last executing test programs:

1m18.855550748s ago: executing program 3 (id=5194):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x10000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000002c0)={0x0, r0, 0x5, 0x8b77, 0x6, 0x2})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000400000/0x1000)=nil, 0x1000}, 0x1})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x3, 0x7, 0x6}, {{0x4}, {0x0, 0x1, 0x1}}}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_udp_int(r10, 0x11, 0xb, 0x0, &(0x7f0000000400))
ioctl$KVM_CAP_SPLIT_IRQCHIP(r9, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r11, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r11, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x10, 0x0, 0x0})
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x1000})
ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000080)=@x86={0x7c, 0x3, 0xfd, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x8, 0x5, 0xb, 0x8, 0x0, 0x10003, 0x9, 0xff, 0x6, 0x5, 0x12, '\x00', 0x1})

1m18.492307419s ago: executing program 3 (id=5202):
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
userfaultfd(0x80001)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x400, 0x0, 0xfffffdfc}, 0x0, 0x0)
rseq(0x0, 0x0, 0x400000003, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0)
close(r0)
epoll_create(0xfff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1, @ANYRES64=r1], 0x20)

1m18.360847008s ago: executing program 3 (id=5205):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000030000000001000500050007000000000008000900030000001400200000000000000000000000ffffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

1m18.205268258s ago: executing program 3 (id=5208):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1000010, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000640)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x3, 0x8, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r2}])
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xaece, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000015c0)=""/4098, 0x1d}], 0x63, 0x0, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1m17.160095422s ago: executing program 3 (id=5222):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x84, r3, {0x0, 0xfff1}, {}, {0x9, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0xb}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x248c0}, 0x20001880)

1m16.677840641s ago: executing program 3 (id=5226):
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x1, 0x0, 0x0, {[@md5sig={0x13, 0x12, "473ecfd2106a00"}]}}}}}}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x48080)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="28000000150a0102000000a6000000000000000009"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)

1m15.671363039s ago: executing program 32 (id=5226):
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x4001, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x1, 0x0, 0x0, {[@md5sig={0x13, 0x12, "473ecfd2106a00"}]}}}}}}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x48080)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="28000000150a0102000000a6000000000000000009"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)

11.965790149s ago: executing program 1 (id=5606):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000280000000000000000000000b7080000000000007baa00fe00000000b5080000000000197b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000000000070400000080ffffb70200001700000018230000", @ANYRES32, @ANYBLOB="0000000001000000b705000008000000850000006900000095"], &(0x7f0000000240)='GPL\x00', 0x9, 0xff7, &(0x7f0000001e00)=""/4087}, 0x94)

7.817389927s ago: executing program 2 (id=5625):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000002c80)={{0x12, 0x1, 0x0, 0x41, 0x7, 0xf5, 0x40, 0xcf3, 0x9375, 0x1a9e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbe, 0xe4, 0xf9}}]}}]}}, 0x0)
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc713, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0x50, 0x6, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x1, 0xf7, {0x9, 0x21, 0x1, 0x3, 0x1, {0x22, 0xebe}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xe, 0x1, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0xb1, 0x55, 0x30}}]}}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x6, 0x5, 0x3, 0x40}, 0x2c, &(0x7f0000000080)={0x5, 0xf, 0x2c, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0x7ff, 0xf0f, 0x1ac6, [0xcd14c203117d824a, 0x3f0f, 0xc030, 0xc000, 0xcf]}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x0, 0xc, 0x5}]}, 0x2, [{0xfc, &(0x7f00000000c0)=@string={0xfc, 0x3, "2ca9dbaeb93f4e81f748d29dc7658a7a3111d648a67d967c5db28cad4574ec5b3bbd4738909affa5e7b08204f227878681dbd5b861aac63774b0f6da8ef303f4872148876e46feccd820de96143ff933bd5177613fcc3e8a6444a47359529ff4862656347e97dcdac8568fbab79b0360ff504c0027e4945f0bf8648a131c68c494388c673c023c277ed21b24dea0f8e020815f46af9959a289f43250ae66c262a42987a297a8f60835c0f0f7bf5e25fdf4ae9ed9656fb77f4f2a19a0a4783ff17ff8b6428acf7313b84c87f726501ff9a8c8c635fa73859dcead017ef645862cf20c3620760101b874e933010b036c8e5a66b8ed33ea75697471"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1c09}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})

6.257640909s ago: executing program 1 (id=5607):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_open_dev$video(&(0x7f00000001c0), 0x7, 0x101000)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5882, 0x400, 0x2, 0xfffffdfc}, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_create(0xfff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/tracing', 0xc0c00, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=r0], 0x20)

6.198097595s ago: executing program 1 (id=5630):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="000000fbff0000001a"])

5.981756392s ago: executing program 1 (id=5632):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x6}, @IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x40}}, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="04", @ANYBLOB="2019"], 0x16)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000440)={'ip6_vti0\x00', 0x0, 0x4, 0x7, 0x0, 0x7, 0x79, @ipv4={'\x00', '\xff\xff', @multicast2}, @initdev={0xfe, 0x88, '\x00', 0x9, 0x0}, 0x20, 0x10, 0x4e, 0x20}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000307cc46700000000000000000000000a40000000060a0b04000000000000000002000000200004801c0001800900010068617368000000000c000280080001400000000a0900010073797a3000000000140000001100010000000000000000000000000a"], 0x68}, 0x1, 0x0, 0x0, 0x24004094}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

5.946100931s ago: executing program 2 (id=5633):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
read(r0, &(0x7f0000000380)=""/167, 0xa7)
syz_open_dev$usbfs(0x0, 0x20000007d, 0x800)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x4)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000006100)=[{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000ac0)="f685b3deb39e0d7e905b8aa2fbe7087f74e1f2444aba104008011368487da8e4944ffe7c9be2bdfc6c36c98f79ae180c344a78bf1f899f5c0107ce94bc202b394e2ea05d991ef8b92e", 0x49}, {&(0x7f0000000b80)="a44e39b4691f6f5992f8152a9c6606637ec3d8df4210a4", 0x17}], 0x2, 0x0, 0x0, 0x4040010}], 0x1, 0x4c001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000700000000000002000000200004801c0001800900010068617368000000000c000280080001400000000a140000001100010000000000000000000000000a00"/92], 0x5c}, 0x1, 0x0, 0x0, 0x24004094}, 0x240000c0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000f40ab487b1b512f33a8dbd67a8b84040000000000001ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8aff3dda91e0da608d6a0a35573d5524fb25451cc23051887de4df85c8e771260c4943e78905aa1e7493027366ed1bea0d80304804800018008000100667764003c0002800800"], 0x558}, 0x1, 0x0, 0x0, 0xa6975b0d20b3dc1e}, 0x40)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f00000000c0)=""/253)
connect$inet(r1, &(0x7f00000001c0)={0x2, 0x4e21, @multicast2}, 0x10)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

5.69259215s ago: executing program 1 (id=5636):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
rseq(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
syz_io_uring_setup(0x7aa2, &(0x7f00000001c0)={0x0, 0x31cf, 0x4, 0x5, 0x2d0}, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x28bd, 0x42, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x81, 0x0, 0x1, {0x22, 0x489}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xc}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xc, 0x0, 0xa}}]}}}]}}]}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x126, &(0x7f0000000240)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x114, 0x2, 0x1, 0x48, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "8f3792dfcb92"}, {0x5, 0x24, 0x0, 0x17c}, {0xd, 0x24, 0xf, 0x1, 0xd, 0x4921, 0x8001, 0x10}, {0x6, 0x24, 0x1a, 0xa0d3, 0x2d}, [@obex={0x5, 0x24, 0x15, 0x5}, @mdlm_detail={0x9a, 0x24, 0x13, 0xae, "b409c963a2df7f1c789367b093ccb798c2998678b648758fd0d3885df80c95c8ff9d6dd1eb70aafe1545f2571247e45e3ffd8213288bda40a81b879d4a1901430f63f746655e80f6d64c06b50c6129233824c0fbf249338c02d116f932d878bc893f4994db8d4787e73d260a460a6a2c3b65b577dca67bcdebc6543a61d5dadd0e327d860d0091b7fc4bc01473758ddcdf7711715ed7"}, @dmm={0x7, 0x24, 0x14, 0x1, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x9}, @network_terminal={0x7, 0x24, 0xa, 0xf0, 0x7, 0x40}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0xa, 0x54, 0x88}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0x7, 0xdd}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0x7, 0x8}}}}}}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x32, 0x4, 0x0, 0x10, 0xd0}, 0x154, &(0x7f0000000380)={0x5, 0xf, 0x154, 0x6, [@generic={0xe5, 0x10, 0x2, "89f998be64d46cdda916c734361c8fbd43fbdfc35d00622271f0aa1558de3127b9fb50dae2ddf19dc2b39ee77c4ca3fe93ca751706740b3b40eda6ad61a7e804dc89d4a79b8bc01fce51bb0a5a17f1c5e4e0c7abc9ddb3928c8ab37bcd188bb39b4ae5dfab7f0e0a59291565e62251e039798952f2e9ead8c2f9dcde5172dc8ac4d706b798a5a21c79782be918ef5f54e47dbf8f11f2eab71c214f36f0e385087624df0581ea94638bc223a4f592d809a725fcd8f54bc7c0353f554ce1860c9dd1e68939079da6969e6093a3a416c458d5c430bc203ca50d81004061a0b57f2dfaec"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xc, 0x1, 0x3, 0x8, 0x81}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2f, 0x0, 0xcb, 0xa3bc, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x9, 0x5, 0x5, 0xf000, 0x5, [0xffc030, 0xcf, 0xff0000, 0x3f00, 0xff0000]}, @ssp_cap={0x20, 0x10, 0xa, 0x7, 0x5, 0x88, 0xf00f, 0x3, [0xf, 0xff0f, 0xc030, 0x18, 0xff3f]}, @ssp_cap={0x14, 0x10, 0xa, 0x1, 0x2, 0x40, 0xf000, 0x4, [0x3f00, 0x3f00]}]}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x44d}}]})
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206"], 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000680)={0x2c, &(0x7f0000000500)={0x40, 0x22, 0x29, {0x29, 0x1, "bdbc9264eb27ff72518d7c8991325af05081fd9670e910be1431dd2b03167774f6a8fdf7e36082"}}, &(0x7f0000000540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x300a}}, &(0x7f0000000580)={0x0, 0xf, 0x53, {0x5, 0xf, 0x53, 0x6, [@ssp_cap={0x1c, 0x10, 0xa, 0x9, 0x4, 0x7ffff9f, 0xf, 0x6, [0xf, 0x0, 0x0, 0xf]}, @wireless={0xb, 0x10, 0x1, 0x8, 0xad, 0x3, 0x3, 0x8b6, 0x1}, @ptm_cap={0x3}, @generic={0x5, 0x10, 0x1, "e8fe"}, @ssp_cap={0x18, 0x10, 0xa, 0x5, 0x3, 0x7f, 0x0, 0x0, [0xffc0, 0xc000, 0xc000]}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x6, 0x0, 0x70}]}}, &(0x7f0000000600)={0x20, 0x29, 0xf, {0xf, 0x29, 0xff, 0x18, 0x4, 0x25, "e7f97494", "9dfedafb"}}, &(0x7f0000000640)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x2, 0x9, 0x9, 0x2, 0xaf8, 0x4}}}, &(0x7f0000000b00)={0x84, &(0x7f00000006c0)={0x0, 0x8, 0x46, "d51d50d1b72f9e909156380a07ccabf9baaac5cbef5874fbe3f17a9bdeb2e45690691679509fa5876ab0d8c352e1db8a71834b67ebbceb7344a7d6e1570eb42cd36b4b6b0178"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x3}}, &(0x7f0000000800)={0x20, 0x0, 0x8, {0x8, 0x80, [0xff0f]}}, &(0x7f0000000840)={0x40, 0x7, 0x2, 0xf3d7}, &(0x7f0000000880)={0x40, 0x9, 0x1, 0x8}, &(0x7f00000008c0)={0x40, 0xb, 0x2, "75d9"}, &(0x7f0000000900)={0x40, 0xf, 0x2, 0xd}, &(0x7f0000000940)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}}, &(0x7f0000000980)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}}, &(0x7f00000009c0)={0x40, 0x19, 0x2, '2y'}, &(0x7f0000000a00)={0x40, 0x1a, 0x2, 0x1ff}, &(0x7f0000000a40)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000000a80)={0x40, 0x1e, 0x1}, &(0x7f0000000ac0)={0x40, 0x21, 0x1, 0x5}})

5.55138688s ago: executing program 2 (id=5638):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_open_dev$video(&(0x7f00000001c0), 0x7, 0x101000)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f00000000c0)=0x180000, 0x4)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/tracing', 0xc0c00, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1, @ANYRES64=r1], 0x20)

5.281545596s ago: executing program 2 (id=5644):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) (async, rerun: 64)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) (async, rerun: 32)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0) (async, rerun: 32)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(0xffffffffffffffff) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="200000000a0a010200ffff0000000000027f0cff09000100"], 0x20}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a30000000001c0007800c000280080001c0000000020c00018008000140ac1414bb05000500020000000500010006"], 0x68}}, 0x0) (async)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x128, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_USERDATA={0x50, 0x6, "8992692bd7272ad06676c4d2f603cb61ea0a2af0275eae7ea1684af64e9f072be57a8444a99cce8493b439eb6bbeffd3d50313c05ab55b0d6e0dfe530c55dc84777d299f6219cf6767d3096f"}, @NFTA_TABLE_USERDATA={0xad, 0x6, "c188e991454a70891c93bf5ef287ae0c7477a4ef8aefbcb4d381d0e10769b400f87ea89a0c7803460fe9e55f84bb4e0a0be10e7b20e2c4604cd13666f5d85c8acd9be5d94d41d44aa0013dc0ea3f470015b9001432d5c1431fc250ba49d9b9087ebf864a35b97b45a39b50d7048effe22eca96ce4be1e0bb64697f8deca2468750eca7c6add11c987b29ccb96aab1a5b05f1896c8068ad3747f93744549368bd6977d1cbe6081c4fe1"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x8008)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) (async)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r8 = inotify_init1(0x0)
inotify_add_watch(r8, &(0x7f0000000180)='./control\x00', 0x64000ba6) (async)
inotify_add_watch(r8, &(0x7f0000000180)='./control\x00', 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000000)=0xffff0018) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(r5, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0) (async)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0) (async)
write$6lowpan_control(r6, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)

5.121339481s ago: executing program 0 (id=5646):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000480)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x3e}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x4000)

4.673587323s ago: executing program 0 (id=5648):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$loop(0x0, 0x75f, 0xa382)
mkdirat(0xffffffffffffffff, 0x0, 0xc0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[])
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c800000000020104ba000000000000000a0000003c0001800c00028005000100210000002c000180140003000000000000000000000000000000000114639100fe8000000000000000000000000000bb3c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400fe8000"/138], 0xc8}}, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4)
sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="439db5", 0x3}], 0x1, &(0x7f0000000540)=[@op={0x18}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x14}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000005c0)=""/103, 0x67}], 0x1}, 0xe}], 0x2, 0x2021, 0x0)

3.311092391s ago: executing program 2 (id=5650):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, 0x0, 0x8080)
socket$vsock_stream(0x28, 0x1, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
mknod$loop(&(0x7f0000000080)='./bus\x00', 0x2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f00000000c0), 0x0)
syz_open_dev$ndb(0x0, 0x0, 0x10000)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r6, 0x401054d6, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000000)="c65a697dc193404fa0e2f58f60b4a27b59b6ba2ced2a80952f4742cd184015cfff3ea1491931aa", 0x27}], 0x1)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r7, 0x0, 0x40, 0x0, &(0x7f00000000c0))
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201100153a42908f00a71729188010203010902240001060000000904020002ffffff000905"], 0x0)

2.519318194s ago: executing program 1 (id=5652):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2}, [@NDA_DST_MAC={0xa, 0x1, @remote}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000200)=""/57, 0x39, &(0x7f0000000000)={0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x2)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000140)=0x200000000)
socket$inet(0x2, 0x3, 0x2)
syz_emit_ethernet(0x36, 0x0, 0x0)
write$vhost_msg_v2(r4, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000000540)=""/152, 0x98, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000440)=""/119, 0x77, 0x0, 0x0, 0x3}}, 0x48)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendfile(r5, r3, 0x0, 0x20000023893)
r6 = getpgid(0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x1ff8, 0x12)
ptrace$ARCH_SET_CPUID(0x1e, r6, 0x1, 0x1012)

1.605905047s ago: executing program 5 (id=5656):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x6}, @IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x40}}, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="04", @ANYBLOB="2019"], 0x16)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000440)={'ip6_vti0\x00', 0x0, 0x4, 0x7, 0x0, 0x7, 0x79, @ipv4={'\x00', '\xff\xff', @multicast2}, @initdev={0xfe, 0x88, '\x00', 0x9, 0x0}, 0x20, 0x10, 0x4e, 0x20}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000307cc46700000000000000000000000a40000000060a0b04000000000000000002000000200004801c0001800900010068617368000000000c000280080001400000000a0900010073797a3000000000140000001100010000000000000000000000000a"], 0x68}, 0x1, 0x0, 0x0, 0x24004094}, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.496720175s ago: executing program 0 (id=5657):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5882, 0x400, 0x2, 0xfffffdfc}, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_create(0xfff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/tracing', 0xc0c00, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=r0], 0x20)

1.367441221s ago: executing program 5 (id=5659):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000fffffffffffffff50a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001"], 0x110}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.285228294s ago: executing program 0 (id=5661):
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x4002)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(0xffffffffffffffff, 0x8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x14f8d, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x100, @loopback}, 0x1c)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000012000101000000000000000000fe0000000020000000000000000000000000000000000000000000000000000000000000010000", @ANYRES32=0x0, @ANYBLOB="00000000000000000004000200000000b9d81344079983fc08d34dd657b553530365cc1542cb0a4dd3bdc9fe4f42c4f54ce56fa804355104947be650f17c48495843c56c5e21f9c82f8d86ff3148d0041713481c7d8dfa7d5a4120518f73bc0782ce9a3c8dc12b3808f710d9b270b6"], 0x4c}}, 0x0)
recvmmsg(r2, &(0x7f0000001580)=[{{0x0, 0x0, 0x0}, 0x2}, {{&(0x7f0000000380)=@sco={0x1f, @none}, 0x80, 0x0, 0x0, &(0x7f0000000040)=""/36, 0x24}, 0xfffffffc}, {{&(0x7f0000000240)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000480)=""/153, 0x99}, {&(0x7f0000000740)=""/246, 0xf6}, {&(0x7f0000000840)=""/198, 0xc6}], 0x3}, 0x3}, {{&(0x7f00000005c0)=@can, 0x80, &(0x7f0000000340), 0x0, &(0x7f0000000e40)=""/77, 0x4d}, 0xb}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000ec0)=""/165, 0xa5}, {&(0x7f0000001140)}, {&(0x7f0000001000)=""/253, 0xfd}, {&(0x7f0000001100)=""/25, 0x19}, {&(0x7f0000000f80)=""/96, 0x60}, {&(0x7f0000001180)=""/136, 0x88}, {&(0x7f0000001240)=""/60, 0x3c}, {&(0x7f0000001280)=""/164, 0xa4}, {&(0x7f0000001340)=""/245, 0xf5}, {&(0x7f0000000940)=""/110, 0x6e}, {&(0x7f00000009c0)=""/169, 0xa9}, {&(0x7f0000000c00)=""/190, 0xbe}], 0xc}, 0x6}], 0x5, 0x12130, 0x0)
close_range(r1, r0, 0x0)
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x1, 0xd00)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, 0x0)
write$dsp(r3, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x2301, 0x400000000000001})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000140)="d2ffb49ede31518d65a476b76e4a4e0b75db47c327ab5b7233ac3507e16db41df04709094056af33a6db1e301a74db81f27f6aa6a8ca9d22a565ff96d46e88fa99b284c26c46494072fc2e47da240c71"})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x40086315}], 0x0, 0x0, 0x0})
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000003e001107000008000000000003", @ANYRES32, @ANYBLOB="ad2f1b588e2d909799b925"], 0x24}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
mmap(&(0x7f000038f000/0x1000)=nil, 0x1000, 0xb635773f06ebbeeb, 0x30, 0xffffffffffffffff, 0x2a1f7000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1e1a00, 0x0)

1.223197637s ago: executing program 4 (id=5662):
bpf$MAP_CREATE(0x1101000000000000, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000c0000000001a0000f7"], 0x48) (fail_nth: 87)

1.178847569s ago: executing program 5 (id=5663):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0xfffffff4, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

1.080895667s ago: executing program 5 (id=5664):
request_key(&(0x7f0000000540)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x0}, &(0x7f0000000580)='*\x00\x00\x00\x00\x00\x000\x00\xa5^y\xa9n\x00\xe3\xa3\x89\x90&)\bT\x91\x14\xba\x190\xb3\x00\x00:\xb2\xbe\x1d\x00', 0xfffffffffffffffe)
request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)

953.799756ms ago: executing program 4 (id=5665):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$I2C(&(0x7f0000000000), 0x1e, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x20}}, 0x24040800)
r4 = syz_io_uring_setup(0x819, &(0x7f0000000180)={0x0, 0x69b5, 0x10100, 0xfffffffe}, &(0x7f0000000100)=<r5=>0x0, &(0x7f00000004c0)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r7, &(0x7f0000000280)=ANY=[], 0x28)
write$UHID_CREATE2(r7, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2002})
io_uring_enter(r4, 0x1c64, 0xfffffffe, 0x60, 0x0, 0x0)

