc, 0xb, 0x7, 0x5}]}}, @TCA_U32_HASH={0x8, 0x2, 0x4800000}, @TCA_U32_SEL={0x3f4, 0x5, {0xa, 0x1, 0xb9, 0x2, 0x5, 0x6, 0x5, 0x8, [{0x4, 0x3ff, 0x1, 0x8}, {0x0, 0xc684, 0xfffffffb, 0xd4b3}, {0x1, 0xfffffffb, 0x4, 0x8001}, {0x80000000, 0x7, 0xfffffffa, 0x5}, {0x3, 0x6, 0x5, 0x8}, {0xfff, 0x7fff, 0x8, 0x2}, {0x20c, 0x3, 0x2, 0x7}, {0x1, 0x800, 0x80, 0x10}, {0xd, 0x100, 0x1, 0x9be}, {0x3, 0xbf85, 0x25, 0x80000001}, {0x1, 0x43, 0x1, 0x3}, {0x8, 0x1ff, 0x400, 0xffffffff}, {0x6, 0x4, 0x9, 0x6}, {0xfffffff8, 0x3, 0x5, 0x5}, {0x2, 0x1, 0x8, 0x3}, {0x400, 0x9dc, 0x80, 0x401}, {0x3, 0x7c3, 0x8000, 0x81}, {0x80000000, 0x1, 0x2f92, 0xe26}, {0x101, 0x780000, 0xd, 0x3}, {0x80000001, 0x7, 0x2, 0xe0}, {0x5, 0x0, 0x3ff, 0xb4}, {0x4, 0x80000001, 0x3, 0x2}, {0x8, 0x2, 0x8001, 0x6}, {0x800, 0x3bc1, 0x1ff, 0x9}, {0x40, 0x7, 0x101, 0x3}, {0x6, 0x3793, 0x4, 0x80000000}, {0x749, 0x7, 0x5, 0xcb}, {0xfffffffc, 0x9, 0xe, 0x2}, {0x7ff, 0x200, 0x4d50, 0xc8ae}, {0x6, 0x6, 0xffffffff, 0x6}, {0xffffffff, 0x6, 0x3, 0xfffffff8}, {0x3, 0x9, 0x7fff, 0xfffffffb}, {0x5, 0x401, 0xa, 0xffff}, {0x5, 0x3a, 0x7ff, 0xa3e5}, {0x7, 0x15, 0x7, 0x9}, {0x4, 0x4, 0x3}, {0x3, 0x4, 0x7f, 0x9}, {0x1, 0x1189, 0x3, 0x9}, {0x5aea656e, 0x80000000, 0x1, 0x3}, {0x81, 0x1, 0x1, 0x4}, {0x6, 0xb3a, 0xffc000}, {0x0, 0x498, 0xffff, 0xfff}, {0x7ad, 0x3, 0x2}, {0x0, 0x769e41df, 0x4, 0xff}, {0x6, 0x6, 0x34, 0x2}, {0x2, 0x8, 0xfffffff8, 0x4}, {0x5, 0x76, 0x7ff, 0x5}, {0x0, 0x7fff, 0x10001}, {0x4, 0x100, 0x9, 0xe1}, {0x8, 0xe, 0x7, 0x1}, {0xc, 0x6, 0x6, 0x7}, {0xfb0c, 0x8, 0x8, 0xa}, {0x1, 0x80000000, 0x1353cdd7, 0x9}, {0x7, 0x7, 0x1c000000, 0x69f6}, {0x5, 0x4, 0x1, 0x9}, {0x52, 0xff, 0x7, 0x8000}, {0x101, 0x6620000, 0xcdde, 0x9}, {0x9, 0x9, 0x1, 0x8}, {0x7fffffff, 0x1, 0x3, 0x401}, {0x0, 0x1f6, 0x81, 0x3}, {0x9, 0x8001, 0x9, 0x6}, {0x7fff, 0x9, 0xb7, 0x2}]}}, @TCA_U32_SEL={0x384, 0x5, {0xa, 0x1, 0xcd, 0x6, 0x1, 0x2, 0x8, 0x4, [{0x400, 0x1b9, 0xffff, 0x7fffffff}, {0x3, 0x3, 0x8000, 0x6}, {0x80, 0x9, 0x1000000, 0xbfc7}, {0x91, 0xf3b, 0x7, 0xffff0000}, {0x2, 0x9, 0x80000001, 0xb97a}, {0xffff7fff, 0x0, 0x101, 0x5}, {0x200, 0xffffff7f, 0x7fffffff, 0x3}, {0x8, 0x8d29, 0x2, 0x4}, {0x3973, 0x1, 0x200, 0xfffffff7}, {0x0, 0xfc, 0x3, 0x80000001}, {0x81, 0xe, 0x5, 0x5169c547}, {0x0, 0x9, 0x40, 0xeb}, {0x1d64, 0x10000, 0x3, 0x7}, {0x433906ae, 0xffff5092, 0x2, 0x5}, {0x3, 0x8, 0xc6, 0x7}, {0x8, 0xe, 0x6, 0xffff49ef}, {0x4, 0x5, 0x1, 0x7}, {0xc0f, 0x7, 0x1, 0x101}, {0x5, 0x76, 0xfffffff8, 0xccc}, {0x7, 0x10001, 0x100, 0x5}, {0x400, 0x1, 0x9, 0xc2}, {0xffffffff, 0x8000000, 0x3, 0x2}, {0x3, 0x1, 0x7f, 0x8}, {0x8001, 0x7, 0x8, 0x5}, {0x3, 0x22, 0x0, 0x8}, {0x800, 0x2, 0x6, 0x6c}, {0xfab, 0x800, 0x91, 0x1}, {0x3, 0x5, 0x0, 0x1}, {0x9, 0xccd, 0x7, 0xffff679d}, {0x0, 0xfffffff8, 0xa0000, 0x1}, {0x5338, 0x4, 0xc3, 0x4}, {0x0, 0x9, 0x4, 0xb3}, {0xfffffffd, 0x9, 0x10001}, {0x9, 0x0, 0x2, 0x6}, {0xffffff1e, 0x7b6, 0x85, 0xfc}, {0x3, 0x4b, 0x6, 0x8}, {0x3, 0x80, 0x9, 0x1}, {0x80, 0x7, 0x3, 0x3}, {0x7, 0x3e08, 0xffffff37}, {0xfffffffb, 0x8, 0x2, 0x9}, {0xffffff36, 0x7fffffff, 0x78c, 0x101}, {0x295a, 0xffffffff, 0x8, 0x1}, {0x5, 0x800, 0xffffffff, 0x6}, {0xfffffffa, 0x8a, 0x1, 0x42be}, {0x3, 0x0, 0x10001, 0x8}, {0xffffffff, 0x7, 0xffff, 0x7}, {0x7, 0x1, 0x67a, 0x8001}, {0x10001, 0x0, 0x10, 0xe9e6}, {0xffff, 0x16, 0x5, 0x2}, {0x5, 0x6, 0x1, 0x7}, {0x2, 0x5, 0xff, 0x5}, {0x200000, 0x200, 0x9, 0x3ff}, {0x100, 0x5de, 0x6, 0x8}, {0x6, 0x3, 0x7fff, 0x8}, {0xc0d1, 0x9, 0x61d0a4dd, 0x84c}]}}, @TCA_U32_LINK={0x8, 0x3, 0x7}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x7}]}}]}, 0x988}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

3.538460817s ago: executing program 3 (id=1307):
capset(0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
msgget$private(0x0, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1b)
socket$alg(0x26, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001500010000000000000000000100000008000100", @ANYRES8], 0x1c}}, 0x804)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)

3.119264467s ago: executing program 2 (id=1308):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x3, 0x0, 0xd410, 0xf69aa1672a50ebb1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_COLLECT_METADATA={0x4, 0xe}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0), 0x8) (async, rerun: 64)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0), 0x4) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000883d8af5755ee39f1b69a87595e0743ab39a497be0880b33e53e8350b105defc668cd23ed3c2ab41532a42896d07af84986329fd82f28e289057ea4bd8fc3255574ae8a185a514510992526f07c703ac4552bc6c6c953e785a4786725000"/124, @ANYRES32, @ANYRESDEC=r1, @ANYRES8=0x0, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb11e9032c7474bfd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) (async)
mount$9p_rdma(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1400, &(0x7f0000000600)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@sq={'sq', 0x3d, 0x5a}}, {@sq={'sq', 0x3d, 0x5}}], [{@subj_type={'subj_type', 0x3d, 'percpu_alloc_percpu\x00'}}]}}) (async)
io_uring_setup(0x669c, &(0x7f00000006c0)={0x0, 0xa1d3, 0x0, 0x2, 0x4e}) (async)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r6=>0x0}) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async, rerun: 64)
pipe(&(0x7f0000000400)={0xffffffffffffffff, <r9=>0xffffffffffffffff}) (async, rerun: 64)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r10=>0x0})
getsockopt$packet_int(r9, 0x107, 0x13, &(0x7f0000000780), &(0x7f00000007c0)=0x4)
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000380)={0x28, 0x0, r10, r6, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000080)={0x28, 0x3, r11, r6, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r12, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r12, 0xc0189372, &(0x7f0000000740)={{0x1, 0x1, 0x18, r7, {0x400}}, './file0\x00'}) (async)
close_range(r4, 0xffffffffffffffff, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r13}, 0x10) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

3.048197922s ago: executing program 4 (id=1309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x7, 0x6}, 0x50)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x7, @private2, 0x9}, 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000180)="170000000200020000ffbe8c5ee17688a2003c00010100000077fc5ad90200fb6a880004d6c9db0000db15d088bd8b7000000000d9ce9bc7e28d94000200ff01800a0000ebfc0607bdfd5910547a681f009ceeff5acba400001fb700674f00c8e365d00b5033bf79ac2dfc061f15003901dee2000000000062068f5ee50c08af9b1c568302ffff02ff03310800ab0840", 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='mm_page_free\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x0, @mcast2, 0x809}, {0xa, 0x8, 0xfffffffe, @empty}, 0xffff, {[0x0, 0x1, 0xfffffffe, 0xfff, 0x2, 0x4]}}, 0x5c)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5, r0}, 0xc)

2.93074666s ago: executing program 4 (id=1310):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
syz_genetlink_get_family_id$tipc(0x0, r0)

2.795006948s ago: executing program 4 (id=1311):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setresgid(0xee00, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x8, @empty, 0x2}}}, 0x108)
getsockopt$inet6_buf(r2, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000003c0)=""/82)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000040)=0x2, 0x4)
sync()
sync()
r3 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000006000000080000000800000040000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000f071c9ce0654b6be989a6ac669ef24d0ef92dc98332e5d0b569383937a2bf9174db38ed95cc7b246ff3095ceb62623038abf3f403d006d3fd09105dac3d5362c398cc286f99fb94e47f49617761f227534166317df89a9740b62fbde3aae0381116c0058dd7f6596cf3054baee1443e99346853c9fb8dcffa4f6844f5e462730144432004b2e8c72138ff6c3222cd30911ec"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000001c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x80, 0x1c, {0x8, 0xfc00, 0x2e50, 0x2, 0x3, 0xff0b, 0x200, 0x82004, 0x6, 0x2, 0x7, 0x3}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)

2.727168184s ago: executing program 2 (id=1312):
socket$rxrpc(0x21, 0x2, 0xa)
r0 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) (fail_nth: 3)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, &(0x7f0000003300)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1eaa000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'})

2.287424064s ago: executing program 5 (id=1313):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2e00c1, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRESHEX, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x1)
r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r4 = open$dir(&(0x7f0000000140)='./file0\x00', 0x3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r5, 0x5)
sendfile(r4, r5, 0x0, 0x7ffff000)
readv(r3, &(0x7f0000000200)=[{&(0x7f0000000f40)=""/4096, 0x1001}], 0x1)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r9)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r9, &(0x7f0000000900)={0x0, 0xfffffffffffffebb, &(0x7f00000008c0)={&(0x7f00000005c0)=ANY=[@ANYRES32=r3, @ANYBLOB="f62a426988bf945d5a8b9e13dbdec6b524f184bb1c010000003d27a11ad5c9965f62de79dbbca8f6a90a7a8b12fa2c82dd0a7c8dbe8badbb585107259bc91cd9e36a4a9c8e4bd0a44b88d1c1ab14d157ffba2b45c9caeb50b2f3badae0765f399261cc38c4d6cbb56feb144c7f95b0067334e7e845ef7598f0fe14108bd03de64f8e16a4774ca82f9119496d0c2821b2d64c7d2ab3d9528c41462bf89c12756e2508841a42cc06adc605cbb78e860f1f0ff1c7f45a582a2aae5e78419790c38b029bab79934cefa5a069fd2c1178416ff56740ebac827ab804210598d23a5745b8a797fe0e1506abd78f1274c04613592f0abf762f90111a077861cc172b9b8692d9387fd1ff044d0fe5e8921829628e5bb6dd944725d8224817aab300dc69fbd765e715b6dada2d5da45bd441b6216eb9eff6b9f0eff5d213422a2174e473198b9666e15ff37dc60243de5ffc31f7117cf52ed0a28b37b7e79effb49ed6d08a46ec561d99aed1d26b26affbdfafe0a262caab5b00ca028bc7918348d6702e689a74763c", @ANYRES64=0x0], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x800)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x5}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x3, 0x6, 0x6361, 0x5, 0x1, 0x6}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "1700"}, @TCA_NETEM_CORR={0x10, 0x1, {0x5, 0x20005, 0x9}}, @TCA_NETEM_ECN={0x8}]}}}]}, 0x6c}}, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2.28558917s ago: executing program 3 (id=1314):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0)
write$P9_RLERROR(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="13"], 0x13)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x86)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x60000000})
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x8, 0x7, 0xe44, 0x9f1, 0x17, "de98cd550c0f9c4a"})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
futex_waitv(&(0x7f0000001b00)=[{0xfff, &(0x7f0000000940)=0x6, 0x6}], 0x1, 0x0, 0x0, 0x1)
sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c040}, 0x8)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x14, 0x3, 0x6, 0xc03}, 0x14}, 0x1, 0x0, 0x0, 0x10000000}, 0xc081)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900232b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x4b}], 0x2)

1.978770281s ago: executing program 3 (id=1315):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
setxattr$incfs_metadata(0x0, 0x0, &(0x7f00000000c0)="04c800b7f43a6ce10a98592b5e1b00be4645ef7713459bf4b9d8cecc", 0x1c, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket(0x400000000010, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x2a, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x12, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@tail_call={{}, {}, {}, {0x4}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8a00fe00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff8effb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000c5"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x2, 0x300)
socket(0x1000000010, 0x6, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'gretap0\x00'})
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000001d80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000180)}}], 0x2, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, 0x0, &(0x7f0000000000))
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(r7, 0x40047451, &(0x7f0000000100)=0xffff0080)
ioctl$PPPIOCSMAXCID(r7, 0x40047451, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000100)={0x0, 0xc}, 0x8)
close(r4)
unshare(0x42000000)

1.907038467s ago: executing program 2 (id=1316):
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x2a, 0x2, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0x3, 0x9, 0x2, 0x4000})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, 0x0, 0x4c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)=@gettaction={0x14, 0x32, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000540)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x5, 0xa, 0xffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x7, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x48}]}}]}, 0x3c}}, 0x24000000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 1)
syz_open_dev$vim2m(0x0, 0xa, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800154000000000080008"], 0x48}}, 0x4000000)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)

