last executing test programs:

15m30.538974107s ago: executing program 2 (id=3120):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4)
sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="439db5", 0x3}], 0x1, &(0x7f0000000540)=[@op={0x18}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x14}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000005c0)=""/103, 0x67}], 0x1}, 0xe}], 0x2, 0x2021, 0x0)

15m30.46576035s ago: executing program 2 (id=3121):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000180)={0x2, 0x5c, 0x0})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x3, 0x0, 0x6, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x8340})
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40000)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x1, 0x4})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x7c, 0x3, 0xfd, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x8, 0x5, 0xb, 0x8, 0x0, 0x10003, 0x9, 0xff, 0x6, 0x5, 0x12, '\x00', 0x1})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10, 0x0}, 0x4048041)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

15m30.158483461s ago: executing program 2 (id=3123):
r0 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f0000000180)=[{0xb4b1, 0x4200, 0x0, 0x0}], 0x1})

15m28.283379849s ago: executing program 2 (id=3128):
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)
fallocate(r0, 0x4e, 0x9, 0x2395)
r1 = syz_io_uring_setup(0x4705, &(0x7f0000000000)={0x0, 0x5059, 0x20000, 0x1, 0x19a, 0x0, r0}, &(0x7f0000000080), &(0x7f00000000c0))
ppoll(&(0x7f0000000100)=[{r1, 0x1}, {r0, 0x8}, {0xffffffffffffffff, 0x102}, {r1, 0x400}, {r1, 0x610}], 0x5, &(0x7f0000000140), &(0x7f0000000180)={[0x5]}, 0x8)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
ioctl$VHOST_VDPA_GET_GROUP_NUM(0xffffffffffffffff, 0x8004af81, &(0x7f00000001c0))
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000200), &(0x7f0000000240)=0x4)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_TTY(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xdc, 0x464, 0x1, 0x70bd27, 0x25dfdbfd, "a5e54db6b8b7fe9465a04fc6d583db05343bfcef208ece7dd4904b80188976387f9aaf659765b8e8a270d1fbb7cd16253fd81f61891953d05a4ec9c869fd86e0cdbcf9061e7281b60ca49119f85c2d3b7df30ab23a20aeb8c3ca0a90f5a116ae47314070b9d305f28dd086816b6f3efd002670a2cd99c20090e52b2a1137c80bc320fa27b71725d69c065c8c84e805e626df8008ce780ec91d77e8338708e9b179b31286cbcdac7575a6924d2788c505a5bac363416c6b5502d96c6f19e8da6d032c779e49f2d81287", ["", "", "", "", "", "", "", ""]}, 0xdc}, 0x1, 0x0, 0x0, 0x20004080}, 0x80)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000480), r0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000580)={'ip_vti0\x00', &(0x7f00000004c0)={'gretap0\x00', <r5=>0x0, 0x80, 0x1, 0x4, 0x1, {{0x22, 0x4, 0x1, 0x5, 0x88, 0x64, 0x0, 0x9, 0x29, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x15}, {[@timestamp_prespec={0x44, 0x1c, 0xd, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0x2d}, 0x7}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}]}, @noop, @generic={0x7, 0x12, "7659f7a21a9a93803edf936af17f699d"}, @cipso={0x86, 0x44, 0x1, [{0x6, 0x10, "8bed21a9e4612a8c6d6ba41a5f4d"}, {0x2, 0x6, "ff477e94"}, {0x1, 0xc, "36cf3c37c6ccefbcac4a"}, {0x6, 0x11, "58a9fb281365628b4830f42cce775c"}, {0x7, 0x2}, {0x1, 0x9, "729d7cbb78866b"}]}]}}}}})
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000b00)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000ac0)={&(0x7f00000005c0)={0x4c4, r4, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r5}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x2}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PEERS={0x470, 0x8, 0x0, 0x1, [{0x3bc, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x398, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x36}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x22}}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x39}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x3e}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x8, @remote, 0xb27}}]}, {0x48, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x5c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @empty}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0xf, @private2={0xfc, 0x2, '\x00', 0x1}, 0x97a}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "773493f079f1622243da6e8d30f37151ed9521afaa72844c84fa7f77c53490ab"}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}]}, 0x4c4}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
sendmmsg$inet(r0, &(0x7f0000001580)=[{{&(0x7f0000000b40)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000dc0)=[{&(0x7f0000000b80)="e891b27159546a514b3b5aef72503ea21e18433a72bf9bf9feaa3f934c1621c9d2b77ec95cea67e9892776b5164c3bf6e5afc989f0853ab43996537fecb92a045f59752816b5ba33c5e4bd399e8d520c439767756ddfbb5047692b51efec869124976fe4e07449ef16ef37893d8a3d0bd0f4a52114f6cd3f7068de8362b36ccde9c92fdcd62d6343e39e4b3afaf7f4440271a4d0464c06056a28b7174f9bc1b41d944a963ec67ef1a21b4c1ec23b081c5633e22c7302e462436508016f7e43a41d4daae392114a178cefbae3f44a34cc7bfb3fcfb328646cba7456de86e68efc15041a66df1aadccd7f080998f64629116d4947ded37f7cfe15a26", 0xfb}, {&(0x7f0000000c80)="4c40be81c8faeb", 0x7}, {&(0x7f0000000cc0)="d913ba979642cdc0b06eb09e6e3d0e2200209f5de66dfc7930420fb98e16a8", 0x1f}, {&(0x7f0000000d00)="ebefe7b616b96876c3eeb79fb80a331d2341303cfd875e9354643f5f5ae5bbcc83d4c8116455e686ab48d7d328df08d399120bebe628ea2b924226c2b1ca5857a2617dae4b93093c4879470f460e0c32fee24a61cf8e25cb8126", 0x5a}, {&(0x7f0000000d80)="2c2e3df0b7b41488d3f31e8b6dc70c31e887348bfdcff7dd594e65a948d70920982eb6ca41aa1941fde726d24efd4b4ba15bdc398e1cff5b", 0x38}], 0x5, &(0x7f0000000e40)=[@ip_retopts={{0x20, 0x0, 0x7, {[@generic={0x44, 0x10, "f70da9b20492c487efde59d2d9e2"}]}}}, @ip_retopts={{0x11c, 0x0, 0x7, {[@timestamp={0x44, 0x1c, 0x82, 0x0, 0x9, [0x1fc5, 0x40, 0xef, 0xd, 0x8f, 0x3]}, @ssrr={0x89, 0x27, 0xf3, [@broadcast, @private=0xa010100, @empty, @private=0xa010101, @empty, @private=0xa010101, @local, @local, @rand_addr=0x64010100]}, @timestamp_prespec={0x44, 0xc, 0xa6, 0x3, 0xc, [{@local, 0xffffff9f}]}, @timestamp_prespec={0x44, 0x24, 0xfc, 0x3, 0x1, [{@broadcast, 0x6}, {@broadcast, 0x2}, {@remote, 0x8}, {@private=0xa010102, 0x8}]}, @timestamp={0x44, 0x18, 0x2c, 0x0, 0x3, [0x7ff, 0x7fff, 0x0, 0x0, 0x3]}, @timestamp={0x44, 0x20, 0x50, 0x0, 0x7, [0xffffffff, 0x200, 0xbb5, 0x9, 0x2, 0x2522, 0x9]}, @timestamp={0x44, 0x24, 0xa1, 0x0, 0x1, [0x1000, 0x9, 0x6a2, 0x5, 0x1, 0x3, 0x10001, 0x5]}, @timestamp_addr={0x44, 0x3c, 0x67, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@private=0xa010102, 0x7f}, {@loopback, 0x3}, {@loopback, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@local, 0x6}, {@multicast2, 0x2}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @multicast2, @rand_addr=0x64010100}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xffffffff}}], 0x190}}, {{&(0x7f0000001000)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000001500)=[{&(0x7f0000001040)="930f76be431db92cee59c419512c0cb648925494d106a29b3e465684eed534fe6fd8b11e754b6148ca655779157249ee4c83f800d8da5cb2bfa4bc856879c4b4a2ddd051c2095548958f76b0d8e8e830f70df9c0ac4085fb25d0b724660a38ceb107a136a7e63baa71fc22ecb36ac9bb76e58e8853b32e9a3a46ca65fb79985391600e4b0c430466dda9e489e7aa2a52ca64a812b07d67a159bef6c86e6fd6572ae3be16edb290a131b21abe3b3cbce037f2e82c8c9a6978af7dd17dd4dda64038285e034c21f83c405c0c60ab3669c9daad577383a823a48767a2935af533a48c", 0xe1}, {&(0x7f0000001140)="5d22649ff0d63c6b6ac7ae1d8d2df0e8a1942143e92b64df77e501d6779bf8dd5b37f1bc7f1ddcc9550db817cc0c5639721a38eeaf94ccdaefdb0c13150964474989aa40b2a0ef447ffc211b9767de4d609abf7cab8c71bac3a3778a1cb289fac3948ad14baa933524e1960f3ba9813501bbd98bcb7ea4a5352f9d26204c7fa57c8cb2487de2ad28037ff26537f8a9c4b7e8dd07efdf26ad0db78bba7151fbb61bad1b30f54300f996a6df2daa9c12d19247a695f94320fce3f2d6b62409e4b06b7e6547a1c911772d490351", 0xcc}, {&(0x7f0000001240)="73690fee01c64e6ea62ea84ef825e83b7bc2f91fe6026b5f09194148330087e8566756216893ae445bf3d0e4626060d05c630316f1cd58c769b6ad8d52dbb3eb708a2571552533e9695caa1e9dbf2b5372fe48a10d788c48f38d4366a80496cfbb818f2928b556bfbc6e6a8db66b3571d4f3f5d2af49623f483d07246de2", 0x7e}, {&(0x7f00000012c0)="ab1e1a61996198db003cbadcb2cecd21f8c5bf52376c35eb198762bedb04a7a5a507d79532d37d37c47cc22a1eb267c552bae7c7e59097f5d242e5e6b875e151ac1e28f18fd4669cfe377d613ee9171e0f1930a76d46593c2057a6d83e6a51d4907860dbd5b1c869725b5a820a7bedd5dae7903b256ff3f8e5cc23cdc31dc991f0f1798b1759ee78816517b5592ccf265aa4b960fde93a2110f764c4deb3718f2ff193592ccdd15a83b194da930ed2f59a6bbdfe1277372b061e22aec6097281dacaa56fb0", 0xc5}, {&(0x7f00000013c0)="d98d05b7359ac9d8231ac7a2083ff124a6188a568fa757e00c67c1518b490a1dd033849fd1639a1cdc7acc6a84c1b66af3d8336764", 0x35}, {&(0x7f0000001400)="7d16995a16ecf6993e70abb04afa3c13e710be0b37d5cd03a2ae59480aa3b76eb61908a87e9b4cadd01b5ed959d4e103dd96c456b20e9cd3457c938f3675ebd9e08ba9965cb16a87d1de55faf01dbd2adb565edb917f19e6991f5314c81c3778b9ce95db34de001cdf97e2c38ac76414691b49ac8568e7ec4a086b962b8cb1ef90b4735bbac914282882f2431a43c3451da33af76dc582f1f773cb4fad02f0870e37aca93f249747d99cb1d615da6a8c3d4b21899d2dc6670062df3f76a6df643d4001b64132741b1ddcd447b8abb9deff40114739c23a4e7fdcde9050b40e33e8121b8ef076e61fcdf411b03ecb231ad92b4ec3bc", 0xf5}], 0x6}}], 0x2, 0x4000050)
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000001700)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001640)={0x58, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xf}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x14}, 0x40400c1)
clock_settime(0x0, &(0x7f0000001740)={0x77359400})
getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000001780), &(0x7f00000017c0)=0x4)
ioctl$TIOCMIWAIT(r0, 0x545c, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000001800)={{0x1, 0x1, 0x18, <r6=>r1}, './file0\x00'})
ioctl$UI_GET_SYSNAME(r6, 0x8040552c, &(0x7f0000001840))
syz_kvm_setup_cpu$x86(r6, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000001900)=[@textreal={0x8, &(0x7f0000001880)="0f20c06635040000000f22c0ba6100ecba2100b000eeb81b0b8ed866b9f80a000066b80070000066ba000000000f30660f381c700a66b98d03000066b80a00000066ba000000000f30bad104ec0f380bb00b00f081200000", 0x58}], 0x1, 0xd, &(0x7f0000001940), 0x0)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x40103d0b, &(0x7f0000001980)={0x0, 0x9})
r7 = getpgid(0x0)
syz_open_procfs(r7, &(0x7f00000019c0)='net/fib_triestat\x00')
recvmsg$unix(r6, &(0x7f0000001f00)={&(0x7f0000001a00)=@abs, 0x6e, &(0x7f0000001d40)=[{&(0x7f0000001a80)=""/10, 0xa}, {&(0x7f0000001ac0)=""/144, 0x90}, {&(0x7f0000001b80)=""/8, 0x8}, {&(0x7f0000001bc0)=""/118, 0x76}, {&(0x7f0000001c40)=""/197, 0xc5}], 0x5, &(0x7f0000001dc0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x120}, 0x40)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000001f40)={0x0, 0x0, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_ATOMIC(r9, 0xc03864bc, &(0x7f0000002740)={0x100, 0x3, &(0x7f0000002100)=[0x0, 0x0, 0x0], &(0x7f0000002140)=[0x644], &(0x7f00000026c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000002700)=[0x7573], 0x0, 0x8})

15m28.008002745s ago: executing program 2 (id=3129):
bpf$MAP_CREATE(0x1101000000000000, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000c0000000001a0000f7"], 0x48) (fail_nth: 28)