918.515297ms ago: executing program 5 (id=5666):
mmap(&(0x7f0000094000/0x3000)=nil, 0x3000, 0x0, 0x50, 0xffffffffffffffff, 0xfffff000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/ip6_tables_names\x00')
pread64(r1, &(0x7f0000000480)=""/209, 0xd1, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r1)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', <r7=>0x0, 0x4, 0xff, 0x1, 0x5c94, 0x8, @mcast2, @private0, 0x10, 0x0, 0x7, 0x2}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl2\x00', <r8=>0x0, 0x1, 0x700, 0x3, 0x4f37157c, {{0x15, 0x4, 0x3, 0x3e, 0x54, 0x67, 0x0, 0x0, 0x2f, 0x0, @private=0xa010102, @local, {[@rr={0x7, 0xf, 0x27, [@dev={0xac, 0x14, 0x14, 0x3d}, @remote, @private=0xa010100]}, @timestamp_prespec={0x44, 0x2c, 0xbd, 0x3, 0xb, [{@rand_addr=0x64010101}, {@loopback, 0x80}, {@dev={0xac, 0x14, 0x14, 0x25}, 0x1}, {@loopback, 0x7}, {@rand_addr=0x64010100, 0x7}]}, @ra={0x94, 0x4, 0x1}]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r1, 0x58, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000340)={'vcan0\x00', <r11=>0x0})
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCGIFBRDADDR(r12, 0x8919, &(0x7f0000000980)={'veth0\x00', {0x2, 0x0, @broadcast}})
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xe0b, 0xffffffff, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}, {0xfff3, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x80000001}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'syztnl1\x00', &(0x7f0000000580)={'tunl0\x00', <r14=>0x0, 0x7, 0x0, 0xe38a, 0x8, {{0x19, 0x4, 0x2, 0x6, 0x64, 0x65, 0x0, 0x4, 0x4, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_prespec={0x44, 0x14, 0xa, 0x3, 0x0, [{@multicast2, 0x80}, {@multicast1, 0xffffffff}]}, @cipso={0x86, 0x2f, 0x3, [{0x5, 0x4, "7388"}, {0x6, 0x8, "d4945d151634"}, {0x1, 0x3, "05"}, {0x1, 0x7, "37b4b1b277"}, {0x0, 0xd, "5ef148b331ee306400a86d"}, {0x5, 0x6, "99d02c24"}]}, @timestamp_addr={0x44, 0xc, 0x9f, 0x1, 0x0, [{@private=0xa010100, 0x6}]}, @end]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000640)={'batadv0\x00', <r15=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', <r16=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000940)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000900)={&(0x7f00000006c0)={0x228, r3, 0xa, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x94, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x94, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x228}, 0x1, 0x0, 0x0, 0x845}, 0x40080)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
socket$inet(0x2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0)

874.115781ms ago: executing program 2 (id=5667):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x6, 0x3, 0x6, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
chdir(&(0x7f0000000340)='./cgroup\x00')
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904000000cafb1a00a8165a426f10"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) (async)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000002580)={&(0x7f00000002c0)=[{0x50, 0x1801, 0x0, 0x0}, {0x99, 0x4200, 0x0, 0x0}], 0x2})
socket$pppoe(0x18, 0x1, 0x0)
mkdir(&(0x7f0000000100)='./cgroup\x00', 0x0) (async)
mkdir(&(0x7f0000000100)='./cgroup\x00', 0x0)
rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00')

601.345854ms ago: executing program 4 (id=5668):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') (async)
r0 = socket(0x1, 0x803, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r4, 0x0, 0x6, 0xffffffffffffffff}) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000040)={0x48, 0x1, r4, 0x0, 0x0, 0x2ac8})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000001340)={0x28, 0x2, r4, 0x0, &(0x7f00003bd000/0x3000)=nil, 0x3000, 0x80}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050004000000140004002e"], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000252d010034001280090001007866726d0000000024000280080001000000000008000200030000e40800010001000000080001000100000008000300", @ANYRES32=r6], 0x5c}, 0x1, 0x0, 0x0, 0x85}, 0x4000000) (async)
r7 = socket(0x10, 0x80002, 0x0) (async)
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f00000001c0)=@generic={0x0, 0x12, 0x5992})
sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0) (async)
r8 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSF2(r8, 0x402c542d, &(0x7f0000000040)={0x8, 0x9, 0xfffffffc, 0x0, 0x5, "6780dced01a66177162141f2149a2405ef57b2", 0x3, 0x7})

410.005458ms ago: executing program 5 (id=5669):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000540)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000940)=[@cswp={0x58, 0x114, 0x7, {{0x2, 0x7}, &(0x7f00000006c0)=0x7, &(0x7f0000000900)=0xb, 0x16, 0xfffffffffffffff7, 0x8, 0x5, 0x2, 0xb}}], 0x58}, 0x0)

409.630324ms ago: executing program 4 (id=5670):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x1df)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48)
unshare(0x8040600)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r2=>0xffffffffffffffff})
preadv2(r2, 0x0, 0x0, 0x7, 0x6, 0x8)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x60100, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c81, 0x2)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
syz_emit_ethernet(0x36, 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB])
socket$inet6_mptcp(0xa, 0x1, 0x106)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mkdir(0x0, 0x0)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x24, 0x0, 0x53f6663484e6643, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f00000000c0)=0x3)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0x3, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_RESET_TIMEOUT={0xfffffffffffffe09, 0x4, 0x4}]}}]}, 0x38}}, 0x8000)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)
recvmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)=""/246, 0xf6}, {&(0x7f0000000080)=""/37, 0x25}], 0x2, &(0x7f00000004c0)=""/249, 0xf9}, 0x2100)
writev(0xffffffffffffffff, 0x0, 0x0)
close(0x3)

291.965928ms ago: executing program 0 (id=5671):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x368, 0x0, 0x43, 0x90, 0x0, 0x98, 0x2d0, 0x178, 0x178, 0x218, 0x178, 0x3, 0x0, {[{{@ip={@empty, @local, 0x0, 0x0, 'macsec0\x00', 'ip6erspan0\x00'}, 0x0, 0x1f8, 0x218, 0x0, {0x0, 0x7a010000}, [@common=@inet=@hashlimit3={{0x158}, {'\x00', {0x0, 0x0, 0x88}}}, @common=@inet=@ipcomp={{0x30}}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@multicast1, @multicast2, 0x0, 0x0, 'team_slave_1\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@broadcast, 'dummy0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3c8)

204.715889ms ago: executing program 4 (id=5672):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000030000005800018044000400200001000a000000000000002d3a000000000000405f000000002e2d00000000200002000a00000000000000fc010000000000000000000000000000000000000d0001007564703a73bc"], 0x6c}}, 0x0)

31.540634ms ago: executing program 4 (id=5673):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a000000000005001d"], 0x44}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000840)="3aa7892157054fd1a29b16969f17b2762d1e9183bc97633ed8eb420c1d67ef7dadd1cb34896a7aa2e57b5ecd64d08393aae58424c0ccc6ab48b8c895583073648575d7edd4757f7f059e50d16468a9386b89eac6b68ccb8367c61b86912b62d0a995d48115800719f2c977ac26cf3ebd3b3d9329f60983fed30074e28f2205e23fd5a75ae2a77789dc36ede5c0973e24db9f3a95f87bc12d3b5cd7", 0x9b}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYBLOB="1c003e00000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="02000000"], 0x58, 0x24000000}}, {{&(0x7f0000000ac0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000004140)=[{&(0x7f0000000b40)="3c7a27f1872da6160f32d597ef419986c1fb9d8b000d07c35b94b45f01cba12b478bf2cd3597d35ac6ed80f0b69e0513e5c700d232f3bb239c53e7d313143324eef9c94580d3e1cf8f0d8fde97521f3cac51c63de488a6ea1c11de2ec14f0fcaa19c3e87f031b0206ac87cfd71921988fdbfdb238669354a3354b329ed84a13284dcd55219246f54cd691b37ee13660bc876597413e59632de9d31b448e81d297c029c7d56f805345c41a5e26763130af85b27fa9a685af8e39ecfc25174a72ffcb82010625e6cf013f01585bdf0ba8100ce4613cd79efa71c40018eff6309fd8586e194c29d07eb6c1bd9f4413014a8b3959f77c34b8a93c9640fd95b0a7fc8e6371f06d8b395698c2fa509d1608997a0caafbf6e1dec35e13e8d15b170784c1e6a34cc118e2d751bdd9a41b8f08ee54e6d1833c6a836f5ee7aa5600eed1170633adea63d15c06156304da05da33c70de6db27bae9c462cf51151034666d10ac46f7a1e8d9cc24dbab3f098ccf546a0f900391b4c80603a27c4c98795df48942d749b3314ffbf7ee26fd8897eafb75262200ff334f377503f02036e12b658d3b97091795ec95bf04adf606ef4aa030cf02169c915a8bf5574066d703ede8fb2ea7b7353f78364ed832bda846a3e845f8abbe25159a36842719e899d56283fdae52101fdf3ab90f18d546f1fb773f04aaaca1711aec33d4edf33418d96be2b26c327e91f555bb301cf1d54b1ad390034c547e6d55c0a16515e8dbcb217f62843f636e7394370000c2465eb86dd0b9254404b621a7c63c28412df8edc2261e88b2c64ce6e92ff7db18f66a72e247a027dfd019a1649ca4cc86f7c0427851b1878ea055f39a855b3555ecba94144dfec930661fb7a2b945f1ee16f12f1636e208d2cebcd6eb320db2727a8b47f259af22e5c2e46cd26d0225cd1c942eb9eb2d3a64c2c6690c715c2075ecee19ac031f304257fad760104b47802280e21be0375a4a92fa85afbc6c82a1df104df0357678d72c59ff9bd2dcd98413754c7090b71093b600efb75c9f736ac8dd677b1bd3308513e9515e38ade6f8ebf08b707d59d6c4d47476e09b4f7998f8416a8f0aac92481eb218488b053969f9edfa6265568fdede6584833c8fb294174137aa3d17828113d4ab4b333181d4d25f3ebe9e60817da22e024b7844f2f9febd3cf0c36099b21cbdc91ba1d9347159e400338a442e9b41d0773c9df34d9f71586d5880fb2b8439ac5cd56958b9493ece05ab1bd2b0bfd3a2e0c08590a7afc7cb0cbe2f2536ffb451f9317e916c9a2cc08c36d370b56683bd484e3e731798c1e69a08eda22b214fea7152c0d41b818b0d22700923cb7749f9d3b12c4516e2bf2c1da1604a46ea5e24af5da5c00f0eee77899be4beb94010df9b4f87dabaf0719c1d377c15ed3294a5342eeed193738affce82e0990ed79e3b8f3de3e7a294fee2dfc620be18d8eb6105d16c90a6ca0fcf45486805db39ff43f1907ed9dd7c17a2349e5abb4f3b9cf37b1ec9b0b6cc8ca1169a2e3ac5d49133b3d604324a571bc44ab5fd931b3e1f2338ee8f5d22e62e1786a8e385dcdc30beb32ed6d1f62646a50ed3c39d908309bf2637ddf319366b4c89dccb052a9ef2ad3083d57a2aff97f72be6643126c566055aa70cbdd1c5a8a58d32dcb7e7fd4c9b4b293949aa52f49fb2d3d70b4085702511e4e2fb0a1f69146efbba6530db77338506bdf63a083c1f11607ed2642196f19c9d072e332de3ee424483792d05a7250fe16b5842798a2679e33b17948c247db1f841bd97c794a055f854b67aa0090da1b58b1f478051949bd1a220eb56d2759b9f793b77c525d10ec00d8b08abc37100c23dff3275ea4dbf7abee0dcf783feefc47d585df0e16422c5556b4f053c7caad7be4d1b7fa9e42c226d5ebfe9bdf281ec83eb3b2647a744c80fd467efa29613d43df8f61b278896915575cdeb9e58f73e24004be0043107743a537c6ef89e4252c78097307792e6b6f44d964e739df873b5674efd5ec6b5ca46e5bed8f37850d2ebffa7d072d5a650a36679f4bb05b6ecf26dbb044704c33d1805969265f751afd8208a7b67c67cffe6e5f96a77d418ee6f674f78d641ca2d432f8247d487c2222daeddfaf8f09c7179ca68d157a0668e72c7f26f4a166d5d53e08e18397cbbe07b594669be3ea933aa8fd7ca9a8a507299a690c28d7414a4f56da82540b626c7e4902e36e133826f0a447556c072ceb6824cfe10fd63e9a4397820edd72f3e77af2858df9cfe9b9edb32ade3ba709b99a951b0a66f68671cbb7c365e254d3075d426702a09277d758618bd5350b8778074d4c305ea7cc10e9720afcd3f9fe96618018c639248df622f799f095273bd0c137e5d13e18e3d14f1ba1227822773fcb5ffce6ac1a97ca36d5213de0c3c56d0201ee5d5e7f98e89d67042aab36e348dcee89401a945e896dab888a0418c3f2fa2f156f5c7f1a338051174ec17b857fe688a56d76002282e6e69f4f84d2f3ecee00f6476908623693951b7a56c92c9afc82d1af6ff0cea3458a475fe4d4b51aedb7568af8e2d2a63a8db5b5f0e1f810e78c3aedce19ee48377699f4f26ed433de617be0215338815e8374a1c8bd0542a1ed4c68847775714cbddf4556b8917802536fffd7fe2f6e04555e2a6e16c3616b8e0d2123b0b4a094d96d308c3b0dca9b14beb960b07e77af08ec480c4617ab57fa75aad53a9e78fef742833bc1f6456ce66027dc7b51e34cd7e7edb760d4b6b493eee06f81da0aa73a1a3d02a1403f7e7e116060206617c77c541c674101094d9262a1d5e7e9ad3ffa45be0f3aaac589e1ad8a842b0ca12ea4717713e93eef6b03a21ce98bea897859b6ff88a002c0d55a777b5ae15cc7f142d42f860adf22ace87dfe75c36d6d6dfa35662bb138fbc1d832151fbc23a0249ff46ebf59efb29df65f0d075fb2d11499245d323170de065b83c851eabcc27b309a163c6e91f70ecc402b702b1a4f1d04108a1bcf26ed6f20134109eb4c4bb0549e62dc2277992d97ba0be2c292691701d208d2141decfbd49b35f864fa03f76e5cc13befa88c139df82dcd99d76f1bf65d594f393280cf27dc858113d5e110810620f52fa87038f17459f7c6353e9776b52295c11a6f4bd09d55d7f5f2a6c16aa0fc91d5a89e82e581b2f3d8f7bf7953518a27eeba085699c2c048a2f8d22049f618b70ed10b46a1a8e6ae11212e98c794079e4eb9002750d4e034cd5c39a5197c2e21ffe0cd20d1412495f2ac929d137fb4f24c77e2239b45dc7e0dac0bd47225e09c0efa15ea4a194caa7d46914cad29f987824ceae2b265bc8c219332222ce7e6d8b7b15667acc9fac8746ca3a91a801ee82f5b7ff80413aa34d362ade5397f67544869236f40cf8331d88e92d6f8b48337913d64508422b2edb468ccf7cdb7c2eacb24047836c2694fe7ac327a90634e30102287ed8f7d1981051b35f290972617557cd36d1c8f61fcf684219eefc65cd887a7abc4a7f04c5826353994f6a12438582385fe58f1c1058b96877f2e9b2c389fa044b2419fe263724fa7c7659b5ed03f9a1203cc4397fbe61af6ca62cd32daad543df1a6c98562fff56d067fb54b6873046e93153144610fd70374bf577ecf623f5e4c3232a245fc0a740ff12fe7f6f356c574853c1bc467bbeb051a30351b46d483f698d49d78b61e7435be243de2c572b7ed84cf4f4777aa0b8cd82b7086db7886b1df2824dc243b5ee57d490728c85208687603896ea140cfa81b9fab198c432afca156ef405579b331cb6773dc2744da5bb0922a119f867c651c2be9f45aaa2b60fcff13530baa286314a69fbdc20830532ebbee459c55393a031ab3f53d42ebf4815d994c484235763d52a37f4f20d5437eb3d30eea904c3b66fe733856441e5a998eea26008f8df5dcf0d71be02bb4e1aa6f6c7c3ae16a9d25bfea9702c0693adf51c5aad0c82b77d082c262831d8d2f6600c04b973e8ce4bca24a0d83e3503e316a083a54b5996e15bbe8547800c244cde4267a3dbb83c7617b57d5b0fbad5f364684bdbc3adb35fc33e743ec511a259f7f83af99e5b63cc9c5c38c9bc69908c265041ca4b1502508074d7067a99958f303bd1688b7d87165323c54a0aa75a3ae5281971aad1542cdfb3cb913a12e7515ee006c86e6c5605bc4eef52911268cc16c1e4ba5d2a8a94d0204a0a5b111d82af7c787c0ae5442e4338fcf1842003567d9efc1a74a3a72b96a6efc5f60b22bc4048e72dbdb192e2bc08a35bcb4715a6630a08876b6881af329e83e5d5abd551c03ddd1d333091d592b21e73e6719435fc4f0719870d4fb354bd64013d62e86ca414dbc2ff2671a3e2d5b490a2fe23520b258e780d1d28285e0daa23009e1a830f37093d0db35c80941f488f4bcb303e3b04898c9e483e962bf4c9670c3fe79a3cd416bd8b3043e022f0d95982a43c1ee24e182a407eb36f1152e37910a59af3a07c613f4a8250f7c87d6afafc6f5cb8a9548ba20fcc6caa04c282faa661efae0c916e95205b32f720317838d9698c64ab266b78afa1b838498a6b468e1ffab5c10b396f6b05e81d4be89df192c62f0004ed3ebc31f94d28ceb5b582121aa7638f147910177f255126584fb408a5c5482b344e3eb8e0ce4959e9db17a960f21ec9042400ef31ca545dc1d43e988bbba543057e87cfb961dc4f9e8e3ef6fbb48ff4d098cc6d1aad815e9411483ffcbafe3638e96fe6469a46de2adab6adf7260e8f4c04378cd0d3880f91931e64e637a361a1970225dd111b9e15dd4b4a89d5d724f2c827a3481a8a84d574f57d9fddeca68771133032bd4c1c59191b3255aaac2ae7078c130eca8d83b22b11ae1498b1942411bc98d163bcb65db4eb0720ac3b0b0108576a4c42746f722d92a57c555416487d3232e3baf625a4703d5a8bc3746cd61009c4137e4494824427a01eac210602c574746d56688222ef188b28455f3be655ba39b90f904c840fc0397c559c8ba88613f16b9c0514f1e979c6eff7242821fcac9b1ee67a88394c7c3a123d08d0bdbe812b79c6aa8497dc3f4fa61e5b11bb81797d03e7a5053c80125efa42321ee0eb0d60144644284e5a074352b90b471d56a7118929465f8186960db39d891887c37f900e700616938778ca4a4807d13ececa32c7b2a3cdac89c3ccdecfc2262c1c4f24f2fb6f37f8e6a26855fc7201824a6049a1e6a021d0e9bc0955a7b5c1b96f14a93b27188b3de52bbfb89797e8ad611f6fe56207cbfedd00b6375ee73f849d96af98e27e7928e929d29d1682283d06086276d3dde70f0df2e196aaa5c27500508887729f97880b64dd4b024cad77421ff6d5652ee5fd2deb77e7e0feb3c788658696630452df8ea622291a523dfa3db67f2462cc369d3ac2e35354924a939aac5e53573004f38fca9c34c80e140a1d19870387128322996f056ea613484077b372ba2ca66acacea22d066dd1468800f27c95757c9c77f252bd189ad43f955c1f97efc283203aa92006ffc2668d4c88a2a16a62ddc7fac2100475ef9b1d4fc68e83a4a3f2324beb80bf716eb4a2cef88969d27459f3593116af235432bafaf230b6d3f8c4cafc9797a33f6426f1c5e0ebe57cc336aa2e5c5a11e76c09398faf96fc8100f01da94a178a9c1e73e9f7bc30eeba137743ee2e66c9a089cd09a940463b2fc2f036f02a30589c32c59cca01136f43050651c2a9b97965fca660bf23dae16a821b7caae8250c1412fc0fbc2ef2b1d91ac28670723422877d30aaab2c609a2a2a9870a6c", 