1.257459643s ago: executing program 2 (id=1317):
r0 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x10}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
r1 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmctl$SHM_LOCK(r1, 0xb)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_LOCK(r1, 0xb)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
remap_file_pages(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000006, 0xffffffff00000000, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x1, 0x640, 0x1, 0x1, 0xd59f87, 0x7fffffff, 0xd131, 0x8, 0x3, 0x7, 0x2801, 0x2800, 0x2, 0x8000000, 0x14, 0x23, {0x6ea4, 0x6}, 0xd0, 0x9}})
rt_sigaction(0x1c, 0x0, 0x0, 0x8, &(0x7f0000000440))
close_range(r2, 0xffffffffffffffff, 0x0)

1.03478772s ago: executing program 1 (id=1318):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001e0ffffff00000000000000000a74000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000048000480440001800c0001007061796c6f6164003400028008000440000000000800084000000000080002"], 0x9c}}, 0x0) (fail_nth: 6)

895.143789ms ago: executing program 2 (id=1319):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000200", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)

661.639433ms ago: executing program 5 (id=1320):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000140)="24000000010006", 0x7) (fail_nth: 5)

635.736545ms ago: executing program 2 (id=1321):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0)
setrlimit(0xb, &(0x7f0000000340)={0xa00000000, 0x7abc})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_extract_tcp_res(&(0x7f0000000300), 0x4, 0xfffffff8)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00')
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x34, 0x1, 0x70bd2d, 0x25dbdbfe, {0x1}, [@typed={0x8, 0x7, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x34, 0x4, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0xba}]}, 0x6d}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)

543.00934ms ago: executing program 5 (id=1322):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x8, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe2(0x0, 0x4840)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
io_uring_setup(0x5f6f, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
accept4(0xffffffffffffffff, 0x0, 0x0, 0xc0c00)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0xffff93d3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r5, 0x58, &(0x7f0000000300)}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a30000000000900010073797a300000000058000000060a010400000000000000000100000008000b40000000000900010073797a3000000000300004802c0001800a00010071756575650000001c000280060002400ffe009b06000140faff"], 0xcc}, 0x1, 0x0, 0x0, 0x24000090}, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@RTM_GETNSID={0x44, 0x5a, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NETNSA_FD={0x8}, @NETNSA_FD={0x8}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_NSID={0x8, 0x1, 0x3}]}, 0x44}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x18, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x8044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000001079120100000000009500eeff00000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$netlink(r0, 0x10e, 0x3, &(0x7f0000000140)=""/170, &(0x7f0000000200)=0xaa)
socket$alg(0x26, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

542.51071ms ago: executing program 1 (id=1323):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) (async, rerun: 32)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (rerun: 32)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) (async)
listen(r2, 0x3) (async)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) (async)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f00fff00401a80008000800104004080000055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300fc0d15", 0xd8}], 0x1}, 0x4000000)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) (async)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket$kcm(0x29, 0x5, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r4 = syz_io_uring_setup(0x7de, &(0x7f0000000240)={0x0, 0x49cb, 0x10100, 0x1, 0x193}, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000540)=<r6=>0x0) (async, rerun: 64)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) (async, rerun: 64)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="d2f6079f7b39d2a6122a11108cc898d92e28855e9d7fd12ca2c2099717de725d80cb4d4d0b60fedeac79316c2243bf066846f24a91fd71b254bc23154fefd1d4a261425ee40c44c25c99cb631778dd65f347ca33737712f9e169b04bbdd36f6abe0487fbdd729bccbf5e8ce74e4faeaaf660d6ad8b72feb4a3d7cc2a139d45fafd4f549defb0615e16c20e3c5c24605eb957a8d43ef76783770e5517f3bb682f87bc87387c8fa40d84751055d66dbb0947ee7561d7cbf9c85d0f2b46eeb3e0482c59184188ba7e0c9d2199fa9465c0ef0ccc268d7c8d2a"], 0x40}}, 0x0) (async, rerun: 32)
r8 = socket$inet(0x2, 0x2, 0x1) (rerun: 32)
connect$inet(r8, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) (async)
sendmmsg$inet(r8, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000) (async)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) (async)
io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaa02aa0180c20000000800450000ac14146d00004e2200"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8c02000090781000080a00000003200000090000"], 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x8100)

0s ago: executing program 1 (id=1324):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000940)=0x8, 0x4)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf400}, 0x0)

kernel console output (not intermixed with test programs):