15m27.666407541s ago: executing program 2 (id=3131):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x4a4000)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_STEREO(r1, 0xc0045003, &(0x7f00000000c0))
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
fdatasync(r1)
r3 = socket(0x26, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r4=>0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r7, 0xc0844123, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r8 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r8, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fallocate(r11, 0x1, 0x100000000, 0x10000)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xb}, {0x5, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x844)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x4, &(0x7f0000000040)=[{0x3d, 0x0, 0x2}, {}, {0x7, 0x0, 0x81, 0xc556}, {0x6}]})
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0xc0000)
write$P9_RREADDIR(r12, &(0x7f0000000380)={0xe4, 0x29, 0x2, {0x2, [{{0x2, 0x2, 0x8}, 0x6, 0xfa, 0x7, './file0'}, {{0x4, 0x0, 0x3}, 0x7, 0x81, 0x7, './file0'}, {{0xa0, 0x1, 0x5}, 0x5, 0x1, 0x7, './file0'}, {{0x20, 0x4, 0x2}, 0xa56, 0x0, 0x7, './file0'}, {{0x65, 0x2}, 0x6, 0xf8, 0x7, './file0'}, {{0x2, 0x1, 0x8}, 0x5, 0x25, 0x7, './file0'}, {{0x2, 0x2, 0x2}, 0x1, 0x0, 0x7, './file0'}]}}, 0xe4)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8)

15m12.616811508s ago: executing program 32 (id=3131):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x4a4000)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_STEREO(r1, 0xc0045003, &(0x7f00000000c0))
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
fdatasync(r1)
r3 = socket(0x26, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r4=>0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r7, 0xc0844123, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r8 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r8, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fallocate(r11, 0x1, 0x100000000, 0x10000)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xb}, {0x5, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x844)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x4, &(0x7f0000000040)=[{0x3d, 0x0, 0x2}, {}, {0x7, 0x0, 0x81, 0xc556}, {0x6}]})
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0xc0000)
write$P9_RREADDIR(r12, &(0x7f0000000380)={0xe4, 0x29, 0x2, {0x2, [{{0x2, 0x2, 0x8}, 0x6, 0xfa, 0x7, './file0'}, {{0x4, 0x0, 0x3}, 0x7, 0x81, 0x7, './file0'}, {{0xa0, 0x1, 0x5}, 0x5, 0x1, 0x7, './file0'}, {{0x20, 0x4, 0x2}, 0xa56, 0x0, 0x7, './file0'}, {{0x65, 0x2}, 0x6, 0xf8, 0x7, './file0'}, {{0x2, 0x1, 0x8}, 0x5, 0x25, 0x7, './file0'}, {{0x2, 0x2, 0x2}, 0x1, 0x0, 0x7, './file0'}]}}, 0xe4)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8)

4m14.145346178s ago: executing program 5 (id=6083):
unshare(0x70030200)
unshare(0x40060100)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=<r3=>r2], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffff7}]})
r6 = syz_open_dev$ptys(0xc, 0x3, 0x1)
r7 = dup3(r6, r4, 0x80000)
syz_usb_connect(0x0, 0x286, &(0x7f00000005c0)=ANY=[@ANYRESDEC=r1, @ANYRES32=r2, @ANYRESHEX=r6, @ANYRESOCT=r3], 0x0)
syz_io_uring_setup(0x2a20, &(0x7f0000000480)={0x0, 0x2a92, 0x13100, 0x104000}, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x2982, 0x0)
r12 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32=r7, @ANYRES32=r7, @ANYBLOB="353600000000001000000000e27aec5927c8dd8a65915649c8e822e227ed4b078e869cfd8e", @ANYRES32=r12, @ANYBLOB, @ANYRES64=0x0], 0x20)
sendfile(r11, r12, 0x0, 0x20000023896)
close(r11)
r13 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r13}, &(0x7f0000bbdffc)=<r14=>0x0)
timer_settime(r14, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000b2000040"])
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000f2ffffff00000000", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRESHEX=r11, @ANYRES32, @ANYBLOB="030000000000000300"/27], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r7}, &(0x7f00000000c0), &(0x7f0000000100)=r12}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x8, 0x7, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000800000000000000010000001800000008000000000000000000000018450000feffffff000900"/56], &(0x7f0000000140)='GPL\x00', 0x9333, 0x95, &(0x7f0000000700)=""/149, 0x41000, 0x6f, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r15 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r15, 0x65, 0x1, 0x0, 0xf00)

4m10.968941225s ago: executing program 5 (id=6098):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x80081)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000cc0)={0xa, {0x800, 0x7b, 0x1000}})
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
syz_emit_ethernet(0x2a, &(0x7f0000000500)=ANY=[@ANYBLOB="ff01090000000008004500001c0000000000029078ac1e0001ffffffff16009078000000002871ccdd3e94b0e1d7d857d74d70ea0bf4788dd8a061d0ffabe5ac5231065400e808e6b83c473ac5282cc3177f992535a62272e15263bbd7afe60529eb7bccf1de1d5505019605583bb758f12ab704962f0f2739cbad1113033e79c796fa04feef53b78e9a8e45cc61494086c4fcc124d96f38f95f72e4c6df77200ee8d228e27445f00e310143220e9cc32463e3da837e592f9e9c0a619af7182f335f8ccadeffbf0cb16dfbef25f16c7732c72625c5d712847da7915489371fa083d617e29e26eda1cf3bc2f1d30548228c768e1f29139828e055e633fd6a9097f5a67b0448c8aa602875562790fbd1914bd91bc18383b221550df877b6bb2ddbb47d8ff44571ee8fff64a850b055941b9541bf00"], 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a73797a20303030303030303030303030303007303337323400c9f29ae4302450d8a9cf02b44f5761f04220bb1bb3c9421749f5414f0d6f126ab3afcbce8b2895c24d112b0b400431db04e964db2a6eaa6dd99b2d1d26619157dd0e"], 0x2a, 0xfffffffffffffff9)
r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r4, 0x0, 0x0)
syz_io_uring_setup(0x24fa, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000380)={0x0, 0x0, 0x200})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000ac0)={0x0, 0x4, 0x2})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x210, 0x0, 0x720d, 0x148, 0xd0, 0x148, 0x178, 0x240, 0x240, 0x178, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x0, 0x0, 0x0, 0x7], 0x2}, {0xffffffffffffffff, [0x5, 0xb2cc575b459b5b35, 0x4, 0x2, 0x0, 0x6]}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x3, 0x7}, {0x1, 0x0, 0x2}, {0x1, 0xff, 0x3}, 0x2, 0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, r8, 0x0, 0x0, r3})
setsockopt(r8, 0x4, 0x2, &(0x7f0000000040)="e484b9cc48b74103efbc2751f67c3c", 0xf)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005740)={&(0x7f00000056c0)=@bridge_newneigh={0x30, 0x1c, 0x1, 0x70bd23, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x2, 0x10, 0x6}, [@NDA_PROTOCOL={0x5, 0xc, 0xb2}, @NDA_DST_MAC={0xa, 0x1, @random="c0c1c82487eb"}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0xc0)
ioctl$TIOCGPTPEER(r8, 0x5441, 0x8000000000000000)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000680)={'netdevsim0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0)

4m10.745516362s ago: executing program 5 (id=6101):
prlimit64(0x0, 0x9, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket(0x10, 0x80000, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000fc0)=""/4096, 0x1000}], 0x1}}], 0x7ffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x646d0000)

4m10.678772178s ago: executing program 5 (id=6102):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
keyctl$reject(0x13, 0x0, 0x0, 0x100000201, 0xfffffffffffffffc)
syz_emit_ethernet(0x5e, &(0x7f0000000bc0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @private0, @empty}}}}}}, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
futex_waitv(&(0x7f0000001240)=[{0x1, 0x0, 0x86, 0x3f}], 0x1, 0x0, 0x0, 0x1)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

4m9.710437391s ago: executing program 5 (id=6107):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000060605"], 0x14}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0xfffffffffffffe66)
syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), r0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x26b, 0x0, 0x80000001}]})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x20, 0x10, 0xff05, 0x8000000, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}}, 0x20}}, 0x20000840)

4m9.420083169s ago: executing program 5 (id=6109):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x7fd, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000006004000140008"], 0x28}}, 0x8000)

4m8.907711503s ago: executing program 33 (id=6109):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x7fd, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000006004000140008"], 0x28}}, 0x8000)

1m6.317827876s ago: executing program 4 (id=7038):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x6a0, 0x5, 0x348, 0x160, 0x0, 0xfeffffff, 0x160, 0x370, 0x370, 0x370, 0xffffffff, 0x370, 0x370, 0x5, 0x0, {[{{@uncond, 0x3e7, 0x70, 0xb8, 0xe000000, {0xffffffffffffff6a}}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@broadcast, @ipv4=@remote, @gre_key}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth1_to_batadv\x00', 'xfrm0\x00'}, 0x0, 0x70, 0xa8, 0x0, {0x0, 0x7}}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @rand_addr, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @gre_key}}}}, {{@ip={@dev, @multicast1, 0x0, 0x0, 'macvlan0\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @loopback}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8)

1m6.245954696s ago: executing program 4 (id=7039):
socket$netlink(0x10, 0x3, 0x0)
socket$tipc(0x1e, 0x4, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
read$snapshot(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xd4bb, 0x40, 0xfffffffd}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x80800})
listen(r4, 0x5)
io_uring_enter(r5, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)

1m5.139637952s ago: executing program 4 (id=7045):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2}, [@NDA_DST_MAC={0xa, 0x1, @remote}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000200)=""/57, 0x39, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x2)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000140)=0x200000000)
socket$inet(0x2, 0x3, 0x2)
syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa00080045800028006400000002907800000000e000000111009079e00000028000b8b4e92ac4e10eb17eca202f9a2f713397f43400000000"], 0x0)
write$vhost_msg_v2(r4, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000000540)=""/152, 0x98, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000440)=""/119, 0x77, 0x0, 0x0, 0x3}}, 0x48)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendfile(r5, r3, 0x0, 0x20000023893)
r6 = getpgid(0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x1ff8, 0x12)
ptrace$ARCH_SET_CPUID(0x1e, r6, 0x1, 0x1012)

1m1.140337622s ago: executing program 4 (id=7064):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffb, 0x200, 0x2, 0x4}, 0x8)
sendto$inet6(r3, &(0x7f00000004c0)='W', 0x1, 0x4000884, &(0x7f0000000100)={0xa, 0x4e20, 0x2, @loopback, 0x8}, 0x1c)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0x20, r4, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000801, 0xee00, &(0x7f0000000480)={0x55a14b73, 0x2, 0x4, 0x7, 0x9, 0x3, 0xd, 0x40, 0x3})
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000000)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01000000213c2dc9aea2161b9777"], 0x14}, 0x1, 0x0, 0x0, 0x24040814}, 0x2000c050)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x3, 0xfffffffffffffec1, &(0x7f0000000040)=ANY=[@ANYBLOB="07001002cd35fc40cd060c0103f3f215030109021b0001040000000904c402017e59610009158202f41f000000"], 0x0)
accept4(r0, &(0x7f00000001c0)=@x25={0x9, @remote}, &(0x7f0000000240)=0x80, 0x800)
r7 = syz_open_dev$media(&(0x7f0000000340), 0x4, 0x600000)
ioctl$MEDIA_IOC_G_TOPOLOGY(r7, 0xc0487c04, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000fc0)=[{}]})
r8 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_QUERYCAP(r8, 0x80685600, &(0x7f0000000040))
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
ioctl$MEDIA_IOC_ENUM_LINKS(r7, 0xc0287c02, &(0x7f0000000140)={0x80000000, &(0x7f0000000500), &(0x7f0000000580)=[{{}, {<r9=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000440)={r9, &(0x7f0000000380), &(0x7f00000003c0)})

57.954032135s ago: executing program 4 (id=7080):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r4=>0x0})
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000180)=[{0x1, 0x0, {0x0, 0x0, 0x2}, {0x0, 0xff, 0x1}, 0xfe}], 0x20)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0xfeff, 0x4012}, 0x840)