0x1000}, {&(0x7f0000000900)="6d7b1786a9d6ebfdca7fbc2591b2fe93865de10e98e8186ed7c1935623b14975acdd2099e0aa17c724a693a6a9af81e72a2e989ccabf26e18aa9a6e85e1c932b43cc2f63c31f73e7e6a4acc7cb6d3324408a3144bcdb42c7814e765943a01b612d0f156aec943826b59a93ec26e4a8af1a37da58dcc68ada0269ca85d508479582eab50119203b9e01a58464192954b40c88cbeb53580fa6582d9ca2197169459ff4d47f859e25eaf24ceaca76d06f65a6e44aff646e123ea295b603a9086ccc6228b4f541989e821cff4c120bc2395f041f47efbdeaa4e865b904436ee596210fde543c1de83c043625", 0xea}, {&(0x7f0000001c40)="b9e5c5afb4280ad52ce8b944783fb7faa44c13909956da0b39ee77e0801a77ea9bc1bf95c9a3678cb25f6327c3f83ddbde87afb85034552f98556ec0c5206535da30c885981a992038147df86ad48b910cd1138d4d0e3b7731b16c0d4d1279948d52c9756876690e8904a95be6f4e4c4743180a421cad216554b7b38a9809ff033f705c361941ce523c0dbf11c473fd748b50e8d2e9f5b680490", 0x9a}, {&(0x7f0000001d00)="314aaa01dad142c6e30ac2129f37c634a82ef7199951db745c94767e6eb5d334ad48c319b8c83f51c9d1e86dd96f291671a98281c78551f0103a88fa0c398442ca4a1413fba20f8dd764184c06de0f69ae158b86f52fa2733ca6fd7c42701cd05ce9080f040de1a2764f358cb04c1438ff75461362a7adee54a3cde3188af0b9b6219e663f55b06134ebde6febeba6e3f01c1bef2485ecee964378c2a68fb48ce022d87375e7791e5b2693ddaefd90778fcfe7859c71f74593dc884b55a52a21d2dbaed43448e697f8c102", 0xcb}, {&(0x7f00000062c0)="1594587f22ea78bf458cef2040f987ce28180c8596c207b7dd852f63ba2ec4223ccb00a3513aa9a4e3e3fb74c7fdebe48284c3f1ee5830df3d25ca691a8fe51a8bd8b48f673e2c1e9d722aa72a36fa85dc72fb739c2b3dd9db0cb9196fb845ef04498ef0e9df7be5d754bbb66521938e0abc02978d2b31e1bc2c48ec0112d50ea34ec7a0535ba87d8cc48ef18453ea078393cec73fe03b01b76e5f8ffe0c229a9eb873755a7255a402b522fcee5b76a399fe027645b678088bf8edb912e022ba1fa7bc5f2a0a32a17e655775847df108eaf3f5fbde544f28a434dd532e1cab0c49b8d04e086f9484c5ce5b780fd0e2e522721c2988cd4b4c26204f690971049a1d69d8cc7ffbe8c5e23d7203fbf1f8b5d4300b431ae4aa0d89e8f37bd29f5dae922055e8641d71bf0711db5efb0f9d85e85d31357e81032e3cfd7c1baddc7be34f561054fdc06cbd2c4b61429bccfbf3689e52481db907a18713db38302edf556cd056bfe8ceace1fba6decf6fbb337e9984e97f24e0e43e476c71a1da25fc84ab51fcd9e04339bf105c87b1f191f407dad49971a12e2ceb436fcf5103248bb13b2bc2c5e0d83116761403d60e6dc2f5cf4b01378f133a94f5cb870a69c7ca9fb90aa785f80d3bcaf99b3276b41e1aa6fde9f2d17325ac412e55c96fc18a5b007198098182d483f29ce0dadbd0718dc7dca5a2d95e0c7c75273c1e9104c01cf61d22e7633deb75f93a7bc41d4c21fbf553d48b7732be50982616285172e6dc9e99c54c27323f6996fc1f2c6b3e782f113b72432d5bda04ebde63386e3caa0d2efd772c19bb1af3fb73d0d905660281a6042131bf2831085354250c64c36f201187c01d753295784c2d76331b31b7fd086d7956ed82ef8589672a0999fe34dd70499a283abacd84c72242e0389ec50a7e096e43eb32102276e5dbc6a240d7ab80df8e6400afcd4cca5d6e16f987fda96723379f5ff01eb10d22302d738e535dc63f5e3cea160bf912e8b081ec2bfc56d45cbca235b02aeff8f642883489892dbef5c48a452c1ca33906bc474ec3ac91de943f604861bdd63b61fc70d9e7f20c2b80501bfd4bb4b07f2b4a380ded7b63b5f520982d19b5f400f12834d6fe6fdc1a9c1033b5816460cefd7e8cacce64efc7928fc12a7b82680ecbd9735b88e98478ca0bc14b9def5ecaba3adc473e1f8f30a019a1b5e60767191bc339e2766b9d9f0fddedb1ba10f7eb90c7290855bc24f54193043859dda3013521f206ba8f669029c361bb0bf3af8d9b428905a89cb9c5ce7bcfa6bcbdfbc1c49f5d8d141aa959d51ac340ab9ece4fc2461d616f3cca131e32d782b9b76fd3de39a64728675316387af6872d9c00acb301009d2ec2d1f64a29de60cbfa49407e59515c122881022658968378e9e9ff557ef37ac57e9007938e362b735907e6a8d50e4a724f5dcd0a5604412092d34d4f64d27e46aae8dc778287ab118649a64ab254a2d5b71a1dc09da5913b5480ed9c249ee8f51815d9048fe1a6da2ea68e24c6ed4e372a65605f9b1043ffff7404efa5b543cc15b1611e6de420581a658607d9cce0075b16ad52887cdea15c00a195dfe186037160f0739a5420700ba91d02b9189bee325abdba8dba3678c3739f21618d307eeaa0a1036cf1bc9510df8df0d3b1c6afb6cbb63dfb948bc1afb86f919ea4c39096c0ad7b06d9ec72b4f12275cfabe1d1904d52d43ca70a1832049c4a1255d8fe256fc18f8f687977b32667d7bd9affd10c321b907363982e50c26b825e92f0211ca68b706943c8939b60ceda1b21345170fe7096f88ee6f9c0246555bfce95481bb78104aab6f55fd29ff67d7dd760d2a370283ab36d9eb60a983256cc9f809e2c8c77d963d256bb2a4d76302558277222d70a9d8ed50ec27d67ac4b6c14b1fac908f9a0c0e37100d63ad5015f7e9d36d84132b2396a30d4099990d040e6b95b6a100bceebb69694955df2c9c9b6dff5e08cfd01a650d685d0daa69b8e66e600def9ed4c7bb836b9e0d13e7994bc151a03626bacc5b88eacf4db99c8cc1aefe53fe66bd0deb07a9329c9d333cb811b2e2d35d08b69b894fd699f81ea9ed7009df6858fe6d87501e7bb3439bd3c18106765b59884f04a736d2640c2a961c2439c8ad20196601a20552a12870be0eca70bca767ba533aaee6761eb2315f87d90701c841da26d7a479d6994029efb06f6fd9b32effcfb31e392607f53f77e1b0523a49aba5118143899004a178ca828b1a8202eb3cf70e64b40a42aa2f5239f1da6022a6a98d3ba4867ca64108259b6860158961350a5010404d4238a3ad3dec5471eb5b8b439e47bb61eafe34325e2bb717688d1a9747cf1ea1483f91668b2abf80ab9908ce24d2a042b5fff6d89dc9d10653e59885dbfb8352ee5c0e42ed7892bcc6580d891e510a9117ae27394ad224bfced38f44dbd51d793ca5eb31451858c8f1ea86bdf8929a0a687a23b0239c633f8b4401da10fedc45a5b559b4a6c96fa0806b90576ade0844cb431955a2772f967410ffc2aecdccf0e9aa425afa47c3ecc78f2827f201da3588460f2c0d94f21be6e585a4a77927aa205df14f3d3051c6c5cc17e6474a996b9c75610917dec1256bf2b2eb5b142895b6bcd761e994acd4fac9f1d12387ae6a07305be1658f18ea572c06327b9b4098c2fb9cf51effea2b8d99bbd069a61d6a4caa1081134b069b747ef6c22d89b864f5006b0e2a581e7feed62347bca371b388bb31f6f9024cecf15561e61f010a86cd8aa6b813bd766195ede196bcec08e7003e62063cb0d626dfe17ba43c2ba1942a24b22594e098d5c07bb23aae351e73485942869f44665188c1f4fbbb60ef97a4d2331a1e939a42ce501bcd6d7c9ce9599d4e95860879a5c73b37ebd055ad45fe67cfeb04a0db2dfd211eeaca57f0599e1ce6fa6cbd3aa739c035b3b141d8642da6ffecac17745a74e5531d04b5f4eaedcc31b2d033a6ad205e1b1c9d8e1cfd77b71b7d3d41977e457568c48d5066d9be277ad62c6a41444cb52d3c801a0dcd2c489fd3ca7c80d12c3152edd6f571d9e8fcdb4d548ec9ad4a7d597efea2dc255f7c11f2317575403729808805b719bd066dcafd8934ea116b2bdd21bc70adc46da80d7be8d3627f93aae2ad9aa58db0d7c5b0422083c2ffd2cae831b70d394b2fa3eb9fe28122c1725b3519fbf78d8c926e5700414c080152db02f9f9cce656b2e9cfddb15ec511ea919019de5bb3a587abaad0e3efa9ee3866d5e7b8f0cf7b4567e02c1e18c53ffdd4c4463ceae6b4f425911abd295099f18c75eabfe7c13d0f794e2c12b5762c91c07e3e464b4c30ee515713890f46ff9e86bf641be10baa903770e88c3fd43708b0b575fa95c2e840811ccdf46cd80b8f353817824a514073f082651df04708d364ed1f3e5a4f86132b749d78bc8877c6b1d60a670e9f9237da4c188da6459f69626390c9881e78aac08529d0f29ad142ea04ebac3e4cc079ddcfa4822619e4eb5cfd00b95aeab504b99962faf1bdb99ba9dd5e48eb4e40ac74bacf320abf40898eab51e7d46775f54024fedaf92c9730791d5293a45c828cfd6c81686fcbe6e77622cf9d7b806f11f4d0c8dffe4bc6775c87bf2ae8e271203e53be8e5a513fdc2a0d92d3c1d7dfb9a76e1cecf43f952179790061ee8f00e9a64b260b55ff1115b3c7142fde6b1996420fed7089170efe86cc299f35e2f103116b65a72352154faa442cd0a8ca6537eedd06f0f5e5ab7230ac85cb97dbc150106c217ecf8ad53cae20026f82a3ef6d5afaff22489780d90928ae5106ce7d3d030810b4fd170d5d19deeac05bf97d5e799d1c5c344375fd748ef12ee685863fc64dc27b7870e046bbbe924c03080af7e4b3fc1ec37a669a08898d1ab71806fd948d63df8bd2e9fafe87b453cab5273d87c21f4e0ba809cde2fd9a04c3f9c6f207425674504953c0c1012309ad5162e047eaf5b652712712b497df304b3fee171f60b99c427ddf716a0a1254a899ba46d0707442515a240ac46bc4900d0d0773954750ae0fc5b1f056836507ff6b117f40a69c72035751fc28bdb0d106251df3562fb13c359af1a08ea09a8542db7a9cade24f5541119a7c25920d1da0140fdd280aeb2fc635d3703686d960b25cdfe6e13b295adf697c51a288dffa30bfa368bb870db49865295147476ee9ad37acce8426812ffbecb5841c7deacbcbf689b4df52194c206b5c36a2fa7996f1cec6074c84322f4373f0158ec330dcad538c0b8a59c1ec65dc4dcb8727b7d76a3d3b226222061067f399abc0f8fec2e36cfd0179904fb593ab116c3183b722133ca487873113591f219c4dc5bcad51567dcb40bffc7d2bd0375c840fb5513a2af03497a0726bbb4a0c09895eb842fda2e9463ef1afb28ef1a1e3b2a62653990772f247a8942249caa7062b1db927095471f81edbc21efc4dfa4ec81ee84b3c61654702c41f0fbf780c124e283dcb7377c40ba8f06c7099a680edb489b865cef57fcdb73b34f7ef5f5b574cf946e8b7ffb346763217367f59f07f3018c6a8ae554a45f568990786cba763b01d70d6a4dc9e4abe29f9cdb482113c6fd8395e9386313e7881e6531f21dbdd8cd338c61172b31ee6737e0301aa28b09e459132b3808cc0e6f6797c1a83e6a556e42578ce95d77a3e3a82e6f3376540a37abbb94acc60cb669e95fc740909a895eb32a29da7996c6ac549bc8bc9ff7847fc57f8b0595175aff4ac1b309636d1651d9cd0085221fdc9250451e78e33f70801131c0db2ca26cdf100edce370b7fc6a0402b1792ce75098a0f0872932e77c72c30b2d46ac7623009d178617d750cf36ffe28966c4f7c56738dab522d577d7c483a92641d320aec2974aec1e3da9bb2204e5862dc0cf3530e9be307a5115badd05e4ee8230132872cde9949d6abeca7edd9a7aed3734dac1519d53d21bd47e260a8062980473af8a0795f1ec61c8d61f1d546fea7960e56837d061945055c1403bca9787e42aa00119cc8d27b267a5327258b737323f57c7e042e147fbd37fc9e531f260632a5fe54cba2d2efecf95d216577854156159ac8a7e22cef55404b9054c9946c7da0b8ef0769000fca15070b3d349603e55cf009b688711ce402588cc5643a458d445ffb2b24b9db17dfc7f10fd5ff7aafcba06e30c681695867a14a67723e544745fc4aad5817a42f7c3d73d99209522608223c76fd4898d9f91ca8c1285386a0d72cc8df38f55e36d0cc349b38355d53610c8bec03a073c78d41d873e75fe5de449bf720e5bdbeab4c7956f767a36a1b200e493bdad74425740b90390609141a7601cb14c95d49340b60203c2b7ded8bf03b551102f5afa3c1071a57a44c7e754d499b7b6c65749c52456afc74993bb4c8dc17581c12c2fa569329dfd3d0cdb9195e15758ae9bbe36d457d7507ebc440f0dff8227034e42c4cc1867ff8fdb67fcea7811bc713f8cce2138456763c577b641426f2191328b0585a983df0b522d4cc537975d11c57b23af68e05940a11bfcb7ee2d22e6c2f1bcb4a73ba4a925036066a365ab4cf9b01ee42e3fd0519c7c0a21b35f73922072c6778957c89eb6ac7d5fcce47b7938f7a3f16a978c97a757469fc212ab6c729553ee1df40a8eb0f8421520d79aa3aabe39e2d81f39b8a1e5ad7de9affa378ec267278aa19dbc26acc5b39efc19d585c4118d3f9b8cf72488070e98f7666e6a4b6b053aac29048bff87829a003e2f6c03b65f15572ca704961d84bd58e730176d04a3293a9e497aa6e3be5baa0a1f2beaf92347cc", 0x1000}, {&(0x7f0000001e00)="40b552e67fab2aca703c5ddfd739e8832ff39914947413641718e3e96dd7e9093b4d6422487350c1944e0f5c02dcee48ef18b75b0ffc48439a3138f7013b163e918513a57978a50c99fbec9499d2b9a4cb7be203a95b51e492878fcaffb3f8be875d0df021877a424db5d8ea7ad8171977879912", 0x74}, {&(0x7f0000001e80)="8ec2c2372a5da129dd0c7c7dfb356b8d47781d2cbdc1db31f07c9d4652755e481ef092d3fe1b540139adb349f92d40b13931394d894f421efc16457128bf31757a85863f6424c232df862fe87a0dd1a3622556dc195220c46132fad39c8c86bc51d7582f4eee307fdac10f4f405a3b456ce4d7", 0x73}, {&(0x7f0000001f00)="cc2a04e9dfdcf7ccb3c21bcb349a139fb4d4ea2ca7c75218587e61822bb226d72ca92c1ca1d10433147fbe0a273f60a28f18c04333a9ea25c4cf0ea1288a8964b29ed15e0fe61bd80eca9a87b8a4bf244b6fa9", 0x53}, {&(0x7f0000001f80)="2ddcd02877e90364d5f43f47f1cf26666afd281463426e52c3e5188efeb3d87b652bacaa93a95e9ff7ca8e8f60ba72d51ead92c706106fed1d51de9d8fcfb8ca0833bb21ff94476bbb0969f35629d1b315584631086a27850c17017c4dec348c73755b203adba53a0ea3c57a04991356afa57a39625815678d5aa1df9a0638f9d19b5252e741fd0f972cc278de5de6fbcdf686099a0616c174a6e9c81ca8d1bde647f8f952a4c57524597ce0781cd73027dafee604a6c7b0f21f0b6d10b167c98bf204418482f2bf3cb05bdb81b0df45c46ceddd4273106a4e", 0xd9}], 0x9, &(0x7f0000001b40)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32=r4, @ANYRES32, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="0000000014000000000000000100000001000000318c855c50508c4b1104f2044a3f020625453069b16d1b1a9981f5e488a8264a5246034907341b1534acebfcd10c3400861a9e73c5db382468285ac90adfc4ce208d196656ce76", @ANYRES32=r3, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0xb8, 0x20044008}}, {{0x0, 0x0, &(0x7f0000008480)=[{&(0x7f0000002080)="87cbf6e681d6cbb022db7a21c3f1a4b947dd5fef66cb9d8c1c05f686829cd0", 0x1f}, {&(0x7f0000008280)="b1022602f3de39bea21723647793b95578faddaf7397162c5fee7cd26e115b15355d606064901b932e5816608a6ee288ac397fe062374a012a794edfea50aadd1d4229f212d6f2f1e3fdae9de89cd95591dd14638fa6013c7db974f2225d9292026b80971c1c8ff6e8115676b211acbd5c0b24d75b5c455af37401e8d1303fc18aa1e4182b95437f4db5181892541cf511ff4d73c492", 0x96}, {&(0x7f0000008340)="d8bcf769018eed7fe4184510086ff348d4199ece448a053e937d8f1573b5bde018def9c922f13ff24dbce60fd83175f916082131792bf82941c857fa1b70f9e697988cf865f98d9517c8985f69984a5ffcbc39cf94cb7580f9dfd88cc23437fac50a72cf6cc5114bb88c3cce6fa87e9effdaae0c6d32a02c5e05dec89987d64d", 0x80}, {&(0x7f00000020c0)="b160bc2ad0fa7857539a92c5f8e0ac489e15328ab0164a33f4953f2cb8ff6bb8ba4e94266660c81d25627f2a91d59cb3073c4372", 0x34}, {&(0x7f00000083c0)="808735987453ec2e9ceed143f070c9afc4851debab0b532e446f55e25c6556db2472b6c4e83626b4be4c33d5b71139e2d65f162d3619c7a22aa0980a0d8840418106f89df4eda1f368f8d387066eed0832d7e94162bbc40d3da7316dadd0ee045ae6571922064ad1cdc53f3eb6d6828500a9c6ab76912318e545359b3b380797a181f6d06bdbbdb36a6226cafcb8b84632030c816ded05b5594366abc0d138bc209822bc19634b52f6e390a0489d423c2a191d9e11aeafd858d692", 0xbb}], 0x5, &(0x7f0000008500)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r3, r4]}}], 0xf8, 0x40010}}], 0x3, 0x40001)
recvmmsg(r3, &(0x7f0000000280)=[{{&(0x7f00000007c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000480)=""/205, 0xcd}], 0x1}, 0x76}], 0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = add_key$user(&(0x7f0000000440), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffb)
r6 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r6, r5}, &(0x7f00000005c0)=""/208, 0xd0, &(0x7f0000000580)={&(0x7f0000000340)={'blake2b-160\x00'}})
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000006c0)=ANY=[@ANYBLOB="12015002000000106b1d010140000102030109025f0003010600020904000000010100000a2401fe070102010209040100000102000019040101010102004a75000905010940000a2a0f0725010209fe00090402000001020000050002010101020000090582090004b303000025010204010461422b47d0c4b288551a2e04f8acd4f4ba02f3ad05408dc15523e1b9ae3fa78dd4a92d4c1aaec9bebd93e5"], 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3", 0x4)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r8, 0x0, 0x10)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_setup(0x1c7b, &(0x7f0000000080)={0x0, 0x405e0e, 0x1, 0x806, 0x102})
ptrace(0x10, r9)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_TABLE={0x8, 0xf, 0x7ff}]}, 0x24}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
recvmmsg(r8, &(0x7f0000007480)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2, 0x0)