0007][ T9646] veth0_to_team: entered allmulticast mode
[  308.362948][ T9653] netlink: 60 bytes leftover after parsing attributes in process `syz.5.907'.
[  308.458729][ T9655] netlink: 8 bytes leftover after parsing attributes in process `syz.5.908'.
[  308.488792][ T9656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.905'.
[  308.584109][ T5909] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  308.895734][ T5909] usb 4-1: Using ep0 maxpacket: 16
[  308.954682][ T9664] 9pnet_fd: Insufficient options for proto=fd
[  309.017789][   T30] audit: type=1400 audit(1751826020.469:440): avc:  denied  { read } for  pid=9657 comm="syz.5.909" dev="sockfs" ino=22540 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  309.078284][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.135001][ T9664] vxfs: WRONG superblock magic 00000000 at 1
[  309.143944][ T9664] vxfs: WRONG superblock magic 00000000 at 8
[  309.150012][ T9664] vxfs: can't find superblock.
[  309.228888][ T9663] ceph: No mds server is up or the cluster is laggy
[  309.238254][ T5909] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[  309.256063][   T24] libceph: connect (1)[c::]:6789 error -101
[  309.266928][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  309.350877][ T5909] usb 4-1: config 1 has no interface number 0
[  309.508020][ T5909] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  309.546218][ T5909] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  309.556663][ T5909] usb 4-1: config 1 interface 105 has no altsetting 0
[  309.566108][ T5909] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  309.579043][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.589693][ T5909] usb 4-1: Product: syz
[  309.593965][ T5909] usb 4-1: Manufacturer: syz
[  309.598679][ T5909] usb 4-1: SerialNumber: syz
[  309.608049][ T9651] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  309.618104][ T9651] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  309.686815][ T9674] FAULT_INJECTION: forcing a failure.
[  309.686815][ T9674] name failslab, interval 1, probability 0, space 0, times 0
[  309.708462][ T9674] CPU: 0 UID: 0 PID: 9674 Comm: syz.5.912 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  309.708489][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  309.708499][ T9674] Call Trace:
[  309.708504][ T9674]  <TASK>
[  309.708510][ T9674]  dump_stack_lvl+0x16c/0x1f0
[  309.708541][ T9674]  should_fail_ex+0x512/0x640
[  309.708563][ T9674]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  309.708591][ T9674]  should_failslab+0xc2/0x120
[  309.708614][ T9674]  __kmalloc_cache_noprof+0x6a/0x3e0
[  309.708628][ T9674]  ? device_add+0xccc/0x1a70
[  309.708642][ T9674]  device_add+0xccc/0x1a70
[  309.708651][ T9674]  ? dev_set_name+0xc7/0x100
[  309.708663][ T9674]  ? __pfx_dev_set_name+0x10/0x10
[  309.708676][ T9674]  ? __pfx_device_add+0x10/0x10
[  309.708686][ T9674]  ? lockdep_init_map_type+0x5c/0x280
[  309.708698][ T9674]  ? __init_waitqueue_head+0xca/0x150
[  309.708716][ T9674]  wakeup_source_device_create+0x214/0x2a0
[  309.708729][ T9674]  wakeup_source_sysfs_add+0x1c/0x90
[  309.708740][ T9674]  wakeup_source_register+0x154/0x3e0
[  309.708757][ T9674]  ep_create_wakeup_source+0x1dd/0x2e0
[  309.708772][ T9674]  ? __pfx_ep_create_wakeup_source+0x10/0x10
[  309.708794][ T9674]  do_epoll_ctl+0x2546/0x2ff0
[  309.708809][ T9674]  ? ksys_write+0x190/0x250
[  309.708828][ T9674]  ? __pfx_do_epoll_ctl+0x10/0x10
[  309.708842][ T9674]  ? find_held_lock+0x2b/0x80
[  309.708856][ T9674]  ? __might_fault+0xe3/0x190
[  309.708870][ T9674]  ? __might_fault+0x13b/0x190
[  309.708889][ T9674]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[  309.708903][ T9674]  __x64_sys_epoll_ctl+0x15c/0x1e0
[  309.708919][ T9674]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  309.708938][ T9674]  do_syscall_64+0xcd/0x4c0
[  309.708957][ T9674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.708968][ T9674] RIP: 0033:0x7f4863b8e929
[  309.708978][ T9674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.708989][ T9674] RSP: 002b:00007f4864a60038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  309.709000][ T9674] RAX: ffffffffffffffda RBX: 00007f4863db6080 RCX: 00007f4863b8e929
[  309.709006][ T9674] RDX: 0000000000000005 RSI: 0000000000000003 RDI: 0000000000000003
[  309.709012][ T9674] RBP: 00007f4864a60090 R08: 0000000000000000 R09: 0000000000000000
[  309.709018][ T9674] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  309.709024][ T9674] R13: 0000000000000001 R14: 00007f4863db6080 R15: 00007ffc4d0c9a18
[  309.709038][ T9674]  </TASK>
[  310.211827][ T9651] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  310.231399][ T9651] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  310.275895][ T9681] JFS: discard option not supported on device
[  310.283007][ T9681] Mount JFS Failure: -22
[  310.287461][ T9681] jfs_mount failed w/return code = -22
[  312.201872][ T5909] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  312.234595][ T5909] aqc111 4-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, be:07:0d:8a:36:8e
[  312.238560][ T5909] usb 4-1: USB disconnect, device number 25
[  312.239392][ T5909] aqc111 4-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  312.493641][ T5887] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  312.557675][ T5909] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  312.569549][ T9702] netlink: 60 bytes leftover after parsing attributes in process `syz.5.919'.
[  312.597222][ T5909] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  312.626787][ T5909] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  312.630462][ T9704] netlink: 40 bytes leftover after parsing attributes in process `syz.2.920'.
[  312.691442][ T5887] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.725726][ T5887] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  312.736102][ T5887] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  312.766401][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  312.807509][ T5887] usb 2-1: SerialNumber: syz
[  312.886589][ T9704] netlink: 'syz.2.920': attribute type 10 has an invalid length.
[  312.897392][ T9704] bond0: (slave wlan1): Opening slave failed
[  313.204381][ T9714] netlink: 24 bytes leftover after parsing attributes in process `syz.5.922'.
[  313.779834][   T92] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  313.783890][ T5909] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  313.951847][ T5909] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  313.962375][ T5909] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  313.974154][   T92] usb 3-1: Using ep0 maxpacket: 16
[  313.975540][ T5909] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  314.008417][ T9723] loop8: detected capacity change from 0 to 8
[  314.022277][   T30] audit: type=1400 audit(1751826025.539:441): avc:  denied  { setopt } for  pid=9719 comm="syz.5.925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  314.022934][ T5909] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  314.067965][   T92] usb 3-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  314.069163][ T5909] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  314.135664][ T9723] loop8: detected capacity change from 8 to 6
[  314.159266][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.168449][    C0] buffer_io_error: 2458 callbacks suppressed
[  314.168461][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.184716][   T24] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  314.186579][ T5909] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  314.201863][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.211034][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.219488][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.228661][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.236964][   T92] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  314.239513][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.255154][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.269542][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.278390][   T92] usb 3-1: Product: syz
[  314.282750][   T92] usb 3-1: Manufacturer: syz
[  314.286545][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.287692][   T92] usb 3-1: SerialNumber: syz
[  314.296561][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.297064][ T6331] ldm_validate_partition_table(): Disk read failed.
[  314.323928][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  314.331831][   T92] usb 3-1: config 0 descriptor??
[  314.359409][ T5909] usb 4-1: Product: syz
[  314.366850][   T24] usb 5-1: Using ep0 maxpacket: 32
[  314.368234][ T5909] usb 4-1: Manufacturer: syz
[  314.388217][    C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.397531][    C1] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.400450][ T5909] cdc_wdm 4-1:1.0: skipping garbage
[  314.483826][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.493864][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.525316][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.531344][   T24] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  314.534522][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.535128][ T5909] cdc_wdm 4-1:1.0: skipping garbage
[  314.561464][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.568146][   T24] usb 5-1: config 0 has no interface number 0
[  314.570705][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.585605][ T6331] Dev loop8: unable to read RDB block 0
[  314.614885][    C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  314.624115][    C1] Buffer I/O error on dev loop8, logical block 0, async page read
[  314.697579][   T24] usb 5-1: config 0 interface 184 has no altsetting 0
[  314.712482][ T6331]  loop8: unable to read partition table
[  314.718644][ T6331] loop8: partition table beyond EOD, truncated
[  314.721262][ T5909] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  314.734699][   T24] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  314.735767][ T5909] cdc_wdm 4-1:1.0: Unknown control protocol
[  314.763185][ T9723] ldm_validate_partition_table(): Disk read failed.
[  314.801493][ T5887] usb 2-1: 0:2 : does not exist
[  314.807699][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.816223][ T9723] Dev loop8: unable to read RDB block 0
[  314.843322][ T9723]  loop8: unable to read partition table
[  314.852178][   T92] usb 3-1: USB disconnect, device number 26
[  314.862869][   T24] usb 5-1: Product: syz
[  314.863533][ T5887] usb 2-1: unit 5: unexpected type 0x0b
[  314.870334][   T24] usb 5-1: Manufacturer: syz
[  314.878024][   T24] usb 5-1: SerialNumber: syz
[  314.892127][ T9723] loop8: partition table beyond EOD, truncated
[  314.901704][   T24] usb 5-1: config 0 descriptor??
[  314.953972][ T9723] loop_reread_partitions: partition scan of loop8 (©›í^êÃÓ{Z~ÙâP’Ž[�‹]ÞM,+„-Ô`Ê1(6ÞÏ$ÐÑ~
[  314.953972][ T9723] ö¤øæÛ…«òýå6þÍÁ) failed (rc=-5)
[  314.984016][   T24] smsc75xx v1.0.0
[  314.987735][   T24] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  315.000610][ T9706] netlink: 3 bytes leftover after parsing attributes in process `syz.3.921'.
[  315.014754][   T24] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  315.033572][ T5887] usb 2-1: USB disconnect, device number 24
[  315.068507][ T5909] usb 4-1: USB disconnect, device number 26
[  315.131183][ T9729] netlink: 64 bytes leftover after parsing attributes in process `syz.5.928'.
[  315.131690][ T6331] udevd[6331]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  315.176293][ T9729] FAULT_INJECTION: forcing a failure.
[  315.176293][ T9729] name failslab, interval 1, probability 0, space 0, times 0
[  315.194500][ T9729] CPU: 1 UID: 0 PID: 9729 Comm: syz.5.928 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  315.194524][ T9729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.194535][ T9729] Call Trace:
[  315.194541][ T9729]  <TASK>
[  315.194548][ T9729]  dump_stack_lvl+0x16c/0x1f0
[  315.194577][ T9729]  should_fail_ex+0x512/0x640
[  315.194602][ T9729]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  315.194629][ T9729]  should_failslab+0xc2/0x120
[  315.194655][ T9729]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  315.194678][ T9729]  ? __alloc_skb+0x2b2/0x380
[  315.194703][ T9729]  __alloc_skb+0x2b2/0x380
[  315.194724][ T9729]  ? __pfx___alloc_skb+0x10/0x10
[  315.194745][ T9729]  ? genl_rcv_msg+0x4bb/0x800
[  315.194771][ T9729]  netlink_ack+0x15d/0xb80
[  315.194789][ T9729]  ? __lock_acquire+0x622/0x1c90
[  315.194811][ T9729]  netlink_rcv_skb+0x332/0x420
[  315.194828][ T9729]  ? __pfx_genl_rcv_msg+0x10/0x10
[  315.194850][ T9729]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  315.194878][ T9729]  ? netlink_deliver_tap+0x1ae/0xd30
[  315.194905][ T9729]  ? is_vmalloc_addr+0x86/0xa0
[  315.194932][ T9729]  genl_rcv+0x28/0x40
[  315.194949][ T9729]  netlink_unicast+0x53a/0x7f0
[  315.194970][ T9729]  ? __pfx_netlink_unicast+0x10/0x10
[  315.194996][ T9729]  netlink_sendmsg+0x8d1/0xdd0
[  315.195017][ T9729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.195046][ T9729]  ____sys_sendmsg+0xa95/0xc70
[  315.195066][ T9729]  ? copy_msghdr_from_user+0x10a/0x160
[  315.195090][ T9729]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.195120][ T9729]  ___sys_sendmsg+0x134/0x1d0
[  315.195146][ T9729]  ? __pfx____sys_sendmsg+0x10/0x10
[  315.195174][ T9729]  ? __lock_acquire+0x622/0x1c90
[  315.195223][ T9729]  __sys_sendmsg+0x16d/0x220
[  315.195248][ T9729]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.195290][ T9729]  do_syscall_64+0xcd/0x4c0
[  315.195318][ T9729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.195336][ T9729] RIP: 0033:0x7f4863b8e929
[  315.195351][ T9729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.195368][ T9729] RSP: 002b:00007f4864a81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.195386][ T9729] RAX: ffffffffffffffda RBX: 00007f4863db5fa0 RCX: 00007f4863b8e929
[  315.195397][ T9729] RDX: 0000000000000040 RSI: 0000200000000400 RDI: 0000000000000004
[  315.195412][ T9729] RBP: 00007f4864a81090 R08: 0000000000000000 R09: 0000000000000000
[  315.195422][ T9729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.195432][ T9729] R13: 0000000000000000 R14: 00007f4863db5fa0 R15: 00007ffc4d0c9a18
[  315.195456][ T9729]  </TASK>
[  315.330938][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.927'.
[  315.334656][    C1] vkms_vblank_simulate: vblank timer overrun
[  315.475077][    C1] vkms_vblank_simulate: vblank timer overrun
[  315.481453][    C1] hrtimer: interrupt took 277660996 ns
[  315.581482][    C1] vkms_vblank_simulate: vblank timer overrun
[  317.142875][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  317.149235][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  317.200174][ T9750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.934'.
[  317.314171][   T24] usb 5-1: USB disconnect, device number 27
[  317.345602][ T9755] netlink: 'syz.1.935': attribute type 1 has an invalid length.
[  317.466698][ T9755] netlink: 20 bytes leftover after parsing attributes in process `syz.1.935'.
[  318.882797][   T30] audit: type=1400 audit(1751826030.389:442): avc:  denied  { setattr } for  pid=9756 comm="syz.3.937" name="ptype" dev="proc" ino=4026533231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  318.906555][ T9769] netlink: 56 bytes leftover after parsing attributes in process `syz.1.940'.
[  319.885239][ T5827] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  320.126463][ T5827] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  320.139062][ T5827] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  320.310749][ T5827] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  320.763597][ T5827] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  320.775602][ T5827] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  320.789929][ T5827] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  320.799309][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  320.807486][ T5827] usb 6-1: Product: syz
[  320.811668][ T5827] usb 6-1: Manufacturer: syz
[  320.820669][ T5827] cdc_wdm 6-1:1.0: skipping garbage
[  320.829140][ T5827] cdc_wdm 6-1:1.0: skipping garbage
[  320.835674][ T5827] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  320.841601][ T5827] cdc_wdm 6-1:1.0: Unknown control protocol
[  321.537984][   T43] usb 6-1: USB disconnect, device number 15
[  322.805758][ T9806] fuse: Unknown parameter '0x0000000000000003'
[  322.873853][ T5909] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  323.238558][ T5909] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  323.255656][ T5909] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  323.266330][ T5909] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  323.280086][ T5909] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  323.336205][ T5909] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  323.349509][ T5909] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  323.360313][   T30] audit: type=1400 audit(1751826034.879:443): avc:  denied  { setopt } for  pid=9811 comm="syz.1.955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  323.381760][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  323.390297][ T5909] usb 3-1: Product: syz
[  323.394843][ T5909] usb 3-1: Manufacturer: syz
[  323.412085][ T5909] cdc_wdm 3-1:1.0: skipping garbage
[  323.421462][ T5909] cdc_wdm 3-1:1.0: skipping garbage
[  323.482374][ T5909] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  323.509938][ T5909] cdc_wdm 3-1:1.0: Unknown control protocol
[  323.767327][ T9820] /dev/nullb0: Can't open blockdev
[  324.145789][ T9812] loop6: detected capacity change from 0 to 524287999
[  324.177012][ T9801] netlink: 3 bytes leftover after parsing attributes in process `syz.2.952'.
[  324.209266][ T5909] usb 3-1: USB disconnect, device number 27
[  324.354636][ T9799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.951'.
[  324.722178][ T9831] netlink: 44 bytes leftover after parsing attributes in process `syz.3.959'.
[  324.731423][ T9831] netlink: 43 bytes leftover after parsing attributes in process `syz.3.959'.
[  324.740623][ T9831] netlink: 'syz.3.959': attribute type 5 has an invalid length.
[  324.793525][ T9831] netlink: 43 bytes leftover after parsing attributes in process `syz.3.959'.
[  326.673935][ T5909] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  326.857260][ T9853] Invalid ELF header magic: != ELF
[  326.987307][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  327.029888][ T5909] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  327.120891][ T5909] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  327.266788][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.283906][ T5909] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  327.303367][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  327.312585][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  327.324496][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  327.336622][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  327.346135][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  327.356340][    T9] usb 4-1: SerialNumber: syz
[  327.361845][ T5909] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  327.372264][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  327.390489][ T5909] usb 2-1: Product: syz
[  327.396828][ T5909] usb 2-1: Manufacturer: syz
[  327.418557][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  327.424968][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  327.456165][ T5909] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  327.482505][ T5909] cdc_wdm 2-1:1.0: Unknown control protocol
[  327.579285][ T9859] loop6: detected capacity change from 0 to 524287999
[  327.686208][ T9844] netlink: 3 bytes leftover after parsing attributes in process `syz.1.963'.
[  327.704841][ T5896] usb 2-1: USB disconnect, device number 25