56.933362933s ago: executing program 4 (id=7084):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b000104000000090400004fd4695e00090532825b"], 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000600))
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000640))
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000280)=[{0x2, 0x3, {0x1, 0xff}, {0x2, 0x0, 0x2}, 0xff, 0xfe}], 0x20)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r5, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)
syz_usb_connect$uac1(0x4, 0xeb, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd9, 0x3, 0x1, 0x8, 0x50, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x40}, [@processing_unit={0xa, 0x24, 0x7, 0x4, 0x6, 0x80, "028dbd"}, @feature_unit={0xb, 0x24, 0x6, 0x3, 0x1, 0x2, [0x6, 0x6], 0x34}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x200, 0x5, 0x8, 0x9, 0x2, 0x8}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x307, 0x1, 0x6, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0xff, 0x3, 0x5, 0x6, "d5"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x59, 0x9, 0x7, {0x7, 0x25, 0x1, 0x2, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x7f, 0x4, 0xf2, 0x51, "17c08db24c74"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x29, 0x3}, @as_header={0x7, 0x24, 0x1, 0x5, 0x54, 0x1002}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x4, 0x5, 0xfe, "97ca938e2b7f6107"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x2, 0x1, 0x7, 0x3, "f843c39a622d55"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xf8, 0x2, 0x7f, 0x1, "8767", "f2"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81, 0x40, 0x800}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x200, 0xff, 0x7f, 0x9, 0x40, 0x5}, 0x1c, &(0x7f00000001c0)={0x5, 0xf, 0x1c, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x7, 0x2, 0xd0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x81, 0xc, 0x4}, @ptm_cap={0x3}]}, 0x4, [{0x8a, &(0x7f0000000200)=@string={0x8a, 0x3, "6c0df954789633729da1b7460b3e41e1d607322e055fcd1fa8da0f59edb31b6fcb89e0af43e3d88953a95f8464c725576072a6690236d6463443b72a951be64a7fc2cee823f060b44719f1f2baf9b8ebe45dea345cb498672898d1795bed1062c34ead6772289bcb86471aad75954202d211d14a24ff1fc77a274f0df14c3c1c0c1424ef7e04af0d"}}, {0x102, &(0x7f00000002c0)=@string={0x102, 0x3, "4e933c38c78d2319dba71228d5c04ab00c7b5f3d34557b58bfe4c7e86be0d96ad553012815bed68d82218465e1732bf12459c4f48381f6f0db534a8b6b8917d68956ff0c9ed55fba063a66557d2f4f6eb4c02db52bdbee6f5df17fa8819c8c86faf5afd3d992dd8c81a2f6fe8e67d44d532026417883eb846ac080aec5c7ad00443950c1713f6c8b2f5e8b29be1f71f4498b1cd9a771d7f203dc4de322b8f7632f725d552ce6a3d67c06aa82c7f7f3cefd26f7e34d96acca45601bff1fb4684e71d535b0b1b7e6a9b0a2ac285444ec0343360112310a773a86168d0bf04658e098792fb08e9b5ec32eed11db7ad84d69c6b372b24d655125ece326e255bf19a1"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x827}}]})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

41.89169578s ago: executing program 34 (id=7084):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b000104000000090400004fd4695e00090532825b"], 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000600))
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000640))
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000280)=[{0x2, 0x3, {0x1, 0xff}, {0x2, 0x0, 0x2}, 0xff, 0xfe}], 0x20)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r5, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)
syz_usb_connect$uac1(0x4, 0xeb, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd9, 0x3, 0x1, 0x8, 0x50, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x40}, [@processing_unit={0xa, 0x24, 0x7, 0x4, 0x6, 0x80, "028dbd"}, @feature_unit={0xb, 0x24, 0x6, 0x3, 0x1, 0x2, [0x6, 0x6], 0x34}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x200, 0x5, 0x8, 0x9, 0x2, 0x8}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x307, 0x1, 0x6, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0xff, 0x3, 0x5, 0x6, "d5"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x59, 0x9, 0x7, {0x7, 0x25, 0x1, 0x2, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x7f, 0x4, 0xf2, 0x51, "17c08db24c74"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x29, 0x3}, @as_header={0x7, 0x24, 0x1, 0x5, 0x54, 0x1002}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x4, 0x5, 0xfe, "97ca938e2b7f6107"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x2, 0x1, 0x7, 0x3, "f843c39a622d55"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xf8, 0x2, 0x7f, 0x1, "8767", "f2"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81, 0x40, 0x800}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x200, 0xff, 0x7f, 0x9, 0x40, 0x5}, 0x1c, &(0x7f00000001c0)={0x5, 0xf, 0x1c, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x7, 0x2, 0xd0}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x81, 0xc, 0x4}, @ptm_cap={0x3}]}, 0x4, [{0x8a, &(0x7f0000000200)=@string={0x8a, 0x3, "6c0df954789633729da1b7460b3e41e1d607322e055fcd1fa8da0f59edb31b6fcb89e0af43e3d88953a95f8464c725576072a6690236d6463443b72a951be64a7fc2cee823f060b44719f1f2baf9b8ebe45dea345cb498672898d1795bed1062c34ead6772289bcb86471aad75954202d211d14a24ff1fc77a274f0df14c3c1c0c1424ef7e04af0d"}}, {0x102, &(0x7f00000002c0)=@string={0x102, 0x3, "4e933c38c78d2319dba71228d5c04ab00c7b5f3d34557b58bfe4c7e86be0d96ad553012815bed68d82218465e1732bf12459c4f48381f6f0db534a8b6b8917d68956ff0c9ed55fba063a66557d2f4f6eb4c02db52bdbee6f5df17fa8819c8c86faf5afd3d992dd8c81a2f6fe8e67d44d532026417883eb846ac080aec5c7ad00443950c1713f6c8b2f5e8b29be1f71f4498b1cd9a771d7f203dc4de322b8f7632f725d552ce6a3d67c06aa82c7f7f3cefd26f7e34d96acca45601bff1fb4684e71d535b0b1b7e6a9b0a2ac285444ec0343360112310a773a86168d0bf04658e098792fb08e9b5ec32eed11db7ad84d69c6b372b24d655125ece326e255bf19a1"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x827}}]})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

5.825446443s ago: executing program 0 (id=7414):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="04010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000f00001800d0001007564703a73797a300000000044000400200001000a004e2400000044fe80000000000000000000000300002a37200000200002000a000000fffffffcff010000000000000000000000000001000000000c0001006574683a776731004400"], 0x104}}, 0x0)

5.5133726s ago: executing program 0 (id=7417):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000010000304016100000000000300000000", @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)

4.92347441s ago: executing program 0 (id=7422):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x14200, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket(0x2, 0x80805, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x115440)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x0)
set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000140)=0x2000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = eventfd2(0x65c, 0x80000)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000100)={r6, 0x9, 0x2, r6})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)

4.821079133s ago: executing program 3 (id=7424):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x1000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x4d, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

3.225543253s ago: executing program 3 (id=7428):
request_key(&(0x7f0000000540)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x0}, &(0x7f0000000580)='*\x00\x00\x00\x00\x00\x000\x00\xa5^y\xa9n\x00\xe3\xa3\x89\x90&)\bT\x91\x14\xba\x190\xb3\x00\x00:\xb2\xbe\x1d\x00', 0xfffffffffffffffe)
request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)

3.219533557s ago: executing program 0 (id=7429):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYRES16, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000053000000bf0900000000000055090100000000009500000000000000b702000000000000632af0ff0000000026090800000000007b9af0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32, @ANYBLOB="0000000000020000b70500000800000015000000760000e4be980000000000001e080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.150707254s ago: executing program 3 (id=7430):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x109, @loopback, 0x404}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x303}, "fdffffff11ffe3ff", "37620ea19e8ea70d0500000500", "00001000", "fffffffffffffffd"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="011f00000000000000000d0000000c00018008000100", @ANYRES16=r6], 0x20}}, 0x0)
r7 = getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x304}, "ee1c93a403690537", "7495989402b5804608a8b54b43ab1db6", "621ac6f0", "579cccc6b47841f8"}, 0x28)
writev(r8, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
prlimit64(r7, 0xf, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000b00)=[@code={0x1, 0x5b, {"0fc72b0f001b400f1a2ac4e19d6bbeda530000b97a0200000f32c4c17a2d2036f3420fbd07440fc7350e980000b9800000c00f3235000400000f3066baf80cb80462208eef66bafc0ced"}}, @cpuid={0x2, 0x18, {0xd7, 0x8}}, @uexit={0x0, 0x18, 0x9}, @code={0x1, 0x82, {"66baf80cb83c984b87ef66bafc0c66edb94e080000b80b000000ba000000000f30b805000000b9000000000f01c1660f3880b9eb0000006566450f38804b10b9c8020000b826000000ba000000000f30c744240001010000c744240200800000ff1c24640f8d0d0000000f01c9400fc728"}}, @cpuid={0x2, 0x18, {0x0, 0x8}}, @code={0x1, 0x5c, {"0fc7af0b960000f3470b9cc6052000003e440f01c966baf80cb8f2abe68def66bafc0cb000ee66bad004ecc4015c57b1cb95bb2a66ba430066b8000066ef0f35b8010000000f01d9410f08"}}, @code={0x1, 0x61, {"c7442400ac000000c7442402f8750000ff1c24470f1c84455e560000f3430f09450f799f0d000000b9a9020000b800380000ba000000000f3066b829018ed8f30f51fdc401a16c6303f2420f79de0f32"}}, @uexit={0x0, 0x18, 0x9}, @cpuid={0x2, 0x18, {0x6c97, 0x7}}, @cpuid={0x2, 0x18, {0x1, 0x2}}, @code={0x1, 0x5f, {"66baf80cb884236081ef66bafc0cecc461715e7289c4c26d408e0b000000410f218766b807008ed0f242dbe866b8c0008ed8b91f0300000f3266b827010f00d0b9800000c00f3235000800000f30"}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x401}, @code={0x1, 0x7a, {"b9321001c00f320f01d1c7442400af000000c744240200000000ff2c24f236450f01f766b824000f00d0f366470f3266baf80cb802efad8aef66bafc0c66b8320066ef6666430f38f675bb48b800c57c77000000000f23c00f21f83501000b000f23f8c4412572d1d8"}}, @cpuid={0x2, 0x18, {0x1, 0x8}}, @code={0x1, 0x63, {"3e660ff7cf0f01c9650fc73648b80bb00000000000000f23c80f21f8350400f0000f23f8c4c32d4c6e2e01b9170a0000b8ef000000ba000000000f300f20c035040000000f22c07c9e0f0132dfa304000000"}}, @code={0x1, 0x58, {"66b86a000f00d847d9f9430f0137c423456ead0000000004b9fd0a00000f3266baf80cb8f5a9d98aef66bafc0cecc40159163e0f013ac4439922e6f30f20c035000001000f22c0"}}, @code={0x1, 0x54, {"8134c00f00000066b866008ed8421a27400f01cb660f7407400f01c5f3430f3266baf80cb8ecb18686ef66bafc0cb874000000ef460f538421f797000066400f382b37"}}, @cpuid={0x2, 0x18, {0x1, 0x8}}, @cpuid={0x2, 0x18, {0x81, 0xe32}}, @uexit={0x0, 0x18, 0xb703}, @cpuid={0x2, 0x18, {0x6, 0x7}}, @code={0x1, 0x70, {"66440f3882acc82ae135f80f00dd64400f793500980000b9800000c00f3235002000000f30c403c15e860000000050360f09f0478396e3884fa7f33e0f01c40f20e035000001000f22e0c74424001b010000c744240200400000ff1c240f32"}}, @uexit={0x0, 0x18, 0x1}, @cpuid={0x2, 0x18, {0x401, 0xbe}}, @cpuid={0x2, 0x18, {0x0, 0x7}}, @code={0x1, 0x69, {"66baf80cb81cbd0c8bef66bafc0cb8c61834a0ef67430f79e2420fe9210fc7b4bc05000000c461d574fbb921020000b800000000ba010000000f30440f01f8c4a2fd355800b9800000c00f3235000400000f3036460f01c5"}}], 0x5f3})
open(&(0x7f0000000180)='./file0\x00', 0x0, 0x10)

2.957159176s ago: executing program 0 (id=7431):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000030000005800018044000400200001000a000000000000002d3a000000000000405f000000002e2d00000000200002000a00000000000000fc010000000000000000000000000000000000000d0001007564703a73bc"], 0x6c}}, 0x0)

2.858587021s ago: executing program 0 (id=7432):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x9f1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x200, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="20007000680000000000000000000000580871055df076de04000b0004000200"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0)
preadv(r2, 0x0, 0x0, 0x2, 0x0)
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r0, 0x21, &(0x7f00000001c0)={0x0, 0x725f, 0x7ff, 0x38, 0x5c, 0x0, r2}, 0x1)
recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/110, 0x6e}, 0x40000102)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
acct(&(0x7f0000001500)='./file2\x00')
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f0000002b80)=[{{&(0x7f0000000240)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1, &(0x7f0000000380)=""/78, 0x4e}}, {{&(0x7f0000002740)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000001580)=[{&(0x7f0000002700)=""/41, 0x29}, {&(0x7f0000002600)=""/147, 0x93}], 0x2, &(0x7f00000015c0)=""/61, 0x3d}, 0x7}, {{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f00000026c0)=""/25, 0x19}, {&(0x7f0000002c80)=""/256, 0x100}, {&(0x7f0000002800)=""/148, 0x94}, {&(0x7f00000028c0)=""/86, 0x56}], 0x4, &(0x7f0000002980)=""/168, 0xa8}, 0x2a}, {{&(0x7f0000002a40)=@nfc, 0x80, &(0x7f0000002b00)=[{&(0x7f0000002ac0)=""/5, 0x5}], 0x1, &(0x7f0000002b40)=""/14, 0xe}, 0x5}], 0x4, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.036649752s ago: executing program 6 (id=7436):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0xffff0000, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

1.809397113s ago: executing program 6 (id=7438):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xe, {"a2e3ad099b0d09451b5e090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0ac6e70a9b334d959b669a240d5b0af3988f7ef31952010affe8d178708c523c921b1b5b07070d073e0936cd3b781314aa61d8e81a0006005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1faf6e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520fb29d095083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f19d684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4a1b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c695a2de3a340047228032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d0676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c022babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035953faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1d97ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b48d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80004c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f49010c0000002c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000", 0x1000}}, 0x1006)

1.809063656s ago: executing program 3 (id=7439):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x244, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, {0x9}}}]}}]}}, 0x0)
r0 = io_uring_setup(0x4ba, &(0x7f00000001c0)={0x0, 0xc988, 0x2, 0x3, 0x34f})
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000dc0), 0x103041)
socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r1, 0x0)
read(r1, &(0x7f0000000080)=""/45, 0x2d)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001100), 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000040)=0x7ff, 0x4)
dup3(r2, r0, 0x80000)