0s ago: executing program 0 (id=5674):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r6 = add_key$user(0x0, &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x23, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$loop(0x0, 0x75f, 0xa382)
mkdirat(0xffffffffffffffff, 0x0, 0xc0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r5, @ANYRESHEX=r6])
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c800000000020104ba000000000000000a0000003c0001800c00028005000100210000002c000180140003000000000000000000000000000000000114639100fe8000000000000000000000000000bb3c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400fe8000000000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014000400"], 0xc8}}, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4)
sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="439db5", 0x3}], 0x1, &(0x7f0000000540)=[@op={0x18}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x14}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000005c0)=""/103, 0x67}], 0x1}, 0xe}], 0x2, 0x2021, 0x0)

kernel console output (not intermixed with test programs):

te control event.
[ 1155.232991][T13680] dvb-usb: bulk message failed: -22 (1/0)
[ 1155.280549][T13680] dvb-usb: error while querying for an remote control event.
[ 1155.513025][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1155.541875][    T9] dvb-usb: error while querying for an remote control event.
[ 1155.752428][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1155.758259][    T9] dvb-usb: error while querying for an remote control event.
[ 1155.786193][T13684] pegasus 5-1:0.0: can't reset MAC
[ 1155.791720][T13684] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[ 1155.989541][T13692] usb 5-1: USB disconnect, device number 9
[ 1156.003106][T13684] dvb-usb: bulk message failed: -22 (1/0)
[ 1156.028857][T13684] dvb-usb: error while querying for an remote control event.
[ 1156.238194][T13684] dvb-usb: bulk message failed: -22 (1/0)
[ 1156.252527][T13684] dvb-usb: error while querying for an remote control event.
[ 1156.343079][T13692] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1156.424749][T13684] dvb-usb: bulk message failed: -22 (1/0)
[ 1156.436252][T13684] dvb-usb: error while querying for an remote control event.
[ 1156.593252][T13692] usb 5-1: Using ep0 maxpacket: 16
[ 1156.604786][T13692] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1156.616989][T13692] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1156.638704][T13692] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1156.653191][T13684] dvb-usb: bulk message failed: -22 (1/0)
[ 1156.701859][T13684] dvb-usb: error while querying for an remote control event.
[ 1156.711973][T13692] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1156.752515][T13692] usb 5-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[ 1156.792202][T13692] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.812730][T13674] usb 4-1: USB disconnect, device number 98
[ 1156.875693][T13692] usb 5-1: config 0 descriptor??
[ 1156.890167][T13674] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1156.961155][T22701] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5040'.
[ 1157.287636][T13692] hid-generic 0003:045E:05DA.0030: unknown main item tag 0x0
[ 1157.298597][T13692] hid-generic 0003:045E:05DA.0030: unknown main item tag 0x0
[ 1157.311901][T13692] hid-generic 0003:045E:05DA.0030: unknown main item tag 0x0
[ 1157.328042][T13692] hid-generic 0003:045E:05DA.0030: ignoring exceeding usage max
[ 1157.339923][T13692] hid-generic 0003:045E:05DA.0030: unknown main item tag 0x0
[ 1157.382344][T13692] hid-generic 0003:045E:05DA.0030: unknown main item tag 0x0
[ 1157.398255][T13692] hid-generic 0003:045E:05DA.0030: unbalanced collection at end of report description
[ 1157.455788][T13692] hid-generic 0003:045E:05DA.0030: probe with driver hid-generic failed with error -22
[ 1157.489072][T22692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.524838][T22692] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.661863][T13692] usb 5-1: USB disconnect, device number 10
[ 1157.689620][ T5840] Bluetooth: hci1: unexpected event 0x20 length: 19 > 7
[ 1157.691001][T22721] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5045'.
[ 1157.750541][T22721] netlink: 'syz.3.5045': attribute type 2 has an invalid length.
[ 1157.788268][T22721] netlink: 'syz.3.5045': attribute type 1 has an invalid length.
[ 1157.819375][T22721] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5045'.
[ 1158.013149][T13684] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1158.215496][T13684] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1158.251725][T13684] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1158.279721][T13684] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1158.300102][T13684] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1158.309944][T13684] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.317982][T13684] usb 3-1: Product: syz
[ 1158.327553][T13684] usb 3-1: Manufacturer: syz
[ 1158.332146][T13684] usb 3-1: SerialNumber: syz
[ 1158.530792][T22746] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5054'.
[ 1158.540055][T22746] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5054'.
[ 1158.554309][T22747] netlink: 'syz.0.5052': attribute type 4 has an invalid length.
[ 1158.564494][T22747] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5052'.
[ 1158.573760][T22747] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1158.608372][T22746] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5054'.
[ 1158.659152][T22746] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5054'.
[ 1158.854395][T13684] usb 3-1: Found UVC 0.00 device syz (8086:0b07)
[ 1159.073600][T13684] usb 3-1: No valid video chain found.
[ 1159.144362][T13684] usb 3-1: USB disconnect, device number 104
[ 1159.474596][T22755] netlink: ct family unspecified
[ 1159.479727][T22755] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1159.489506][T22755] loop6: detected capacity change from 0 to 1
[ 1159.504790][T22755] Dev loop6: unable to read RDB block 1
[ 1159.533184][T22755]  loop6: unable to read partition table
[ 1159.570406][T22755] loop6: partition table beyond EOD, truncated
[ 1159.624221][T22755] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1159.853598][T22766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5056'.
[ 1160.013303][T13683] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1160.176177][T13683] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1160.188479][T13683] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1160.201868][T13683] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1160.217380][T13683] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1160.242164][T13683] usb 2-1: Product: syz
[ 1160.326254][T22768] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5059'.
[ 1160.342160][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1160.370281][T13683] usb 2-1: Manufacturer: syz
[ 1160.400416][T22768] netlink: 'syz.4.5059': attribute type 2 has an invalid length.
[ 1160.445708][T13683] usb 2-1: SerialNumber: syz
[ 1160.462118][T22768] netlink: 'syz.4.5059': attribute type 1 has an invalid length.
[ 1160.483148][T22768] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5059'.
[ 1160.616788][T13683] usb 2-1: config 0 descriptor??
[ 1160.645430][T13683] usb 2-1: selecting invalid altsetting 0
[ 1160.863859][ T5840] Bluetooth: hci0: unexpected event 0x20 length: 19 > 7
[ 1160.866264][T22774] netlink: 'syz.0.5061': attribute type 2 has an invalid length.
[ 1160.892135][T22774] netlink: 'syz.0.5061': attribute type 1 has an invalid length.
[ 1160.957969][T22765] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1161.177208][T13683] usb 2-1: USB disconnect, device number 10
[ 1161.345571][T13674] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1161.472432][T22790] netlink: 'syz.2.5067': attribute type 10 has an invalid length.
[ 1161.490920][T22790] batman_adv: batadv0: Adding interface: vlan1
[ 1161.497399][T22790] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1161.524136][T22790] batman_adv: batadv0: Not using interface vlan1 (retrying later): interface not active
[ 1161.559530][T13674] usb 5-1: no configurations
[ 1161.565362][T13674] usb 5-1: can't read configurations, error -22
[ 1161.667287][T22798] loop6: detected capacity change from 0 to 7
[ 1161.687628][T22798] Dev loop6: unable to read RDB block 7
[ 1161.699153][T22798]  loop6: unable to read partition table
[ 1161.704854][T13674] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1161.743344][T22798] loop6: partition table beyond EOD, truncated
[ 1161.760703][T22798] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1161.837382][T13695] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1161.884185][T13674] usb 5-1: no configurations
[ 1161.889426][T13674] usb 5-1: can't read configurations, error -22
[ 1161.898764][T13674] usb usb5-port1: attempt power cycle
[ 1162.021075][T13695] usb 4-1: config 0 has no interfaces?
[ 1162.075630][T13695] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1162.148515][T13695] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.253178][T13674] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1162.332837][T13695] usb 4-1: Product: syz
[ 1162.362938][T13695] usb 4-1: Manufacturer: syz
[ 1162.393304][T13674] usb 5-1: no configurations
[ 1162.402653][T13695] usb 4-1: SerialNumber: syz
[ 1162.472895][T13674] usb 5-1: can't read configurations, error -22
[ 1162.492511][T13695] usb 4-1: config 0 descriptor??
[ 1162.663205][T13674] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1162.685339][T13674] usb 5-1: no configurations
[ 1162.689995][T13674] usb 5-1: can't read configurations, error -22
[ 1162.696855][T13674] usb usb5-port1: unable to enumerate USB device
[ 1163.183118][T13684] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1163.353072][T13684] usb 3-1: Using ep0 maxpacket: 32
[ 1163.368323][T13684] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[ 1163.387555][T13684] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1163.408640][T13684] usb 3-1: config 0 has no interface number 0
[ 1163.423076][T13684] usb 3-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1163.577453][T13684] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[ 1163.587036][T13684] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1163.657713][T13684] usb 3-1: Product: syz
[ 1163.673638][T13684] usb 3-1: Manufacturer: syz
[ 1163.689269][T13684] usb 3-1: SerialNumber: syz
[ 1163.724077][T13684] usb 3-1: config 0 descriptor??
[ 1163.739337][T13684] radio-si470x 3-1:0.35: could not find interrupt in endpoint
[ 1163.755278][T13684] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5
[ 1163.893108][   T10] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[ 1163.967131][T13684] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[ 1163.981231][T13684] usbhid 3-1:0.35: couldn't find an input interrupt endpoint
[ 1164.063240][T22834] team0: Port device bond0 removed
[ 1164.071940][   T10] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[ 1164.100358][   T10] usb 2-1: config 0 has no interface number 0
[ 1164.122648][T22835] netlink: 'syz.4.5082': attribute type 10 has an invalid length.
[ 1164.192515][   T10] usb 2-1: config 0 interface 29 has no altsetting 0
[ 1164.228759][T22834] bond2: (slave veth0_to_bond): Releasing active interface
[ 1164.248207][   T10] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1164.279701][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.322413][   T10] usb 2-1: Product: syz
[ 1164.333506][T22835] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1164.345333][T22835] team0: Port device bond0 added
[ 1164.381281][   T10] usb 2-1: Manufacturer: syz
[ 1164.394892][   T10] usb 2-1: SerialNumber: syz
[ 1164.444624][T13674] usb 4-1: USB disconnect, device number 99
[ 1164.497067][   T10] usb 2-1: config 0 descriptor??
[ 1164.720347][   T10] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v65 fw v224.204.25 (2 channels)
[ 1165.113650][   T10] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1165.173119][   T10] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1165.203129][   T10] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1165.289920][T22843] gretap0: entered promiscuous mode
[ 1165.325905][T22843] macsec1: entered promiscuous mode
[ 1165.349238][   T10] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -22
[ 1165.358625][T22843] gretap0: left promiscuous mode
[ 1165.669028][T22845] __nla_validate_parse: 6 callbacks suppressed
[ 1165.669047][T22845] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5085'.
[ 1165.689324][T22845] tipc: Started in network mode
[ 1165.715320][T22845] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[ 1165.763879][T22845] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1165.900372][   T10] usb 3-1: USB disconnect, device number 105
[ 1166.099963][T22850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5086'.
[ 1166.132677][T22850] vlan2: entered promiscuous mode
[ 1166.488386][ T5959] usb 2-1: USB disconnect, device number 11
[ 1166.576807][T22858] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1166.823113][T22856] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[ 1166.893665][ T5959] tipc: Node number set to 4269801514
[ 1167.068184][T22867] netlink: 2088 bytes leftover after parsing attributes in process `syz.2.5092'.
[ 1167.751103][T22884] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5099'.
[ 1167.763670][T22884] tipc: Enabled bearer <eth:wg1>, priority 10
[ 1167.996818][T22899] fuse: Unknown parameter 'fdë‰öcÔ~4Yݺ'
[ 1169.126994][T22913] loop6: detected capacity change from 0 to 524287999
[ 1169.444156][T22933] Cannot find add_set index 0 as target
[ 1169.682632][T22939] netlink: 'syz.4.5117': attribute type 10 has an invalid length.
[ 1169.884021][T22947] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5120'.
[ 1169.929114][T22950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1169.968075][T22950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1170.173121][T13695] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1170.351177][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1170.357741][T22958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5125'.
[ 1170.413845][T22958] netlink: 'syz.4.5125': attribute type 2 has an invalid length.
[ 1170.431842][T22958] netlink: 'syz.4.5125': attribute type 1 has an invalid length.
[ 1170.484448][T22958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5125'.
[ 1170.612835][T13695] usb 2-1: device descriptor read/all, error -71
[ 1170.748037][T22967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5127'.
[ 1170.863058][T22967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5127'.
[ 1170.914056][T22972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5129'.
[ 1170.933192][T22972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5129'.
[ 1171.028343][T22979] netlink: 'syz.1.5132': attribute type 10 has an invalid length.
[ 1171.043144][T22979] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5132'.
[ 1171.058889][T22979] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[ 1171.221315][T22981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5128'.
[ 1171.290717][T22986] x_tables: duplicate underflow at hook 2
[ 1171.301440][T22986] IPVS: set_ctl: invalid protocol: 41 100.1.1.0:20004
[ 1171.329627][T22990] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5135'.
[ 1171.362358][T22990] tipc: Started in network mode
[ 1171.382622][T22990] tipc: Node identity , cluster identity 4711
[ 1171.403595][T22990] tipc: Failed to obtain node identity
[ 1171.428516][T22990] tipc: Enabling of bearer <eth:wg1> rejected, failed to enable media
[ 1171.766466][T23009] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5144'.
[ 1172.060579][T23020] lo: entered allmulticast mode
[ 1172.067683][T23019] lo: left allmulticast mode
[ 1172.547238][T23033] fuse: blksize only supported for fuseblk
[ 1172.645619][T23035] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5155'.
[ 1172.666998][T23040] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5157'.
[ 1172.675319][   T30] audit: type=1326 audit(1751209804.751:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23037 comm="syz.4.5157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc30978e929 code=0x0
[ 1172.697815][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1173.003038][T13684] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1173.163123][T13684] usb 5-1: Using ep0 maxpacket: 32
[ 1173.178119][T13684] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[ 1173.196115][T13684] usb 5-1: config 0 has no interface number 0
[ 1173.214434][T13684] usb 5-1: config 0 interface 12 has no altsetting 0
[ 1173.228422][T13684] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1173.238146][T13684] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.246460][T13684] usb 5-1: Product: syz
[ 1173.250772][T13684] usb 5-1: Manufacturer: syz
[ 1173.256612][T13684] usb 5-1: SerialNumber: syz
[ 1173.269491][T13684] usb 5-1: config 0 descriptor??
[ 1173.304052][T23062] loop6: detected capacity change from 0 to 7
[ 1173.316616][ T5839] Dev loop6: unable to read RDB block 7
[ 1173.322367][ T5839]  loop6: unable to read partition table
[ 1173.331039][ T5839] loop6: partition table beyond EOD, truncated
[ 1173.342775][T23062] Dev loop6: unable to read RDB block 7
[ 1173.348806][T23062]  loop6: unable to read partition table
[ 1173.359475][T23062] loop6: partition table beyond EOD, truncated
[ 1173.369138][T23062] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1173.485667][T23066] netlink: 'syz.1.5168': attribute type 1 has an invalid length.
[ 1173.517864][T23068] FAULT_INJECTION: forcing a failure.
[ 1173.517864][T23068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1173.533135][T23068] CPU: 0 UID: 0 PID: 23068 Comm: syz.2.5167 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1173.533159][T23068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1173.533171][T23068] Call Trace:
[ 1173.533178][T23068]  <TASK>
[ 1173.533187][T23068]  dump_stack_lvl+0x189/0x250
[ 1173.533220][T23068]  ? __pfx____ratelimit+0x10/0x10
[ 1173.533246][T23068]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1173.533271][T23068]  ? __pfx__printk+0x10/0x10
[ 1173.533291][T23068]  ? __might_fault+0xb0/0x130
[ 1173.533320][T23068]  should_fail_ex+0x414/0x560
[ 1173.533346][T23068]  _copy_from_user+0x2d/0xb0
[ 1173.533364][T23068]  ___sys_recvmsg+0x12e/0x510
[ 1173.533391][T23068]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1173.533443][T23068]  ? __might_fault+0xb0/0x130
[ 1173.533465][T23068]  do_recvmmsg+0x307/0x770
[ 1173.533495][T23068]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1173.533528][T23068]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1173.533571][T23068]  __x64_sys_recvmmsg+0x190/0x240
[ 1173.533596][T23068]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1173.533616][T23068]  ? rcu_is_watching+0x15/0xb0
[ 1173.533652][T23068]  ? do_syscall_64+0xbe/0x3b0
[ 1173.533680][T23068]  do_syscall_64+0xfa/0x3b0
[ 1173.533705][T23068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.533722][T23068]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1173.533740][T23068]  ? clear_bhb_loop+0x60/0xb0
[ 1173.533761][T23068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.533779][T23068] RIP: 0033:0x7feadfd8e929
[ 1173.533796][T23068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1173.533811][T23068] RSP: 002b:00007feae0b78038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1173.533830][T23068] RAX: ffffffffffffffda RBX: 00007feadffb5fa0 RCX: 00007feadfd8e929
[ 1173.533844][T23068] RDX: 000000000000f000 RSI: 0000200000000d00 RDI: 0000000000000005
[ 1173.533856][T23068] RBP: 00007feae0b78090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.533868][T23068] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002
[ 1173.533878][T23068] R13: 0000000000000000 R14: 00007feadffb5fa0 R15: 00007feae00dfa28
[ 1173.533907][T23068]  </TASK>
[ 1173.912535][T23073] bridge_slave_0: left allmulticast mode
[ 1173.918389][T23073] bridge_slave_0: left promiscuous mode
[ 1173.924236][T23073] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1173.939775][T23073] bridge_slave_1: left allmulticast mode
[ 1173.945687][T23073] bridge_slave_1: left promiscuous mode
[ 1173.951441][T23073] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1173.963920][T23073] bond0: (slave bond_slave_0): Releasing backup interface
[ 1173.972326][T23074] netlink: 'syz.3.5170': attribute type 10 has an invalid length.
[ 1173.989326][T23073] bond0: (slave bond_slave_1): Releasing backup interface
[ 1174.012002][T23073] team0: Port device team_slave_0 removed
[ 1174.031185][T23073] team0: Port device team_slave_1 removed
[ 1174.033246][   T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1174.038333][T23073] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1174.052557][T23073] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1174.061551][T23073] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1174.069449][T23073] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1174.115860][T23074] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1174.124855][T23074] team0: Port device bond0 added
[ 1174.215873][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1174.230878][   T10] usb 2-1: config 0 has no interfaces?
[ 1174.238038][   T10] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1174.250062][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1174.258660][   T10] usb 2-1: SerialNumber: syz
[ 1174.267657][   T10] usb 2-1: config 0 descriptor??
[ 1174.477109][T21295] usb 2-1: USB disconnect, device number 14
[ 1174.573149][T13695] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1174.723065][T13695] usb 3-1: Using ep0 maxpacket: 16
[ 1174.730177][T13695] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1174.742366][T13695] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1174.752465][T13695] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1174.762072][T13695] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.780056][T13695] usb 3-1: config 0 descriptor??
[ 1174.856607][T23083] FAULT_INJECTION: forcing a failure.
[ 1174.856607][T23083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1174.872528][T23083] CPU: 0 UID: 0 PID: 23083 Comm: syz.3.5173 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1174.872553][T23083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1174.872565][T23083] Call Trace:
[ 1174.872575][T23083]  <TASK>
[ 1174.872583][T23083]  dump_stack_lvl+0x189/0x250
[ 1174.872616][T23083]  ? __pfx____ratelimit+0x10/0x10
[ 1174.872641][T23083]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1174.872659][T23083]  ? __pfx__printk+0x10/0x10
[ 1174.872670][T23083]  ? __might_fault+0xb0/0x130
[ 1174.872688][T23083]  should_fail_ex+0x414/0x560
[ 1174.872714][T23083]  _copy_from_user+0x2d/0xb0
[ 1174.872732][T23083]  snd_seq_oss_write+0x515/0x930
[ 1174.872771][T23083]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1174.872789][T23083]  ? common_file_perm+0x199/0x200
[ 1174.872803][T23083]  ? security_file_permission+0x75/0x290
[ 1174.872816][T23083]  odev_write+0x5a/0x80
[ 1174.872827][T23083]  ? __pfx_odev_write+0x10/0x10
[ 1174.872842][T23083]  vfs_write+0x27e/0xa90
[ 1174.872876][T23083]  ? __pfx_vfs_write+0x10/0x10
[ 1174.872903][T23083]  ? __fget_files+0x2a/0x420
[ 1174.872925][T23083]  ? __fget_files+0x2a/0x420
[ 1174.872935][T23083]  ? __fget_files+0x3a0/0x420
[ 1174.872948][T23083]  ? __fget_files+0x2a/0x420
[ 1174.872973][T23083]  ksys_write+0x145/0x250
[ 1174.872991][T23083]  ? __pfx_ksys_write+0x10/0x10
[ 1174.873011][T23083]  ? do_syscall_64+0xbe/0x3b0
[ 1174.873038][T23083]  do_syscall_64+0xfa/0x3b0
[ 1174.873062][T23083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.873079][T23083]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1174.873103][T23083]  ? clear_bhb_loop+0x60/0xb0
[ 1174.873123][T23083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.873139][T23083] RIP: 0033:0x7efd8238e929
[ 1174.873155][T23083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1174.873169][T23083] RSP: 002b:00007efd831c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1174.873187][T23083] RAX: ffffffffffffffda RBX: 00007efd825b6080 RCX: 00007efd8238e929
[ 1174.873201][T23083] RDX: 0000000000000458 RSI: 00002000000008c0 RDI: 0000000000000003
[ 1174.873212][T23083] RBP: 00007efd831c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1174.873222][T23083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1174.873232][T23083] R13: 0000000000000001 R14: 00007efd825b6080 R15: 00007efd826dfa28
[ 1174.873258][T23083]  </TASK>
[ 1175.296794][T13684] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -32
[ 1175.305149][T13684] f81534 5-1:0.12: f81534_find_config_idx: read failed: -32
[ 1175.312509][T13684] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -32
[ 1175.320211][T13684] f81534 5-1:0.12: probe with driver f81534 failed with error -32
[ 1175.376348][T23086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1175.385943][T23086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1175.533079][T21295] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1175.675131][T13684] usb 5-1: USB disconnect, device number 15
[ 1175.686618][T21295] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.709726][T21295] usb 2-1: config 0 has no interfaces?
[ 1175.725332][T21295] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1175.736649][T21295] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1175.744867][T23088] netlink: 'syz.3.5175': attribute type 22 has an invalid length.
[ 1175.754448][T21295] usb 2-1: SerialNumber: syz
[ 1175.784022][T21295] usb 2-1: config 0 descriptor??
[ 1175.868813][T23095] gretap0: entered promiscuous mode
[ 1175.874296][T23095] macsec1: entered promiscuous mode
[ 1175.881964][T23095] gretap0: left promiscuous mode
[ 1176.021789][T13684] usb 2-1: USB disconnect, device number 15
[ 1176.089989][T23106] __nla_validate_parse: 2 callbacks suppressed
[ 1176.090006][T23106] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5181'.
[ 1176.106615][T23106] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1176.240492][T23113] bridge2: entered promiscuous mode
[ 1176.246946][T23113] bridge2: entered allmulticast mode
[ 1176.256974][T23113] team0: Port device bridge2 added
[ 1176.307585][T23115] netlink: 'syz.0.5185': attribute type 1 has an invalid length.
[ 1176.315706][T23115] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1176.418320][T23119] netlink: 'syz.0.5187': attribute type 13 has an invalid length.
[ 1176.453529][T13674] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1176.486833][T23119] bridge0: port 1(gretap0) entered disabled state