[  327.919285][ T9865] fuse: Unknown parameter '0x0000000000000003'
[  328.564318][ T9873] loop6: detected capacity change from 0 to 524287999
[  328.575551][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.4.973'.
[  328.715507][ T9878] netlink: 'syz.4.973': attribute type 10 has an invalid length.
[  328.731095][ T9878] bond0: (slave wlan1): Opening slave failed
[  328.954241][ T9887] netlink: 156 bytes leftover after parsing attributes in process `syz.5.975'.
[  329.163884][ T5896] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  329.174416][    T9] usb 4-1: 0:2 : does not exist
[  329.179357][    T9] usb 4-1: unit 5: unexpected type 0x0b
[  329.225077][    T9] usb 4-1: USB disconnect, device number 27
[  329.393908][ T5896] usb 5-1: Using ep0 maxpacket: 16
[  329.401584][ T5896] usb 5-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  329.431614][ T5896] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  329.445385][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.500654][ T5896] usb 5-1: Product: syz
[  329.513894][ T5896] usb 5-1: Manufacturer: syz
[  329.521793][ T5896] usb 5-1: SerialNumber: syz
[  329.674912][ T5896] usb 5-1: config 0 descriptor??
[  329.783935][   T30] audit: type=1400 audit(1751826041.299:444): avc:  denied  { name_bind } for  pid=9880 comm="syz.2.974" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  329.805746][ T9894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.977'.
[  329.838078][   T30] audit: type=1400 audit(1751826041.299:445): avc:  denied  { name_connect } for  pid=9880 comm="syz.2.974" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  329.959669][   T43] usb 5-1: USB disconnect, device number 28
[  330.308575][ T9902] netlink: 40 bytes leftover after parsing attributes in process `syz.2.980'.
[  330.486560][ T9905] netlink: 'syz.2.980': attribute type 10 has an invalid length.
[  330.587930][ T9905] bond0: (slave wlan1): Opening slave failed
[  330.907249][ T9911] JFS: discard option not supported on device
[  330.914615][ T9911] Mount JFS Failure: -22
[  330.918968][ T9911] jfs_mount failed w/return code = -22
[  330.946856][   T43] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  330.954857][   T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  331.415979][   T43] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  331.425367][   T24] usb 3-1: Using ep0 maxpacket: 16
[  331.436874][   T43] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  331.670460][   T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  331.679706][   T24] usb 3-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  331.693103][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  331.709342][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  331.721486][ T9916] JFS: discard option not supported on device
[  331.722883][   T43] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  331.727944][ T9916] Mount JFS Failure: -22
[  331.737067][   T43] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  331.741089][ T9916] jfs_mount failed w/return code = -22
[  331.781976][   T24] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  331.796576][   T43] usb 5-1: Product: syz
[  331.805012][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.813143][   T43] usb 5-1: Manufacturer: syz
[  331.830305][   T24] usb 3-1: Product: syz
[  331.838776][   T24] usb 3-1: Manufacturer: syz
[  331.851357][   T43] cdc_wdm 5-1:1.0: skipping garbage
[  331.859009][   T24] usb 3-1: SerialNumber: syz
[  331.871655][   T43] cdc_wdm 5-1:1.0: skipping garbage
[  331.886796][   T24] usb 3-1: config 0 descriptor??
[  331.896176][   T43] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  331.902861][   T43] cdc_wdm 5-1:1.0: Unknown control protocol
[  332.444000][ T5896] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  332.541053][ T5909] usb 3-1: USB disconnect, device number 28
[  332.571277][ T9907] netlink: 3 bytes leftover after parsing attributes in process `syz.4.981'.
[  332.605892][ T5896] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  332.618595][    T9] usb 5-1: USB disconnect, device number 29
[  332.642861][ T5896] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  332.668653][ T5896] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  332.680567][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  332.697983][ T5896] usb 6-1: SerialNumber: syz
[  332.802013][ T9931] JFS: discard option not supported on device
[  332.809317][ T9931] Mount JFS Failure: -22
[  332.813631][ T9931] jfs_mount failed w/return code = -22
[  333.232827][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.990'.
[  333.535728][ T9941] loop6: detected capacity change from 0 to 524287999
[  334.718712][ T9951] trusted_key: encrypted_key: insufficient parameters specified
[  335.193878][ T6169] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  335.253339][ T5896] usb 6-1: 0:2 : does not exist
[  335.262716][ T5896] usb 6-1: unit 5: unexpected type 0x0b
[  335.369073][ T6169] usb 2-1: Using ep0 maxpacket: 16
[  335.504918][ T5896] usb 6-1: USB disconnect, device number 16
[  335.520172][ T6169] usb 2-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  335.557200][ T6169] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  335.573104][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  335.581007][ T6169] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.917451][ T6169] usb 2-1: Product: syz
[  335.941915][ T6169] usb 2-1: Manufacturer: syz
[  335.962159][ T6169] usb 2-1: SerialNumber: syz
[  335.979982][ T6169] usb 2-1: config 0 descriptor??
[  336.059605][ T6169] usb 2-1: USB disconnect, device number 26
[  336.123926][   T43] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  336.134385][ T9973] netlink: 44 bytes leftover after parsing attributes in process `syz.5.999'.
[  336.182135][ T9973] netlink: 43 bytes leftover after parsing attributes in process `syz.5.999'.
[  336.217175][ T9973] netlink: 'syz.5.999': attribute type 5 has an invalid length.
[  336.240548][ T9973] netlink: 43 bytes leftover after parsing attributes in process `syz.5.999'.
[  336.518075][   T43] usb 3-1: Using ep0 maxpacket: 16
[  337.405250][   T43] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  337.415236][   T43] usb 3-1: config 1 has no interface number 0
[  337.421434][   T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  337.433569][   T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  337.444083][   T43] usb 3-1: config 1 interface 105 has no altsetting 0
[  337.597300][   T43] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  337.679419][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.705819][   T43] usb 3-1: Product: syz
[  337.710050][   T43] usb 3-1: Manufacturer: syz
[  337.715507][   T43] usb 3-1: SerialNumber: syz
[  337.807714][ T9968] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  337.821571][ T9968] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  338.368369][ T9997] fuse: Unknown parameter 'fd0x0000000000000003'
[  338.808518][   T43] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71
[  338.851010][   T43] usb 3-1: USB disconnect, device number 29
[  339.245709][   T43] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  339.566370][T10021] JFS: discard option not supported on device
[  339.574419][T10021] Mount JFS Failure: -22
[  339.579370][T10021] jfs_mount failed w/return code = -22
[  340.505079][   T43] usb 3-1: Using ep0 maxpacket: 16
[  340.538983][   T43] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  340.690189][   T43] usb 3-1: config 1 has no interface number 0
[  340.798827][   T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  340.890844][   T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  340.911988][   T43] usb 3-1: config 1 interface 105 has no altsetting 0
[  341.025057][T10028] netlink: 'syz.5.1013': attribute type 1 has an invalid length.
[  341.044320][T10028] netlink: 'syz.5.1013': attribute type 2 has an invalid length.
[  341.045322][   T43] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  341.076083][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.093864][   T43] usb 3-1: Product: syz
[  341.098238][   T43] usb 3-1: Manufacturer: syz
[  341.102875][   T43] usb 3-1: SerialNumber: syz
[  341.154038][T10028] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1013'.
[  341.239150][T10006] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  341.260036][T10006] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  341.300559][   T30] audit: type=1400 audit(1751826052.819:446): avc:  denied  { write } for  pid=10030 comm="syz.3.1015" path="socket:[23703]" dev="sockfs" ino=23703 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  341.350554][T10038] FAULT_INJECTION: forcing a failure.
[  341.350554][T10038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  341.364059][T10038] CPU: 1 UID: 0 PID: 10038 Comm: syz.4.1016 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  341.364083][T10038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  341.364093][T10038] Call Trace:
[  341.364099][T10038]  <TASK>
[  341.364105][T10038]  dump_stack_lvl+0x16c/0x1f0
[  341.364135][T10038]  should_fail_ex+0x512/0x640
[  341.364162][T10038]  _copy_from_user+0x2e/0xd0
[  341.364191][T10038]  copy_msghdr_from_user+0x98/0x160
[  341.364216][T10038]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  341.364243][T10038]  ? kfree+0x24f/0x4d0
[  341.364269][T10038]  ___sys_sendmsg+0xfe/0x1d0
[  341.364294][T10038]  ? __pfx____sys_sendmsg+0x10/0x10
[  341.364342][T10038]  ? __pfx___might_resched+0x10/0x10
[  341.364371][T10038]  __sys_sendmmsg+0x200/0x420
[  341.364397][T10038]  ? __pfx___sys_sendmmsg+0x10/0x10
[  341.364429][T10038]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  341.364466][T10038]  ? fput+0x70/0xf0
[  341.364482][T10038]  ? ksys_write+0x1ac/0x250
[  341.364505][T10038]  ? __pfx_ksys_write+0x10/0x10
[  341.364531][T10038]  __x64_sys_sendmmsg+0x9c/0x100
[  341.364555][T10038]  ? lockdep_hardirqs_on+0x7c/0x110
[  341.364583][T10038]  do_syscall_64+0xcd/0x4c0
[  341.364609][T10038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.364627][T10038] RIP: 0033:0x7f97ec38e929
[  341.364641][T10038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.364670][T10038] RSP: 002b:00007f97ed2e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  341.364687][T10038] RAX: ffffffffffffffda RBX: 00007f97ec5b5fa0 RCX: 00007f97ec38e929
[  341.364698][T10038] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003
[  341.364709][T10038] RBP: 00007f97ed2e3090 R08: 0000000000000000 R09: 0000000000000000
[  341.364720][T10038] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[  341.364730][T10038] R13: 0000000000000000 R14: 00007f97ec5b5fa0 R15: 00007ffe42b2db48
[  341.364758][T10038]  </TASK>
[  341.571233][    C1] vkms_vblank_simulate: vblank timer overrun
[  341.607135][T10049] netlink: 'syz.4.1018': attribute type 1 has an invalid length.
[  341.615314][T10049] netlink: 'syz.4.1018': attribute type 2 has an invalid length.
[  341.623037][T10049] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1018'.
[  341.632117][    T9] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  341.824669][T10006] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  341.860062][T10006] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  341.865920][T10054] fuse: Unknown parameter 'fd0x0000000000000003'
[  341.906220][    T9] usb 6-1: Using ep0 maxpacket: 16
[  342.274277][    T9] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[  342.288467][    T9] usb 6-1: config 1 has no interface number 0
[  342.297585][    T9] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  342.319247][    T9] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  342.331597][    T9] usb 6-1: config 1 interface 105 has no altsetting 0
[  342.363519][    T9] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  342.394634][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.423808][    T9] usb 6-1: Product: syz
[  342.440846][    T9] usb 6-1: Manufacturer: syz
[  342.452074][    T9] usb 6-1: SerialNumber: syz
[  342.485935][T10037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  342.500931][T10037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  342.929451][   T43] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  343.160644][T10037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  343.186561][T10037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  343.186865][   T43] aqc111 3-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, ae:88:18:92:ad:4a
[  343.217797][T10066] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1023'.
[  343.224232][   T43] usb 3-1: USB disconnect, device number 30
[  343.235172][T10066] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1023'.
[  343.254138][T10066] netlink: 'syz.4.1023': attribute type 5 has an invalid length.
[  343.256916][   T43] aqc111 3-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  343.267135][T10066] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1023'.
[  343.445453][   T43] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  343.465068][   T43] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  343.619979][   T43] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  343.662285][T10071] Illegal XDP return value 4294967294 on prog  (id 185) dev N/A, expect packet loss!
[  343.845629][T10072] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  343.866814][T10072] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  344.464631][    T9] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  344.604880][    T9] aqc111 6-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 52:7b:8d:16:71:1d
[  344.638937][    T9] usb 6-1: USB disconnect, device number 17
[  344.650278][    T9] aqc111 6-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  344.871536][    T9] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  344.891190][    T9] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  344.901024][    T9] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  345.146702][T10084] JFS: discard option not supported on device
[  345.167757][T10084] Mount JFS Failure: -22
[  345.172431][T10084] jfs_mount failed w/return code = -22
[  346.505786][    T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  346.727403][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  346.864035][   T30] audit: type=1400 audit(1751826058.319:447): avc:  denied  { create } for  pid=10107 comm="syz.3.1036" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  346.884769][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  346.903749][    T9] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  346.914394][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  346.977395][    T9] usb 3-1: SerialNumber: syz
[  347.077731][   T30] audit: type=1400 audit(1751826058.379:448): avc:  denied  { write } for  pid=10107 comm="syz.3.1036" name="file0" dev="tmpfs" ino=1124 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  347.356392][T10113] netlink: 'syz.3.1036': attribute type 10 has an invalid length.
[  347.374012][T10113] 8021q: adding VLAN 0 to HW filter on device bond0
[  347.392793][T10113] team0: Port device bond0 added
[  347.627897][T10113] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  347.674910][   T30] audit: type=1400 audit(1751826058.379:449): avc:  denied  { open } for  pid=10107 comm="syz.3.1036" path="/207/file0" dev="tmpfs" ino=1124 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  347.820734][   T30] audit: type=1400 audit(1751826058.439:450): avc:  denied  { ioctl } for  pid=10107 comm="syz.3.1036" path="/207/file0" dev="tmpfs" ino=1124 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  347.844999][    C1] vkms_vblank_simulate: vblank timer overrun
[  348.024698][   T30] audit: type=1400 audit(1751826059.539:451): avc:  denied  { unlink } for  pid=5840 comm="syz-executor" name="file0" dev="tmpfs" ino=1124 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  348.232383][T10124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1039'.
[  348.542959][   T43] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  348.911891][    T9] usb 3-1: 0:2 : does not exist
[  348.922575][    T9] usb 3-1: unit 5: unexpected type 0x0b
[  348.944366][    T9] usb 3-1: USB disconnect, device number 31
[  348.994184][   T43] usb 5-1: Using ep0 maxpacket: 16
[  349.072139][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  349.101038][   T43] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  349.132583][   T43] usb 5-1: config 1 has no interface number 0
[  349.148471][   T43] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  349.164828][   T30] audit: type=1400 audit(1751826060.689:452): avc:  denied  { setopt } for  pid=10133 comm="syz.2.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  349.184486][   T43] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  349.184534][   T43] usb 5-1: config 1 interface 105 has no altsetting 0
[  349.187849][   T43] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  349.277991][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.293860][   T43] usb 5-1: Product: syz
[  349.312482][   T43] usb 5-1: Manufacturer: syz
[  349.324211][   T43] usb 5-1: SerialNumber: syz
[  349.336301][   T30] audit: type=1400 audit(1751826060.689:453): avc:  denied  { connect } for  pid=10133 comm="syz.2.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  349.360563][T10123] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  349.388506][T10123] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  350.057290][T10123] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  350.364000][T10123] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  350.587392][T10154] fuse: Unknown parameter '01777777777777777777777ÿÿÆ'
[  351.215793][   T43] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  351.535497][   T43] aqc111 5-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 56:3a:eb:3e:b7:e3
[  351.660571][   T43] usb 5-1: USB disconnect, device number 30
[  351.726582][   T30] audit: type=1400 audit(1751826063.249:454): avc:  denied  { getopt } for  pid=10163 comm="syz.1.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  351.848176][   T43] aqc111 5-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  353.051020][   T43] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  353.085624][ T6169] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  353.109570][   T43] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  353.124529][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1055'.
[  353.244954][   T43] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  353.329604][ T6169] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  353.367640][ T6169] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  353.392035][ T6169] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  353.420516][T10185] netlink: 'syz.1.1055': attribute type 10 has an invalid length.
[  353.423420][ T6169] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  353.438587][ T6169] usb 4-1: SerialNumber: syz
[  353.469509][T10185] bond0: (slave wlan1): Opening slave failed
[  353.614829][   T43] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  353.744181][   T92] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  353.864817][   T43] usb 5-1: Using ep0 maxpacket: 32
[  354.125484][   T92] usb 2-1: Using ep0 maxpacket: 16
[  354.135624][   T43] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  354.144287][   T43] usb 5-1: config 0 has no interface number 0
[  354.151285][   T92] usb 2-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  354.161915][   T43] usb 5-1: config 0 interface 184 has no altsetting 0
[  354.171703][   T92] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  354.181446][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.190860][   T43] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  354.200143][   T92] usb 2-1: Product: syz
[  354.204729][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.213005][   T92] usb 2-1: Manufacturer: syz