1.616752412s ago: executing program 7 (id=7440):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000c80)=@filter={'filter\x00', 0x42, 0x4, 0x298, 0xffffffff, 0x98, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x200, 0x200, 0x200, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x1000000, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x4}, {0xffffffffffffffff, 0x0, 0x2}}}}, {{@uncond, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x6}, {0x6, [0x0, 0x3]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8)

1.56068247s ago: executing program 1 (id=7441):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0xfffffffffffffe46, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4044)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_XFRM_SPNUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0xf5ffffff}}, 0x8c}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

1.429351057s ago: executing program 1 (id=7442):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {0x30000}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0x4d613, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

1.361283841s ago: executing program 7 (id=7443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="31032abd7000000000000900000008000300", @ANYRES32=r2, @ANYBLOB="08000600d7"], 0x24}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1.235629976s ago: executing program 1 (id=7444):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x5000000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000500)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x8}, 0x94)

1.149206546s ago: executing program 7 (id=7445):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
clock_gettime(0x0, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0}) (rerun: 32)
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {r1, r2+10000000}}, &(0x7f0000000140))
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0}) (async)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x2, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x7, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xba27, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x0, 0xb, 0xf85, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x40401, 0x3, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}}) (async)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) (async)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1000000000000003, &(0x7f0000000800)={<r9=>0xffffffffffffffff}, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x107fe, @empty, 0x2}, {0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x22}, 0x7}, r9, 0xb}}, 0x48) (async, rerun: 64)
write$RDMA_USER_CM_CMD_GET_EVENT(r8, &(0x7f0000000180)={0xc, 0x8, 0xfa00, {&(0x7f0000000f80)}}, 0x10) (async, rerun: 64)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x189081, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0) (async)
close(r10) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36) (async)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)={0x3c, r11, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10001}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x8005}, 0x0) (async)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r11, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x83}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x59}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5a}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}]}, 0x5c}}, 0x4) (async)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="40000000100001000100"/20, @ANYRES32=0x0, @ANYBLOB="850b010000000000140003006d6163736563300000000000000000000a000100aa"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)

1.098632566s ago: executing program 6 (id=7446):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x6a0, 0x5, 0x348, 0x160, 0x0, 0xfeffffff, 0x160, 0x370, 0x370, 0x370, 0xffffffff, 0x370, 0x370, 0x5, 0x0, {[{{@uncond, 0x3e7, 0x70, 0xb8, 0xe000000, {0x0, 0x3200}}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@broadcast, @ipv4=@remote, @gre_key}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth1_to_batadv\x00', 'xfrm0\x00'}, 0x0, 0x70, 0xa8, 0x0, {0x0, 0x7}}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @rand_addr, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @gre_key}}}}, {{@ip={@dev, @multicast1, 0x0, 0x0, 'macvlan0\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @loopback}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8)

972.723434ms ago: executing program 1 (id=7447):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_open_dev$video(&(0x7f00000001c0), 0x7, 0x101000)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x1501)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5882, 0x400, 0x2, 0xfffffdfc}, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_create(0xfff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000680)='/sys/kernel/tracing', 0xc0c00, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1ff, 0x2)
socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
socket$tipc(0x1e, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=r0], 0x20)

733.385767ms ago: executing program 6 (id=7448):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x1e000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0x1c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0xffff}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

727.93565ms ago: executing program 1 (id=7449):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x19, 0x70bd26, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0x2502}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_team\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0xfeffff7f, 0x14dfeabc, 0xffff}}]}]}]}, 0x4c}}, 0x80fe)

684.54475ms ago: executing program 7 (id=7450):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
close(0xffffffffffffffff)
socket$inet(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x248040)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000300)={{0x3c, 0x55}, 'port1\x00', 0x11, 0x20000, 0xfffffff4, 0x457, 0x40, 0xb, 0x0, 0x0, 0x3, 0x71})
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1}}], 0x1, 0x0)

505.405642ms ago: executing program 1 (id=7451):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000640)={0x84, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000800)={0x84, &(0x7f00000003c0)={0x0, 0x10, 0x2, "917f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000180)={0x14, 0x0, 0x0}, &(0x7f00000001c0)={0x1c, &(0x7f0000000400)={0x0, 0x15, 0xa, "c974b38199496cacf0b5"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x2}})
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x40, 0x9, 0x20, {0x20, 0x22, "261ea1e6ac2cab7b288691cb04db52ce26c62fe2f9100f57d1d11b1521d6"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000200)={0x0, 0x12, 0x69, "b5286e5f1f5565112e43057b6e3d1ebf2aed882b515b61dcc0675b871371b036c6ed233eb0ad4ae92efcc85366a09bb705eb66d24fb2c98b522499c30448318106ea275c2ac9c6c51c4e9257cedecfc8c4a4a752c4a6bd7750ba387140cace96614858465fb2fee388"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x8}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0xc9}})
syz_usb_ep_write(r1, 0xd6, 0x20, &(0x7f0000000000)="0b392a38fe11f74834045ea2f6509c6bc09f9045073c5ed2c15b706bb592346f")

504.8035ms ago: executing program 6 (id=7452):
syz_emit_ethernet(0x42, &(0x7f00000004c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0xfe, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @local, @rand_addr=0x64010102, {[@ra={0x94, 0x4, 0x1}]}}}}}}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0xe0646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}, 0x1, 0x0, 0xefff, 0x600}, 0x0)

502.372927ms ago: executing program 7 (id=7453):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000540)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000940)=[@cswp={0x58, 0x114, 0x7, {{0x2, 0x7}, &(0x7f00000006c0)=0x7, &(0x7f0000000900)=0xb, 0x16, 0xfffffffffffffff7, 0x8, 0x5, 0x2, 0xb}}], 0x58}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000009c0)={0x0, 0x5, 0x80000080, 0x1ff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x258a7313}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_FLUSH(r4, &(0x7f0000000fc0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000700)=ANY=[@ANYBLOB="366a42dec756ee6ff9dbc74ed13084c5add41d9790363817a7f539a1244e0dbc1b869bb5b9685c141b59d5a980d65880de37f55b68460d3e9e7ee56efd33d48ed1fee9f1cf5c3aec249a51f902878b04112b019c5c4dc53c37b3810f606237d150759b487fca7489837c4d92ca859d8da972f906224bb55c3c787a3c3dc5a7ceaf1da85b25fc2e8fc1b0d5bf3e63aea4fc74ca150d28fa6a6409cd0d097f7f208d21140991243f47baf3e3987f77aab329297477eb56d83c2c6fa553f8a05200cbc73963c365a682687b2476e0e87151792cc3ccf70772cb929bc75d2ceef26d52b0ffbdac3d4e0da9fcb2d815535fd3dd68faae5de1cd2a21d80a20b97dff8207000000ed30bb596d67b4603c04a101e2abefe93224b8d0bc85cb78c1d0dfd30e13a907abe5a42d0d5a42db570ac2784c48467c81d32a8384f26cbfba494d3f8ad3d36df7e88c5a1576ae5e5a68e3d635e237b3e7e2a67dcab8f409d93ef9b88a796003051e459fe2b9911f865b098cb2766eefc7aa3ca4729427f791ff7b939401d74ebfa3", @ANYRES64=r3, @ANYBLOB="040000007000fbdbdf25040000000900030073797a31000000000900030073797a31000000000900010073797a3200000000050004000100000009000100737f7a320000000005000400010000000900010073797a31000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x400c005}, 0x20004000)
r5 = userfaultfd(0x80001)
syz_io_uring_setup(0x98f, &(0x7f0000000140)={0x0, 0xaee2, 0x200, 0x0, 0x85}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000600)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
syz_memcpy_off$IO_URING_METADATA_FLAGS(r6, 0x118, &(0x7f0000000580), 0x0, 0x4)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r8 = socket(0x8, 0x3, 0x6)
r9 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
r10 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00')
write$tcp_mem(r10, &(0x7f0000000180)={0x6, 0x20, 0x0, 0x20, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x14, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000640), 0x8, 0x10, &(0x7f0000000000)={0x2, 0xe, 0x200}, 0x58, 0x0, r3}, 0xd0)
ioctl$FS_IOC_RESVSP(r9, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x20010, r10, 0x4000)
syz_clone(0xa20100, 0x0, 0x0, &(0x7f00000005c0), 0x0, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000480)=ANY=[@ANYRES64=r6], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4)

354.135211ms ago: executing program 3 (id=7454):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x298, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3e0, 0x3d8, 0x3d8, 0x3e0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x80, 0x0}, 'virt_wifi0\x00', {0x6dbf}}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x4, 0x1}, {0xffffffffffffffff, 0x3, 0x6}, 0x5, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c02000019000100000000000008000000000000000000000020ffff00000000be14144416000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c0000000a000000ff01000000000000000000000000000102350000020007007f0000000000000004000000e0000001000000000000000000000000000004d56c00000002000000000000000000000000000000000000000000000004"], 0x23c}}, 0x4000)

299.27867ms ago: executing program 3 (id=7455):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff})
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000000000000060000000500000005000000010000001efa00000a0000000300000000000000020000000000000000000040020000000400000000000000a70000000300000000000000000000000000000000000000020000000400000002000000040000003b050000020000000b95fd6ed961803c850000000000000000000000ff0f00000200000003930000010000800500000000000100000000000000000000000000070000800100ffff040000001000000007000000050000000b000000710700000000000000000000060000008000000004000000010000007f00000000000000090000000000001d0000000000000000"])
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
readv(r7, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/217, 0xd9}], 0x1)
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
r8 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r8, 0x0, 0x400000000000000, 0x7)
r9 = fsopen(&(0x7f0000000000)='ufs\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r9, 0x300, 0x0, 0x0, 0x0)
close_range(r2, r3, 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r3, @ANYRES64], 0x0}, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f0000001840)=[{{&(0x7f00000000c0)=@tipc=@id, 0x80, &(0x7f0000001740), 0x0, &(0x7f0000001800)}, 0xb33}], 0x1, 0x102, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x6, 0x0, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x1c5)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket(0x10, 0x80002, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="12015001020000402505a1864000010203010902640002010000000904000001020d0000052406000105240000000d240f01f9ff"], 0x0)

125.197934ms ago: executing program 7 (id=7456):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}]}, 0x5c}}, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x84)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000140)=0x200000000)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @dev={0xac, 0x14, 0x14, 0x34}}, 0xc)
syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa00080045800028006400000002907800000000e000000111009079e00000028000b8b4e92ac4e10eb17eca202f9a2f71"], 0x0)
write$vhost_msg_v2(r4, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000000540)=""/152, 0x98, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)

0s ago: executing program 6 (id=7457):
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8400)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x9}, 0x8)
setsockopt(r0, 0x84, 0x82, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffffff, 0x0, 0x800, 0x0)
sigaltstack(&(0x7f0000003e80)={&(0x7f0000003d80)=""/237, 0x2, 0xed}, &(0x7f0000003f40)={0x0})
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e21, 0x7, @mcast2}, {0xa, 0x3f00, 0xb, @mcast1}, r4}}, 0x48)

kernel console output (not intermixed with test programs):