[ 1176.618630][T13674] usb 5-1: Using ep0 maxpacket: 8
[ 1176.637236][T13674] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1176.659146][T13674] usb 5-1: config 179 has 0 interfaces, different from the descriptor's value: 1
[ 1176.669139][T13674] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1176.684625][T13674] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.840220][T23119] tipc: Resetting bearer <eth:wg1>
[ 1176.946818][T23134] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5190'.
[ 1177.160410][T23119] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.169678][T23119] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.182607][T23119] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.192772][T23119] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.209121][T23119] mac80211_hwsim hwsim31 wlan0: left allmulticast mode
[ 1177.220903][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.220970][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.318702][T23122] syzkaller1: entered promiscuous mode
[ 1177.338797][T23122] syzkaller1: entered allmulticast mode
[ 1177.347611][T13695] usbhid 3-1:0.0: can't add hid device: -71
[ 1177.389027][T13695] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1177.412616][T13695] usb 3-1: USB disconnect, device number 106
[ 1177.495329][T23147] usb 5-1: USB disconnect, device number 16
[ 1177.721069][T23160] tipc: Enabling of bearer <udp:s¼> rejected, failed to enable media
[ 1178.114375][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.140383][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.202691][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.221919][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.391964][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.412780][T23179] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5201'.
[ 1178.662292][T23204] Cannot find add_set index 0 as target
[ 1178.723986][T23208] netlink: 'syz.4.5215': attribute type 10 has an invalid length.
[ 1178.858765][T23213] Cannot find add_set index 0 as target
[ 1178.973885][T23215] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5218'.
[ 1179.860321][T23233] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5225'.
[ 1179.897043][ T6050] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1180.707638][ T6050] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.190844][ T6050] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.227663][T23253] __nla_validate_parse: 3 callbacks suppressed
[ 1181.227680][T23253] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5231'.
[ 1181.245871][T23252] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5232'.
[ 1181.252241][ T5840] Bluetooth: hci5: unexpected event 0x20 length: 19 > 7
[ 1181.258647][T23252] netlink: 'syz.2.5232': attribute type 2 has an invalid length.
[ 1181.396666][T23252] netlink: 'syz.2.5232': attribute type 1 has an invalid length.
[ 1181.434309][ T6050] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.488001][T23252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5232'.
[ 1181.851481][T18385] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1181.864412][T18385] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1181.877347][T18385] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1181.895710][T18385] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1181.905571][T18385] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1182.033026][T23145] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1182.190913][T23145] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1182.233408][T23145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.267861][T23145] usb 5-1: Product: syz
[ 1182.272064][T23145] usb 5-1: Manufacturer: syz
[ 1182.313240][T23145] usb 5-1: SerialNumber: syz
[ 1182.334564][T23145] usb 5-1: config 0 descriptor??
[ 1182.514643][T23145] ch341 5-1:0.0: ch341-uart converter detected
[ 1182.854667][ T6050] team0: Port device bond0 removed
[ 1182.905223][ T6050] bond0 (unregistering): Released all slaves
[ 1183.143737][T23300] fuse: Bad value for 'fd'
[ 1183.330507][T23145] usb 5-1: failed to receive control message: -71
[ 1183.359839][T23145] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1183.418907][T23145] usb 5-1: USB disconnect, device number 17
[ 1183.551596][T23145] ch341 5-1:0.0: device disconnected
[ 1183.819191][ T6050] hsr_slave_0: left promiscuous mode
[ 1183.925166][ T6050] veth1_macvtap: left promiscuous mode
[ 1183.938610][ T5840] Bluetooth: hci1: command tx timeout
[ 1183.957742][ T6050] veth0_macvtap: left promiscuous mode
[ 1183.983327][ T6050] veth1_vlan: left promiscuous mode
[ 1184.024306][ T6050] veth0_vlan: left promiscuous mode
[ 1184.500709][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1184.520190][T23326] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5244'.
[ 1184.577733][T23326] netlink: 'syz.4.5244': attribute type 2 has an invalid length.
[ 1184.609320][T23326] netlink: 'syz.4.5244': attribute type 1 has an invalid length.
[ 1184.622825][T23326] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5244'.
[ 1184.638915][T23330] netlink: 'syz.0.5246': attribute type 1 has an invalid length.
[ 1184.647681][T23330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5246'.
[ 1184.806644][T23338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5250'.
[ 1185.129316][T23350] No such timeout policy "syz1"
[ 1185.685624][T23365] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1185.979848][T23375] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5259'.
[ 1185.987130][ T5840] Bluetooth: hci3: unexpected event 0x20 length: 19 > 7
[ 1185.994465][T23375] netlink: 'syz.1.5259': attribute type 2 has an invalid length.
[ 1186.011905][T23375] netlink: 'syz.1.5259': attribute type 1 has an invalid length.
[ 1186.013263][ T5840] Bluetooth: hci1: command tx timeout
[ 1186.040038][T23375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5259'.
[ 1186.362247][T23338] macvtap2: entered promiscuous mode
[ 1186.370376][T23338] team0: entered promiscuous mode
[ 1186.377120][T23338] bond0: entered promiscuous mode
[ 1186.389045][T23338] macvtap2: entered allmulticast mode
[ 1186.407212][T23338] team0: entered allmulticast mode
[ 1186.422851][T23338] bond0: entered allmulticast mode
[ 1186.431850][T23338] 8021q: adding VLAN 0 to HW filter on device macvtap2
[ 1186.442402][T23357] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5253'.
[ 1186.499930][T23357] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1186.546306][T23274] chnl_net:caif_netlink_parms(): no params data found
[ 1186.773679][T23398] netlink: 2052 bytes leftover after parsing attributes in process `syz.2.5263'.
[ 1186.816746][T23274] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1186.861212][T23274] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1186.891777][T23274] bridge_slave_0: entered allmulticast mode
[ 1186.904008][T23274] bridge_slave_0: entered promiscuous mode
[ 1186.931178][T23398] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1186.948266][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1186.957757][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1186.987955][T23274] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1187.002447][T23274] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.026921][T23274] bridge_slave_1: entered allmulticast mode
[ 1187.051642][T23274] bridge_slave_1: entered promiscuous mode
[ 1187.086358][ T6050] IPVS: stop unused estimator thread 0...
[ 1187.129599][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1187.139159][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1187.229226][T23274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1187.275409][T23274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1187.365456][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1187.374932][T23402] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5264'.
[ 1187.426764][T23274] team0: Port device team_slave_0 added
[ 1187.451007][T23274] team0: Port device team_slave_1 added
[ 1187.870480][T23420] tipc: Bearer <udp:s¼>: already 2 bearers with priority 10
[ 1187.879057][T23420] tipc: Bearer <udp:s¼>: trying with adjusted priority
[ 1187.893139][T23420] tipc: Enabling of bearer <udp:s¼> rejected, failed to enable media
[ 1187.923651][T23274] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1187.940052][T23274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1187.999746][T23274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1188.057322][T23274] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1188.080070][T23274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1188.113422][ T5840] Bluetooth: hci1: command tx timeout
[ 1188.161614][T23274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1188.649426][T23274] hsr_slave_0: entered promiscuous mode
[ 1188.697396][T23274] hsr_slave_1: entered promiscuous mode
[ 1188.714431][T23274] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1188.735402][T23274] Cannot create hsr debugfs directory
[ 1189.477985][T23457] vti0: entered promiscuous mode
[ 1189.487649][T23457] vti0: entered allmulticast mode
[ 1189.672306][T23470] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5280'.
[ 1189.691948][T23274] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1189.743127][T23274] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1189.817432][T23476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5279'.
[ 1189.853035][T23131] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1189.930778][T23479] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1190.033134][T23274] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1190.086507][T23274] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1190.201298][ T5840] Bluetooth: hci1: command tx timeout
[ 1190.208523][T23131] usb 2-1: config 0 has no interfaces?
[ 1190.301357][T23131] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1190.323488][T23140] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1190.332815][T23131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.385560][T23131] usb 2-1: Product: syz
[ 1190.450863][T23131] usb 2-1: Manufacturer: syz
[ 1190.466193][T23131] usb 2-1: SerialNumber: syz
[ 1190.491191][T23131] usb 2-1: config 0 descriptor??
[ 1190.516616][T23274] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1190.524284][T23140] usb 3-1: Using ep0 maxpacket: 32
[ 1190.532179][T23140] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1190.556531][T23140] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1190.570216][T23274] 8021q: adding VLAN 0 to HW filter on device team0
[ 1190.584542][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1190.591704][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1190.605416][T23140] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1190.636924][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1190.644128][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1190.660551][T23140] usb 3-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f2.5e
[ 1190.679236][T23140] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.688469][T23140] usb 3-1: Product: syz
[ 1190.692628][T23140] usb 3-1: Manufacturer: syz
[ 1190.699601][T23140] usb 3-1: SerialNumber: syz
[ 1190.759102][T23140] usb 3-1: config 0 descriptor??
[ 1190.780910][T23140] cypress_m8 3-1:0.0: HID->COM RS232 Adapter converter detected
[ 1190.826532][T23140] cyphidcom ttyUSB0: required endpoint is missing
[ 1190.957452][T23274] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1191.145524][T23274] veth0_vlan: entered promiscuous mode
[ 1191.188959][T23274] veth1_vlan: entered promiscuous mode
[ 1191.369856][T23274] veth0_macvtap: entered promiscuous mode
[ 1191.446498][T23274] veth1_macvtap: entered promiscuous mode
[ 1191.507142][T23274] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1191.540415][T23274] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1191.558551][T23274] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1191.573678][T23274] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1191.600060][T23274] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1191.626707][T23274] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1191.949655][ T6035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1191.984602][ T6035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1192.099865][ T6035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1192.107936][ T6035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1192.715994][T23147] usb 2-1: USB disconnect, device number 16
[ 1192.734607][T13695] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1192.893328][T13695] usb 6-1: Using ep0 maxpacket: 8
[ 1192.911659][T13695] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1192.921986][T13695] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.944689][T13695] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1192.960210][T23131] usb 3-1: USB disconnect, device number 107
[ 1192.973741][T13695] pvrusb2: **********
[ 1192.977753][T13695] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1193.009640][T13695] pvrusb2: Important functionality might not be entirely working.
[ 1193.048568][T13695] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1193.077979][T23131] cypress_m8 3-1:0.0: device disconnected
[ 1193.101104][T13695] pvrusb2: **********
[ 1193.138506][T23524] __nla_validate_parse: 1 callbacks suppressed
[ 1193.138543][T23524] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5286'.
[ 1193.186833][ T2344] pvrusb2: Invalid write control endpoint
[ 1193.224038][T23147] usb 2-1: new low-speed USB device number 17 using dummy_hcd
[ 1193.367806][ T2344] pvrusb2: Invalid write control endpoint
[ 1193.394590][T23147] usb 2-1: config 65 has an invalid interface number: 95 but max is 0
[ 1193.416214][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1193.430458][T23147] usb 2-1: config 65 has no interface number 0
[ 1193.447516][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1193.461359][T23147] usb 2-1: string descriptor 0 read error: -22
[ 1193.473150][T23147] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6
[ 1193.484578][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1193.524765][T23147] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.543150][ T2344] pvrusb2: Device being rendered inoperable
[ 1193.558488][T23512] pvrusb2: Attempted to execute control transfer when device not ok
[ 1193.578184][T23147] usbtest 2-1:65.95: Linux gadget zero
[ 1193.591539][T13695] usb 6-1: USB disconnect, device number 2
[ 1193.615419][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1193.618905][T23147] usbtest 2-1:65.95: low-speed {control in/out} tests (+alt)
[ 1193.640656][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[ 1193.649138][T23540] ptrace attach of "./syz-executor exec"[15629] was attempted by "./syz-executor exec"[23540]
[ 1193.681212][ T2344] pvrusb2: Attached sub-driver cx25840
[ 1193.700165][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1193.738274][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1193.950170][T23550] sctp: [Deprecated]: syz.0.5292 (pid 23550) Use of int in maxseg socket option.
[ 1193.950170][T23550] Use struct sctp_assoc_value instead
[ 1193.975846][T23550] netlink: 'syz.0.5292': attribute type 10 has an invalid length.
[ 1194.372368][T13695] usb 2-1: USB disconnect, device number 17
[ 1194.601186][T23566] No such timeout policy "syz1"
[ 1194.851375][T23571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5295'.
[ 1195.536886][T23583] FAULT_INJECTION: forcing a failure.
[ 1195.536886][T23583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1195.582344][T23583] CPU: 0 UID: 0 PID: 23583 Comm: syz.5.5299 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1195.582370][T23583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1195.582381][T23583] Call Trace:
[ 1195.582389][T23583]  <TASK>
[ 1195.582397][T23583]  dump_stack_lvl+0x189/0x250
[ 1195.582428][T23583]  ? __pfx____ratelimit+0x10/0x10
[ 1195.582452][T23583]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1195.582477][T23583]  ? __pfx__printk+0x10/0x10
[ 1195.582493][T23583]  ? __might_fault+0xb0/0x130
[ 1195.582519][T23583]  should_fail_ex+0x414/0x560
[ 1195.582555][T23583]  _copy_from_user+0x2d/0xb0
[ 1195.582573][T23583]  snd_seq_oss_write+0x515/0x930
[ 1195.582611][T23583]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1195.582636][T23583]  ? common_file_perm+0x199/0x200
[ 1195.582660][T23583]  ? security_file_permission+0x75/0x290
[ 1195.582682][T23583]  odev_write+0x5a/0x80
[ 1195.582700][T23583]  ? __pfx_odev_write+0x10/0x10
[ 1195.582720][T23583]  vfs_write+0x27e/0xa90
[ 1195.582751][T23583]  ? __pfx_vfs_write+0x10/0x10
[ 1195.582775][T23583]  ? __fget_files+0x2a/0x420
[ 1195.582800][T23583]  ? __fget_files+0x2a/0x420
[ 1195.582817][T23583]  ? __fget_files+0x3a0/0x420
[ 1195.582835][T23583]  ? __fget_files+0x2a/0x420
[ 1195.582862][T23583]  ksys_write+0x145/0x250
[ 1195.582882][T23583]  ? __pfx_ksys_write+0x10/0x10
[ 1195.582904][T23583]  ? do_syscall_64+0xbe/0x3b0
[ 1195.582933][T23583]  do_syscall_64+0xfa/0x3b0
[ 1195.582954][T23583]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.582976][T23583]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.582994][T23583]  ? clear_bhb_loop+0x60/0xb0
[ 1195.583016][T23583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.583033][T23583] RIP: 0033:0x7f787778e929
[ 1195.583050][T23583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1195.583066][T23583] RSP: 002b:00007f7878514038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1195.583085][T23583] RAX: ffffffffffffffda RBX: 00007f78779b6080 RCX: 00007f787778e929
[ 1195.583097][T23583] RDX: 0000000000000458 RSI: 00002000000008c0 RDI: 0000000000000003
[ 1195.583110][T23583] RBP: 00007f7878514090 R08: 0000000000000000 R09: 0000000000000000
[ 1195.583122][T23583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 1195.583133][T23583] R13: 0000000000000001 R14: 00007f78779b6080 R15: 00007f7877adfa28
[ 1195.583160][T23583]  </TASK>
[ 1196.661500][T23604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5305'.
[ 1196.776944][T23604] macvtap1: entered promiscuous mode
[ 1196.782447][T23604] macvtap1: entered allmulticast mode
[ 1196.818065][T23604] team0: entered allmulticast mode
[ 1196.867457][T23604] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1197.107565][T23623] netlink: 'syz.1.5311': attribute type 10 has an invalid length.
[ 1197.118918][T23623] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1197.233061][T23145] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[ 1197.379354][T23145] usb 5-1: device descriptor read/64, error -71
[ 1197.523129][T23133] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1197.553105][T23131] usb 3-1: new full-speed USB device number 108 using dummy_hcd
[ 1197.656446][T23145] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[ 1197.706958][T23133] usb 6-1: Using ep0 maxpacket: 32
[ 1197.760626][T23133] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[ 1197.770520][T23133] usb 6-1: config 0 has no interface number 0
[ 1197.780797][T23133] usb 6-1: config 0 interface 184 has no altsetting 0
[ 1197.790896][T23131] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1197.803065][T23145] usb 5-1: device descriptor read/64, error -71
[ 1197.815412][T23133] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1197.833020][T23131] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 1197.848182][T23133] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1197.869836][T23131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.885929][T23133] usb 6-1: Product: syz
[ 1197.893708][T23133] usb 6-1: Manufacturer: syz
[ 1197.898326][T23133] usb 6-1: SerialNumber: syz
[ 1197.914615][T23651] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.5320'.
[ 1197.925329][T23131] usb 3-1: config 0 descriptor??
[ 1197.937191][T23133] usb 6-1: config 0 descriptor??
[ 1197.943211][T23145] usb usb5-port1: attempt power cycle
[ 1197.955304][T23133] smsc75xx v1.0.0
[ 1198.294010][T23145] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[ 1198.333961][T23145] usb 5-1: device descriptor read/8, error -71
[ 1198.483220][T23656] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5322'.
[ 1198.524145][T23131] magicmouse 0003:05AC:0265.0031: unbalanced collection at end of report description
[ 1198.554084][T23131] magicmouse 0003:05AC:0265.0031: magicmouse hid parse failed
[ 1198.561743][T23131] magicmouse 0003:05AC:0265.0031: probe with driver magicmouse failed with error -22
[ 1198.581409][T23145] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[ 1198.589793][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1198.617753][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1198.634159][T23145] usb 5-1: device descriptor read/8, error -71
[ 1198.773512][T23145] usb usb5-port1: unable to enumerate USB device
[ 1198.846002][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1198.868714][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1198.879316][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1198.913291][T23133] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1198.935274][T23133] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71
[ 1198.956771][T23133] usb 6-1: USB disconnect, device number 3
[ 1199.134788][T23696] netlink: 'syz.1.5330': attribute type 1 has an invalid length.
[ 1199.191322][T23696] bond2: entered promiscuous mode
[ 1199.209581][T23696] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1199.541235][T23712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5333'.
[ 1199.575875][T23712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5333'.
[ 1199.592856][T23701] loop6: detected capacity change from 0 to 524287999
[ 1200.008308][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1200.014323][T23725] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5335'.
[ 1200.047790][T23725] netlink: 'syz.4.5335': attribute type 2 has an invalid length.
[ 1200.065856][T23725] netlink: 'syz.4.5335': attribute type 1 has an invalid length.
[ 1200.081543][T23725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5335'.
[ 1200.397710][T23730] bond0: left promiscuous mode
[ 1200.439742][T23730] bond0: left allmulticast mode
[ 1200.478088][T23730] team0: Port device bond0 removed
[ 1200.554463][T23718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1200.613038][T23147] usb 3-1: USB disconnect, device number 108
[ 1201.513559][T23749] syz_tun: entered promiscuous mode
[ 1201.519857][T23749] batadv_slave_0: entered promiscuous mode
[ 1201.540688][T23749] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1201.589465][T23749] Cannot create hsr debugfs directory
[ 1201.603050][T23749] hsr0: entered allmulticast mode
[ 1201.621994][T23749] syz_tun: entered allmulticast mode
[ 1201.632144][T23754] fuse: Bad value for 'fd'
[ 1201.636759][T23749] batadv_slave_0: entered allmulticast mode
[ 1202.314877][T23779] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[ 1202.321441][T23779] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1202.358742][T23779] vhci_hcd vhci_hcd.0: Device attached
[ 1202.397972][T23784] netlink: 'syz.4.5352': attribute type 4 has an invalid length.
[ 1202.405946][T23784] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5352'.
[ 1202.417826][T23784] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1202.623024][T23133] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[ 1202.753665][T23147] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1202.897443][T23789] bridge0: port 3(gretap0) entered blocking state
[ 1202.919950][T23789] bridge0: port 3(gretap0) entered disabled state
[ 1202.930561][T23147] usb 2-1: config 0 has no interfaces?
[ 1202.936171][T23147] usb 2-1: New USB device found, idVendor=0de5, idProduct=0056, bcdDevice= 5.b5
[ 1202.951103][T23789] gretap0: entered allmulticast mode
[ 1202.960265][T23147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1202.989514][T23147] usb 2-1: config 0 descriptor??
[ 1202.995337][T23789] gretap0: entered promiscuous mode
[ 1203.026250][T23789] bridge0: port 3(gretap0) entered blocking state
[ 1203.032753][T23789] bridge0: port 3(gretap0) entered forwarding state
[ 1203.239332][T23131] usb 2-1: USB disconnect, device number 18
[ 1203.247139][T23780] vhci_hcd: connection closed
[ 1203.249158][T12728] vhci_hcd: stop threads
[ 1203.304156][T12728] vhci_hcd: release socket
[ 1203.338411][T12728] vhci_hcd: disconnect device
[ 1203.573094][T23140] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1203.763618][T23140] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1203.793250][T23140] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1203.853099][T23140] usb 6-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1203.869366][T23140] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1203.932878][T23140] usb 6-1: config 0 descriptor??
[ 1204.044228][T23814] loop6: detected capacity change from 0 to 7
[ 1204.056070][ T5839] Dev loop6: unable to read RDB block 7
[ 1204.061909][ T5839]  loop6: unable to read partition table
[ 1204.082202][ T5839] loop6: partition table beyond EOD, truncated
[ 1204.113536][T23814] Dev loop6: unable to read RDB block 7
[ 1204.121640][T23814]  loop6: unable to read partition table
[ 1204.135041][T23814] loop6: partition table beyond EOD, truncated
[ 1204.153052][T23814] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1204.444185][T23823] tipc: Enabling of bearer <udp:s¼> rejected, failed to enable media
[ 1204.585427][T23796] ip6gretap0: entered promiscuous mode
[ 1204.591024][T23796] macsec1: entered promiscuous mode
[ 1204.608993][T23796] macsec1: entered allmulticast mode
[ 1204.614940][T23796] ip6gretap0: entered allmulticast mode
[ 1204.723790][T23796] ip6gretap0: left allmulticast mode
[ 1204.729348][T23796] ip6gretap0: left promiscuous mode
[ 1204.908350][T23140] usbhid 6-1:0.0: can't add hid device: -71
[ 1204.922525][T23140] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1204.961701][T23140] usb 6-1: USB disconnect, device number 4
[ 1205.011234][T23833] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5368'.
[ 1206.788556][T23883] netlink: 2052 bytes leftover after parsing attributes in process `syz.2.5380'.
[ 1206.865556][T23883] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1207.019623][T23892] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5384'.
[ 1207.302452][T23907] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5387'.
[ 1207.553317][T23140] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1207.744011][T23140] usb 5-1: Using ep0 maxpacket: 8
[ 1207.752151][T23140] usb 5-1: config 3 has an invalid interface number: 86 but max is 0
[ 1207.760411][T23140] usb 5-1: config 3 has no interface number 0
[ 1207.766731][T23140] usb 5-1: config 3 interface 86 altsetting 3 has an endpoint descriptor with address 0x25, changing to 0x5