[  354.217867][   T92] usb 2-1: SerialNumber: syz
[  354.222575][   T43] usb 5-1: Product: syz
[  354.227931][   T43] usb 5-1: Manufacturer: syz
[  354.233410][   T43] usb 5-1: SerialNumber: syz
[  354.239441][   T92] usb 2-1: config 0 descriptor??
[  354.250483][   T43] usb 5-1: config 0 descriptor??
[  354.262463][   T43] smsc75xx v1.0.0
[  354.488962][ T5896] usb 2-1: USB disconnect, device number 27
[  354.670013][   T43] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  354.681507][   T43] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  354.691755][   T43] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  354.702188][   T43] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -32
[  354.754567][ T5887] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  354.757010][ T6169] usb 4-1: 0:2 : does not exist
[  354.769055][ T6169] usb 4-1: unit 5: unexpected type 0x0b
[  354.791669][ T6169] usb 4-1: USB disconnect, device number 28
[  354.904040][ T5896] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  354.936076][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.949238][ T5887] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  354.958745][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.974355][ T5887] usb 3-1: config 0 descriptor??
[  355.044318][ T5896] usb 6-1: device descriptor read/64, error -71
[  355.397799][ T5896] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  355.903859][ T5896] usb 6-1: device descriptor read/64, error -71
[  356.191398][ T5896] usb usb6-port1: attempt power cycle
[  356.408013][   T43] usb 5-1: USB disconnect, device number 31
[  356.573858][ T5896] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  356.626843][ T5896] usb 6-1: device descriptor read/8, error -71
[  356.747214][T10225] JFS: discard option not supported on device
[  356.753555][T10225] Mount JFS Failure: -22
[  356.757953][T10225] jfs_mount failed w/return code = -22
[  357.066239][ T5896] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  357.116826][ T5896] usb 6-1: device descriptor read/8, error -71
[  357.186609][T10232] FAULT_INJECTION: forcing a failure.
[  357.186609][T10232] name failslab, interval 1, probability 0, space 0, times 0
[  357.217444][T10232] CPU: 0 UID: 0 PID: 10232 Comm: syz.4.1067 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  357.217472][T10232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.217483][T10232] Call Trace:
[  357.217489][T10232]  <TASK>
[  357.217496][T10232]  dump_stack_lvl+0x16c/0x1f0
[  357.217529][T10232]  should_fail_ex+0x512/0x640
[  357.217559][T10232]  should_failslab+0xc2/0x120
[  357.217585][T10232]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  357.217610][T10232]  ? skb_clone+0x190/0x3f0
[  357.217638][T10232]  skb_clone+0x190/0x3f0
[  357.217669][T10232]  netlink_deliver_tap+0xabd/0xd30
[  357.217703][T10232]  netlink_unicast+0x5df/0x7f0
[  357.217725][T10232]  ? __pfx_netlink_unicast+0x10/0x10
[  357.217751][T10232]  netlink_sendmsg+0x8d1/0xdd0
[  357.217773][T10232]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.217802][T10232]  ____sys_sendmsg+0xa95/0xc70
[  357.217821][T10232]  ? copy_msghdr_from_user+0x10a/0x160
[  357.217846][T10232]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.217877][T10232]  ___sys_sendmsg+0x134/0x1d0
[  357.217902][T10232]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.217924][T10232]  ? __lock_acquire+0x622/0x1c90
[  357.217975][T10232]  __sys_sendmsg+0x16d/0x220
[  357.218000][T10232]  ? __pfx___sys_sendmsg+0x10/0x10
[  357.218042][T10232]  do_syscall_64+0xcd/0x4c0
[  357.218069][T10232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.218087][T10232] RIP: 0033:0x7f97ec38e929
[  357.218102][T10232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.218118][T10232] RSP: 002b:00007f97ed2e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.218135][T10232] RAX: ffffffffffffffda RBX: 00007f97ec5b5fa0 RCX: 00007f97ec38e929
[  357.218147][T10232] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  357.218158][T10232] RBP: 00007f97ed2e3090 R08: 0000000000000000 R09: 0000000000000000
[  357.218169][T10232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.218179][T10232] R13: 0000000000000000 R14: 00007f97ec5b5fa0 R15: 00007ffe42b2db48
[  357.218203][T10232]  </TASK>
[  357.288754][T10234] loop6: detected capacity change from 0 to 524287999
[  357.331799][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  357.463985][ T5896] usb usb6-port1: unable to enumerate USB device
[  357.612020][ T5887] usbhid 3-1:0.0: can't add hid device: -71
[  357.621274][ T5887] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  357.670518][ T5887] usb 3-1: USB disconnect, device number 32
[  357.893226][    T9] usb 2-1: Using ep0 maxpacket: 16
[  357.913061][    T9] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  357.927092][    T9] usb 2-1: config 1 has no interface number 0
[  357.933697][    T9] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  357.987261][    T9] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  358.069376][T10248] JFS: discard option not supported on device
[  358.076588][T10248] Mount JFS Failure: -22
[  358.080960][T10248] jfs_mount failed w/return code = -22
[  358.935896][    T9] usb 2-1: config 1 interface 105 has no altsetting 0
[  358.946403][    T9] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  358.955629][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.963623][    T9] usb 2-1: Product: syz
[  358.967820][    T9] usb 2-1: Manufacturer: syz
[  358.972413][    T9] usb 2-1: SerialNumber: syz
[  358.980780][T10230] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  358.988195][T10230] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  359.153398][T10251] netlink: 'syz.5.1073': attribute type 1 has an invalid length.
[  359.215545][T10251] netlink: 'syz.5.1073': attribute type 2 has an invalid length.
[  359.394064][   T92] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  359.561551][T10230] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  359.584233][T10230] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  359.686908][T10258] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1076'.
[  359.696689][T10258] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1076'.
[  359.710815][T10258] netlink: 'syz.3.1076': attribute type 5 has an invalid length.
[  359.719040][T10258] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1076'.
[  359.729213][   T92] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  359.749676][   T92] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  359.764883][   T92] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  359.788746][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  359.792790][    T9] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 5
[  359.808167][   T92] usb 3-1: SerialNumber: syz
[  359.829792][    T9] aqc111 2-1:1.105: probe with driver aqc111 failed with error -61
[  359.913903][ T6169] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  359.991946][T10260] openvswitch: netlink: Key 6 has unexpected len 8 expected 2
[  360.429267][   T30] audit: type=1400 audit(1751826071.949:455): avc:  denied  { kexec_image_load } for  pid=10262 comm="syz.4.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  360.466210][ T6169] usb 6-1: Using ep0 maxpacket: 32
[  360.473499][ T6169] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  360.482033][ T6169] usb 6-1: config 0 has no interface number 0
[  360.488256][ T6169] usb 6-1: config 0 interface 184 has no altsetting 0
[  360.497219][ T6169] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  360.507514][ T6169] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.515871][ T6169] usb 6-1: Product: syz
[  360.520306][ T6169] usb 6-1: Manufacturer: syz
[  360.525087][ T6169] usb 6-1: SerialNumber: syz
[  360.533009][ T6169] usb 6-1: config 0 descriptor??
[  360.541200][ T6169] smsc75xx v1.0.0
[  360.944244][ T6169] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  360.965273][ T6169] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  360.978780][ T6169] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  360.992092][ T6169] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -32
[  361.064910][    T9] usb 2-1: USB disconnect, device number 28
[  361.575225][   T92] usb 3-1: 0:2 : does not exist
[  361.580224][   T92] usb 3-1: unit 5: unexpected type 0x0b
[  361.588179][   T30] audit: type=1400 audit(1751826073.109:456): avc:  denied  { setopt } for  pid=10284 comm="syz.2.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  361.621215][   T92] usb 3-1: USB disconnect, device number 33
[  361.668614][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  361.782526][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1080'.
[  361.924568][T10292] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  362.012740][T10292] Error validating options; rc = [-22]
[  362.057431][   T30] audit: type=1400 audit(1751826073.579:457): avc:  denied  { bind } for  pid=10277 comm="syz.3.1081" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  362.225469][   T30] audit: type=1400 audit(1751826073.709:458): avc:  denied  { unmount } for  pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  362.395323][T10301] netlink: 'syz.1.1086': attribute type 1 has an invalid length.
[  362.403348][T10301] netlink: 'syz.1.1086': attribute type 2 has an invalid length.
[  362.480187][T10299] block device autoloading is deprecated and will be removed.
[  362.663983][T10200] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  362.717264][    T9] usb 6-1: USB disconnect, device number 22
[  362.823824][   T30] audit: type=1400 audit(1751826074.339:459): avc:  denied  { accept } for  pid=10308 comm="syz.5.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  362.874817][T10200] usb 5-1: Using ep0 maxpacket: 32
[  362.887657][T10200] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  362.913624][T10200] usb 5-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  362.929773][T10200] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.939704][T10200] usb 5-1: Product: syz
[  362.944058][T10200] usb 5-1: Manufacturer: syz
[  362.948790][T10200] usb 5-1: SerialNumber: syz
[  363.653492][T10302] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  363.680264][T10299] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  363.874537][T10200] usb 5-1: selecting invalid altsetting 1
[  363.894212][T10200] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  363.894303][T10200] dvb_usb_lmedm04 5-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  363.910256][   T30] audit: type=1400 audit(1751826075.419:460): avc:  denied  { write } for  pid=10323 comm="syz.5.1093" name="usbmon6" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  363.917351][T10200] usb 5-1: USB disconnect, device number 32
[  364.284307][ T6169] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  364.299117][T10347] netlink: 'syz.3.1095': attribute type 29 has an invalid length.
[  364.310027][T10347] netlink: 'syz.3.1095': attribute type 29 has an invalid length.
[  364.320472][T10347] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1095'.
[  364.331855][T10347] unsupported nla_type 58
[  364.401216][   T30] audit: type=1400 audit(1751826075.919:461): avc:  denied  { append } for  pid=10346 comm="syz.3.1095" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  364.424028][    C1] vkms_vblank_simulate: vblank timer overrun
[  364.496292][   T30] audit: type=1400 audit(1751826076.009:462): avc:  denied  { recv } for  pid=10346 comm="syz.3.1095" saddr=10.128.0.169 src=47218 daddr=10.128.1.98 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  364.497062][T10348] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  364.557729][ T6169] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  364.569063][ T6169] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 111, setting to 64
[  364.587238][ T6169] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00
[  364.608991][ T6169] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.656340][ T6169] usb 3-1: config 0 descriptor??
[  364.667794][T10336] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  364.733854][ T6169] rc_core: IR keymap rc-xbox-dvd not found
[  364.743165][ T6169] Registered IR keymap rc-empty
[  364.778688][ T6169] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  364.820552][ T6169] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input14
[  364.889175][T10330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.898095][T10330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.913254][ T5887] usb 3-1: USB disconnect, device number 34
[  364.913326][    C1] xbox_remote 3-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  365.003313][T10350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1096'.
[  365.014960][T10354] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10354 comm=syz.4.1097
[  365.142269][T10358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1098'.
[  365.518031][T10366] JFS: discard option not supported on device
[  365.525655][T10366] Mount JFS Failure: -22
[  365.529958][T10366] jfs_mount failed w/return code = -22
[  365.970850][T10371] loop6: detected capacity change from 0 to 524287999
[  365.993845][    T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  366.204058][    T9] usb 4-1: Using ep0 maxpacket: 32
[  366.246235][    T9] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  366.281525][    T9] usb 4-1: config 0 has no interface number 0
[  366.284876][T10375] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1103'.
[  366.294254][    T9] usb 4-1: config 0 interface 184 has no altsetting 0
[  366.511423][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  366.521789][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.529844][T10375] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1103'.
[  366.539971][T10375] netlink: 'syz.4.1103': attribute type 5 has an invalid length.
[  366.547944][    T9] usb 4-1: Product: syz
[  366.667279][T10375] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1103'.
[  366.676833][    T9] usb 4-1: Manufacturer: syz
[  366.682193][    T9] usb 4-1: SerialNumber: syz
[  366.692783][    T9] usb 4-1: config 0 descriptor??
[  366.709444][    T9] smsc75xx v1.0.0
[  366.881107][T10382] netlink: 4788 bytes leftover after parsing attributes in process `syz.4.1105'.
[  367.156899][    T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  367.176355][    T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  367.194269][    T9] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  367.205917][    T9] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  367.249056][   T30] audit: type=1800 audit(1751826078.769:463): pid=10390 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1107" name="bus" dev="overlay" ino=1185 res=0 errno=0
[  367.680119][T10396] FAULT_INJECTION: forcing a failure.
[  367.680119][T10396] name failslab, interval 1, probability 0, space 0, times 0
[  367.719421][T10396] CPU: 0 UID: 0 PID: 10396 Comm: syz.5.1111 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  367.719446][T10396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  367.719456][T10396] Call Trace:
[  367.719462][T10396]  <TASK>
[  367.719469][T10396]  dump_stack_lvl+0x16c/0x1f0
[  367.719499][T10396]  should_fail_ex+0x512/0x640
[  367.719520][T10396]  ? __kmalloc_noprof+0xbf/0x510
[  367.719545][T10396]  ? video_usercopy+0x1a0/0x1720
[  367.719565][T10396]  should_failslab+0xc2/0x120
[  367.719591][T10396]  __kmalloc_noprof+0xd2/0x510
[  367.719612][T10396]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  367.719634][T10396]  video_usercopy+0x1a0/0x1720
[  367.719654][T10396]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  367.719681][T10396]  ? __pfx___video_do_ioctl+0x10/0x10
[  367.719703][T10396]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  367.719729][T10396]  ? __pfx_video_usercopy+0x10/0x10
[  367.719769][T10396]  v4l2_ioctl+0x1ba/0x250
[  367.719788][T10396]  ? __pfx_v4l2_ioctl+0x10/0x10
[  367.719810][T10396]  __x64_sys_ioctl+0x18e/0x210
[  367.719829][T10396]  do_syscall_64+0xcd/0x4c0
[  367.719855][T10396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.719872][T10396] RIP: 0033:0x7f4863b8e929
[  367.719887][T10396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.719903][T10396] RSP: 002b:00007f4864a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  367.719919][T10396] RAX: ffffffffffffffda RBX: 00007f4863db5fa0 RCX: 00007f4863b8e929
[  367.719930][T10396] RDX: 00002000000000c0 RSI: 00000000c0e85667 RDI: 0000000000000003
[  367.719940][T10396] RBP: 00007f4864a81090 R08: 0000000000000000 R09: 0000000000000000
[  367.719949][T10396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.719960][T10396] R13: 0000000000000000 R14: 00007f4863db5fa0 R15: 00007ffc4d0c9a18
[  367.719981][T10396]  </TASK>
[  368.210924][T10397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1110'.
[  368.533868][    T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  368.660846][ T5962] usb 4-1: USB disconnect, device number 29
[  368.740940][   T30] audit: type=1400 audit(1751826080.259:464): avc:  denied  { accept } for  pid=10424 comm="syz.3.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  368.797462][T10429] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10429 comm=syz.3.1123
[  368.817761][    T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  368.826831][    T9] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  368.843568][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  368.853069][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  368.864581][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  368.877202][    T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  368.886348][    T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  368.932545][    T9] usb 5-1: Product: syz
[  368.937092][    T9] usb 5-1: Manufacturer: syz
[  369.295325][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  369.300849][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  369.311171][    T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  369.317428][    T9] cdc_wdm 5-1:1.0: Unknown control protocol
[  369.711951][T10441] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1115'.
[  370.035021][ T5909] usb 5-1: USB disconnect, device number 33
[  370.156394][T10447] netlink: 'syz.1.1127': attribute type 10 has an invalid length.
[  370.180488][T10447] bond0: (slave wlan1): Opening slave failed
[  370.473608][T10451] JFS: discard option not supported on device
[  370.480124][T10451] Mount JFS Failure: -22
[  370.484525][T10451] jfs_mount failed w/return code = -22
[  370.797012][T10200] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  370.995373][T10461] block nbd2: shutting down sockets
[  370.995425][T10200] usb 2-1: Using ep0 maxpacket: 16
[  371.060220][T10456] 9pnet_fd: Insufficient options for proto=fd
[  371.066265][T10200] usb 2-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  371.171913][T10456] sp0: Synchronizing with TNC
[  371.237828][T10200] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  371.273865][T10200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.295297][T10200] usb 2-1: Product: syz
[  371.299569][T10200] usb 2-1: Manufacturer: syz
[  371.383146][T10455] [U] è
[  371.391499][T10200] usb 2-1: SerialNumber: syz
[  371.408920][T10200] usb 2-1: config 0 descriptor??
[  371.822561][   T92] usb 2-1: USB disconnect, device number 29
[  372.243077][T10200] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  372.652310][T10473] JFS: discard option not supported on device
[  372.658641][T10473] Mount JFS Failure: -22
[  372.662888][T10473] jfs_mount failed w/return code = -22
[  372.943814][T10200] usb 3-1: Using ep0 maxpacket: 32
[  373.514677][T10484] /dev/nullb0: Can't open blockdev
[  373.624299][T10200] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  373.632588][T10200] usb 3-1: config 0 has no interface number 0