facturer: syz
[ 1664.848590][T20380] usb 4-1: SerialNumber: syz
[ 1664.861879][T20380] usb 4-1: config 0 descriptor??
[ 1664.924323][T29955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1664.936554][T20373] spca561 2-1:0.156: probe with driver spca561 failed with error -22
[ 1664.946089][T20373] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1664.953084][T20373] usb 2-1: MIDIStreaming interface descriptor not found
[ 1665.226060][T15399] usb 2-1: USB disconnect, device number 69
[ 1665.803949][T20380] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1665.814474][T13658] Bluetooth: hci4: command 0x0406 tx timeout
[ 1666.119974][T20380] usb 7-1: config 0 has no interfaces?
[ 1666.199215][T20380] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1666.208541][T20380] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1666.220120][T20380] usb 7-1: Product: syz
[ 1666.224628][T20380] usb 7-1: Manufacturer: syz
[ 1666.229551][T20380] usb 7-1: SerialNumber: syz
[ 1666.249670][T20380] usb 7-1: config 0 descriptor??
[ 1666.454192][ T5914] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1666.944260][ T5914] usb 5-1: Using ep0 maxpacket: 16
[ 1666.963236][ T5914] usb 5-1: config 0 has an invalid interface number: 236 but max is 0
[ 1666.991824][ T5914] usb 5-1: config 0 has no interface number 0
[ 1667.002145][ T5914] usb 5-1: New USB device found, idVendor=f205, idProduct=b838, bcdDevice=26.19
[ 1667.020277][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1667.051854][ T5914] usb 5-1: Product: syz
[ 1667.060633][ T5914] usb 5-1: Manufacturer: syz
[ 1667.073741][ T5914] usb 5-1: SerialNumber: syz
[ 1667.104363][ T5914] usb 5-1: config 0 descriptor??
[ 1667.139094][ T5914] usb-storage 5-1:0.236: USB Mass Storage device detected
[ 1667.291663][T20361] usb 4-1: USB disconnect, device number 37
[ 1667.356943][ T5914] usb 5-1: USB disconnect, device number 33
[ 1667.537640][T29993] __nla_validate_parse: 3 callbacks suppressed
[ 1667.537653][T29993] netlink: 56 bytes leftover after parsing attributes in process `syz.3.6826'.
[ 1667.861689][T29998] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6829'.
[ 1667.912777][T29999] xt_hashlimit: max too large, truncated to 1048576
[ 1668.057768][T30009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6833'.
[ 1668.080048][T30009] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6833'.
[ 1668.198912][T30013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6836'.
[ 1668.243232][T30013] mac80211_hwsim hwsim45 wlan0: entered promiscuous mode
[ 1668.265282][T30018] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1668.277627][T30013] macsec1: entered promiscuous mode
[ 1668.307614][T30013] macsec1: entered allmulticast mode
[ 1668.343114][T30013] mac80211_hwsim hwsim45 wlan0: entered allmulticast mode
[ 1668.455933][T30026] trusted_key: encrypted_key: master key parameter '' is invalid
[ 1668.479895][T30030] xt_hashlimit: max too large, truncated to 1048576
[ 1668.491630][T30031] netlink: 56 bytes leftover after parsing attributes in process `syz.0.6844'.
[ 1668.714242][ T5914] usb 7-1: USB disconnect, device number 27
[ 1668.795462][T30046] netlink: 'syz.0.6847': attribute type 4 has an invalid length.
[ 1668.803628][T30046] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6847'.
[ 1668.871703][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.892267][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.005499][T30051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6850'.
[ 1669.056307][T30051] openvswitch: netlink: nsh attribute has 65520 unknown bytes.
[ 1669.107197][T30051] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1669.203877][T15399] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1669.383955][T15399] usb 2-1: Using ep0 maxpacket: 16
[ 1669.421944][T15399] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1669.481231][T15399] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1669.538998][T15399] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1669.606900][T15399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.699460][T15399] usb 2-1: config 0 descriptor??
[ 1669.873818][T28770] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1670.045644][T28770] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1670.057787][T28770] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1670.072347][T28770] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1670.103952][T28770] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1670.112287][T28770] usb 7-1: Product: syz
[ 1670.116892][T28770] usb 7-1: Manufacturer: syz
[ 1670.121513][T28770] usb 7-1: SerialNumber: syz
[ 1670.131130][T28770] usb 7-1: config 0 descriptor??
[ 1670.141962][T28770] usb 7-1: selecting invalid altsetting 0
[ 1670.169482][T30066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1670.198834][T30066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1670.349718][T30063] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1670.418121][ T5914] usb 7-1: USB disconnect, device number 28
[ 1671.656756][T30103] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6869'.
[ 1671.707250][ T5914] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[ 1671.750936][T15399] usbhid 2-1:0.0: can't add hid device: -71
[ 1671.764724][T15399] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1671.785815][T15399] usb 2-1: USB disconnect, device number 70
[ 1671.841257][T30111] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6870'.
[ 1671.866667][ T5914] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1671.877100][ T5914] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1671.889552][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1671.901206][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1671.917959][ T5914] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1671.939696][ T5914] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1671.956313][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1671.970270][ T5914] usb 5-1: Product: syz
[ 1671.975051][ T5914] usb 5-1: Manufacturer: syz
[ 1671.979836][ T5914] usb 5-1: SerialNumber: syz
[ 1671.996047][ T5914] usb 5-1: config 0 descriptor??
[ 1672.207451][ T5914] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1672.215552][ T5914] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1672.232144][    C0] raw-gadget.1 gadget.4: ignoring, device is not running
[ 1672.252383][ T5914] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1672.261479][ T5914] radio-si470x 5-1:0.0: si470x_get_scratch: si470x_get_report returned -32
[ 1672.271138][ T5914] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5
[ 1672.287274][ T5914] usb 5-1: USB disconnect, device number 34
[ 1672.370326][T30123] bridge3: entered promiscuous mode
[ 1672.423056][T30126] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511)
[ 1672.432318][T30126] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[ 1672.987549][ T5914] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1673.143767][ T5914] usb 2-1: Using ep0 maxpacket: 32
[ 1673.152878][ T5914] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1673.166956][ T5914] usb 2-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1673.179260][ T5914] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1673.220988][ T5914] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1673.247732][ T5914] usb 2-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1673.286782][ T5914] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1673.297373][ T5914] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 1673.307038][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1673.329291][ T5914] usb 2-1: config 0 descriptor??
[ 1673.553276][T30132] No such timeout policy "syz0"
[ 1673.562412][T30132] __nla_validate_parse: 1 callbacks suppressed
[ 1673.562427][T30132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6879'.
[ 1673.583920][T30132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6879'.
[ 1673.593365][T30132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6879'.
[ 1674.187541][ T5914] usbhid 2-1:0.0: can't add hid device: -71
[ 1674.193510][ T5914] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1674.219958][ T5914] usb 2-1: USB disconnect, device number 71
[ 1674.289377][T30151] FAULT_INJECTION: forcing a failure.
[ 1674.289377][T30151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1674.308722][T30151] CPU: 1 UID: 0 PID: 30151 Comm: syz.6.6886 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1674.308747][T30151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1674.308759][T30151] Call Trace:
[ 1674.308768][T30151]  <TASK>
[ 1674.308776][T30151]  dump_stack_lvl+0x189/0x250
[ 1674.308805][T30151]  ? __pfx____ratelimit+0x10/0x10
[ 1674.308830][T30151]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1674.308853][T30151]  ? __pfx__printk+0x10/0x10
[ 1674.308872][T30151]  ? __might_fault+0xb0/0x130
[ 1674.308901][T30151]  should_fail_ex+0x414/0x560
[ 1674.308928][T30151]  _copy_from_user+0x2d/0xb0
[ 1674.308947][T30151]  ___sys_recvmsg+0x12e/0x510
[ 1674.308975][T30151]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1674.309027][T30151]  ? __might_fault+0xb0/0x130
[ 1674.309048][T30151]  do_recvmmsg+0x307/0x770
[ 1674.309078][T30151]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1674.309112][T30151]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1674.309155][T30151]  __x64_sys_recvmmsg+0x190/0x240
[ 1674.309179][T30151]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1674.309198][T30151]  ? rcu_is_watching+0x15/0xb0
[ 1674.309229][T30151]  ? do_syscall_64+0xbe/0x3b0
[ 1674.309258][T30151]  do_syscall_64+0xfa/0x3b0
[ 1674.309279][T30151]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1674.309301][T30151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1674.309320][T30151]  ? clear_bhb_loop+0x60/0xb0
[ 1674.309341][T30151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1674.309359][T30151] RIP: 0033:0x7f650af8e929
[ 1674.309376][T30151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1674.309391][T30151] RSP: 002b:00007f650bead038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1674.309410][T30151] RAX: ffffffffffffffda RBX: 00007f650b1b5fa0 RCX: 00007f650af8e929
[ 1674.309424][T30151] RDX: 000000000000f000 RSI: 0000200000000d00 RDI: 0000000000000005
[ 1674.309436][T30151] RBP: 00007f650bead090 R08: 0000000000000000 R09: 0000000000000000
[ 1674.309449][T30151] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002
[ 1674.309461][T30151] R13: 0000000000000000 R14: 00007f650b1b5fa0 R15: 00007f650b2dfa28
[ 1674.309490][T30151]  </TASK>
[ 1675.466621][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1675.482153][T30164] tipc: Failed to remove unknown binding: 66,1,1/0:1848256720/1848256722
[ 1675.492677][T30164] tipc: Failed to remove unknown binding: 66,1,1/0:1848256720/1848256722
[ 1675.632649][ T5914] usb 2-1: new low-speed USB device number 72 using dummy_hcd
[ 1675.688576][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1675.829046][ T5914] usb 2-1: config 65 has an invalid interface number: 95 but max is 0
[ 1675.839624][ T5914] usb 2-1: config 65 has no interface number 0
[ 1675.865811][ T5914] usb 2-1: string descriptor 0 read error: -22
[ 1675.872997][ T5914] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6
[ 1675.887577][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1675.979754][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1676.097069][ T5914] usbtest 2-1:65.95: Linux gadget zero
[ 1676.112251][ T5914] usbtest 2-1:65.95: low-speed {control in/out} tests (+alt)
[ 1676.122038][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1676.286305][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1676.300705][T30166] netlink: 76 bytes leftover after parsing attributes in process `syz.6.6892'.
[ 1676.519037][T30191] input: syz1 as /devices/virtual/input/input131
[ 1676.560957][T30191] input: failed to attach handler leds to device input131, error: -6
[ 1676.708956][T30202] bridge2: entered promiscuous mode
[ 1676.745133][T30202] bridge2: entered allmulticast mode
[ 1676.801212][T30202] team0: Port device bridge2 added
[ 1676.857822][T15399] usb 2-1: USB disconnect, device number 72
[ 1676.900784][T30208] PKCS7: Unknown OID: [5] (bad)
[ 1676.905986][T30208] PKCS7: Only support pkcs7_signedData type
[ 1677.056682][T30214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6907'.
[ 1677.068500][T19216] Bluetooth: hci3: unexpected event 0x20 length: 19 > 7
[ 1677.159549][T30214] netlink: 'syz.3.6907': attribute type 2 has an invalid length.
[ 1677.284086][T28770] usb 5-1: new low-speed USB device number 35 using dummy_hcd
[ 1677.292182][T30214] netlink: 'syz.3.6907': attribute type 1 has an invalid length.
[ 1677.444292][T28770] usb 5-1: device descriptor read/64, error -71
[ 1677.675424][T30234] gretap0: entered promiscuous mode
[ 1677.712058][T30234] 0��{X��: renamed from gretap0
[ 1677.734129][T28770] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[ 1677.754141][ T5914] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1677.784778][T30234] 0��{X��: left promiscuous mode
[ 1677.790041][T30234] 0��{X��: entered allmulticast mode
[ 1677.798726][T30234] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[ 1677.932936][T28770] usb 5-1: device descriptor read/64, error -71
[ 1677.954855][ T5914] usb 2-1: config 0 has no interfaces?
[ 1677.981376][ T5914] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1677.990560][T20361] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[ 1677.998358][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1678.013845][ T5914] usb 2-1: Product: syz
[ 1678.018016][ T5914] usb 2-1: Manufacturer: syz
[ 1678.049909][ T5914] usb 2-1: SerialNumber: syz
[ 1678.081785][T28770] usb usb5-port1: attempt power cycle
[ 1678.096859][ T5914] usb 2-1: config 0 descriptor??
[ 1678.156221][T20361] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1678.166544][T20361] usb 4-1: not running at top speed; connect to a high speed hub
[ 1678.177115][T20361] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1678.196798][T20361] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1678.291560][T20361] usb 4-1: config 1 has no interface number 1
[ 1678.320856][T30242] vxcan5: entered promiscuous mode
[ 1678.397180][T20361] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1678.417567][T30242] vxcan5: entered allmulticast mode
[ 1678.436037][T20361] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1678.468413][T20361] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1678.481821][T20361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1678.492464][T20361] usb 4-1: Product: syz
[ 1678.501422][T20361] usb 4-1: Manufacturer: syz
[ 1678.515950][T20361] usb 4-1: SerialNumber: syz
[ 1678.523888][T28770] usb 5-1: new low-speed USB device number 37 using dummy_hcd
[ 1678.549364][T28770] usb 5-1: device descriptor read/8, error -71
[ 1678.754085][T20361] hub 4-1:1.0: Invalid hub with more than one config or interface
[ 1678.774619][T20361] hub 4-1:1.0: probe with driver hub failed with error -22
[ 1678.787517][T30244] pim6reg: entered allmulticast mode
[ 1678.798813][T20361] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1678.813915][T28770] usb 5-1: new low-speed USB device number 38 using dummy_hcd
[ 1678.853174][T28770] usb 5-1: device descriptor read/8, error -71
[ 1678.900652][T20361] usb 4-1: USB disconnect, device number 38
[ 1678.964123][T28770] usb usb5-port1: unable to enumerate USB device
[ 1679.014302][ T5883] udevd[5883]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1679.274274][ T5914] usb 7-1: new low-speed USB device number 29 using dummy_hcd
[ 1679.414087][ T5914] usb 7-1: device descriptor read/64, error -71