[ 1207.778521][T23140] usb 5-1: config 3 interface 86 altsetting 3 endpoint 0x5 has invalid maxpacket 21477, setting to 64
[ 1207.789563][T23140] usb 5-1: config 3 interface 86 altsetting 3 bulk endpoint 0x9 has invalid maxpacket 32
[ 1207.799431][T23140] usb 5-1: config 3 interface 86 altsetting 3 endpoint 0x1 has invalid maxpacket 43431, setting to 64
[ 1207.810458][T23140] usb 5-1: config 3 interface 86 altsetting 3 bulk endpoint 0xC has invalid maxpacket 16
[ 1207.821204][T23140] usb 5-1: config 3 interface 86 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[ 1207.832035][T23140] usb 5-1: config 3 interface 86 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[ 1207.843686][T23140] usb 5-1: config 3 interface 86 altsetting 3 endpoint 0x8 has invalid wMaxPacketSize 0
[ 1207.853985][T23140] usb 5-1: config 3 interface 86 altsetting 3 has a duplicate endpoint with address 0x8, skipping
[ 1207.865024][T23140] usb 5-1: config 3 interface 86 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[ 1207.875958][T23131] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1207.883971][T23140] usb 5-1: config 3 interface 86 altsetting 3 has a duplicate endpoint with address 0x9, skipping
[ 1207.895891][T23140] usb 5-1: config 3 interface 86 altsetting 3 has a duplicate endpoint with address 0x5, skipping
[ 1207.906740][T23140] usb 5-1: config 3 interface 86 altsetting 3 has a duplicate endpoint with address 0x5, skipping
[ 1207.917537][T23140] usb 5-1: config 3 interface 86 altsetting 3 has 17 endpoint descriptors, different from the interface descriptor's value: 16
[ 1207.931052][T23140] usb 5-1: config 3 interface 86 has no altsetting 0
[ 1207.941702][T23140] usb 5-1: New USB device found, idVendor=19d2, idProduct=1110, bcdDevice=c5.53
[ 1207.950806][T23140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.958921][T23140] usb 5-1: Product: syz
[ 1207.963792][T23140] usb 5-1: Manufacturer: syz
[ 1207.968398][T23140] usb 5-1: SerialNumber: syz
[ 1207.983752][T23905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1207.991197][T23905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1208.002070][T23905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1208.043259][T23131] usb 3-1: Using ep0 maxpacket: 8
[ 1208.049325][T23131] usb 3-1: too many configurations: 204, using maximum allowed: 8
[ 1208.064381][T23131] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1208.072860][T23131] usb 3-1: can't read configurations, error -61
[ 1208.102304][T23921] xt_hashlimit: max too large, truncated to 1048576
[ 1208.187289][T23925] FAULT_INJECTION: forcing a failure.
[ 1208.187289][T23925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1208.200857][T23925] CPU: 0 UID: 0 PID: 23925 Comm: syz.1.5394 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1208.200879][T23925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1208.200891][T23925] Call Trace:
[ 1208.200896][T23925]  <TASK>
[ 1208.200900][T23925]  dump_stack_lvl+0x189/0x250
[ 1208.200920][T23925]  ? __pfx____ratelimit+0x10/0x10
[ 1208.200935][T23925]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1208.200949][T23925]  ? __pfx__printk+0x10/0x10
[ 1208.200960][T23925]  ? __might_fault+0xb0/0x130
[ 1208.200975][T23925]  should_fail_ex+0x414/0x560
[ 1208.200990][T23925]  _copy_from_user+0x2d/0xb0
[ 1208.201000][T23925]  ___sys_sendmsg+0x158/0x2a0
[ 1208.201017][T23925]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1208.201068][T23925]  ? __fget_files+0x2a/0x420
[ 1208.201087][T23925]  ? __fget_files+0x3a0/0x420
[ 1208.201105][T23925]  __sys_sendmmsg+0x227/0x430
[ 1208.201119][T23925]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1208.201129][T23925]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1208.201156][T23925]  ? ksys_write+0x22a/0x250
[ 1208.201167][T23925]  ? __pfx_ksys_write+0x10/0x10
[ 1208.201174][T23925]  ? rcu_is_watching+0x15/0xb0
[ 1208.201192][T23925]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1208.201204][T23925]  do_syscall_64+0xfa/0x3b0
[ 1208.201218][T23925]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1208.201230][T23925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.201240][T23925]  ? clear_bhb_loop+0x60/0xb0
[ 1208.201252][T23925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.201261][T23925] RIP: 0033:0x7f100238e929
[ 1208.201272][T23925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1208.201280][T23925] RSP: 002b:00007f10031f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1208.201292][T23925] RAX: ffffffffffffffda RBX: 00007f10025b5fa0 RCX: 00007f100238e929
[ 1208.201300][T23925] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000006
[ 1208.201306][T23925] RBP: 00007f10031f0090 R08: 0000000000000000 R09: 0000000000000000
[ 1208.201313][T23925] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000001
[ 1208.201318][T23925] R13: 0000000000000000 R14: 00007f10025b5fa0 R15: 00007f10026dfa28
[ 1208.201333][T23925]  </TASK>
[ 1208.459769][T23131] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1208.498900][T23140] option 5-1:3.86: GSM modem (1-port) converter detected
[ 1208.525477][T23140] usb 5-1: USB disconnect, device number 22
[ 1208.529210][T23933] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5396'.
[ 1208.539421][T23140] option 5-1:3.86: device disconnected
[ 1208.623081][T23131] usb 3-1: Using ep0 maxpacket: 8
[ 1208.624332][T23933] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5396'.
[ 1208.630273][T23131] usb 3-1: too many configurations: 204, using maximum allowed: 8
[ 1208.652627][T23131] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1208.662401][T23131] usb 3-1: can't read configurations, error -61
[ 1208.671078][T23131] usb usb3-port1: attempt power cycle
[ 1208.951089][T23949] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.5401'.
[ 1208.969702][T23944] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.5401'.
[ 1209.023075][T23131] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1209.303902][T23131] usb 3-1: Using ep0 maxpacket: 8
[ 1209.309577][T23131] usb 3-1: too many configurations: 204, using maximum allowed: 8
[ 1209.318970][T23131] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1209.328720][T23131] usb 3-1: can't read configurations, error -61
[ 1209.424541][T23962] FAULT_INJECTION: forcing a failure.
[ 1209.424541][T23962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1209.438587][T23962] CPU: 0 UID: 0 PID: 23962 Comm: syz.0.5405 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1209.438611][T23962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1209.438622][T23962] Call Trace:
[ 1209.438630][T23962]  <TASK>
[ 1209.438639][T23962]  dump_stack_lvl+0x189/0x250
[ 1209.438668][T23962]  ? __pfx____ratelimit+0x10/0x10
[ 1209.438692][T23962]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1209.438717][T23962]  ? __pfx__printk+0x10/0x10
[ 1209.438737][T23962]  ? __might_fault+0xb0/0x130
[ 1209.438765][T23962]  should_fail_ex+0x414/0x560
[ 1209.438790][T23962]  _copy_from_user+0x2d/0xb0
[ 1209.438808][T23962]  ___sys_recvmsg+0x12e/0x510
[ 1209.438836][T23962]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1209.438886][T23962]  ? __might_fault+0xb0/0x130
[ 1209.438907][T23962]  do_recvmmsg+0x307/0x770
[ 1209.438936][T23962]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1209.438968][T23962]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1209.439010][T23962]  __x64_sys_recvmmsg+0x190/0x240
[ 1209.439034][T23962]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1209.439054][T23962]  ? rcu_is_watching+0x15/0xb0
[ 1209.439083][T23962]  ? do_syscall_64+0xbe/0x3b0
[ 1209.439111][T23962]  do_syscall_64+0xfa/0x3b0
[ 1209.439132][T23962]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1209.439155][T23962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1209.439176][T23962]  ? clear_bhb_loop+0x60/0xb0
[ 1209.439198][T23962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1209.439216][T23962] RIP: 0033:0x7f295db8e929
[ 1209.439232][T23962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1209.439255][T23962] RSP: 002b:00007f295e9bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1209.439274][T23962] RAX: ffffffffffffffda RBX: 00007f295ddb5fa0 RCX: 00007f295db8e929
[ 1209.439288][T23962] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[ 1209.439301][T23962] RBP: 00007f295e9bf090 R08: 0000000000000000 R09: 0000000000000000
[ 1209.439312][T23962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1209.439323][T23962] R13: 0000000000000000 R14: 00007f295ddb5fa0 R15: 00007f295dedfa28
[ 1209.439352][T23962]  </TASK>
[ 1209.716942][T23131] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 1209.903617][T23131] usb 3-1: Using ep0 maxpacket: 8
[ 1209.910612][T23131] usb 3-1: too many configurations: 204, using maximum allowed: 8
[ 1209.923967][T23131] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1209.934607][T23131] usb 3-1: can't read configurations, error -61
[ 1209.949301][T23131] usb usb3-port1: unable to enumerate USB device
[ 1210.141614][T23968] netlink: 'syz.1.5409': attribute type 1 has an invalid length.
[ 1210.239053][T23970] netlink: 'syz.1.5410': attribute type 21 has an invalid length.
[ 1210.272530][T23970] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.5410'.
[ 1210.592864][T23976] PKCS7: Unknown OID: [5] (bad)
[ 1210.598010][T23976] PKCS7: Only support pkcs7_signedData type
[ 1210.753697][T23979] netlink: 'syz.2.5412': attribute type 46 has an invalid length.
[ 1210.775484][T23979] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5412'.
[ 1210.787365][T23979] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5412'.
[ 1210.903035][T23133] usb 2-1: new low-speed USB device number 19 using dummy_hcd
[ 1210.985381][T23985] fuse: Bad value for 'fd'
[ 1211.173223][T23133] usb 2-1: device descriptor read/64, error -71
[ 1211.275877][T23992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5414'.
[ 1211.305958][T23992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5414'.
[ 1211.350880][T23992] ipvlan2: entered promiscuous mode
[ 1211.434592][T23133] usb 2-1: new low-speed USB device number 20 using dummy_hcd
[ 1211.459549][T23994] netlink: 'syz.2.5415': attribute type 1 has an invalid length.
[ 1211.472570][T23994] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5415'.
[ 1211.604686][T23133] usb 2-1: device descriptor read/64, error -71
[ 1211.727521][T23133] usb usb2-port1: attempt power cycle
[ 1212.074103][T23133] usb 2-1: new low-speed USB device number 21 using dummy_hcd
[ 1212.107203][T23133] usb 2-1: device descriptor read/8, error -71
[ 1212.403205][T23133] usb 2-1: new low-speed USB device number 22 using dummy_hcd
[ 1212.403409][T23145] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[ 1212.448795][T23133] usb 2-1: device descriptor read/8, error -71
[ 1212.566494][T23133] usb usb2-port1: unable to enumerate USB device
[ 1212.575473][T23145] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1212.601817][T23145] usb 6-1: not running at top speed; connect to a high speed hub
[ 1212.612411][T23145] usb 6-1: config 1 has an invalid descriptor of length 208, skipping remainder of the config
[ 1212.627704][T23145] usb 6-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1212.658038][T23145] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1212.668481][T23145] usb 6-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.40
[ 1212.680328][T23145] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.688741][T23145] usb 6-1: Product: syz
[ 1212.696876][T23145] usb 6-1: Manufacturer: syz
[ 1212.701575][T23145] usb 6-1: SerialNumber: syz
[ 1212.926397][T23145] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input84
[ 1212.941291][ T5186] bcm5974 6-1:1.0: could not read from device
[ 1212.954751][ T5186] bcm5974 6-1:1.0: could not read from device
[ 1212.984695][ T5186] bcm5974 6-1:1.0: could not read from device
[ 1213.000576][T23145] usb 6-1: USB disconnect, device number 5
[ 1213.643007][T23133] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 1213.861224][T23133] usb 5-1: config 0 has no interfaces?
[ 1213.881134][T23133] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1213.896727][T24077] openvswitch: netlink: Multiple metadata blocks provided
[ 1213.907365][T23133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1213.961291][T23133] usb 5-1: Product: syz
[ 1213.971402][T23133] usb 5-1: Manufacturer: syz
[ 1214.071622][T23133] usb 5-1: SerialNumber: syz
[ 1214.099890][T23133] usb 5-1: config 0 descriptor??
[ 1214.255657][T24083] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5434'.
[ 1214.579872][T24090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5436'.
[ 1214.784530][T24090] macvtap2: entered promiscuous mode
[ 1214.792312][T24090] macvtap2: entered allmulticast mode
[ 1214.807396][T24090] 8021q: adding VLAN 0 to HW filter on device macvtap2
[ 1215.844367][T23133] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1216.100034][T23133] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1216.164855][T23133] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1216.215621][T23133] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1216.236801][T23133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.402421][T13695] usb 5-1: USB disconnect, device number 23
[ 1216.943463][T13695] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 1217.125323][T13695] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1217.135759][T13695] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1217.145973][T13695] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1217.155589][T13695] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1217.164539][T23145] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 1217.172917][T13695] usb 5-1: Product: syz
[ 1217.187256][T13695] usb 5-1: Manufacturer: syz
[ 1217.196843][T13695] usb 5-1: SerialNumber: syz
[ 1217.205357][T24134] gretap0: left allmulticast mode
[ 1217.210562][T24134] gretap0: left promiscuous mode
[ 1217.225482][T24134] bridge0: port 3(gretap0) entered disabled state
[ 1217.233958][T13695] usb 5-1: config 0 descriptor??
[ 1217.242407][T13695] usb 5-1: selecting invalid altsetting 0
[ 1217.263380][T24136] netlink: 'syz.5.5444': attribute type 10 has an invalid length.
[ 1217.283756][T24134] bridge_slave_0: left allmulticast mode
[ 1217.289560][T24134] bridge_slave_0: left promiscuous mode
[ 1217.300230][T24134] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1217.312574][T24134] bridge_slave_1: left allmulticast mode
[ 1217.321609][T24134] bridge_slave_1: left promiscuous mode
[ 1217.330790][T23145] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1217.343543][T23145] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1217.359104][T23145] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1217.372628][T24134] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.384183][T23145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1217.396206][T24134] bond0: (slave bond_slave_0): Releasing backup interface
[ 1217.412171][T24134] bond0: (slave bond_slave_1): Releasing backup interface
[ 1217.465874][T23145] usb 3-1: config 0 descriptor??
[ 1217.510332][T24138] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1217.524106][T24134] team0: Port device team_slave_0 removed
[ 1217.565550][T24134] team0: Port device team_slave_1 removed
[ 1217.572257][T24134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1217.588653][T24134] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1217.599470][T24134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1217.607763][T24134] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1217.696741][T24136] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1217.708752][T24126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1217.717818][T24126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1217.725184][T24136] team0: Port device bond0 added
[ 1217.790012][T23145] Bluetooth: Can't get state to change to load ram patch err
[ 1217.815126][T23145] Bluetooth: Loading patch file failed
[ 1217.824944][T23145] ath3k 3-1:0.0: probe with driver ath3k failed with error -32
[ 1217.906204][T23145] usb 3-1: USB disconnect, device number 113
[ 1217.946514][T23147] usb 5-1: USB disconnect, device number 24
[ 1218.627687][T24164] bridge2: entered promiscuous mode
[ 1218.646415][T24164] bridge2: entered allmulticast mode
[ 1218.708013][T24164] team0: Port device bridge2 added
[ 1219.039542][T23131] usb 2-1: USB disconnect, device number 23
[ 1219.144571][T24174] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5450'.
[ 1219.153639][T24174] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1220.275919][T24200] sctp: [Deprecated]: syz.1.5456 (pid 24200) Use of int in maxseg socket option.
[ 1220.275919][T24200] Use struct sctp_assoc_value instead
[ 1220.302224][T24200] netlink: 'syz.1.5456': attribute type 10 has an invalid length.
[ 1220.341300][T23140] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 1220.868652][T23140] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[ 1220.879112][T23140] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1220.889352][T23140] usb 3-1: Product: syz
[ 1220.895078][T23140] usb 3-1: Manufacturer: syz
[ 1220.904659][T23140] usb 3-1: SerialNumber: syz
[ 1220.924592][T23140] usb 3-1: config 0 descriptor??
[ 1221.269182][T23140] usb 3-1: ignoring: probably an ADSL modem
[ 1221.778739][T23145] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1221.944900][T23145] usb 5-1: Using ep0 maxpacket: 32
[ 1222.133575][T23145] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1222.153323][T23145] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1222.183503][T23145] usb 5-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.40
[ 1222.203593][T23145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1222.217069][T23145] usb 5-1: Product: syz
[ 1222.245749][T23145] usb 5-1: Manufacturer: syz
[ 1222.291313][T23145] usb 5-1: SerialNumber: syz
[ 1222.793849][T23145] usbhid 5-1:1.0: can't add hid device: -71
[ 1222.941961][T23145] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[ 1222.965787][T23145] usb 5-1: USB disconnect, device number 25
[ 1223.061489][T23140] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1223.193594][T23140] usb 3-1: USB disconnect, device number 114
[ 1223.221373][T24232] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5464'.
[ 1223.610062][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1223.615911][T24240] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5468'.
[ 1223.615987][T24240] netlink: 'syz.4.5468': attribute type 2 has an invalid length.
[ 1223.616002][T24240] netlink: 'syz.4.5468': attribute type 1 has an invalid length.
[ 1223.616016][T24240] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5468'.
[ 1223.677543][T24242] random: crng reseeded on system resumption
[ 1223.685579][   T30] audit: type=1326 audit(1751209855.771:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.685849][   T30] audit: type=1326 audit(1751209855.771:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686044][   T30] audit: type=1326 audit(1751209855.771:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686214][   T30] audit: type=1326 audit(1751209855.771:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686383][   T30] audit: type=1326 audit(1751209855.771:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686579][   T30] audit: type=1326 audit(1751209855.771:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686690][   T30] audit: type=1326 audit(1751209855.771:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.686909][   T30] audit: type=1326 audit(1751209855.771:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.687034][   T30] audit: type=1326 audit(1751209855.771:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.687292][   T30] audit: type=1326 audit(1751209855.771:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24241 comm="syz.5.5469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787778e929 code=0x7ffc0000
[ 1223.849521][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1224.003206][T23133] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1224.066742][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1224.283041][T23145] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1224.465022][T23133] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1224.505253][T23133] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[ 1224.543313][T23145] usb 5-1: config 0 has no interfaces?
[ 1224.572201][T23145] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1224.581451][T23145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.589843][T23145] usb 5-1: Product: syz
[ 1224.604334][T23145] usb 5-1: Manufacturer: syz
[ 1224.609636][T23145] usb 5-1: SerialNumber: syz
[ 1224.650673][T23145] usb 5-1: config 0 descriptor??
[ 1224.661972][T23133] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1224.678913][T23133] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.700854][T23133] usb 6-1: Product: syz
[ 1224.710834][T23133] usb 6-1: Manufacturer: syz
[ 1224.725936][T24256] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1224.755908][T23133] usb 6-1: SerialNumber: syz
[ 1224.807338][T23133] usb 6-1: config 0 descriptor??
[ 1224.843130][T23133] em28xx 6-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[ 1224.877264][T23133] em28xx 6-1:0.0: Device initialization failed.
[ 1224.894072][T23133] em28xx 6-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[ 1224.971572][T24248] FAULT_INJECTION: forcing a failure.
[ 1224.971572][T24248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1225.099921][T24248] CPU: 0 UID: 0 PID: 24248 Comm: syz.4.5471 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1225.099937][T24248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1225.099944][T24248] Call Trace:
[ 1225.099949][T24248]  <TASK>
[ 1225.099954][T24248]  dump_stack_lvl+0x189/0x250
[ 1225.099973][T24248]  ? __pfx____ratelimit+0x10/0x10
[ 1225.099988][T24248]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1225.100006][T24248]  ? __pfx__printk+0x10/0x10
[ 1225.100032][T24248]  should_fail_ex+0x414/0x560
[ 1225.100048][T24248]  _copy_to_user+0x31/0xb0
[ 1225.100058][T24248]  simple_read_from_buffer+0xe1/0x170
[ 1225.100072][T24248]  proc_fail_nth_read+0x1df/0x250
[ 1225.100085][T24248]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1225.100098][T24248]  ? rw_verify_area+0x258/0x650
[ 1225.100112][T24248]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1225.100124][T24248]  vfs_read+0x200/0x980
[ 1225.100141][T24248]  ? __pfx___mutex_lock+0x10/0x10
[ 1225.100156][T24248]  ? __pfx_vfs_read+0x10/0x10
[ 1225.100171][T24248]  ? __fget_files+0x2a/0x420
[ 1225.100184][T24248]  ? __fget_files+0x3a0/0x420
[ 1225.100194][T24248]  ? __fget_files+0x2a/0x420
[ 1225.100209][T24248]  ksys_read+0x145/0x250
[ 1225.100224][T24248]  ? __pfx_ksys_read+0x10/0x10
[ 1225.100237][T24248]  ? rcu_is_watching+0x15/0xb0
[ 1225.100254][T24248]  ? do_syscall_64+0xbe/0x3b0
[ 1225.100273][T24248]  do_syscall_64+0xfa/0x3b0
[ 1225.100286][T24248]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1225.100300][T24248]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1225.100309][T24248]  ? clear_bhb_loop+0x60/0xb0
[ 1225.100321][T24248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1225.100331][T24248] RIP: 0033:0x7fc30978d33c
[ 1225.100341][T24248] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1225.100350][T24248] RSP: 002b:00007fc30a5ca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1225.100361][T24248] RAX: ffffffffffffffda RBX: 00007fc3099b6160 RCX: 00007fc30978d33c
[ 1225.100369][T24248] RDX: 000000000000000f RSI: 00007fc30a5ca0a0 RDI: 0000000000000009
[ 1225.100375][T24248] RBP: 00007fc30a5ca090 R08: 0000000000000000 R09: 0000000000000000
[ 1225.100381][T24248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1225.100387][T24248] R13: 0000000000000000 R14: 00007fc3099b6160 R15: 00007fc309adfa28
[ 1225.100402][T24248]  </TASK>
[ 1225.149304][T23147] usb 6-1: USB disconnect, device number 6
[ 1225.150676][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1225.344779][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1225.450765][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1226.119379][T23145] usb 5-1: USB disconnect, device number 26
[ 1226.226217][T24275] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5481'.
[ 1226.235433][ T5840] Bluetooth: hci1: unexpected event 0x20 length: 19 > 7
[ 1226.235516][T24275] netlink: 'syz.5.5481': attribute type 2 has an invalid length.
[ 1226.307130][T24275] netlink: 'syz.5.5481': attribute type 1 has an invalid length.
[ 1226.403068][T24275] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5481'.
[ 1226.542606][T24285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5483'.
[ 1226.574207][T24285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5483'.
[ 1226.729913][T24291] ref_tracker: memory allocation failure, unreliable refcount tracker.
[ 1226.861687][T23133] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1227.133006][T23133] usb 6-1: Using ep0 maxpacket: 32
[ 1227.141071][T23133] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[ 1227.172214][T23133] usb 6-1: config 0 has no interface number 0
[ 1227.192690][T23133] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1227.242339][T23133] usb 6-1: config 0 interface 85 has no altsetting 0
[ 1227.285344][T23133] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1227.294800][T23133] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1227.302826][T23133] usb 6-1: Product: syz
[ 1227.307100][T23140] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1227.313673][T24300] netlink: 'syz.4.5490': attribute type 10 has an invalid length.
[ 1227.324940][T23133] usb 6-1: Manufacturer: syz
[ 1227.335075][T23133] usb 6-1: SerialNumber: syz
[ 1227.353959][T23133] usb 6-1: config 0 descriptor??
[ 1227.372675][T24300] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1227.447905][T24300] bond0: entered promiscuous mode
[ 1227.454488][T24300] bond0: entered allmulticast mode
[ 1227.460514][T24300] team0: Port device bond0 added
[ 1227.493427][T23140] usb 2-1: Using ep0 maxpacket: 16
[ 1227.500520][T23140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1227.511855][T23140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1227.522534][T23140] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1227.549842][T23140] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1227.568144][T23140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.603083][T23140] usb 2-1: config 0 descriptor??
[ 1228.003079][T13683] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1228.131172][T23133] appletouch 6-1:0.85: Geyser mode initialized.
[ 1228.151171][T23133] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input86