[  373.696715][T10200] usb 3-1: config 0 interface 184 has no altsetting 0
[  373.745933][T10200] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  373.765138][T10200] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.783898][T10200] usb 3-1: Product: syz
[  373.788116][T10200] usb 3-1: Manufacturer: syz
[  373.792712][T10200] usb 3-1: SerialNumber: syz
[  373.851716][T10200] usb 3-1: config 0 descriptor??
[  373.868369][T10200] smsc75xx v1.0.0
[  374.270649][T10200] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  374.326255][T10200] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  374.369336][T10200] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  374.383708][T10501] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  374.393397][   T30] audit: type=1804 audit(1751826085.899:465): pid=10501 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1145" name="/newroot/238/file0" dev="tmpfs" ino=1273 res=1 errno=0
[  374.441262][T10501] ref_ctr increment failed for inode: 0x4f9 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888076bbeb80
[  374.454265][T10200] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  374.538668][T10497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1143'.
[  374.557065][T10501] 8021q: adding VLAN 0 to HW filter on device bond2
[  374.681215][T10507] FAULT_INJECTION: forcing a failure.
[  374.681215][T10507] name failslab, interval 1, probability 0, space 0, times 0
[  374.694057][T10507] CPU: 1 UID: 0 PID: 10507 Comm: syz.1.1146 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  374.694081][T10507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  374.694090][T10507] Call Trace:
[  374.694096][T10507]  <TASK>
[  374.694102][T10507]  dump_stack_lvl+0x16c/0x1f0
[  374.694138][T10507]  should_fail_ex+0x512/0x640
[  374.694161][T10507]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  374.694187][T10507]  should_failslab+0xc2/0x120
[  374.694214][T10507]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  374.694237][T10507]  ? alloc_empty_file+0x55/0x1e0
[  374.694258][T10507]  alloc_empty_file+0x55/0x1e0
[  374.694275][T10507]  path_openat+0xda/0x2cb0
[  374.694296][T10507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.694320][T10507]  ? __pfx_path_openat+0x10/0x10
[  374.694343][T10507]  ? __lock_acquire+0xb8a/0x1c90
[  374.694362][T10507]  do_filp_open+0x20b/0x470
[  374.694389][T10507]  ? __pfx_do_filp_open+0x10/0x10
[  374.694429][T10507]  ? alloc_fd+0x471/0x7d0
[  374.694460][T10507]  do_sys_openat2+0x11b/0x1d0
[  374.694477][T10507]  ? __pfx_do_sys_openat2+0x10/0x10
[  374.694496][T10507]  ? __fget_files+0x20e/0x3c0
[  374.694523][T10507]  __x64_sys_openat+0x174/0x210
[  374.694541][T10507]  ? __pfx___x64_sys_openat+0x10/0x10
[  374.694557][T10507]  ? ksys_write+0x1ac/0x250
[  374.694589][T10507]  do_syscall_64+0xcd/0x4c0
[  374.694615][T10507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.694632][T10507] RIP: 0033:0x7fa507d8e929
[  374.694646][T10507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.694662][T10507] RSP: 002b:00007fa508ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  374.694678][T10507] RAX: ffffffffffffffda RBX: 00007fa507fb5fa0 RCX: 00007fa507d8e929
[  374.694690][T10507] RDX: 0000000000080042 RSI: 0000200000000040 RDI: 0000000000000004
[  374.694701][T10507] RBP: 00007fa508ba1090 R08: 0000000000000000 R09: 0000000000000000
[  374.694711][T10507] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  374.694721][T10507] R13: 0000000000000000 R14: 00007fa507fb5fa0 R15: 00007ffc68297b48
[  374.694745][T10507]  </TASK>
[  374.906734][    C1] vkms_vblank_simulate: vblank timer overrun
[  374.919426][T10514] netlink: 'syz.5.1147': attribute type 10 has an invalid length.
[  374.939173][T10514] bond0: (slave wlan1): Opening slave failed
[  375.314662][ T5962] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  375.354277][    T9] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  375.479569][T10526] JFS: discard option not supported on device
[  375.486111][T10526] Mount JFS Failure: -22
[  375.490400][T10526] jfs_mount failed w/return code = -22
[  375.497250][ T5962] usb 5-1: Using ep0 maxpacket: 16
[  375.504473][    T9] usb 6-1: Using ep0 maxpacket: 16
[  375.511352][ T5962] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  375.512892][    T9] usb 6-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  375.531936][ T5962] usb 5-1: config 1 has no interface number 0
[  375.535353][    T9] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  375.540237][T10200] usb 3-1: USB disconnect, device number 35
[  375.555280][ T5962] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  375.559137][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.573327][ T5962] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  375.573361][ T5962] usb 5-1: config 1 interface 105 has no altsetting 0
[  375.591163][    T9] usb 6-1: Product: syz
[  375.599541][    T9] usb 6-1: Manufacturer: syz
[  375.599683][ T5962] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  375.616280][    T9] usb 6-1: SerialNumber: syz
[  375.620173][ T5962] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.630184][ T5962] usb 5-1: Product: syz
[  375.631171][    T9] usb 6-1: config 0 descriptor??
[  375.637780][ T5962] usb 5-1: Manufacturer: syz
[  375.660097][ T5962] usb 5-1: SerialNumber: syz
[  375.675991][T10520] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  375.683400][T10520] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  375.801468][T10534] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1154'.
[  375.857074][    T9] usb 6-1: USB disconnect, device number 23
[  376.109584][T10520] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  376.118012][T10200] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  376.124979][T10520] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  376.294700][T10200] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  376.304823][T10200] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  376.323696][T10200] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  376.351017][T10200] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  376.411114][T10200] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  376.500968][ T5962] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 5
[  376.520994][ T5962] aqc111 5-1:1.105: probe with driver aqc111 failed with error -61
[  376.530627][T10200] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  376.549732][T10200] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  376.564958][T10200] usb 3-1: Product: syz
[  376.569859][T10200] usb 3-1: Manufacturer: syz
[  376.595064][T10200] cdc_wdm 3-1:1.0: skipping garbage
[  376.602093][T10200] cdc_wdm 3-1:1.0: skipping garbage
[  376.609916][T10200] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  376.618166][T10200] cdc_wdm 3-1:1.0: Unknown control protocol
[  376.865077][T10544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1157'.
[  376.882457][T10551] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1155'.
[  376.906126][    T9] usb 3-1: USB disconnect, device number 36
[  377.304471][ T5909] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  377.467501][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.495069][ T5909] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  377.521382][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.533701][ T5909] usb 2-1: config 0 descriptor??
[  378.127074][ T5909] usbhid 2-1:0.0: can't add hid device: -71
[  378.164984][ T5909] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  378.179164][    T9] usb 5-1: USB disconnect, device number 34
[  378.187157][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.187277][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  378.212197][ T5909] usb 2-1: USB disconnect, device number 30
[  378.214850][ T5962] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  378.316517][   T30] audit: type=1400 audit(1751826089.839:466): avc:  denied  { bind } for  pid=10571 comm="syz.5.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  378.463974][ T5962] usb 3-1: Using ep0 maxpacket: 32
[  378.470416][ T5962] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  378.478838][ T5962] usb 3-1: config 0 has no interface number 0
[  378.487471][ T5962] usb 3-1: config 0 interface 184 has no altsetting 0
[  378.504918][ T5962] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  378.515220][ T5962] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.523302][ T5962] usb 3-1: Product: syz
[  378.523320][ T5962] usb 3-1: Manufacturer: syz
[  378.523334][ T5962] usb 3-1: SerialNumber: syz
[  378.566594][ T5962] usb 3-1: config 0 descriptor??
[  378.659817][   T43] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  378.671540][ T5962] smsc75xx v1.0.0
[  378.787127][T10579] JFS: discard option not supported on device
[  378.794849][T10579] Mount JFS Failure: -22
[  378.799169][T10579] jfs_mount failed w/return code = -22
[  379.248366][T10584] netlink: 'syz.1.1168': attribute type 10 has an invalid length.
[  379.257056][   T43] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  379.262527][T10584] bond0: (slave wlan1): Opening slave failed
[  379.272797][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.348673][ T5962] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  379.363911][ T5962] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  379.373689][ T5962] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  379.384027][   T43] usb 6-1: Product: syz
[  379.388259][   T43] usb 6-1: Manufacturer: syz
[  379.392909][   T43] usb 6-1: SerialNumber: syz
[  379.477480][ T5962] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  379.642786][   T43] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  379.669937][   T30] audit: type=1326 audit(1751826091.189:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10586 comm="syz.3.1169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f63fc18e929 code=0x0
[  379.693393][   T30] audit: type=1400 audit(1751826091.189:468): avc:  denied  { firmware_load } for  pid=6169 comm="kworker/1:6" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  379.695454][    T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  379.719504][    C1] vkms_vblank_simulate: vblank timer overrun
[  379.744912][ T6169] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  380.014036][    T9] usb 2-1: Using ep0 maxpacket: 16
[  380.022378][    T9] usb 2-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  380.797093][    T9] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  380.808164][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.823926][ T6169] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  380.844178][    T9] usb 2-1: Product: syz
[  380.850297][    T9] usb 2-1: Manufacturer: syz
[  380.854143][ T6169] ath9k_htc: Failed to initialize the device
[  380.904556][    T9] usb 2-1: SerialNumber: syz
[  381.055676][ T6169] usb 6-1: ath9k_htc: USB layer deinitialized
[  381.056360][    T9] usb 2-1: config 0 descriptor??
[  381.077254][ T5909] usb 6-1: USB disconnect, device number 24
[  381.087915][ T5887] usb 3-1: USB disconnect, device number 37
[  381.404930][    T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  381.469878][ T5909] usb 2-1: USB disconnect, device number 31
[  381.604057][    T9] usb 4-1: Using ep0 maxpacket: 8
[  381.612377][    T9] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  381.621762][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.630472][    T9] usb 4-1: Product: syz
[  381.634966][    T9] usb 4-1: Manufacturer: syz
[  381.639657][    T9] usb 4-1: SerialNumber: syz
[  381.648559][    T9] usb 4-1: config 0 descriptor??
[  381.882050][    T9] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  382.454823][T10629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1179'.
[  382.470870][T10629] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1179'.
[  382.485671][T10629] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1179'.
[  382.784034][    T9] gspca_sunplus: reg_w_riv err -110
[  382.789335][    T9] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  382.799013][   T30] audit: type=1400 audit(1751826093.879:469): avc:  denied  { ioctl } for  pid=10622 comm="syz.4.1179" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  382.825184][    C1] vkms_vblank_simulate: vblank timer overrun
[  382.900387][T10630] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1180'.
[  382.909727][T10630] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1180'.
[  382.918903][T10630] netlink: 'syz.2.1180': attribute type 6 has an invalid length.
[  383.203907][T10633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.215915][T10633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.240669][T10633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.254485][T10633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.335555][T10633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.355551][T10633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.113842][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  384.137261][T10641] loop6: detected capacity change from 0 to 524287999
[  384.333900][    T9] usb 2-1: Using ep0 maxpacket: 32
[  384.343335][    T9] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  384.459125][    T9] usb 2-1: config 0 has no interface number 0
[  384.614322][    T9] usb 2-1: config 0 interface 184 has no altsetting 0
[  384.764726][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  384.808519][ T5909] usb 4-1: USB disconnect, device number 30
[  384.826067][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.902126][    T9] usb 2-1: Product: syz
[  385.034710][   T43] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  385.162127][    T9] usb 2-1: Manufacturer: syz
[  385.167912][    T9] usb 2-1: SerialNumber: syz
[  385.185086][    T9] usb 2-1: config 0 descriptor??
[  385.194344][    T9] smsc75xx v1.0.0
[  385.209645][T10657] team0: Port device bond0 removed
[  385.217386][T10657] netlink: 'syz.3.1188': attribute type 10 has an invalid length.
[  385.233470][T10657] bond0: (slave wlan1): Opening slave failed
[  385.275930][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.288286][   T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.301670][   T43] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  385.312800][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  385.321020][   T43] usb 3-1: SerialNumber: syz
[  385.473884][T10200] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  385.681845][    T9] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  385.707245][    T9] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  385.731088][    T9] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  385.753969][T10200] usb 4-1: Using ep0 maxpacket: 16
[  385.758130][    T9] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -61
[  385.776675][T10200] usb 4-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  385.805868][T10200] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  385.826099][T10200] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.840794][T10200] usb 4-1: Product: syz
[  385.845167][T10200] usb 4-1: Manufacturer: syz
[  385.849912][T10200] usb 4-1: SerialNumber: syz
[  385.863513][T10200] usb 4-1: config 0 descriptor??
[  386.157301][T10200] usb 4-1: USB disconnect, device number 31
[  386.853538][   T43] usb 3-1: 0:2 : does not exist
[  386.999712][T10677] No such timeout policy "syz0"
[  387.073559][   T43] usb 3-1: unit 5: unexpected type 0x0b
[  387.110983][T10200] usb 2-1: USB disconnect, device number 32
[  387.286869][   T43] usb 3-1: USB disconnect, device number 38
[  387.447535][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  388.644066][   T30] audit: type=1400 audit(1751826100.159:470): avc:  denied  { connect } for  pid=10704 comm="syz.2.1200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  388.690067][T10694] xt_CT: No such helper "syz1"
[  388.713650][   T30] audit: type=1400 audit(1751826100.189:471): avc:  denied  { shutdown } for  pid=10704 comm="syz.2.1200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  388.774505][   T30] audit: type=1400 audit(1751826100.209:472): avc:  denied  { getopt } for  pid=10693 comm="syz.4.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  389.269988][T10697] infiniband syz0: set down
[  389.291562][T10697] infiniband syz0: added ipvlan1
[  389.310172][T10697] syz0: rxe_create_cq: returned err = -12
[  389.765741][T10697] infiniband syz0: Couldn't create ib_mad CQ
[  389.781638][T10697] infiniband syz0: Couldn't open port 1
[  389.812789][T10697] RDS/IB: syz0: added
[  389.820758][T10697] smc: adding ib device syz0 with port count 1
[  389.828041][T10697] smc:    ib device syz0 port 1 has pnetid 
[  389.840363][T10716] netlink: 'syz.3.1203': attribute type 10 has an invalid length.
[  389.868683][T10716] bond0: (slave wlan1): Opening slave failed
[  390.133966][ T5887] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  390.203938][    T9] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  390.298974][ T5887] usb 4-1: Using ep0 maxpacket: 16
[  390.334621][ T5887] usb 4-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  390.372964][    T9] usb 3-1: Using ep0 maxpacket: 16
[  390.454132][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  390.628067][ T5887] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  390.641375][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.649490][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  390.659641][ T5887] usb 4-1: Product: syz
[  390.663898][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.673715][ T5887] usb 4-1: Manufacturer: syz
[  390.678743][ T5887] usb 4-1: SerialNumber: syz
[  390.683491][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[  390.697520][ T5887] usb 4-1: config 0 descriptor??
[  390.704821][    T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  390.725355][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.733700][    T9] usb 3-1: Product: syz
[  390.747361][    T9] usb 3-1: Manufacturer: syz
[  390.757160][    T9] usb 3-1: SerialNumber: syz
[  390.768646][    T9] usb 3-1: config 0 descriptor??
[  390.792313][    T9] mcba_usb 3-1:0.0 can0: couldn't setup read URBs
[  390.806134][    T9] mcba_usb 3-1:0.0 can0: couldn't start device: -90
[  390.875883][    T9] mcba_usb 3-1:0.0: probe with driver mcba_usb failed with error -90
[  390.920889][T10200] usb 4-1: USB disconnect, device number 32
[  391.396957][T10200] usb 3-1: USB disconnect, device number 39
[  392.838655][T10200] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  392.854045][    T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  392.907828][T10759] ubi: mtd0 is already attached to ubi31
[  392.922173][T10759] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  393.154219][    T9] usb 5-1: Using ep0 maxpacket: 16
[  393.160961][    T9] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.172097][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  393.179635][    T9] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  393.188900][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.262113][    T9] usb 5-1: config 0 descriptor??
[  393.606132][T10200] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  393.623604][T10200] usb 2-1: config 0 has no interface number 0
[  393.701253][T10766] FAULT_INJECTION: forcing a failure.
[  393.701253][T10766] name failslab, interval 1, probability 0, space 0, times 0
[  393.717859][T10200] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  393.731932][T10200] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  393.739288][T10766] CPU: 0 UID: 0 PID: 10766 Comm: syz.2.1216 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  393.739315][T10766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  393.739324][T10766] Call Trace:
[  393.739330][T10766]  <TASK>
[  393.739335][T10766]  dump_stack_lvl+0x16c/0x1f0