[ 1679.663833][ T5914] usb 7-1: new low-speed USB device number 30 using dummy_hcd
[ 1679.823885][ T5914] usb 7-1: device descriptor read/64, error -71
[ 1679.934173][ T5914] usb usb7-port1: attempt power cycle
[ 1680.364141][ T5914] usb 7-1: new low-speed USB device number 31 using dummy_hcd
[ 1680.393797][T28770] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[ 1680.394460][ T5914] usb 7-1: device descriptor read/8, error -71
[ 1680.596317][T28770] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1680.632994][T28770] usb 5-1: not running at top speed; connect to a high speed hub
[ 1680.653877][ T5914] usb 7-1: new low-speed USB device number 32 using dummy_hcd
[ 1680.674886][T20373] usb 2-1: USB disconnect, device number 73
[ 1680.683068][T28770] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1680.684774][ T5914] usb 7-1: device descriptor read/8, error -71
[ 1680.692631][T28770] usb 5-1: language id specifier not provided by device, defaulting to English
[ 1680.712638][T28770] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1680.728897][T28770] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1680.751974][T28770] usb 5-1: Product: syz
[ 1680.757189][T28770] usb 5-1: Manufacturer: syz
[ 1680.761914][T28770] usb 5-1: SerialNumber: syz
[ 1680.820137][ T5914] usb usb7-port1: unable to enumerate USB device
[ 1680.863763][T20361] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1680.986674][T28770] usblp 5-1:1.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 243 proto 3 vid 0x0525 pid 0xA4A8
[ 1681.009465][T20361] usb 4-1: device descriptor read/64, error -71
[ 1681.025381][T28770] usb 5-1: USB disconnect, device number 39
[ 1681.116853][T28770] usblp0: removed
[ 1681.254217][T20361] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1681.384033][ T5914] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[ 1681.394231][T20361] usb 4-1: device descriptor read/64, error -71
[ 1681.504294][T20361] usb usb4-port1: attempt power cycle
[ 1681.551557][T30302] fuse: Bad value for 'fd'
[ 1681.709015][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1681.722307][ T5914] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1681.737928][ T5914] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1681.765743][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1681.834969][ T5914] usb 2-1: config 0 descriptor??
[ 1681.854769][T20361] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1681.929090][T20361] usb 4-1: device descriptor read/8, error -71
[ 1681.976238][ T5914] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1681.982909][ T5914] dvb-usb: bulk message failed: -22 (3/0)
[ 1682.082373][ T5914] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1682.093315][ T5914] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1682.100456][ T5914] usb 2-1: media controller created
[ 1682.107230][ T5914] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1682.198216][ T5914] dvb-usb: bulk message failed: -22 (6/0)
[ 1682.205610][T20361] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1682.213502][ T5914] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1682.241188][ T5914] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input132
[ 1682.253426][T20361] usb 4-1: device descriptor read/8, error -71
[ 1682.313532][ T5914] dvb-usb: schedule remote query interval to 150 msecs.
[ 1682.332637][ T5914] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1682.375092][T20361] usb usb4-port1: unable to enumerate USB device
[ 1682.486453][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1682.492488][ T5914] dvb-usb: error while querying for an remote control event.
[ 1682.684456][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1682.697896][ T5914] dvb-usb: error while querying for an remote control event.
[ 1682.886168][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1682.896314][ T5914] dvb-usb: error while querying for an remote control event.
[ 1683.017629][T30325] __nla_validate_parse: 6 callbacks suppressed
[ 1683.017640][T30325] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6943'.
[ 1683.053915][T20361] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1683.074085][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1683.080118][ T5914] dvb-usb: error while querying for an remote control event.
[ 1683.268783][T20361] usb 5-1: config 0 has no interfaces?
[ 1683.279142][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1683.288993][ T5914] dvb-usb: error while querying for an remote control event.
[ 1683.309600][T30326] block device autoloading is deprecated and will be removed.
[ 1683.322268][T20361] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1683.323188][T30326] syz.6.6943: attempt to access beyond end of device
[ 1683.323188][T30326] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1683.419804][T20361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1683.448979][T20361] usb 5-1: Product: syz
[ 1683.459202][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[ 1683.467803][T20361] usb 5-1: Manufacturer: syz
[ 1683.480721][ T5914] dvb-usb: error while querying for an remote control event.
[ 1683.499094][T20361] usb 5-1: SerialNumber: syz
[ 1683.589177][T20361] usb 5-1: config 0 descriptor??
[ 1683.677486][T15399] dvb-usb: bulk message failed: -22 (1/0)
[ 1683.706724][T15399] dvb-usb: error while querying for an remote control event.
[ 1683.910544][T15399] dvb-usb: bulk message failed: -22 (1/0)
[ 1683.917201][T15399] dvb-usb: error while querying for an remote control event.
[ 1684.047393][ T5914] usb 2-1: USB disconnect, device number 74
[ 1684.096722][T30323] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6942'.
[ 1684.142634][ T5914] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1684.543984][T15399] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[ 1684.544330][T30348] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6949'.
[ 1684.594013][T30348] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511)
[ 1684.603313][T30348] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[ 1684.735447][T15399] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1684.744870][T15399] usb 7-1: not running at top speed; connect to a high speed hub
[ 1684.754157][T15399] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1684.761900][T15399] usb 7-1: language id specifier not provided by device, defaulting to English
[ 1684.781779][T15399] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1684.794078][T15399] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1684.951281][T15399] usb 7-1: Product: syz
[ 1684.964181][T15399] usb 7-1: Manufacturer: syz
[ 1684.976652][T15399] usb 7-1: SerialNumber: syz
[ 1685.293069][T15399] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 243 proto 3 vid 0x0525 pid 0xA4A8
[ 1685.384852][T30354] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.6952'.
[ 1685.511842][T15399] usb 7-1: USB disconnect, device number 33
[ 1685.572088][T15399] usblp0: removed
[ 1685.704126][T20373] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1685.852377][T15399] usb 5-1: USB disconnect, device number 40
[ 1685.873899][T28770] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1685.903261][T20373] usb 4-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[ 1685.971517][T20373] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1686.144177][T28770] usb 2-1: config 0 has no interfaces?
[ 1686.153251][T20373] usb 4-1: Product: syz
[ 1686.177368][T28770] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1686.214376][T20373] usb 4-1: Manufacturer: syz
[ 1686.221765][T28770] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1686.244043][T20373] usb 4-1: SerialNumber: syz
[ 1686.283827][T28770] usb 2-1: Product: syz
[ 1686.288023][T28770] usb 2-1: Manufacturer: syz
[ 1686.347142][T20373] usb 4-1: config 0 descriptor??
[ 1686.372358][T28770] usb 2-1: SerialNumber: syz
[ 1686.469161][T20373] usb 4-1: Waiting for MOTU Microbook II to boot up...
[ 1686.554817][T30368] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6957'.
[ 1686.669314][T28770] usb 2-1: config 0 descriptor??
[ 1686.682736][T20373] usb 4-1: failed setting the sample rate for Motu MicroBook II: -22
[ 1686.709747][T20373] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 1687.148259][T15399] usb 4-1: USB disconnect, device number 43
[ 1687.463841][T20372] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1687.617839][T20372] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1687.629111][T20372] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1687.644622][T20372] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1687.672369][T20372] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1687.720106][T20372] usb 5-1: config 0 descriptor??
[ 1688.041814][T19216] Bluetooth: hci4: unexpected event 0x20 length: 19 > 7
[ 1688.048438][T30387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6964'.
[ 1688.077260][T30387] netlink: 'syz.0.6964': attribute type 2 has an invalid length.
[ 1688.090861][T30387] netlink: 'syz.0.6964': attribute type 1 has an invalid length.
[ 1688.106348][T30387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6964'.
[ 1688.350411][T30381] ip6gretap0: entered promiscuous mode
[ 1688.414330][T30394] openvswitch: netlink: Multiple metadata blocks provided
[ 1688.494920][T30381] macsec2: entered promiscuous mode
[ 1688.500352][T30381] macsec2: entered allmulticast mode
[ 1688.569088][T30381] ip6gretap0: entered allmulticast mode
[ 1688.584799][T20361] usb 2-1: USB disconnect, device number 75
[ 1688.625817][T30381] ip6gretap0: left allmulticast mode
[ 1688.631429][T30381] ip6gretap0: left promiscuous mode
[ 1688.733131][T20372] usbhid 5-1:0.0: can't add hid device: -71
[ 1688.739350][T20372] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1688.751332][T20372] usb 5-1: USB disconnect, device number 41
[ 1688.804196][T15399] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1688.984132][T15399] usb 4-1: config 0 has no interfaces?
[ 1688.999423][T15399] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1689.048210][T15399] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1689.067472][T15399] usb 4-1: Product: syz
[ 1689.091537][T15399] usb 4-1: Manufacturer: syz
[ 1689.116961][T15399] usb 4-1: SerialNumber: syz
[ 1689.129759][T15399] usb 4-1: config 0 descriptor??
[ 1689.313799][T20361] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 1689.533806][T20361] usb 2-1: Using ep0 maxpacket: 8
[ 1689.547009][T20361] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1689.572049][T20361] usb 2-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[ 1689.666899][T20361] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1689.680830][T20361] usb 2-1: Product: syz
[ 1689.689548][T20361] usb 2-1: Manufacturer: syz
[ 1689.699596][T20361] usb 2-1: SerialNumber: syz
[ 1690.164145][T30424] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6973'.
[ 1690.538509][T20380] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1690.881624][T20380] usb 5-1: config 0 has no interfaces?
[ 1690.890781][T20380] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1690.900419][T20380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1690.908713][T20380] usb 5-1: Product: syz
[ 1690.912975][T20380] usb 5-1: Manufacturer: syz
[ 1690.920129][T20380] usb 5-1: SerialNumber: syz
[ 1690.937341][T20380] usb 5-1: config 0 descriptor??
[ 1691.641177][T28770] usb 4-1: USB disconnect, device number 44
[ 1692.529831][T20361] usb 2-1: selecting invalid altsetting 1
[ 1692.536913][T20361] catc 2-1:8.0: Can't set altsetting 1.
[ 1692.543095][T20361] catc 2-1:8.0: probe with driver catc failed with error -5
[ 1692.571908][T20361] usb 2-1: USB disconnect, device number 76
[ 1692.803141][T15399] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1693.054066][T15399] usb 4-1: Using ep0 maxpacket: 16
[ 1693.071615][T15399] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1693.122392][T15399] usb 4-1: config 2 has an invalid interface number: 76 but max is 0
[ 1693.147718][T30440] Cannot find add_set index 0 as target
[ 1693.164375][T15399] usb 4-1: config 2 has no interface number 0
[ 1693.227141][T15399] usb 4-1: config 2 interface 76 altsetting 10 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1693.321448][T15399] usb 4-1: config 2 interface 76 has no altsetting 0
[ 1693.334805][T15399] usb 4-1: New USB device found, idVendor=12d1, idProduct=1417, bcdDevice= 0.00
[ 1693.358519][T15399] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1693.384994][T15399] usb 4-1: Product: syz
[ 1693.399313][T15399] usb 4-1: Manufacturer: syz
[ 1693.423835][T15399] usb 4-1: SerialNumber: syz
[ 1693.445006][T30430] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1693.658871][T30430] binder: 30429:30430 ioctl c018620b 0 returned -14
[ 1693.664618][T15399] usb-storage 4-1:2.76: USB Mass Storage device detected
[ 1693.691642][T30446] netlink: 'syz.1.6981': attribute type 10 has an invalid length.
[ 1693.696494][T30446] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1693.781623][T28770] usb 5-1: USB disconnect, device number 42
[ 1693.843041][T15399] usb 4-1: USB disconnect, device number 45
[ 1694.194134][T28770] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1694.283806][T20372] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1694.317857][T30460] openvswitch: netlink: Multiple metadata blocks provided
[ 1694.357588][T28770] usb 5-1: Using ep0 maxpacket: 32
[ 1694.372481][T28770] usb 5-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=56.a5
[ 1694.382256][T28770] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1694.420698][T28770] usb 5-1: Product: syz
[ 1694.429324][T28770] usb 5-1: Manufacturer: syz
[ 1694.429536][T30462] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1694.448002][T20372] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1694.466097][T20372] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1694.478283][T28770] usb 5-1: SerialNumber: syz
[ 1694.487788][T20372] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1694.489264][T28770] usb 5-1: config 0 descriptor??
[ 1694.543890][T30462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6987'.
[ 1694.593887][T20373] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1694.660071][T28770] gspca_main: mars-2.14.0 probing 093a:050f
[ 1694.668453][T20372] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1694.794538][T20373] usb 7-1: config 0 has no interfaces?
[ 1694.810232][T20373] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1694.821880][T30452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1694.835458][T20372] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1694.836710][T20373] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1694.862133][T20373] usb 7-1: Product: syz
[ 1694.866810][T20373] usb 7-1: Manufacturer: syz
[ 1694.872870][T20373] usb 7-1: SerialNumber: syz
[ 1694.881332][T20372] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1694.883295][T30452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1694.909671][T28770] usb 5-1: USB disconnect, device number 43
[ 1694.939753][T20373] usb 7-1: config 0 descriptor??
[ 1694.987615][T20372] usb 2-1: config 0 descriptor??
[ 1695.089295][T30454] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1695.360619][T20372] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0
[ 1695.368268][T20372] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0
[ 1695.384285][T20372] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0
[ 1695.392136][T20372] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0
[ 1695.605830][T30478] syz_tun: entered allmulticast mode
[ 1695.705696][T20372] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0
[ 1695.742424][T20372] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1695.871174][T20372] usb 2-1: USB disconnect, device number 77