[ 1228.193257][T13683] usb 3-1: Using ep0 maxpacket: 16
[ 1228.202132][    C1] appletouch 6-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64
[ 1228.216189][T13683] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1228.299439][T23140] usbhid 2-1:0.0: can't add hid device: -71
[ 1228.305760][T23140] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1228.341454][T13683] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1228.355316][T23140] usb 2-1: USB disconnect, device number 24
[ 1228.359726][ T5840] Bluetooth: hci2: unexpected event 0x20 length: 19 > 7
[ 1228.367173][T24317] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5494'.
[ 1228.388324][T13683] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[ 1228.401195][T13683] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1228.410971][T13683] usb 3-1: Product: syz
[ 1228.429596][T13683] usb 3-1: Manufacturer: syz
[ 1228.436331][T13683] usb 3-1: SerialNumber: syz
[ 1228.458589][T13683] usb 3-1: config 0 descriptor??
[ 1228.463122][T24317] netlink: 'syz.4.5494': attribute type 2 has an invalid length.
[ 1228.474728][T13683] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1228.481395][T13683] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1228.540326][T24317] netlink: 'syz.4.5494': attribute type 1 has an invalid length.
[ 1228.566844][T13695] usb 6-1: USB disconnect, device number 7
[ 1228.593624][T24317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5494'.
[ 1228.640584][T13683] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1228.746065][ T6035] usb 3-1: Failed to submit usb control message: -71
[ 1228.764948][T13695] appletouch 6-1:0.85: input: appletouch disconnected
[ 1228.775301][ T6035] usb 3-1: unable to send the bmi data to the device: -71
[ 1228.799559][ T6035] usb 3-1: unable to get target info from device
[ 1228.815140][ T6035] usb 3-1: could not get target info (-71)
[ 1228.873043][ T6035] usb 3-1: could not probe fw (-71)
[ 1229.533905][T24344] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.5502'.
[ 1229.673215][T24346] netlink: 'syz.4.5503': attribute type 10 has an invalid length.
[ 1229.697833][T24346] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5503'.
[ 1229.720126][T24346] batman_adv: batadv0: Adding interface: vlan1
[ 1229.734260][T24346] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1229.761051][T24346] batman_adv: batadv0: Interface activated: vlan1
[ 1230.004526][T24354] openvswitch: netlink: Multiple metadata blocks provided
[ 1230.198932][ T5840] Bluetooth: hci3: unexpected event 0x20 length: 19 > 7
[ 1230.203298][T24358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5506'.
[ 1230.238944][T24358] netlink: 'syz.1.5506': attribute type 2 has an invalid length.
[ 1230.255967][T24358] netlink: 'syz.1.5506': attribute type 1 has an invalid length.
[ 1230.277637][T24358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5506'.
[ 1230.756727][T24373] netlink: 'syz.0.5511': attribute type 1 has an invalid length.
[ 1230.760097][T24371] No such timeout policy "syz1"
[ 1230.816984][T13683] usb 3-1: USB disconnect, device number 115
[ 1230.822680][T24377] fuse: Unknown parameter 'füÿ0x0000000000000004'
[ 1230.858472][T24377] fuse: Unknown parameter 'füÿ0x0000000000000004'
[ 1231.104308][T23145] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1231.350527][T23145] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[ 1231.358976][T23145] usb 6-1: config 0 has no interface number 0
[ 1231.365603][T23145] usb 6-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1231.369686][ T5840] Bluetooth: hci0: unexpected event 0x20 length: 19 > 7
[ 1231.380060][T23145] usb 6-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1231.407681][T24390] __nla_validate_parse: 2 callbacks suppressed
[ 1231.407697][T24390] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5517'.
[ 1231.417406][T23145] usb 6-1: config 0 interface 255 has no altsetting 0
[ 1231.450297][T24390] netlink: 'syz.0.5517': attribute type 2 has an invalid length.
[ 1231.483051][T24390] netlink: 'syz.0.5517': attribute type 1 has an invalid length.
[ 1231.487636][T23145] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[ 1231.494338][T24390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5517'.
[ 1231.537040][T23145] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1231.566357][T23145] usb 6-1: config 0 descriptor??
[ 1231.577964][T23145] ums-realtek 6-1:0.255: USB Mass Storage device detected
[ 1231.717099][T24407] netlink: 'syz.1.5522': attribute type 10 has an invalid length.
[ 1231.789947][T24375] bond0: (slave wireguard0): refused to change device type
[ 1231.849490][T24417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1231.863151][T24417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1231.929344][T23145] usb 6-1: USB disconnect, device number 8
[ 1231.971043][T24419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5524'.
[ 1232.403182][T23145] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1232.553376][T23145] usb 3-1: Using ep0 maxpacket: 16
[ 1232.563284][T23145] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1232.641329][T23145] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1232.659552][T23145] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1232.669854][T23145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1232.686367][T23145] usb 3-1: Product: syz
[ 1232.693851][T23145] usb 3-1: Manufacturer: syz
[ 1232.702830][T23145] usb 3-1: SerialNumber: syz
[ 1232.732854][T23145] usb 3-1: config 0 descriptor??
[ 1232.747328][T23145] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1232.756991][T23145] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[ 1233.345901][T24447] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5537'.
[ 1233.356910][T23145] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[ 1233.365946][T23145] em28xx 3-1:0.0: Config register raw data: 0x6c
[ 1233.372322][T23145] em28xx 3-1:0.0: I2S Audio (1 sample rate(s))
[ 1233.402703][T23145] em28xx 3-1:0.0: No AC97 audio processor
[ 1233.618328][T23133] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1233.793152][T23133] usb 5-1: Using ep0 maxpacket: 16
[ 1233.805557][T23133] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1233.820084][T23133] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1233.830181][T23133] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1233.841707][T24463] PKCS7: Unknown OID: [5] (bad)
[ 1233.846689][T24463] PKCS7: Only support pkcs7_signedData type
[ 1233.869873][T13683] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1233.878013][T23133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1233.890313][T23133] usb 5-1: config 0 descriptor??
[ 1233.949319][T24465] openvswitch: netlink: Multiple metadata blocks provided
[ 1234.132993][T13683] usb 2-1: Using ep0 maxpacket: 32
[ 1234.163087][T13683] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1234.184771][T13683] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1234.198415][T13683] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1234.207759][T13683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1234.256483][T13683] usb 2-1: config 0 descriptor??
[ 1234.307586][T13695] usb 3-1: USB disconnect, device number 116
[ 1235.124734][T23133] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1235.342602][T23133] usb 3-1: Using ep0 maxpacket: 16
[ 1235.371678][T23133] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[ 1235.388008][T23133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1235.418821][T23133] usb 3-1: config 0 descriptor??
[ 1235.839175][T24473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1235.849637][T24473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1235.862870][T23133] usbhid 3-1:0.0: can't add hid device: -71
[ 1235.875532][T23133] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1235.888537][T23133] usb 3-1: USB disconnect, device number 117
[ 1236.299380][T23133] usb 5-1: USB disconnect, device number 27
[ 1236.351830][T24478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5545'.
[ 1236.363561][T24478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5545'.
[ 1236.385018][T23145] hid-generic 0000:0000:0000.0032: unknown main item tag 0x0
[ 1236.415913][T23145] hid-generic 0000:0000:0000.0032: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1236.651984][T13683] usbhid 2-1:0.0: can't add hid device: -71
[ 1236.658317][T13683] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1236.752256][T13683] usb 2-1: USB disconnect, device number 25
[ 1236.994581][T24496] xt_hashlimit: max too large, truncated to 1048576
[ 1237.181940][T24506] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5554'.
[ 1237.212469][T24506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5554'.
[ 1237.331070][T24513] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5559'.
[ 1237.349142][T24513] tipc: Enabling of bearer <eth:wg1> rejected, already enabled
[ 1237.413251][T13683] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1237.615883][T13683] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1237.639848][T24527] openvswitch: netlink: Multiple metadata blocks provided
[ 1237.662826][T24528] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[ 1237.903513][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1237.931631][T13683] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1237.950070][T13683] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1237.987811][T13683] usb 6-1: Product: syz
[ 1238.002171][T13683] usb 6-1: Manufacturer: syz
[ 1238.047078][T13683] usb 6-1: SerialNumber: syz
[ 1238.082052][T13683] usb 6-1: config 0 descriptor??
[ 1238.124115][T13683] usb 6-1: selecting invalid altsetting 0
[ 1238.171249][T24541] netlink: 'syz.2.5566': attribute type 2 has an invalid length.
[ 1238.180282][T24541] netlink: 'syz.2.5566': attribute type 11 has an invalid length.
[ 1238.189201][T24541] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5566'.
[ 1238.207644][T24540] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.5567'.
[ 1238.388225][T24545] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1238.653504][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1238.664387][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.670652][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.700938][T24546] bridge0: port 2(syz_tun) entered blocking state
[ 1238.714464][T24546] bridge0: port 2(syz_tun) entered disabled state
[ 1238.816008][T13683] usb 6-1: USB disconnect, device number 9
[ 1239.495072][T24553] vlan2: entered promiscuous mode
[ 1239.516313][T24553] team0: entered promiscuous mode
[ 1239.532753][T24553] bond0: entered promiscuous mode
[ 1239.886546][T24559] netlink: 'syz.5.5572': attribute type 10 has an invalid length.
[ 1239.894779][T24559] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5572'.
[ 1239.908087][T24559] batman_adv: batadv0: Adding interface: vlan1
[ 1239.916229][T24559] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1239.941326][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1239.952447][T24559] batman_adv: batadv0: Interface activated: vlan1
[ 1240.343025][T23145] usb 3-1: new full-speed USB device number 118 using dummy_hcd
[ 1240.366473][T24566] gretap0: entered promiscuous mode
[ 1240.372407][T24566] macsec1: entered promiscuous mode
[ 1240.399720][T24566] gretap0: left promiscuous mode
[ 1240.525943][T23145] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1240.536250][T23145] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1240.547810][T23145] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1240.587274][T23145] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1240.599167][T23145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1240.607838][T23145] usb 3-1: Product: syz
[ 1240.612075][T23145] usb 3-1: Manufacturer: syz
[ 1240.617165][T23145] usb 3-1: SerialNumber: syz
[ 1240.628766][T24562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1240.639911][T23145] usb 3-1: bad CDC descriptors
[ 1241.528966][T24577] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5579'.
[ 1241.622232][T24581] No such timeout policy "syz1"
[ 1241.908211][T24591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5580'.
[ 1241.946626][T24595] netlink: 'syz.4.5584': attribute type 1 has an invalid length.
[ 1241.990448][T24595] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1242.008647][T24592] netlink: 'syz.5.5585': attribute type 8 has an invalid length.
[ 1242.034150][T24594] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1242.313004][T13683] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1242.416396][T24606] openvswitch: netlink: Multiple metadata blocks provided
[ 1243.033245][T13683] usb 6-1: too many configurations: 9, using maximum allowed: 8
[ 1243.044365][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.089681][T23145] usb 3-1: USB disconnect, device number 118
[ 1243.136023][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.174625][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.195661][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.207860][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.248808][T24614] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5590'.
[ 1243.262355][T24614] vlan2: entered promiscuous mode
[ 1243.269731][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.289118][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.309535][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.322526][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.342802][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.407085][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.444170][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.453262][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.462558][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.475959][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.485836][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.515949][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.560519][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.606727][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.621575][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.650211][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.669068][T13683] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1243.687787][T13683] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1243.699298][T13683] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1243.713338][T13683] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1243.722487][T13683] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1243.731405][T13683] usb 6-1: Product: syz
[ 1243.735844][T13683] usb 6-1: Manufacturer: syz
[ 1243.742395][T13683] usb 6-1: SerialNumber: syz
[ 1243.757789][T13683] usb 6-1: config 0 descriptor??
[ 1243.764469][T24623] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5594'.
[ 1243.783336][T13683] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[ 1243.816341][T24624] vivid-000: disconnect
[ 1243.891726][T24626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5595'.
[ 1243.901209][T24626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5595'.
[ 1244.030286][    C0] usb 6-1: yurex_control_callback - control failed: -71
[ 1244.040678][T13683] usb 6-1: USB disconnect, device number 10
[ 1244.051193][T13683] yurex 6-1:0.0: USB YUREX #0 now disconnected
[ 1244.124351][T24635] loop6: detected capacity change from 0 to 7
[ 1244.132734][T24635] Dev loop6: unable to read RDB block 7
[ 1244.138964][T24635]  loop6: unable to read partition table
[ 1244.145207][T24635] loop6: partition table beyond EOD, truncated
[ 1244.151418][T24635] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1244.238598][T24637] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1244.291320][T24615] vivid-000: reconnect
[ 1244.439815][T24645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5604'.
[ 1244.487382][T24647] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5605'.
[ 1244.496904][T24647] ksmbd: Daemon and kernel module version mismatch. ksmbd: 255, kernel module: 1. User-space ksmbd should terminate.
[ 1244.663149][T23147] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1244.853174][T23147] usb 3-1: Using ep0 maxpacket: 8
[ 1244.878043][T23147] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1244.918880][T23147] usb 3-1: config 4 has an invalid interface number: 147 but max is 0
[ 1244.943651][T23147] usb 3-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[ 1244.987396][T23147] usb 3-1: config 4 has no interface number 0
[ 1245.009495][T23147] usb 3-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[ 1245.026018][T18385] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1245.035861][T18385] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1245.043888][T18385] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1245.052261][T18385] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1245.061168][T18385] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1245.093166][T23147] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.101635][T23147] usb 3-1: Product: syz
[ 1245.106564][T23147] usb 3-1: Manufacturer: п
[ 1245.111161][T23147] usb 3-1: SerialNumber: syz
[ 1245.426081][T24670] trusted_key: encrypted_key: insufficient parameters specified
[ 1245.647060][T24663] loop6: detected capacity change from 0 to 524287999
[ 1245.766345][T24658] chnl_net:caif_netlink_parms(): no params data found
[ 1245.942388][T24658] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1245.949752][T24658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1245.957007][T24658] bridge_slave_0: entered allmulticast mode
[ 1245.965283][T24658] bridge_slave_0: entered promiscuous mode
[ 1245.974942][T24658] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1245.982280][T24658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1245.989584][T24658] bridge_slave_1: entered allmulticast mode
[ 1245.997512][T24658] bridge_slave_1: entered promiscuous mode
[ 1246.033037][T23140] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1246.044873][T24658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1246.058637][T24658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1246.105388][T24658] team0: Port device team_slave_0 added
[ 1246.115160][T24658] team0: Port device team_slave_1 added
[ 1246.153559][T24658] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1246.160558][T24658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1246.187015][T24658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1246.200341][T24658] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1246.207997][T24658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1246.234233][T24658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1246.257146][T23140] usb 5-1: config 0 has an invalid interface number: 47 but max is 0
[ 1246.269181][T23140] usb 5-1: config 0 has no interface number 0
[ 1246.282350][T23140] usb 5-1: config 0 interface 47 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1246.319316][T23140] usb 5-1: New USB device found, idVendor=1519, idProduct=0443, bcdDevice=15.97
[ 1246.358950][T23140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1246.386929][T23140] usb 5-1: Product: syz
[ 1246.400190][T23140] usb 5-1: Manufacturer: syz
[ 1246.406203][T23140] usb 5-1: SerialNumber: syz
[ 1246.414531][T23140] usb 5-1: config 0 descriptor??
[ 1246.426303][T23140] cdc_ncm 5-1:0.47: CDC Union missing and no IAD found
[ 1246.442240][T23140] cdc_ncm 5-1:0.47: bind() failure
[ 1246.462591][T24658] hsr_slave_0: entered promiscuous mode
[ 1246.470118][T24658] hsr_slave_1: entered promiscuous mode
[ 1246.477941][T24658] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1246.485825][T24658] Cannot create hsr debugfs directory
[ 1246.580647][T24688] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5614'.
[ 1246.613654][T24688] macvtap1: entered promiscuous mode
[ 1246.619111][T24688] macvtap1: entered allmulticast mode
[ 1246.628781][T24688] team0: entered allmulticast mode
[ 1246.635247][T24688] bond0: entered allmulticast mode
[ 1246.640867][T24688] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1246.833907][T24658] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1246.937609][T24658] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.033207][T23145] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1247.039453][T24658] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.111002][T24658] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.133222][ T5840] Bluetooth: hci4: command tx timeout
[ 1247.151962][T23143] usb 5-1: USB disconnect, device number 28
[ 1247.247472][T23145] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1247.259954][T23145] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1247.270949][T23145] usb 6-1: Product: syz
[ 1247.275850][T23145] usb 6-1: Manufacturer: syz
[ 1247.280584][T23145] usb 6-1: SerialNumber: syz
[ 1247.307052][T23145] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1247.329949][T23144] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1247.405015][T24658] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1247.416773][T24658] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1247.439973][T24658] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1247.493557][T24704] openvswitch: netlink: Multiple metadata blocks provided
[ 1247.506451][T23147] usb 3-1: Found UVC 0.02 device syz (04f2:b746)
[ 1247.518846][T23147] usb 3-1: No valid video chain found.
[ 1247.522887][T24658] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1247.591834][T23147] usb 3-1: USB disconnect, device number 119
[ 1248.131015][T24658] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1248.294035][T24658] 8021q: adding VLAN 0 to HW filter on device team0
[ 1248.351917][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1248.359096][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1248.418889][T23144] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[ 1248.436920][T23144] ath9k_htc: Failed to initialize the device
[ 1248.471638][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1248.478834][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1248.510127][T23144] usb 6-1: ath9k_htc: USB layer deinitialized
[ 1248.669283][T24723] netlink: 2052 bytes leftover after parsing attributes in process `syz.0.5624'.
[ 1248.683883][T24723] FAULT_INJECTION: forcing a failure.
[ 1248.683883][T24723] name failslab, interval 1, probability 0, space 0, times 0
[ 1248.717417][T24723] CPU: 1 UID: 0 PID: 24723 Comm: syz.0.5624 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1248.717442][T24723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1248.717454][T24723] Call Trace:
[ 1248.717461][T24723]  <TASK>
[ 1248.717470][T24723]  dump_stack_lvl+0x189/0x250
[ 1248.717500][T24723]  ? __pfx____ratelimit+0x10/0x10
[ 1248.717525][T24723]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1248.717553][T24723]  ? __pfx__printk+0x10/0x10
[ 1248.717575][T24723]  ? __pfx___might_resched+0x10/0x10
[ 1248.717601][T24723]  ? fs_reclaim_acquire+0x7d/0x100
[ 1248.717627][T24723]  should_fail_ex+0x414/0x560
[ 1248.717654][T24723]  should_failslab+0xa8/0x100
[ 1248.717675][T24723]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1248.717693][T24723]  ? alloc_netdev_mqs+0xc36/0x11e0
[ 1248.717722][T24723]  alloc_netdev_mqs+0xc36/0x11e0
[ 1248.717752][T24723]  rtnl_create_link+0x31f/0xd10
[ 1248.717783][T24723]  rtnl_newlink_create+0x25c/0xb00
[ 1248.717815][T24723]  ? __mutex_lock+0x51b/0xe80
[ 1248.717846][T24723]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1248.717864][T24723]  ? rtnl_newlink+0x8db/0x1c70
[ 1248.717885][T24723]  ? __pfx___mutex_lock+0x10/0x10
[ 1248.717920][T24723]  ? ns_capable+0x8a/0xf0
[ 1248.717948][T24723]  rtnl_newlink+0x16d6/0x1c70
[ 1248.717981][T24723]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1248.718015][T24723]  ? __lock_acquire+0xab9/0xd20
[ 1248.718053][T24723]  ? __lock_acquire+0xab9/0xd20
[ 1248.718099][T24723]  ? is_bpf_text_address+0x26/0x2b0
[ 1248.718143][T24723]  ? __lock_acquire+0xab9/0xd20
[ 1248.718193][T24723]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1248.718210][T24723]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1248.718233][T24723]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1248.718250][T24723]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1248.718286][T24723]  netlink_rcv_skb+0x208/0x470
[ 1248.718306][T24723]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1248.718326][T24723]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1248.718358][T24723]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1248.718377][T24723]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1248.718402][T24723]  netlink_unicast+0x75b/0x8d0
[ 1248.718433][T24723]  netlink_sendmsg+0x805/0xb30
[ 1248.718463][T24723]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1248.718487][T24723]  ? aa_sock_msg_perm+0x94/0x160
[ 1248.718510][T24723]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1248.718532][T24723]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1248.718553][T24723]  __sock_sendmsg+0x219/0x270
[ 1248.718582][T24723]  sock_sendmsg+0x158/0x230
[ 1248.718610][T24723]  ? __pfx_sock_sendmsg+0x10/0x10
[ 1248.718648][T24723]  ? __asan_memset+0x22/0x50
[ 1248.718671][T24723]  ? iov_iter_bvec+0xb8/0x180
[ 1248.718698][T24723]  splice_to_socket+0x8ff/0xf10
[ 1248.718742][T24723]  ? __pfx_splice_to_socket+0x10/0x10
[ 1248.718758][T24723]  ? aa_file_perm+0x3e7/0xed0
[ 1248.718813][T24723]  ? get_pid_task+0x20/0x1f0
[ 1248.718850][T24723]  ? bpf_lsm_file_permission+0x9/0x20
[ 1248.718873][T24723]  ? security_file_permission+0x75/0x290
[ 1248.718893][T24723]  ? rw_verify_area+0x258/0x650
[ 1248.718920][T24723]  ? __pfx_splice_to_socket+0x10/0x10
[ 1248.718938][T24723]  do_splice+0xc76/0x1660
[ 1248.718984][T24723]  ? __pfx_do_splice+0x10/0x10
[ 1248.719014][T24723]  __se_sys_splice+0x2e1/0x460
[ 1248.719039][T24723]  ? __pfx___se_sys_splice+0x10/0x10
[ 1248.719057][T24723]  ? rcu_is_watching+0x15/0xb0
[ 1248.719088][T24723]  ? __x64_sys_splice+0x21/0xf0
[ 1248.719111][T24723]  do_syscall_64+0xfa/0x3b0
[ 1248.719135][T24723]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1248.719158][T24723]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1248.719177][T24723]  ? clear_bhb_loop+0x60/0xb0
[ 1248.719200][T24723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1248.719218][T24723] RIP: 0033:0x7f295db8e929
[ 1248.719234][T24723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1248.719250][T24723] RSP: 002b:00007f295e99e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 1248.719270][T24723] RAX: ffffffffffffffda RBX: 00007f295ddb6080 RCX: 00007f295db8e929
[ 1248.719284][T24723] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[ 1248.719296][T24723] RBP: 00007f295e99e090 R08: 000000000004ffe2 R09: 0000000000000000