[  393.739362][T10766]  should_fail_ex+0x512/0x640
[  393.739383][T10766]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  393.739407][T10766]  should_failslab+0xc2/0x120
[  393.739430][T10766]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  393.739451][T10766]  ? __alloc_skb+0x2b2/0x380
[  393.739475][T10766]  __alloc_skb+0x2b2/0x380
[  393.739494][T10766]  ? __pfx___alloc_skb+0x10/0x10
[  393.739516][T10766]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  393.739537][T10766]  netlink_alloc_large_skb+0x69/0x130
[  393.739554][T10766]  netlink_sendmsg+0x6a1/0xdd0
[  393.739574][T10766]  ? __pfx_netlink_sendmsg+0x10/0x10
[  393.739597][T10766]  ____sys_sendmsg+0xa95/0xc70
[  393.739614][T10766]  ? copy_msghdr_from_user+0x10a/0x160
[  393.739634][T10766]  ? __pfx_____sys_sendmsg+0x10/0x10
[  393.739660][T10766]  ___sys_sendmsg+0x134/0x1d0
[  393.739682][T10766]  ? __pfx____sys_sendmsg+0x10/0x10
[  393.739701][T10766]  ? __lock_acquire+0x622/0x1c90
[  393.739741][T10766]  __sys_sendmsg+0x16d/0x220
[  393.739762][T10766]  ? __pfx___sys_sendmsg+0x10/0x10
[  393.739806][T10766]  do_syscall_64+0xcd/0x4c0
[  393.739830][T10766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.739845][T10766] RIP: 0033:0x7f48d4b8e929
[  393.739859][T10766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.739874][T10766] RSP: 002b:00007f48d5a0c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  393.739889][T10766] RAX: ffffffffffffffda RBX: 00007f48d4db5fa0 RCX: 00007f48d4b8e929
[  393.739899][T10766] RDX: 0000000000000000 RSI: 0000200000000c40 RDI: 0000000000000004
[  393.739908][T10766] RBP: 00007f48d5a0c090 R08: 0000000000000000 R09: 0000000000000000
[  393.739917][T10766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.739926][T10766] R13: 0000000000000000 R14: 00007f48d4db5fa0 R15: 00007fffa297e7f8
[  393.739947][T10766]  </TASK>
[  393.822525][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  393.829417][T10200] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.848226][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  393.856567][    T9] usb 5-1: USB disconnect, device number 35
[  393.989958][T10200] usb 2-1: config 0 descriptor??
[  394.259816][T10200] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  394.790128][T10786] netlink: 'syz.4.1220': attribute type 10 has an invalid length.
[  394.798766][T10786] bond0: (slave wlan1): Opening slave failed
[  394.809737][T10779] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65048 sclass=netlink_route_socket pid=10779 comm=syz.3.1219
[  395.020709][ T5962] usb 2-1: USB disconnect, device number 33
[  395.074068][    T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  395.083858][T10200] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  395.233839][    T9] usb 5-1: Using ep0 maxpacket: 16
[  395.241675][    T9] usb 5-1: config 0 has an invalid descriptor of length 15, skipping remainder of the config
[  395.349981][T10802] affs: No valid root block on device nullb0
[  395.664346][T10200] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  395.669637][    T9] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  395.711248][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.711491][T10200] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  395.719384][    T9] usb 5-1: Product: syz
[  395.738167][T10200] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  395.752270][T10200] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  395.760485][    T9] usb 5-1: Manufacturer: syz
[  395.772208][    T9] usb 5-1: SerialNumber: syz
[  395.773659][T10200] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  395.794988][T10200] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  395.798063][    T9] usb 5-1: config 0 descriptor??
[  395.922478][T10200] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  395.933993][T10200] usb 3-1: Product: syz
[  395.938212][T10200] usb 3-1: Manufacturer: syz
[  396.030803][T10200] cdc_wdm 3-1:1.0: skipping garbage
[  396.053688][T10200] cdc_wdm 3-1:1.0: skipping garbage
[  396.151411][T10200] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  396.157474][ T6169] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  396.174063][T10200] cdc_wdm 3-1:1.0: Unknown control protocol
[  396.251482][T10200] usb 5-1: USB disconnect, device number 36
[  396.273066][T10810] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=10810 comm=syz.3.1227
[  396.633912][ T6169] usb 2-1: Using ep0 maxpacket: 16
[  396.645484][ T6169] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  396.653717][ T6169] usb 2-1: config 1 has no interface number 0
[  396.670834][ T6169] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  396.707534][ T6169] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  396.707966][T10817] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1221'.
[  396.717839][ T6169] usb 2-1: config 1 interface 105 has no altsetting 0
[  396.738715][ T6169] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  396.797551][ T6169] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.821703][ T6169] usb 2-1: Product: syz
[  396.831943][ T6169] usb 2-1: Manufacturer: syz
[  396.846863][ T6169] usb 2-1: SerialNumber: syz
[  396.853577][T10200] usb 3-1: USB disconnect, device number 40
[  396.872613][T10804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  396.893392][T10804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  396.936984][T10816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1228'.
[  397.566319][T10804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  397.574476][T10804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  397.748140][T10832] mac80211_hwsim hwsim9 syzkaller0: Caught tx_queue_len zero misconfig
[  398.872227][T10858] cgroup: Need name or subsystem set
[  398.879563][T10858] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1237'.
[  399.018680][T10852] Mount JFS Failure: -22
[  399.023018][T10852] jfs_mount failed w/return code = -22
[  399.031803][   T30] audit: type=1400 audit(1751826110.383:473): avc:  denied  { mounton } for  pid=10850 comm="syz.4.1237" path="/" dev="ramfs" ino=27111 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  399.053305][    C0] vkms_vblank_simulate: vblank timer overrun
[  399.231990][ T6169] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  399.264156][ T6169] aqc111 2-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, ea:5f:77:8b:70:a3
[  399.382049][ T6169] usb 2-1: USB disconnect, device number 34
[  399.389629][ T6169] aqc111 2-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  399.696781][ T6169] aqc111 2-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  399.708097][ T6169] aqc111 2-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  399.717852][ T6169] aqc111 2-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  399.960007][ T5962] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  400.376733][ T5962] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.402826][ T5962] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  400.433983][ T5962] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.447454][ T5962] usb 3-1: config 0 descriptor??
[  400.533847][ T6169] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  400.879272][T10887] rdma_rxe: rxe_newlink: failed to add lo
[  400.963918][ T6169] usb 2-1: Using ep0 maxpacket: 16
[  400.973100][ T6169] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.985172][ T6169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  400.997802][ T6169] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  401.190904][T10890] JFS: discard option not supported on device
[  401.202327][T10890] Mount JFS Failure: -22
[  401.206683][T10890] jfs_mount failed w/return code = -22
[  401.476300][ T6169] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  401.497481][ T6169] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  401.533989][ T5962] usbhid 3-1:0.0: can't add hid device: -71
[  401.540053][ T5962] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  401.552690][ T6169] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  401.562242][ T6169] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  401.582924][ T6169] usb 2-1: Manufacturer: syz
[  401.587699][   T30] audit: type=1400 audit(1751826113.093:474): avc:  denied  { create } for  pid=10892 comm="syz.4.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  401.631390][ T5962] usb 3-1: USB disconnect, device number 41
[  401.638403][ T6169] usb 2-1: config 0 descriptor??
[  401.967406][ T5944] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  402.033697][T10901] JFS: discard option not supported on device
[  402.041015][T10901] Mount JFS Failure: -22
[  402.045477][T10901] jfs_mount failed w/return code = -22
[  402.158563][ T5944] usb 5-1: Using ep0 maxpacket: 16
[  402.192094][ T5944] usb 5-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.244177][ T5944] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96
[  402.295979][ T6169] rc_core: IR keymap rc-hauppauge not found
[  402.309432][ T5944] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8
[  402.329799][ T6169] Registered IR keymap rc-empty
[  402.354044][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.361390][ T5944] usb 5-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  402.376459][ T5944] usb 5-1: config 1 interface 0 has no altsetting 0
[  402.389481][ T5944] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  402.398872][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.419742][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  402.428874][ T5944] usb 5-1: SerialNumber: syz
[  402.434720][ T6169] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  402.457739][T10893] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  402.473127][ T6169] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input15
[  402.485888][T10893] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  402.501592][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.569736][ T5887] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  402.633097][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.663937][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.684385][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.706831][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.733982][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.753907][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.755901][ T5887] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  402.771100][ T5887] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  402.773919][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.781441][ T5887] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  402.798793][ T5887] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  402.803895][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.809837][ T5887] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  402.830327][ T5887] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  402.835948][ T6169] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  402.839665][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  402.854795][ T5887] usb 6-1: Product: syz
[  402.858967][ T5887] usb 6-1: Manufacturer: syz
[  402.867336][ T6169] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  402.867978][ T5887] cdc_wdm 6-1:1.0: skipping garbage
[  402.875756][ T6169] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  402.886146][ T5887] cdc_wdm 6-1:1.0: skipping garbage
[  402.893870][ T5962] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  402.902118][ T6169] usb 2-1: USB disconnect, device number 35
[  402.917659][ T5887] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  402.923683][ T5887] cdc_wdm 6-1:1.0: Unknown control protocol
[  403.053842][ T5962] usb 4-1: Using ep0 maxpacket: 16
[  403.060457][ T5962] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[  403.069054][ T5962] usb 4-1: config 1 has no interface number 0
[  403.076343][ T5962] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  403.086961][ T5962] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  403.097181][ T5962] usb 4-1: config 1 interface 105 has no altsetting 0
[  403.106771][ T5962] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  403.116140][ T5962] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.124273][ T5962] usb 4-1: Product: syz
[  403.128548][ T5962] usb 4-1: Manufacturer: syz
[  403.133202][ T5962] usb 4-1: SerialNumber: syz
[  403.141339][T10909] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  403.148828][T10909] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  403.306690][T10898] netlink: 180336 bytes leftover after parsing attributes in process `syz.5.1250'.
[  403.321769][ T5887] usb 6-1: USB disconnect, device number 25
[  403.568523][T10909] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  403.576157][T10909] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  404.200346][T10931] FAULT_INJECTION: forcing a failure.
[  404.200346][T10931] name failslab, interval 1, probability 0, space 0, times 0
[  404.243086][T10931] CPU: 1 UID: 0 PID: 10931 Comm: syz.1.1258 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  404.243117][T10931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.243129][T10931] Call Trace:
[  404.243135][T10931]  <TASK>
[  404.243145][T10931]  dump_stack_lvl+0x16c/0x1f0
[  404.243177][T10931]  should_fail_ex+0x512/0x640
[  404.243202][T10931]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  404.243231][T10931]  should_failslab+0xc2/0x120
[  404.243257][T10931]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  404.243282][T10931]  ? __alloc_skb+0x2b2/0x380
[  404.243310][T10931]  __alloc_skb+0x2b2/0x380
[  404.243334][T10931]  ? __pfx___alloc_skb+0x10/0x10
[  404.243355][T10931]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  404.243379][T10931]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  404.243410][T10931]  netlink_alloc_large_skb+0x69/0x130
[  404.243431][T10931]  netlink_sendmsg+0x6a1/0xdd0
[  404.243454][T10931]  ? __pfx_netlink_sendmsg+0x10/0x10
[  404.243476][T10931]  ? ____sys_sendmsg+0x929/0xc70
[  404.243498][T10931]  ____sys_sendmsg+0xa95/0xc70
[  404.243517][T10931]  ? copy_msghdr_from_user+0x10a/0x160
[  404.243542][T10931]  ? __pfx_____sys_sendmsg+0x10/0x10
[  404.243572][T10931]  ___sys_sendmsg+0x134/0x1d0
[  404.243598][T10931]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.243620][T10931]  ? __lock_acquire+0x622/0x1c90
[  404.243669][T10931]  __sys_sendmsg+0x16d/0x220
[  404.243694][T10931]  ? __pfx___sys_sendmsg+0x10/0x10
[  404.243734][T10931]  do_syscall_64+0xcd/0x4c0
[  404.243758][T10931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.243776][T10931] RIP: 0033:0x7fa507d8e929
[  404.243793][T10931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.243809][T10931] RSP: 002b:00007fa508ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  404.243828][T10931] RAX: ffffffffffffffda RBX: 00007fa507fb5fa0 RCX: 00007fa507d8e929
[  404.243840][T10931] RDX: 0000000020000004 RSI: 0000200000000300 RDI: 0000000000000005
[  404.243851][T10931] RBP: 00007fa508ba1090 R08: 0000000000000000 R09: 0000000000000000
[  404.243861][T10931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.243871][T10931] R13: 0000000000000000 R14: 00007fa507fb5fa0 R15: 00007ffc68297b48
[  404.243895][T10931]  </TASK>
[  404.595818][T10893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10893 comm=syz.4.1248
[  404.682136][ T5962] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  404.699988][ T5962] aqc111 4-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, ee:0c:da:4a:9b:bd
[  404.715942][ T5962] usb 4-1: USB disconnect, device number 33
[  404.725769][ T5962] aqc111 4-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  404.775621][ T5962] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  404.787429][ T5962] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  404.800484][ T5962] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  404.897308][ T5944] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  404.913825][ T5909] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  404.938291][ T5944] usb 5-1: USB disconnect, device number 37
[  405.107919][ T5909] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  405.134415][ T5909] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  405.168409][ T5909] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  405.192067][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  405.527875][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  405.600897][ T5909] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  405.610158][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  405.640360][ T5909] usb 2-1: Product: syz
[  405.726990][T10953] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1265' sets config #-511
[  405.956408][ T5909] usb 2-1: Manufacturer: syz
[  405.980724][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  405.989367][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  406.082244][ T5909] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  406.107802][ T5909] cdc_wdm 2-1:1.0: Unknown control protocol
[  406.196166][   T30] audit: type=1400 audit(1751826117.703:475): avc:  denied  { create } for  pid=10961 comm="syz.2.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  406.270404][T10971] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1260'.
[  406.316542][ T5909] usb 2-1: USB disconnect, device number 36
[  406.494456][ T5944] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  406.656027][ T5944] usb 3-1: New USB device found, idVendor=1e71, idProduct=2019, bcdDevice= 0.00
[  406.673247][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.695839][ T5944] usb 3-1: config 0 descriptor??
[  406.741828][T10969] loop6: detected capacity change from 0 to 524287999
[  407.381768][ T5944] nzxt-smart2 0003:1E71:2019.0010: hidraw0: USB HID v0.07 Device [HID 1e71:2019] on usb-dummy_hcd.2-1/input0
[  409.945840][T11028] loop6: detected capacity change from 0 to 524287999
[  409.977236][ T5944] usb 3-1: USB disconnect, device number 42
[  410.016655][T11026] mkiss: ax0: crc mode is auto.
[  410.528371][T11038] tipc: Started in network mode
[  410.533311][T11038] tipc: Node identity 080211000001, cluster identity 4711
[  410.574782][T11038] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.621793][T11041] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode
[  410.654053][T11041] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode
[  410.673579][T11038] tipc: Resetting bearer <eth:syzkaller0>
[  410.683904][ T5962] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  411.385501][ T5962] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  411.404174][ T5962] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  411.438203][ T5962] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  411.469486][ T5962] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  411.478003][ T5962] usb 6-1: SerialNumber: syz
[  411.694127][ T5887] tipc: Node number set to 134418688
[  411.833916][ T5909] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  412.113822][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  412.490784][ T5909] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  412.511371][ T5909] usb 2-1: config 0 has no interface number 0
[  412.537002][ T5909] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  412.573971][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.605412][ T5909] usb 2-1: Product: syz
[  412.611649][T11064] netlink: 'syz.3.1296': attribute type 14 has an invalid length.
[  412.638304][ T5909] usb 2-1: Manufacturer: syz
[  412.648183][ T5909] usb 2-1: SerialNumber: syz
[  412.663676][ T5909] usb 2-1: config 0 descriptor??
[  412.690271][ T5909] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  412.863363][T11068] JFS: discard option not supported on device
[  412.869811][T11068] Mount JFS Failure: -22
[  412.874990][T11068] jfs_mount failed w/return code = -22