[ 1696.001776][T30486] random: crng reseeded on system resumption
[ 1696.096336][T30486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6992'.
[ 1696.120877][T30486] chnl_net:caif_netlink_parms(): no params data found
[ 1696.128972][T30484] fido_id[30484]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1696.179055][T19216] Bluetooth: hci3: unexpected event 0x20 length: 19 > 7
[ 1696.181072][T30490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6993'.
[ 1696.233265][T30490] netlink: 'syz.3.6993': attribute type 2 has an invalid length.
[ 1696.299714][T30490] netlink: 'syz.3.6993': attribute type 1 has an invalid length.
[ 1696.308773][T30490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6993'.
[ 1696.367794][T30496] syz_tun: entered allmulticast mode
[ 1696.376193][T30495] syz_tun: left allmulticast mode
[ 1696.515831][T30498] fuse: Bad value for 'fd'
[ 1696.560821][T30501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6997'.
[ 1696.837837][T30510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7002'.
[ 1696.871480][T30510] macvtap1: entered promiscuous mode
[ 1696.883549][T30510] team0: entered promiscuous mode
[ 1696.896848][T30510] bond0: entered promiscuous mode
[ 1696.920849][T30510] macvtap1: entered allmulticast mode
[ 1696.935926][T30510] team0: entered allmulticast mode
[ 1696.955469][T30510] bond0: entered allmulticast mode
[ 1696.967691][T30510] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1696.991702][T30514] bridge0: port 1(gretap0) entered blocking state
[ 1697.011651][T30514] bridge0: port 1(gretap0) entered disabled state
[ 1697.045104][T30514] gretap0: entered allmulticast mode
[ 1697.067669][T30514] gretap0: entered promiscuous mode
[ 1697.074867][T30514] bridge0: port 1(gretap0) entered blocking state
[ 1697.081391][T30514] bridge0: port 1(gretap0) entered forwarding state
[ 1697.119904][T30517] FAULT_INJECTION: forcing a failure.
[ 1697.119904][T30517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1697.140792][T30517] CPU: 0 UID: 0 PID: 30517 Comm: syz.0.7004 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1697.140818][T30517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1697.140830][T30517] Call Trace:
[ 1697.140837][T30517]  <TASK>
[ 1697.140846][T30517]  dump_stack_lvl+0x189/0x250
[ 1697.140878][T30517]  ? __pfx____ratelimit+0x10/0x10
[ 1697.140903][T30517]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1697.140929][T30517]  ? __pfx__printk+0x10/0x10
[ 1697.140949][T30517]  ? __might_fault+0xb0/0x130
[ 1697.140978][T30517]  should_fail_ex+0x414/0x560
[ 1697.141005][T30517]  _copy_from_user+0x2d/0xb0
[ 1697.141023][T30517]  ___sys_recvmsg+0x12e/0x510
[ 1697.141051][T30517]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1697.141103][T30517]  ? __might_fault+0xb0/0x130
[ 1697.141124][T30517]  do_recvmmsg+0x307/0x770
[ 1697.141153][T30517]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1697.141185][T30517]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1697.141227][T30517]  __x64_sys_recvmmsg+0x190/0x240
[ 1697.141251][T30517]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1697.141271][T30517]  ? rcu_is_watching+0x15/0xb0
[ 1697.141301][T30517]  ? do_syscall_64+0xbe/0x3b0
[ 1697.141327][T30517]  do_syscall_64+0xfa/0x3b0
[ 1697.141350][T30517]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1697.141380][T30517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1697.141398][T30517]  ? clear_bhb_loop+0x60/0xb0
[ 1697.141418][T30517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1697.141436][T30517] RIP: 0033:0x7fc5e338e929
[ 1697.141452][T30517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1697.141467][T30517] RSP: 002b:00007fc5e42aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1697.141487][T30517] RAX: ffffffffffffffda RBX: 00007fc5e35b5fa0 RCX: 00007fc5e338e929
[ 1697.141501][T30517] RDX: 000000000000f000 RSI: 0000200000000d00 RDI: 0000000000000005
[ 1697.141512][T30517] RBP: 00007fc5e42aa090 R08: 0000000000000000 R09: 0000000000000000
[ 1697.141524][T30517] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002
[ 1697.141536][T30517] R13: 0000000000000000 R14: 00007fc5e35b5fa0 R15: 00007fc5e36dfa28
[ 1697.141564][T30517]  </TASK>
[ 1697.430752][T30521] RDS: rds_bind could not find a transport for ::e0:0:0:0:1, load rds_tcp or rds_rdma?
[ 1697.480883][T20372] usb 7-1: USB disconnect, device number 34
[ 1697.547715][T19216] Bluetooth: hci1: unexpected event 0x20 length: 19 > 7
[ 1697.553558][T30526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7006'.
[ 1697.638192][T30526] netlink: 'syz.1.7006': attribute type 2 has an invalid length.
[ 1697.646152][T30526] netlink: 'syz.1.7006': attribute type 1 has an invalid length.
[ 1697.654641][T30526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7006'.
[ 1697.964365][T28770] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1698.093985][T28770] usb 4-1: device descriptor read/64, error -71
[ 1698.454414][T28770] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1698.539665][T30561] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7018'.
[ 1698.626784][T28770] usb 4-1: device descriptor read/64, error -71
[ 1698.874639][T30563] openvswitch: netlink: Multiple metadata blocks provided
[ 1698.981224][T30565] xt_hashlimit: max too large, truncated to 1048576
[ 1699.025071][T28770] usb usb4-port1: attempt power cycle
[ 1699.263723][T15880] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1699.280675][   T30] audit: type=1326 audit(1751209798.223:4102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30552 comm="syz.1.7015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7fc00000
[ 1699.303137][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1699.454036][T28770] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1699.495158][T28770] usb 4-1: device descriptor read/8, error -71
[ 1699.507190][T15880] usb 5-1: config index 0 descriptor too short (expected 8192, got 77)
[ 1699.583742][T15880] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.613713][T15880] usb 5-1: config 0 has no interfaces?
[ 1699.632782][T15880] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1699.642325][T15880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1699.655501][T15880] usb 5-1: Product: syz
[ 1699.659758][T15880] usb 5-1: Manufacturer: syz
[ 1699.676887][T15880] usb 5-1: SerialNumber: syz
[ 1699.717606][T15880] usb 5-1: config 0 descriptor??
[ 1699.753077][T30569] netlink: 'syz.0.7021': attribute type 9 has an invalid length.
[ 1699.764042][T28770] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1699.788819][T28770] usb 4-1: device descriptor read/8, error -71
[ 1699.847409][T30569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7021'.
[ 1699.851525][T30569] hsr0: entered promiscuous mode
[ 1699.851786][T30569] macvlan2: entered promiscuous mode
[ 1699.851910][T30569] macvlan2: entered allmulticast mode
[ 1699.851919][T30569] hsr0: entered allmulticast mode
[ 1699.851926][T30569] hsr_slave_0: entered allmulticast mode
[ 1699.851934][T30569] hsr_slave_1: entered allmulticast mode
[ 1699.914976][T28770] usb usb4-port1: unable to enumerate USB device
[ 1700.232862][T30582] bridge_slave_0: left allmulticast mode
[ 1700.250984][T30582] bridge_slave_0: left promiscuous mode
[ 1700.293341][T30582] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1700.370729][T30582] bridge_slave_1: left allmulticast mode
[ 1700.406099][T30582] bridge_slave_1: left promiscuous mode
[ 1700.433356][T30582] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1700.522686][T30582] bond2: (slave veth0_to_bond): Releasing active interface
[ 1700.537319][T30582] veth0_to_bond: left allmulticast mode
[ 1700.568592][T30582] bond0: (slave bond_slave_0): Releasing backup interface
[ 1700.579243][T30588] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1700.594514][T30582] bond0: (slave bond_slave_1): Releasing backup interface
[ 1700.646949][T30582] team0: Port device team_slave_0 removed
[ 1700.664007][T20373] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1700.672113][T30582] team0: Port device team_slave_1 removed
[ 1700.689316][T30582] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1700.730894][T30582] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1700.733215][T30592] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7027'.
[ 1700.759287][T30582] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1700.790256][T30582] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1700.850962][T30582] batman_adv: batadv0: Interface deactivated: vlan1
[ 1700.852657][T20373] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1700.873152][T30582] batman_adv: batadv0: Removing interface: vlan1
[ 1700.889178][T20373] usb 7-1: config 0 has no interfaces?
[ 1700.903597][T20373] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1700.935921][T20373] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1700.940755][T30582] team0: Port device bridge1 removed
[ 1700.951985][T20373] usb 7-1: SerialNumber: syz
[ 1700.960938][T20373] usb 7-1: config 0 descriptor??
[ 1701.152613][T30604] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7033'.
[ 1701.239023][T30607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1701.251389][T15399] usb 7-1: USB disconnect, device number 35
[ 1701.271757][T30607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1701.484693][T20373] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1701.515716][T15880] usb 5-1: USB disconnect, device number 44
[ 1701.673993][T20373] usb 2-1: device descriptor read/64, error -71
[ 1701.873074][T30624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7039'.
[ 1701.893310][T30624] vlan3: entered promiscuous mode
[ 1701.936761][T20373] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[ 1702.003841][T15880] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1702.019656][T30626] netlink: 72 bytes leftover after parsing attributes in process `syz.6.7041'.
[ 1702.030920][T30626] tipc: Started in network mode
[ 1702.035985][T30626] tipc: Node identity , cluster identity 4711
[ 1702.048885][T30626] tipc: Failed to obtain node identity
[ 1702.057597][T30626] tipc: Enabling of bearer <eth:wg1> rejected, failed to enable media
[ 1702.113777][T20373] usb 2-1: device descriptor read/64, error -71
[ 1702.154184][T15880] usb 4-1: device descriptor read/64, error -71
[ 1702.224157][T20373] usb usb2-port1: attempt power cycle
[ 1702.403755][T15880] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1702.563813][T20373] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[ 1702.571495][T15880] usb 4-1: device descriptor read/64, error -71
[ 1702.604445][T20373] usb 2-1: device descriptor read/8, error -71
[ 1702.694080][T15880] usb usb4-port1: attempt power cycle
[ 1702.883895][T20373] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[ 1702.906145][T20373] usb 2-1: device descriptor read/8, error -71
[ 1702.972193][T30636] openvswitch: netlink: Multiple metadata blocks provided
[ 1703.033217][T20373] usb usb2-port1: unable to enumerate USB device
[ 1703.083897][T15880] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1703.144687][T15880] usb 4-1: device descriptor read/8, error -71
[ 1703.253809][T28770] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1703.394026][T15880] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1703.466617][T15880] usb 4-1: device descriptor read/8, error -71
[ 1703.498382][T28770] usb 5-1: config index 0 descriptor too short (expected 8192, got 77)
[ 1703.509679][T28770] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1703.523753][T28770] usb 5-1: config 0 has no interfaces?
[ 1703.551127][T28770] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1703.560860][T28770] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1703.569121][T28770] usb 5-1: Product: syz
[ 1703.574708][T28770] usb 5-1: Manufacturer: syz
[ 1703.579478][T28770] usb 5-1: SerialNumber: syz
[ 1703.584915][T15880] usb usb4-port1: unable to enumerate USB device
[ 1703.593504][T28770] usb 5-1: config 0 descriptor??
[ 1704.017173][T30657] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.7052'.
[ 1705.784135][T15880] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[ 1705.808343][T30679] netlink: 'syz.0.7060': attribute type 63 has an invalid length.
[ 1705.809204][T30680] netlink: 'syz.0.7060': attribute type 63 has an invalid length.
[ 1705.827468][T30679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7060'.
[ 1705.836916][T30680] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7060'.
[ 1705.945820][T15880] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1705.955964][T15880] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1705.967725][T15880] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1705.977251][T15880] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1705.985902][T15880] usb 2-1: Product: syz
[ 1705.990368][T15880] usb 2-1: Manufacturer: syz
[ 1705.995220][T15880] usb 2-1: SerialNumber: syz
[ 1706.002405][T15880] usb 2-1: config 0 descriptor??
[ 1706.013475][T15880] usb 2-1: selecting invalid altsetting 0
[ 1706.231355][T30675] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1706.298209][T15399] usb 2-1: USB disconnect, device number 82
[ 1706.824212][T28770] usb 5-1: USB disconnect, device number 45
[ 1706.954235][T15880] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1707.206315][T30706] program syz.1.7068 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1707.217307][T15880] usb 4-1: config 0 has no interfaces?
[ 1707.236664][T15880] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1707.277014][T15880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1707.286984][T15880] usb 4-1: Product: syz
[ 1707.291255][T15880] usb 4-1: Manufacturer: syz
[ 1707.302469][T15880] usb 4-1: SerialNumber: syz
[ 1707.450910][T15880] usb 4-1: config 0 descriptor??
[ 1707.583825][T20361] usb 2-1: new full-speed USB device number 83 using dummy_hcd
[ 1707.666372][T15399] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1707.763108][T20361] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[ 1707.803838][T15399] usb 5-1: device descriptor read/64, error -71
[ 1707.836855][T30691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1707.849354][T30691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1707.867246][T20361] usb 2-1: config 0 has no interface number 0
[ 1708.114248][T15399] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1708.123756][T15880] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1708.154666][T20361] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[ 1708.230135][T20361] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1708.264206][T15399] usb 5-1: device descriptor read/64, error -71
[ 1708.284189][T15880] usb 7-1: Using ep0 maxpacket: 16
[ 1708.292289][T15880] usb 7-1: config 0 has an invalid interface number: 68 but max is 0
[ 1708.304317][T15880] usb 7-1: config 0 has no interface number 0
[ 1708.328643][T15880] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[ 1708.337886][T15880] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1708.353829][T15880] usb 7-1: Product: syz
[ 1708.358127][T15880] usb 7-1: Manufacturer: syz
[ 1708.362729][T15880] usb 7-1: SerialNumber: syz
[ 1708.387890][T15880] usb 7-1: config 0 descriptor??
[ 1708.394808][T15399] usb usb5-port1: attempt power cycle
[ 1708.458578][T20361] usb 2-1: Product: syz
[ 1708.473848][T15880] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1708.489795][T20361] usb 2-1: Manufacturer: syz
[ 1708.496841][T20361] usb 2-1: SerialNumber: syz
[ 1708.510814][T20361] usb 2-1: config 0 descriptor??
[ 1708.521612][T20361] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[ 1708.628827][T15231] usb 7-1: Failed to submit usb control message: -71