[ 1248.719308][T24723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1248.719319][T24723] R13: 0000000000000001 R14: 00007f295ddb6080 R15: 00007f295dedfa28
[ 1248.719349][T24723]  </TASK>
[ 1248.767008][T24658] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1248.933139][T23147] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1249.213150][ T5840] Bluetooth: hci4: command tx timeout
[ 1249.296540][T24658] veth0_vlan: entered promiscuous mode
[ 1249.321032][T24658] veth1_vlan: entered promiscuous mode
[ 1249.335718][T23147] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[ 1249.347712][T23147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1249.358966][T23147] usb 3-1: config 0 descriptor??
[ 1249.452627][T24658] veth0_macvtap: entered promiscuous mode
[ 1249.466770][T24658] veth1_macvtap: entered promiscuous mode
[ 1249.502720][T24658] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1249.590475][T24658] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1249.605370][T24658] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.615144][T24658] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.624546][T24658] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.633833][T24658] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1249.647982][T24727] gretap0: left allmulticast mode
[ 1249.653649][T24727] gretap0: left promiscuous mode
[ 1249.658983][T24727] bridge0: port 1(gretap0) entered disabled state
[ 1249.679200][T24727] bond2: (slave veth0_to_bond): Releasing active interface
[ 1249.683835][T24728] netlink: 'syz.0.5626': attribute type 10 has an invalid length.
[ 1249.698370][T24727] mac80211_hwsim hwsim32 wlan1: left promiscuous mode
[ 1249.720073][T24727] team0: Port device wlan1 removed
[ 1249.735482][T24727] team0: Port device bridge1 removed
[ 1249.753969][T24727] team0: Port device bridge2 removed
[ 1249.768450][T24728] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1249.775596][T23147] ath6kl: Unsupported hardware version: 0x0
[ 1249.787595][T24728] bond0: entered promiscuous mode
[ 1249.789740][T23147] ath6kl: Failed to init ath6kl core: -22
[ 1249.806416][T24728] team0: Port device bond0 added
[ 1249.828298][T23147] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22
[ 1249.874463][T13683] usb 6-1: USB disconnect, device number 11
[ 1249.993510][T23144] usb 3-1: USB disconnect, device number 120
[ 1250.011002][T24731] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5627'.
[ 1250.034022][ T6038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1250.048421][ T6038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1250.110774][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1250.121868][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1250.142775][T24733] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5628'.
[ 1250.366096][T24739] program syz.1.5630 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1250.472067][T24741] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5631'.
[ 1250.487167][T24741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5631'.
[ 1250.661307][T24745] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5633'.
[ 1250.693415][ T5840] Bluetooth: hci4: unexpected event 0x20 length: 19 > 7
[ 1250.696351][T24745] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5633'.
[ 1250.741824][T24750] syz_tun: entered allmulticast mode
[ 1250.764888][T24749] syz_tun: left allmulticast mode
[ 1251.032312][T24760] fuse: Bad value for 'fd'
[ 1251.103321][T23147] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1251.293265][ T5840] Bluetooth: hci4: command tx timeout
[ 1251.293509][T23147] usb 2-1: Using ep0 maxpacket: 32
[ 1251.330769][T23147] usb 2-1: config 0 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1251.378004][T23147] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1251.408034][T23147] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1251.425055][T23147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.691322][T23147] usb 2-1: config 0 descriptor??
[ 1251.893572][T23145] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1251.928839][T23147] usbhid 2-1:0.0: can't add hid device: -71
[ 1251.959120][T23147] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1252.100964][T23147] usb 2-1: USB disconnect, device number 26
[ 1252.262022][T23145] usb 5-1: config 0 has no interfaces?
[ 1252.666917][T23145] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1252.676834][T23145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.685231][T23145] usb 5-1: Product: syz
[ 1252.689444][T23145] usb 5-1: Manufacturer: syz
[ 1252.694167][T23145] usb 5-1: SerialNumber: syz
[ 1252.704908][T23145] usb 5-1: config 0 descriptor??
[ 1252.743940][T23147] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1252.893060][T23147] usb 2-1: Using ep0 maxpacket: 32
[ 1252.900754][T23147] usb 2-1: config 0 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1252.917116][T23147] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1252.979296][T23147] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1252.993992][T23147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1253.014076][T23147] usb 2-1: config 0 descriptor??
[ 1253.245349][T23147] usbhid 2-1:0.0: can't add hid device: -71
[ 1253.335601][T23147] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1253.384393][ T5840] Bluetooth: hci4: command tx timeout
[ 1253.386324][T23147] usb 2-1: USB disconnect, device number 27
[ 1253.583016][ T5959] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 1253.823001][ T5959] usb 3-1: Using ep0 maxpacket: 8
[ 1253.953325][ T5959] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[ 1254.002004][ T5959] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[ 1254.058276][ T5959] usb 3-1: config 6 has no interface number 0
[ 1254.084656][ T5959] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1254.108617][T24810] openvswitch: netlink: Multiple metadata blocks provided
[ 1254.284465][ T5959] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1254.296498][ T5959] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1254.407899][ T5959] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1254.417884][ T5959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1254.431421][ T5959] usb 3-1: Product: syz
[ 1254.446340][ T5959] usb 3-1: Manufacturer: syz
[ 1254.465005][ T5959] usb 3-1: SerialNumber: syz
[ 1254.500269][ T5959] hso 3-1:6.2: Failed to find INT IN ep
[ 1254.673630][T23145] usb 5-1: USB disconnect, device number 29
[ 1254.887322][T24818] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5655'.
[ 1254.906170][ T5959] usb 3-1: USB disconnect, device number 121
[ 1255.029397][ T5840] Bluetooth: hci1: unexpected event 0x20 length: 19 > 7
[ 1255.232141][T24828] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5660'.
[ 1255.427438][T24833] binder: 24829:24833 ioctl c0306201 200000000640 returned -22
[ 1255.499271][T24833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5661'.
[ 1255.903210][ T5959] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[ 1255.984892][T24848] netlink: 'syz.4.5668': attribute type 11 has an invalid length.
[ 1256.067094][ T5959] usb 3-1: Using ep0 maxpacket: 32
[ 1256.085809][ T5959] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1256.118727][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.191701][ T5959] usb 3-1: config 0 descriptor??
[ 1256.327338][T24857] tipc: Bearer <udp:s¼>: already 2 bearers with priority 10
[ 1256.339483][T24857] tipc: Bearer <udp:s¼>: trying with adjusted priority
[ 1256.346603][T24857] tipc: Enabling of bearer <udp:s¼> rejected, failed to enable media
[ 1256.451628][ T5959] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1256.534373][T24853] BUG: Bad page state in process syz.5.5669  pfn:aaa01
[ 1256.548826][ T5959] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1256.562567][T24853] page does not match folio
[ 1256.575278][ T5959] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1256.584523][T24853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0xaaa01
[ 1256.603207][ T5959] usb 3-1: media controller created
[ 1256.671082][T24853] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1256.794396][T24853] raw: 00fff00000000000 ffffea0002aa8000 00000000ffffffff ffffffffffffffff
[ 1256.876792][T24853] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1256.893145][T23145] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1256.906483][ T5959] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1256.963487][T24853] page dumped because: nonzero pincount
[ 1256.969067][T24853] page_owner tracks the page as allocated
[ 1257.057631][T24853] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 24851, tgid 24851 (syz.5.5669), ts 1256244067909, free_ts 1203856429291
[ 1257.113127][T23145] usb 5-1: Using ep0 maxpacket: 16
[ 1257.153282][T24853]  post_alloc_hook+0x240/0x2a0
[ 1257.158112][T24853]  get_page_from_freelist+0x21e4/0x22c0
[ 1257.172964][T24853]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1257.191679][T24853]  alloc_pages_mpol+0x232/0x4a0
[ 1257.196903][T24853]  alloc_pages_noprof+0xa9/0x190
[ 1257.224172][T24853]  folio_alloc_noprof+0x1e/0x30
[ 1257.229081][T24853]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1257.263013][T24853]  page_cache_ra_order+0x5e5/0xc70
[ 1257.283076][T24853]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1257.288502][T24853]  filemap_fault+0x62a/0x1200
[ 1257.303301][T24853]  __do_fault+0x135/0x390
[ 1257.307706][T24853]  __handle_mm_fault+0x198b/0x5620
[ 1257.312835][T24853]  handle_mm_fault+0x40a/0x8e0
[ 1257.318671][T24853]  do_user_addr_fault+0xa81/0x1390
[ 1257.324118][T24853]  exc_page_fault+0x76/0xf0
[ 1257.328671][T24853]  asm_exc_page_fault+0x26/0x30
[ 1257.333972][T24853] page last free pid 23803 tgid 23801 stack trace:
[ 1257.343683][T24853]  free_unref_folios+0xc66/0x14d0
[ 1257.348755][T24853]  folios_put_refs+0x559/0x640
[ 1257.362472][T24853]  release_pages+0x4b4/0x520
[ 1257.373208][T24853]  io_free_region+0xb4/0x270
[ 1257.383327][T24853]  io_allocate_scq_urings+0x51a/0x7f0
[ 1257.394209][T24853]  io_uring_create+0x52b/0xb60
[ 1257.399851][T24853]  __se_sys_io_uring_setup+0x264/0x270
[ 1257.405751][T24853]  do_syscall_64+0xfa/0x3b0
[ 1257.413205][T24853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1257.444829][T24853] Modules linked in:
[ 1257.448737][T24853] CPU: 0 UID: 0 PID: 24853 Comm: syz.5.5669 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1257.448750][T24853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1257.448756][T24853] Call Trace:
[ 1257.448760][T24853]  <TASK>
[ 1257.448765][T24853]  dump_stack_lvl+0x189/0x250
[ 1257.448785][T24853]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1257.448799][T24853]  ? __pfx_print_modules+0x10/0x10
[ 1257.448821][T24853]  ? percpu_ref_put+0x19/0x180
[ 1257.448834][T24853]  ? percpu_ref_put+0xf9/0x180
[ 1257.448849][T24853]  bad_page+0x180/0x1c0
[ 1257.448863][T24853]  free_tail_page_prepare+0x2c3/0x4f0
[ 1257.448876][T24853]  __free_frozen_pages+0x8aa/0xe70
[ 1257.448891][T24853]  __folio_put+0x21b/0x2c0
[ 1257.448905][T24853]  ? __pfx___folio_put+0x10/0x10
[ 1257.448921][T24853]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1257.448931][T24853]  ? shmem_mapping+0xd/0x50
[ 1257.448946][T24853]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1257.448961][T24853]  ? __filemap_fdatawait_range+0x1d2/0x230
[ 1257.448972][T24853]  ? __pfx_workingset_update_node+0x10/0x10
[ 1257.448984][T24853]  ? folio_mapping+0x16f/0x240
[ 1257.448999][T24853]  ? truncate_cleanup_folio+0x34a/0x430
[ 1257.449014][T24853]  truncate_inode_pages_range+0x28a/0xda0
[ 1257.449034][T24853]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1257.449061][T24853]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1257.449081][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1257.449112][T24853]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1257.449126][T24853]  blkdev_flush_mapping+0x108/0x270
[ 1257.449141][T24853]  ? bdev_release+0x40f/0x650
[ 1257.449156][T24853]  bdev_release+0x417/0x650
[ 1257.449173][T24853]  ? __pfx_blkdev_release+0x10/0x10
[ 1257.449182][T24853]  blkdev_release+0x15/0x20
[ 1257.449191][T24853]  __fput+0x44c/0xa70
[ 1257.449209][T24853]  task_work_run+0x1d1/0x260
[ 1257.449223][T24853]  ? __pfx_task_work_run+0x10/0x10
[ 1257.449240][T24853]  do_exit+0x6b5/0x22e0
[ 1257.449256][T24853]  ? do_raw_spin_lock+0x121/0x290
[ 1257.449269][T24853]  ? __pfx_do_exit+0x10/0x10
[ 1257.449288][T24853]  do_group_exit+0x21c/0x2d0
[ 1257.449299][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1257.449313][T24853]  get_signal+0x1286/0x1340
[ 1257.449339][T24853]  arch_do_signal_or_restart+0x9a/0x750
[ 1257.449355][T24853]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1257.449375][T24853]  ? exit_to_user_mode_loop+0x40/0x110
[ 1257.449391][T24853]  exit_to_user_mode_loop+0x75/0x110
[ 1257.449404][T24853]  do_syscall_64+0x2bd/0x3b0
[ 1257.449418][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1257.449430][T24853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1257.449440][T24853]  ? clear_bhb_loop+0x60/0xb0
[ 1257.449452][T24853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1257.449461][T24853] RIP: 0033:0x7f787778e929
[ 1257.449470][T24853] Code: Unable to access opcode bytes at 0x7f787778e8ff.
[ 1257.449476][T24853] RSP: 002b:00007f78785350e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1257.449486][T24853] RAX: 0000000000000001 RBX: 00007f78779b5fa8 RCX: 00007f787778e929
[ 1257.449493][T24853] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f78779b5fac
[ 1257.449500][T24853] RBP: 00007f78779b5fa0 R08: 7fffffffffffffff R09: 0000000000000000
[ 1257.449506][T24853] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f78779b5fac
[ 1257.449513][T24853] R13: 0000000000000000 R14: 00007f7877adf940 R15: 00007f7877adfa28
[ 1257.449529][T24853]  </TASK>
[ 1257.449546][T24853] Disabling lock debugging due to kernel taint
[ 1257.823107][T24853] BUG: Bad page state in process syz.5.5669  pfn:aaa00
[ 1257.829979][T24853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaaa00
[ 1257.983295][T24853] head: order:0 mapcount:0 entire_mapcount:1 nr_pages_mapped:0 pincount:0
[ 1257.991840][T24853] flags: 0xfff0000000004d(locked|referenced|uptodate|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1258.064895][T24853] raw: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000
[ 1258.074477][T24858] syz_tun (unregistering): left promiscuous mode
[ 1258.153333][T24853] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1258.161958][T24853] head: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000
[ 1258.283176][ T5959] az6027: usb out operation failed. (-71)
[ 1258.289229][T24853] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1258.323473][ T5959] az6027: usb out operation failed. (-71)
[ 1258.329209][ T5959] stb0899_attach: Driver disabled by Kconfig
[ 1258.337743][T24853] head: 00fff00000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1258.346763][ T5959] az6027: no front-end attached
[ 1258.346763][ T5959] 
[ 1258.353963][T24853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1258.363258][ T5959] az6027: usb out operation failed. (-71)
[ 1258.369023][ T5959] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1258.377481][T24853] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 1258.397012][ T5959] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input87
[ 1258.419569][T24853] page_owner tracks the page as allocated
[ 1258.434542][ T5959] dvb-usb: schedule remote query interval to 400 msecs.
[ 1258.436697][T24853] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 24851, tgid 24851 (syz.5.5669), ts 1256244067909, free_ts 1203856429291
[ 1258.441485][ T5959] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1258.472675][T24853]  post_alloc_hook+0x240/0x2a0
[ 1258.478953][T24853]  get_page_from_freelist+0x21e4/0x22c0
[ 1258.484779][T24853]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1258.487457][ T5959] usb 3-1: USB disconnect, device number 122
[ 1258.490606][T24853]  alloc_pages_mpol+0x232/0x4a0
[ 1258.502698][T24853]  alloc_pages_noprof+0xa9/0x190
[ 1258.507926][T24853]  folio_alloc_noprof+0x1e/0x30
[ 1258.512814][T24853]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1258.518859][T24853]  page_cache_ra_order+0x5e5/0xc70
[ 1258.524253][T24853]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1258.529665][T24853]  filemap_fault+0x62a/0x1200
[ 1258.534684][T24853]  __do_fault+0x135/0x390
[ 1258.539045][T24853]  __handle_mm_fault+0x198b/0x5620
[ 1258.544616][T24853]  handle_mm_fault+0x40a/0x8e0
[ 1258.549416][T24853]  do_user_addr_fault+0xa81/0x1390
[ 1258.554582][T24853]  exc_page_fault+0x76/0xf0
[ 1258.559101][T24853]  asm_exc_page_fault+0x26/0x30
[ 1258.564047][T24853] page last free pid 23803 tgid 23801 stack trace:
[ 1258.570555][T24853]  free_unref_folios+0xc66/0x14d0
[ 1258.575625][T24853]  folios_put_refs+0x559/0x640
[ 1258.580402][T24853]  release_pages+0x4b4/0x520
[ 1258.585736][T24853]  io_free_region+0xb4/0x270
[ 1258.590354][T24853]  io_allocate_scq_urings+0x51a/0x7f0
[ 1258.595785][T24853]  io_uring_create+0x52b/0xb60
[ 1258.600567][T24853]  __se_sys_io_uring_setup+0x264/0x270
[ 1258.606090][T24853]  do_syscall_64+0xfa/0x3b0
[ 1258.610612][T24853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.616629][T24853] Modules linked in:
[ 1258.620567][T24853] CPU: 1 UID: 0 PID: 24853 Comm: syz.5.5669 Tainted: G    B               6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1258.620593][T24853] Tainted: [B]=BAD_PAGE
[ 1258.620599][T24853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1258.620609][T24853] Call Trace:
[ 1258.620616][T24853]  <TASK>
[ 1258.620624][T24853]  dump_stack_lvl+0x189/0x250
[ 1258.620651][T24853]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1258.620678][T24853]  ? __pfx_print_modules+0x10/0x10
[ 1258.620700][T24853]  bad_page+0x180/0x1c0
[ 1258.620720][T24853]  __free_frozen_pages+0xe17/0xe70
[ 1258.620742][T24853]  __folio_put+0x21b/0x2c0
[ 1258.620760][T24853]  ? __pfx___folio_put+0x10/0x10
[ 1258.620781][T24853]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1258.620796][T24853]  ? shmem_mapping+0xd/0x50
[ 1258.620816][T24853]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1258.620841][T24853]  ? __filemap_fdatawait_range+0x1d2/0x230
[ 1258.620866][T24853]  ? __pfx_workingset_update_node+0x10/0x10
[ 1258.620884][T24853]  ? folio_mapping+0x16f/0x240
[ 1258.620904][T24853]  ? truncate_cleanup_folio+0x34a/0x430
[ 1258.620927][T24853]  truncate_inode_pages_range+0x28a/0xda0
[ 1258.620952][T24853]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1258.620984][T24853]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1258.621008][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1258.621042][T24853]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1258.621063][T24853]  blkdev_flush_mapping+0x108/0x270
[ 1258.621087][T24853]  ? bdev_release+0x40f/0x650
[ 1258.621109][T24853]  bdev_release+0x417/0x650
[ 1258.621134][T24853]  ? __pfx_blkdev_release+0x10/0x10
[ 1258.621150][T24853]  blkdev_release+0x15/0x20
[ 1258.621165][T24853]  __fput+0x44c/0xa70
[ 1258.621189][T24853]  task_work_run+0x1d1/0x260
[ 1258.621210][T24853]  ? __pfx_task_work_run+0x10/0x10
[ 1258.621233][T24853]  do_exit+0x6b5/0x22e0
[ 1258.621254][T24853]  ? do_raw_spin_lock+0x121/0x290
[ 1258.621272][T24853]  ? __pfx_do_exit+0x10/0x10
[ 1258.621293][T24853]  do_group_exit+0x21c/0x2d0
[ 1258.621312][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1258.621334][T24853]  get_signal+0x1286/0x1340
[ 1258.621361][T24853]  arch_do_signal_or_restart+0x9a/0x750
[ 1258.621385][T24853]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1258.621411][T24853]  ? exit_to_user_mode_loop+0x40/0x110
[ 1258.621434][T24853]  exit_to_user_mode_loop+0x75/0x110
[ 1258.621454][T24853]  do_syscall_64+0x2bd/0x3b0
[ 1258.621477][T24853]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1258.621499][T24853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.621516][T24853]  ? clear_bhb_loop+0x60/0xb0
[ 1258.621533][T24853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.621548][T24853] RIP: 0033:0x7f787778e929
[ 1258.621562][T24853] Code: Unable to access opcode bytes at 0x7f787778e8ff.
[ 1258.621570][T24853] RSP: 002b:00007f78785350e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1258.621586][T24853] RAX: 0000000000000001 RBX: 00007f78779b5fa8 RCX: 00007f787778e929
[ 1258.621599][T24853] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f78779b5fac
[ 1258.621611][T24853] RBP: 00007f78779b5fa0 R08: 7fffffffffffffff R09: 0000000000000000
[ 1258.621624][T24853] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f78779b5fac
[ 1258.621637][T24853] R13: 0000000000000000 R14: 00007f7877adf940 R15: 00007f7877adfa28
[ 1258.621655][T24853]  </TASK>
[ 1258.978166][ T5959] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1259.022494][T24864] syz_tun (unregistering): left promiscuous mode
[ 1259.065403][T23145] usb 5-1: device descriptor read/all, error -71
[ 1259.734366][T12728] team0: Port device bridge2 removed
[ 1259.866335][T12728] bond0 (unregistering): Released all slaves
[ 1259.875205][T12728] bond1 (unregistering): Released all slaves
[ 1259.983523][T12728] bond2 (unregistering): Released all slaves
[ 1260.090210][T12728] bond3 (unregistering): Released all slaves
[ 1260.145657][T12728] : left promiscuous mode
[ 1260.205788][T12728] tipc: Left network mode
[ 1260.220466][T12728] IPVS: stopping master sync thread 18880 ...
[ 1260.370518][T12728] batadv_slave_0: left promiscuous mode
[ 1260.379554][T12728] batman_adv: batadv0: Removing interface: vlan1
[ 1260.397621][T12728] pim6reg (unregistering): left allmulticast mode
[ 1261.170644][T12728] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.227494][T12728] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.280865][T12728] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.337601][T12728] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.437936][T12728] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.478526][T12728] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.543548][T12728] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.599492][T12728] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.952759][T12728] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1261.989378][T12728] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1262.092172][T12728] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1262.139035][T12728] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1262.177517][   T13] tipc: Resetting bearer <eth:wg1>
[ 1262.216361][T12728] bridge_slave_1: left allmulticast mode
[ 1262.222023][T12728] bridge_slave_1: left promiscuous mode
[ 1262.232874][T12728] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1262.242429][T12728] bridge_slave_0: left allmulticast mode
[ 1262.249572][T12728] bridge_slave_0: left promiscuous mode
[ 1262.256419][T12728] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1262.450163][T12728] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1262.462060][T12728] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1262.471614][T12728] bond0 (unregistering): Released all slaves
[ 1262.699156][T12728] bond0 (unregistering): left promiscuous mode
[ 1262.705379][T12728] bond0 (unregistering): left allmulticast mode
[ 1262.712130][T12728] team0: Port device bond0 removed
[ 1262.718070][T12728] bond0 (unregistering): Released all slaves
[ 1262.953271][T12728] bond0 (unregistering): left promiscuous mode
[ 1262.960241][T12728] team0: Port device bond0 removed
[ 1262.965807][T12728] bond0 (unregistering): Released all slaves
[ 1262.975822][T12728] bond1 (unregistering): Released all slaves
[ 1263.080215][T12728] bond2 (unregistering): Released all slaves
[ 1263.350040][T12728] bond0 (unregistering): left promiscuous mode
[ 1263.356250][T12728] bond0 (unregistering): left allmulticast mode
[ 1263.363925][T12728] team0: Port device bond0 removed
[ 1263.369509][T12728] bond0 (unregistering): Released all slaves
[ 1263.474371][T12728] bond1 (unregistering): Released all slaves
[ 1263.578522][T12728] bond2 (unregistering): Released all slaves
[ 1263.685031][T12728] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1263.694845][T12728] bond3 (unregistering): Released all slaves
[ 1265.411988][T12728] tipc: Disabling bearer <eth:wg1>
[ 1265.425296][T12728] tipc: Disabling bearer <udp:syz0>
[ 1265.431071][T12728] tipc: Left network mode
[ 1265.436923][T12728] tipc: Disabling bearer <udp:syz0>
[ 1265.442312][T12728] tipc: Disabling bearer <eth:wg1>
[ 1265.447961][T12728] tipc: Left network mode
[ 1265.883910][T12728] mac80211_hwsim hwsim26 wlan0 (unregistering): left allmulticast mode
[ 1265.960228][T12728] hsr_slave_0: left promiscuous mode
[ 1265.967527][T12728] hsr_slave_1: left promiscuous mode
[ 1265.973582][T12728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1265.980988][T12728] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1265.989016][T12728] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1265.996623][T12728] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1266.008681][T12728] hsr_slave_0: left promiscuous mode
[ 1266.015278][T12728] hsr_slave_1: left promiscuous mode
[ 1266.021040][T12728] batman_adv: batadv0: Interface deactivated: vlan1
[ 1266.028888][T12728] batman_adv: batadv0: Removing interface: vlan1
[ 1266.036567][T12728] batadv_slave_0: left promiscuous mode
[ 1266.044610][T12728] batadv_slave_0: left promiscuous mode
[ 1266.056438][T12728] hsr_slave_0: left promiscuous mode
[ 1266.062224][T12728] hsr_slave_1: left promiscuous mode
[ 1266.071056][T12728] batman_adv: batadv0: Interface deactivated: vlan1
[ 1266.078082][T12728] batman_adv: batadv0: Removing interface: vlan1
[ 1266.097277][T12728] veth1_macvtap: left promiscuous mode
[ 1266.102805][T12728] veth0_macvtap: left promiscuous mode
[ 1266.110669][T12728] veth1_vlan: left promiscuous mode
[ 1266.116563][T12728] veth0_vlan: left promiscuous mode
[ 1266.122476][T12728] team0: left allmulticast mode
[ 1266.129006][T12728] veth1_macvtap: left promiscuous mode
[ 1266.135313][T12728] veth0_macvtap: left promiscuous mode
[ 1266.140884][T12728] veth1_vlan: left promiscuous mode
[ 1266.148993][T12728] veth0_vlan: left promiscuous mode
[ 1266.154909][T12728] team0: left allmulticast mode
[ 1266.159785][T12728] team0: left promiscuous mode
[ 1266.164939][T12728] veth1_macvtap: left promiscuous mode
[ 1266.170422][T12728] veth0_macvtap: left promiscuous mode
[ 1266.176003][T12728] veth1_vlan: left promiscuous mode
[ 1266.181245][T12728] veth0_vlan: left promiscuous mode
[ 1266.382123][T12728] team0 (unregistering): Port device team_slave_1 removed
[ 1266.405129][T12728] team0 (unregistering): Port device team_slave_0 removed