[  413.121589][ T5962] usb 6-1: 0:2 : does not exist
[  413.152306][ T5962] usb 6-1: unit 5 not found!
[  413.391072][ T5962] usb 6-1: USB disconnect, device number 26
[  413.476089][T11083] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1300'.
[  413.498926][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  413.602478][T11087] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1301'.
[  413.619727][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1301'.
[  413.726099][T11089] FAULT_INJECTION: forcing a failure.
[  413.726099][T11089] name failslab, interval 1, probability 0, space 0, times 0
[  413.735789][T11087] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1301'.
[  413.750413][ T5909] gspca_spca1528: reg_r err -32
[  413.755445][ T5909] spca1528 2-1:0.1: probe with driver spca1528 failed with error -32
[  413.772767][T11087] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  413.815384][T11089] CPU: 1 UID: 0 PID: 11089 Comm: syz.4.1303 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  413.815412][T11089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  413.815422][T11089] Call Trace:
[  413.815428][T11089]  <TASK>
[  413.815435][T11089]  dump_stack_lvl+0x16c/0x1f0
[  413.815465][T11089]  should_fail_ex+0x512/0x640
[  413.815489][T11089]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  413.815516][T11089]  should_failslab+0xc2/0x120
[  413.815540][T11089]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  413.815562][T11089]  ? getname_flags.part.0+0x4c/0x550
[  413.815590][T11089]  getname_flags.part.0+0x4c/0x550
[  413.815611][T11089]  getname_flags+0x93/0xf0
[  413.815634][T11089]  user_path_at+0x24/0x60
[  413.815658][T11089]  __x64_sys_mount+0x1fc/0x310
[  413.815675][T11089]  ? __pfx___x64_sys_mount+0x10/0x10
[  413.815699][T11089]  do_syscall_64+0xcd/0x4c0
[  413.815726][T11089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.815743][T11089] RIP: 0033:0x7f97ec38e929
[  413.815758][T11089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.815775][T11089] RSP: 002b:00007f97ed2e3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  413.815792][T11089] RAX: ffffffffffffffda RBX: 00007f97ec5b5fa0 RCX: 00007f97ec38e929
[  413.815803][T11089] RDX: 0000200000000040 RSI: 0000200000000100 RDI: 0000000000000000
[  413.815814][T11089] RBP: 00007f97ed2e3090 R08: 0000200000000300 R09: 0000000000000000
[  413.815824][T11089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.815834][T11089] R13: 0000000000000000 R14: 00007f97ec5b5fa0 R15: 00007ffe42b2db48
[  413.815857][T11089]  </TASK>
[  413.993022][T11053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.005303][T11053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.055256][T11086] loop6: detected capacity change from 0 to 524287999
[  414.057909][T11087] 0ªî{X¹¦: entered allmulticast mode
[  414.081013][T11087] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  414.269342][ T5887] usb 2-1: USB disconnect, device number 37
[  415.217856][T11113] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  415.273895][ T6169] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  415.312143][T11111] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  415.434290][ T6169] usb 2-1: Using ep0 maxpacket: 8
[  415.445901][ T6169] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.458148][ T6169] usb 2-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  415.468237][ T6169] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.497267][T11122] FAULT_INJECTION: forcing a failure.
[  415.497267][T11122] name fail_futex, interval 1, probability 0, space 0, times 1
[  415.510538][T11122] CPU: 1 UID: 0 PID: 11122 Comm: syz.2.1312 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  415.510554][T11122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  415.510561][T11122] Call Trace:
[  415.510565][T11122]  <TASK>
[  415.510569][T11122]  dump_stack_lvl+0x16c/0x1f0
[  415.510591][T11122]  should_fail_ex+0x512/0x640
[  415.510609][T11122]  should_fail_futex+0x4c/0x60
[  415.510625][T11122]  futex_lock_pi_atomic+0x101/0xdb0
[  415.510640][T11122]  futex_lock_pi+0x23f/0x7c0
[  415.510654][T11122]  ? __pfx_futex_lock_pi+0x10/0x10
[  415.510678][T11122]  ? __pfx_futex_wake_mark+0x10/0x10
[  415.510693][T11122]  ? find_held_lock+0x2b/0x80
[  415.510708][T11122]  ? ksys_write+0x190/0x250
[  415.510725][T11122]  do_futex+0x11a/0x350
[  415.510743][T11122]  ? __pfx_do_futex+0x10/0x10
[  415.510763][T11122]  __x64_sys_futex+0x1e0/0x4c0
[  415.510781][T11122]  ? fput+0x70/0xf0
[  415.510791][T11122]  ? __pfx___x64_sys_futex+0x10/0x10
[  415.510807][T11122]  ? ksys_write+0x1ac/0x250
[  415.510821][T11122]  ? __pfx_ksys_write+0x10/0x10
[  415.510850][T11122]  do_syscall_64+0xcd/0x4c0
[  415.510867][T11122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.510878][T11122] RIP: 0033:0x7f48d4b8e929
[  415.510888][T11122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.510899][T11122] RSP: 002b:00007f48d5922038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  415.510910][T11122] RAX: ffffffffffffffda RBX: 00007f48d4db6080 RCX: 00007f48d4b8e929
[  415.510917][T11122] RDX: 0000000000000002 RSI: 0000000000000086 RDI: 000020000000cffc
[  415.510923][T11122] RBP: 00007f48d5922090 R08: 0000000000000000 R09: 00000000fffffffc
[  415.510930][T11122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.510936][T11122] R13: 0000000000000000 R14: 00007f48d4db6080 R15: 00007fffa297e7f8
[  415.510948][T11122]  </TASK>
[  415.739890][ T6169] usb 2-1: config 0 descriptor??
[  416.257388][ T5896] usb 2-1: USB disconnect, device number 38
[  416.323995][ T5887] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  416.570011][T11143] FAULT_INJECTION: forcing a failure.
[  416.570011][T11143] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.583257][T11143] CPU: 0 UID: 0 PID: 11143 Comm: syz.2.1316 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  416.583281][T11143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  416.583289][T11143] Call Trace:
[  416.583293][T11143]  <TASK>
[  416.583297][T11143]  dump_stack_lvl+0x16c/0x1f0
[  416.583318][T11143]  should_fail_ex+0x512/0x640
[  416.583336][T11143]  _copy_from_user+0x2e/0xd0
[  416.583358][T11143]  copy_msghdr_from_user+0x98/0x160
[  416.583382][T11143]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  416.583404][T11143]  ? __pfx__kstrtoull+0x10/0x10
[  416.583419][T11143]  ___sys_sendmsg+0xfe/0x1d0
[  416.583435][T11143]  ? __pfx____sys_sendmsg+0x10/0x10
[  416.583457][T11143]  ? find_held_lock+0x2b/0x80
[  416.583479][T11143]  __sys_sendmmsg+0x200/0x420
[  416.583497][T11143]  ? __pfx___sys_sendmmsg+0x10/0x10
[  416.583529][T11143]  __x64_sys_sendmmsg+0x9c/0x100
[  416.583545][T11143]  do_syscall_64+0xcd/0x4c0
[  416.583562][T11143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.583579][T11143] RIP: 0033:0x7f48d4b8e929
[  416.583588][T11143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.583599][T11143] RSP: 002b:00007f48d59ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  416.583610][T11143] RAX: ffffffffffffffda RBX: 00007f48d4db6160 RCX: 00007f48d4b8e929
[  416.583617][T11143] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000006
[  416.583624][T11143] RBP: 00007f48d59ca090 R08: 0000000000000000 R09: 0000000000000000
[  416.583630][T11143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.583637][T11143] R13: 0000000000000000 R14: 00007f48d4db6160 R15: 00007fffa297e7f8
[  416.583650][T11143]  </TASK>
[  416.996803][ T5887] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.033877][ T5887] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  417.092490][ T5887] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  417.106905][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.132875][ T5887] usb 5-1: Product: syz
[  417.139226][ T5887] usb 5-1: Manufacturer: syz
[  417.144152][ T5887] usb 5-1: SerialNumber: syz
[  417.163467][T11152] FAULT_INJECTION: forcing a failure.
[  417.163467][T11152] name failslab, interval 1, probability 0, space 0, times 0
[  417.178190][T11152] CPU: 0 UID: 0 PID: 11152 Comm: syz.1.1318 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  417.178218][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  417.178228][T11152] Call Trace:
[  417.178234][T11152]  <TASK>
[  417.178240][T11152]  dump_stack_lvl+0x16c/0x1f0
[  417.178269][T11152]  should_fail_ex+0x512/0x640
[  417.178292][T11152]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  417.178318][T11152]  should_failslab+0xc2/0x120
[  417.178345][T11152]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  417.178367][T11152]  ? skb_clone+0x190/0x3f0
[  417.178395][T11152]  skb_clone+0x190/0x3f0
[  417.178420][T11152]  nfnetlink_rcv_batch+0x1cf/0x2330
[  417.178440][T11152]  ? kmem_cache_free+0x2d1/0x4d0
[  417.178469][T11152]  ? __lock_acquire+0x622/0x1c90
[  417.178489][T11152]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  417.178527][T11152]  ? avc_has_perm_noaudit+0x149/0x3b0
[  417.178549][T11152]  ? __asan_memset+0x23/0x50
[  417.178575][T11152]  ? __nla_validate_parse+0x600/0x2880
[  417.178599][T11152]  ? __pfx___nla_validate_parse+0x10/0x10
[  417.178618][T11152]  ? cap_capable+0xb3/0x250
[  417.178643][T11152]  ? __nla_parse+0x40/0x60
[  417.178663][T11152]  nfnetlink_rcv+0x3c1/0x430
[  417.178684][T11152]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  417.178711][T11152]  netlink_unicast+0x53a/0x7f0
[  417.178733][T11152]  ? __pfx_netlink_unicast+0x10/0x10
[  417.178757][T11152]  netlink_sendmsg+0x8d1/0xdd0
[  417.178779][T11152]  ? __pfx_netlink_sendmsg+0x10/0x10
[  417.178805][T11152]  ____sys_sendmsg+0xa95/0xc70
[  417.178822][T11152]  ? copy_msghdr_from_user+0x10a/0x160
[  417.178845][T11152]  ? __pfx_____sys_sendmsg+0x10/0x10
[  417.178875][T11152]  ___sys_sendmsg+0x134/0x1d0
[  417.178901][T11152]  ? __pfx____sys_sendmsg+0x10/0x10
[  417.178922][T11152]  ? __lock_acquire+0x622/0x1c90
[  417.178970][T11152]  __sys_sendmsg+0x16d/0x220
[  417.178994][T11152]  ? __pfx___sys_sendmsg+0x10/0x10
[  417.179036][T11152]  do_syscall_64+0xcd/0x4c0
[  417.179063][T11152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.179081][T11152] RIP: 0033:0x7fa507d8e929
[  417.179096][T11152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.179112][T11152] RSP: 002b:00007fa508ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  417.179131][T11152] RAX: ffffffffffffffda RBX: 00007fa507fb5fa0 RCX: 00007fa507d8e929
[  417.179142][T11152] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  417.179152][T11152] RBP: 00007fa508ba1090 R08: 0000000000000000 R09: 0000000000000000
[  417.179162][T11152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.179172][T11152] R13: 0000000000000000 R14: 00007fa507fb5fa0 R15: 00007ffc68297b48
[  417.179195][T11152]  </TASK>
[  417.473177][T11154] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1319'.
[  417.495959][ T5887] cdc_mbim 5-1:1.0: skipping garbage
[  417.626617][T11160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1321'.
[  418.137443][T11121] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  418.172278][T11166] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1322'.
[  418.197904][T11166] smc: removing ib device syz0
[  418.834050][T11166] ------------[ cut here ]------------
[  418.839584][T11166] WARNING: CPU: 1 PID: 11166 at drivers/infiniband/sw/rxe/rxe_pool.c:116 rxe_pool_cleanup+0x41/0x60
[  418.850392][T11166] Modules linked in:
[  418.854567][T11166] CPU: 1 UID: 0 PID: 11166 Comm: syz.5.1322 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  418.866665][T11166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.876757][T11166] RIP: 0010:rxe_pool_cleanup+0x41/0x60
[  418.882237][T11166] Code: 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1f 48 83 bb 80 00 00 00 00 75 06 5b e9 75 5e 0a f9 e8 70 5e 0a f9 90 <0f> 0b 90 5b e9 66 5e 0a f9 e8 61 3a 71 f9 eb da 66 66 2e 0f 1f 84
[  418.902127][T11166] RSP: 0018:ffffc900103b71f0 EFLAGS: 00010246
[  418.908227][T11166] RAX: 0000000000080000 RBX: ffff888028609320 RCX: ffffc9001d201000
[  418.916264][T11166] RDX: 0000000000080000 RSI: ffffffff88b1c210 RDI: ffff8880286093a0
[  418.924248][T11166] RBP: ffffffff88b026c0 R08: 0000000000000005 R09: 0000000000000001
[  418.932252][T11166] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888028608668
[  418.940252][T11166] R13: ffff888028607fe0 R14: ffff888028607fe0 R15: ffff888028609080
[  418.948426][T11166] FS:  00007f4864a816c0(0000) GS:ffff888124815000(0000) knlGS:0000000000000000
[  418.957468][T11166] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  418.964064][T11166] CR2: 00007ffe4c438f19 CR3: 0000000076896000 CR4: 00000000003526f0
[  418.972072][T11166] Call Trace:
[  418.975377][T11166]  <TASK>
[  418.978309][T11166]  rxe_dealloc+0x25/0xc0
[  418.982570][T11166]  ib_dealloc_device+0x49/0x230
[  418.987451][T11166]  __ib_unregister_device+0x396/0x480
[  418.992824][T11166]  ? __pfx_ib_device_get_by_index+0x10/0x10
[  418.998748][T11166]  ib_unregister_device_and_put+0x5a/0x80
[  419.004485][T11166]  nldev_dellink+0x21f/0x320
[  419.009092][T11166]  ? __pfx_nldev_dellink+0x10/0x10
[  419.014287][T11166]  ? cap_capable+0xb3/0x250
[  419.018803][T11166]  ? bpf_lsm_capable+0x9/0x10
[  419.023483][T11166]  ? security_capable+0x7e/0x260
[  419.028436][T11166]  ? ns_capable+0xd7/0x110
[  419.032849][T11166]  ? __pfx_nldev_dellink+0x10/0x10
[  419.037984][T11166]  rdma_nl_rcv_msg+0x38a/0x6e0
[  419.042770][T11166]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  419.048081][T11166]  ? __lock_acquire+0x622/0x1c90
[  419.053050][T11166]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430
[  419.059510][T11166]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  419.066605][T11166]  ? netlink_deliver_tap+0x1ae/0xd30
[  419.071930][T11166]  ? is_vmalloc_addr+0x86/0xa0
[  419.076755][T11166]  netlink_unicast+0x53a/0x7f0
[  419.081543][T11166]  ? __pfx_netlink_unicast+0x10/0x10
[  419.086874][T11166]  netlink_sendmsg+0x8d1/0xdd0
[  419.091839][T11166]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.097201][T11166]  ____sys_sendmsg+0xa95/0xc70
[  419.102009][T11166]  ? copy_msghdr_from_user+0x10a/0x160
[  419.107515][T11166]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.112809][T11166]  ? __pfx_futex_wake_mark+0x10/0x10
[  419.118131][T11166]  ___sys_sendmsg+0x134/0x1d0
[  419.122848][T11166]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.128129][T11166]  ? __lock_acquire+0x622/0x1c90
[  419.133125][T11166]  __sys_sendmsg+0x16d/0x220
[  419.137755][T11166]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.142890][T11166]  ? __x64_sys_futex+0x1e0/0x4c0
[  419.147913][T11166]  do_syscall_64+0xcd/0x4c0
[  419.152432][T11166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.158390][T11166] RIP: 0033:0x7f4863b8e929
[  419.162807][T11166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.182565][T11166] RSP: 002b:00007f4864a81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.191061][T11166] RAX: ffffffffffffffda RBX: 00007f4863db5fa0 RCX: 00007f4863b8e929
[  419.199059][T11166] RDX: 0000000000008044 RSI: 0000200000000200 RDI: 0000000000000008
[  419.207075][T11166] RBP: 00007f4863c10b39 R08: 0000000000000000 R09: 0000000000000000
[  419.215103][T11166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.223092][T11166] R13: 0000000000000000 R14: 00007f4863db5fa0 R15: 00007ffc4d0c9a18
[  419.231124][T11166]  </TASK>
[  419.234146][T11166] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  419.241406][T11166] CPU: 1 UID: 0 PID: 11166 Comm: syz.5.1322 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  419.253464][T11166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  419.263502][T11166] Call Trace:
[  419.266770][T11166]  <TASK>
[  419.269687][T11166]  dump_stack_lvl+0x3d/0x1f0
[  419.274285][T11166]  panic+0x71c/0x800
[  419.278199][T11166]  ? __pfx_panic+0x10/0x10
[  419.282629][T11166]  ? show_trace_log_lvl+0x29b/0x3e0
[  419.287834][T11166]  ? rxe_pool_cleanup+0x41/0x60
[  419.292715][T11166]  check_panic_on_warn+0xab/0xb0
[  419.297643][T11166]  __warn+0xf6/0x3c0
[  419.301558][T11166]  ? rxe_pool_cleanup+0x41/0x60
[  419.306425][T11166]  report_bug+0x3c3/0x580
[  419.310744][T11166]  ? rxe_pool_cleanup+0x41/0x60
[  419.315599][T11166]  handle_bug+0x184/0x210
[  419.319938][T11166]  exc_invalid_op+0x17/0x50
[  419.324452][T11166]  asm_exc_invalid_op+0x1a/0x20
[  419.329304][T11166] RIP: 0010:rxe_pool_cleanup+0x41/0x60
[  419.334757][T11166] Code: 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1f 48 83 bb 80 00 00 00 00 75 06 5b e9 75 5e 0a f9 e8 70 5e 0a f9 90 <0f> 0b 90 5b e9 66 5e 0a f9 e8 61 3a 71 f9 eb da 66 66 2e 0f 1f 84
[  419.354357][T11166] RSP: 0018:ffffc900103b71f0 EFLAGS: 00010246
[  419.360422][T11166] RAX: 0000000000080000 RBX: ffff888028609320 RCX: ffffc9001d201000
[  419.368387][T11166] RDX: 0000000000080000 RSI: ffffffff88b1c210 RDI: ffff8880286093a0
[  419.376354][T11166] RBP: ffffffff88b026c0 R08: 0000000000000005 R09: 0000000000000001
[  419.384329][T11166] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888028608668
[  419.392293][T11166] R13: ffff888028607fe0 R14: ffff888028607fe0 R15: ffff888028609080
[  419.400277][T11166]  ? __pfx_rxe_dealloc+0x10/0x10
[  419.405222][T11166]  ? rxe_pool_cleanup+0x40/0x60
[  419.410096][T11166]  rxe_dealloc+0x25/0xc0
[  419.414352][T11166]  ib_dealloc_device+0x49/0x230
[  419.419228][T11166]  __ib_unregister_device+0x396/0x480
[  419.424609][T11166]  ? __pfx_ib_device_get_by_index+0x10/0x10
[  419.430504][T11166]  ib_unregister_device_and_put+0x5a/0x80
[  419.436222][T11166]  nldev_dellink+0x21f/0x320
[  419.440831][T11166]  ? __pfx_nldev_dellink+0x10/0x10
[  419.446030][T11166]  ? cap_capable+0xb3/0x250
[  419.450552][T11166]  ? bpf_lsm_capable+0x9/0x10
[  419.455229][T11166]  ? security_capable+0x7e/0x260
[  419.460155][T11166]  ? ns_capable+0xd7/0x110
[  419.464561][T11166]  ? __pfx_nldev_dellink+0x10/0x10
[  419.469660][T11166]  rdma_nl_rcv_msg+0x38a/0x6e0
[  419.474422][T11166]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  419.479690][T11166]  ? __lock_acquire+0x622/0x1c90
[  419.484616][T11166]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430
[  419.491030][T11166]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  419.497965][T11166]  ? netlink_deliver_tap+0x1ae/0xd30
[  419.503253][T11166]  ? is_vmalloc_addr+0x86/0xa0
[  419.508002][T11166]  netlink_unicast+0x53a/0x7f0
[  419.512764][T11166]  ? __pfx_netlink_unicast+0x10/0x10
[  419.518039][T11166]  netlink_sendmsg+0x8d1/0xdd0
[  419.522806][T11166]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.528101][T11166]  ____sys_sendmsg+0xa95/0xc70
[  419.532856][T11166]  ? copy_msghdr_from_user+0x10a/0x160
[  419.538314][T11166]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.543600][T11166]  ? __pfx_futex_wake_mark+0x10/0x10
[  419.548879][T11166]  ___sys_sendmsg+0x134/0x1d0
[  419.553547][T11166]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.558734][T11166]  ? __lock_acquire+0x622/0x1c90
[  419.563669][T11166]  __sys_sendmsg+0x16d/0x220
[  419.568250][T11166]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.573356][T11166]  ? __x64_sys_futex+0x1e0/0x4c0
[  419.578312][T11166]  do_syscall_64+0xcd/0x4c0
[  419.582820][T11166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.588705][T11166] RIP: 0033:0x7f4863b8e929
[  419.593138][T11166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.612739][T11166] RSP: 002b:00007f4864a81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.621140][T11166] RAX: ffffffffffffffda RBX: 00007f4863db5fa0 RCX: 00007f4863b8e929
[  419.629269][T11166] RDX: 0000000000008044 RSI: 0000200000000200 RDI: 0000000000000008
[  419.637233][T11166] RBP: 00007f4863c10b39 R08: 0000000000000000 R09: 0000000000000000
[  419.645188][T11166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.653132][T11166] R13: 0000000000000000 R14: 00007f4863db5fa0 R15: 00007ffc4d0c9a18
[  419.661105][T11166]  </TASK>
[  419.664326][T11166] Kernel Offset: disabled
[  419.668630][T11166] Rebooting in 86400 seconds..