[ 1708.638554][T15880] usb 7-1: USB disconnect, device number 36
[ 1708.646406][T15231] usb 7-1: unable to send the bmi data to the device: -71
[ 1708.653945][T15231] usb 7-1: unable to get target info from device
[ 1708.727396][T20361] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[ 1708.738097][T15231] usb 7-1: could not get target info (-71)
[ 1708.745090][T15231] usb 7-1: could not probe fw (-71)
[ 1708.774315][T15399] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1708.802434][T15399] usb 5-1: device descriptor read/8, error -71
[ 1708.927681][T30710] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7069'.
[ 1708.937965][T30710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1708.953363][T30710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1709.073800][T15399] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1709.095007][T15399] usb 5-1: device descriptor read/8, error -71
[ 1709.109824][T30726] x_tables: duplicate underflow at hook 2
[ 1709.117489][T30726] IPVS: set_ctl: invalid protocol: 41 100.1.1.0:20004
[ 1709.166345][T30728] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7073'.
[ 1709.204159][T15399] usb usb5-port1: unable to enumerate USB device
[ 1709.328728][T30732] openvswitch: netlink: Multiple metadata blocks provided
[ 1709.515843][T15880] usb 2-1: USB disconnect, device number 83
[ 1709.648867][T28770] usb 4-1: USB disconnect, device number 54
[ 1709.894846][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1709.904776][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1710.052112][T30743] bridge0: port 1(veth0_to_bridge) entered blocking state
[ 1710.062906][T30743] bridge0: port 1(veth0_to_bridge) entered disabled state
[ 1710.072133][T30743] veth0_to_bridge: entered allmulticast mode
[ 1710.082543][T30743] veth0_to_bridge: entered promiscuous mode
[ 1710.090339][T30743] bridge0: port 1(veth0_to_bridge) entered blocking state
[ 1710.097594][T30743] bridge0: port 1(veth0_to_bridge) entered forwarding state
[ 1710.189384][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1710.224592][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1710.350962][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1710.363633][T30739] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7077'.
[ 1710.460282][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807683a800: rx timeout, send abort
[ 1710.473779][T15399] usb 4-1: new full-speed USB device number 55 using dummy_hcd
[ 1710.603785][T15399] usb 4-1: device descriptor read/64, error -71
[ 1710.844400][T15399] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[ 1710.960347][    C1] vcan0: j1939_tp_rxtimer: 0xffff888055cc5400: rx timeout, send abort
[ 1710.968855][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807683a800: abort rx timeout. Force session deactivation
[ 1710.973777][T15399] usb 4-1: device descriptor read/64, error -71
[ 1711.104485][T30758] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7083'.
[ 1711.124556][T15399] usb usb4-port1: attempt power cycle
[ 1711.443924][T20361] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1711.468777][    C1] vcan0: j1939_tp_rxtimer: 0xffff888055cc5400: abort rx timeout. Force session deactivation
[ 1711.692413][T20361] usb 5-1: too many endpoints for config 4 interface 0 altsetting 0: 79, using maximum allowed: 30
[ 1711.715073][T20361] usb 5-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[ 1711.743935][T15399] usb 4-1: new full-speed USB device number 57 using dummy_hcd
[ 1711.776051][T20361] usb 5-1: config 4 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 91
[ 1711.790015][T15399] usb 4-1: device descriptor read/8, error -71
[ 1711.822634][T20361] usb 5-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 79
[ 1711.886810][T20361] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1711.923254][T20361] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1711.947733][T30761] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1711.964251][T30766] netlink: 2052 bytes leftover after parsing attributes in process `syz.1.7086'.
[ 1712.002497][T30766] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1712.010119][T30770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7086'.
[ 1712.020915][T30771] netlink: 56 bytes leftover after parsing attributes in process `syz.6.7087'.
[ 1712.043885][T15399] usb 4-1: new full-speed USB device number 58 using dummy_hcd
[ 1712.064455][T15399] usb 4-1: device descriptor read/8, error -71
[ 1712.176671][T15399] usb usb4-port1: unable to enumerate USB device
[ 1712.204904][T30761] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7084'.
[ 1712.357315][T19216] Bluetooth: hci0: unexpected event 0x20 length: 19 > 7
[ 1712.360367][T30780] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7091'.
[ 1712.382908][T30780] netlink: 'syz.6.7091': attribute type 2 has an invalid length.
[ 1712.392795][T30780] netlink: 'syz.6.7091': attribute type 1 has an invalid length.
[ 1712.406234][T30780] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7091'.
[ 1712.691335][T30788] loop6: detected capacity change from 0 to 524287999
[ 1712.955816][T30796] xt_time: unknown flags 0xc
[ 1713.021329][   T30] audit: type=1326 audit(1751209811.983:4103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.045720][   T30] audit: type=1326 audit(1751209812.013:4104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.093945][T20361] ath6kl: Failed to submit usb control message: -110
[ 1713.101566][T20361] ath6kl: unable to send the bmi data to the device: -110
[ 1713.125311][   T30] audit: type=1326 audit(1751209812.013:4105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc29b12ab19 code=0x7ffc0000
[ 1713.150984][T20361] ath6kl: Unable to send get target info: -110
[ 1713.153068][   T30] audit: type=1326 audit(1751209812.013:4106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc29b12ab19 code=0x7ffc0000
[ 1713.160982][T20361] ath6kl: Failed to init ath6kl core: -110
[ 1713.195454][T20361] ath6kl_usb 5-1:4.0: probe with driver ath6kl_usb failed with error -110
[ 1713.197890][   T30] audit: type=1326 audit(1751209812.013:4107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.238394][   T30] audit: type=1326 audit(1751209812.013:4108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.311454][   T30] audit: type=1326 audit(1751209812.013:4109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.340108][   T30] audit: type=1326 audit(1751209812.013:4110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.363263][   T30] audit: type=1326 audit(1751209812.013:4111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc29b12ab19 code=0x7ffc0000
[ 1713.386669][   T30] audit: type=1326 audit(1751209812.013:4112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30795 comm="syz.1.7096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc29b18e929 code=0x7ffc0000
[ 1713.824119][T30812] netlink: 52 bytes leftover after parsing attributes in process `syz.6.7101'.
[ 1713.973817][T15880] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1714.184062][T15880] usb 4-1: Using ep0 maxpacket: 8
[ 1714.196430][T30818] netlink: 'syz.6.7103': attribute type 10 has an invalid length.
[ 1714.205602][T30818] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7103'.
[ 1714.216754][T30818] batman_adv: batadv0: Adding interface: vlan1
[ 1714.228996][T30818] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1714.254459][T15880] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[ 1714.258712][T30818] batman_adv: batadv0: Interface activated: vlan1
[ 1714.269065][T15880] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[ 1714.302694][T15880] usb 4-1: config 6 has no interface number 0
[ 1714.351814][T15880] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1714.423835][T15880] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1714.475961][T15880] usb 4-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1714.550006][T15880] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1714.583623][T15880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1714.608463][T15880] usb 4-1: Product: syz
[ 1714.623517][T15880] usb 4-1: Manufacturer: syz
[ 1714.649270][T15880] usb 4-1: SerialNumber: syz
[ 1714.680505][T30827] netlink: 'syz.1.7106': attribute type 4 has an invalid length.
[ 1714.689092][T30827] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7106'.
[ 1714.706904][T30827] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1714.757851][T15880] hso 4-1:6.2: Failed to find INT IN ep
[ 1715.343222][T30831] syz_tun: entered allmulticast mode
[ 1715.356222][T30830] syz_tun: left allmulticast mode
[ 1715.490818][T30833] mac80211_hwsim hwsim43 wlan0: entered promiscuous mode
[ 1715.506134][T30833] macsec1: entered promiscuous mode
[ 1715.516371][T30833] macsec1: entered allmulticast mode
[ 1715.522143][T30833] mac80211_hwsim hwsim43 wlan0: entered allmulticast mode
[ 1716.660001][T15880] usb 4-1: USB disconnect, device number 59
[ 1717.668632][T30872] program syz.6.7122 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1717.833762][T28770] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1717.927810][T30883] FAULT_INJECTION: forcing a failure.
[ 1717.927810][T30883] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1717.941085][T30883] CPU: 1 UID: 0 PID: 30883 Comm: syz.6.7126 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1717.941103][T30883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1717.941110][T30883] Call Trace:
[ 1717.941115][T30883]  <TASK>
[ 1717.941121][T30883]  dump_stack_lvl+0x189/0x250
[ 1717.941140][T30883]  ? __pfx____ratelimit+0x10/0x10
[ 1717.941155][T30883]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1717.941169][T30883]  ? __pfx__printk+0x10/0x10
[ 1717.941180][T30883]  ? __might_fault+0xb0/0x130
[ 1717.941196][T30883]  should_fail_ex+0x414/0x560
[ 1717.941210][T30883]  _copy_from_user+0x2d/0xb0
[ 1717.941220][T30883]  snd_seq_oss_write+0x515/0x930
[ 1717.941243][T30883]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1717.941257][T30883]  ? common_file_perm+0x199/0x200
[ 1717.941271][T30883]  ? security_file_permission+0x75/0x290
[ 1717.941284][T30883]  odev_write+0x5a/0x80
[ 1717.941294][T30883]  ? __pfx_odev_write+0x10/0x10
[ 1717.941306][T30883]  vfs_write+0x27e/0xa90
[ 1717.941325][T30883]  ? __pfx_vfs_write+0x10/0x10
[ 1717.941340][T30883]  ? __fget_files+0x2a/0x420
[ 1717.941352][T30883]  ? __fget_files+0x2a/0x420
[ 1717.941362][T30883]  ? __fget_files+0x3a0/0x420
[ 1717.941371][T30883]  ? __fget_files+0x2a/0x420
[ 1717.941386][T30883]  ksys_write+0x145/0x250
[ 1717.941396][T30883]  ? __pfx_ksys_write+0x10/0x10
[ 1717.941408][T30883]  ? do_syscall_64+0xbe/0x3b0
[ 1717.941424][T30883]  do_syscall_64+0xfa/0x3b0
[ 1717.941437][T30883]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1717.941450][T30883]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1717.941466][T30883]  ? clear_bhb_loop+0x60/0xb0
[ 1717.941478][T30883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1717.941488][T30883] RIP: 0033:0x7f650af8e929
[ 1717.941498][T30883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1717.941507][T30883] RSP: 002b:00007f650be8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1717.941519][T30883] RAX: ffffffffffffffda RBX: 00007f650b1b6080 RCX: 00007f650af8e929
[ 1717.941526][T30883] RDX: 0000000000000458 RSI: 00002000000008c0 RDI: 0000000000000003
[ 1717.941533][T30883] RBP: 00007f650be8c090 R08: 0000000000000000 R09: 0000000000000000
[ 1717.941539][T30883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1717.941546][T30883] R13: 0000000000000001 R14: 00007f650b1b6080 R15: 00007f650b2dfa28
[ 1717.941560][T30883]  </TASK>
[ 1718.177564][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1718.210196][T28770] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1718.221341][T28770] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1718.233045][T28770] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1718.242308][T28770] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1718.250922][T28770] usb 2-1: Product: syz
[ 1718.255453][T28770] usb 2-1: Manufacturer: syz
[ 1718.260114][T28770] usb 2-1: SerialNumber: syz
[ 1718.268113][T28770] usb 2-1: config 0 descriptor??
[ 1718.284333][T28770] usb 2-1: selecting invalid altsetting 0
[ 1718.575647][T30868] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1718.597513][T30888] gretap0: entered promiscuous mode
[ 1718.602945][T30888] macsec2: entered promiscuous mode
[ 1718.610680][T30888] gretap0: left promiscuous mode
[ 1718.636749][T15399] usb 2-1: USB disconnect, device number 84
[ 1718.693791][T20361] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 1718.737377][T30890] __nla_validate_parse: 3 callbacks suppressed
[ 1718.737395][T30890] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7129'.
[ 1718.758334][T30890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7129'.
[ 1718.772420][T30890] netlink: 'syz.0.7129': attribute type 10 has an invalid length.
[ 1718.857461][T30894] loop6: detected capacity change from 0 to 7
[ 1718.864163][T20361] usb 4-1: Using ep0 maxpacket: 8
[ 1718.872396][T20361] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[ 1718.872808][ T6163] Dev loop6: unable to read RDB block 7
[ 1718.881024][T20361] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[ 1718.890962][ T6163]  loop6: unable to read partition table
[ 1718.905304][T20361] usb 4-1: config 6 has no interface number 0
[ 1718.905537][ T6163] loop6: partition table beyond EOD, truncated
[ 1718.911421][T20361] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[ 1718.929992][T20361] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1718.941410][T20361] usb 4-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1718.954776][T30894] Dev loop6: unable to read RDB block 7
[ 1718.960487][T30894]  loop6: unable to read partition table
[ 1718.969168][T30894] loop6: partition table beyond EOD, truncated
[ 1718.979005][T30894] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1718.979186][T20361] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1718.998029][T20361] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1719.006463][T20361] usb 4-1: Product: syz
[ 1719.010708][T20361] usb 4-1: Manufacturer: syz
[ 1719.015779][T20361] usb 4-1: SerialNumber: syz
[ 1719.065326][T20361] hso 4-1:6.2: Failed to find INT IN ep
[ 1719.453782][T28770] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1719.533774][T20373] usb 2-1: new low-speed USB device number 85 using dummy_hcd
[ 1719.616456][T28770] usb 7-1: config 0 has no interfaces?
[ 1719.632143][T28770] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1719.654072][T28770] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1719.671064][T28770] usb 7-1: Product: syz
[ 1719.678922][T28770] usb 7-1: Manufacturer: syz
[ 1719.689904][T28770] usb 7-1: SerialNumber: syz
[ 1719.702153][T20373] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1719.714638][T28770] usb 7-1: config 0 descriptor??
[ 1719.723216][T20373] usb 2-1: config 0 has no interface number 0
[ 1719.801070][T20373] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1719.812428][T20373] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1719.831173][T20373] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1719.840579][T20373] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1719.887020][T20373] usb 2-1: config 0 descriptor??
[ 1719.895280][T30902] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[ 1719.925614][T20373] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1720.150254][T15399] usb 2-1: USB disconnect, device number 85
[ 1720.994448][T20373] usb 4-1: USB disconnect, device number 60
[ 1721.509700][T19216] Bluetooth: hci3: unexpected event 0x20 length: 19 > 7
[ 1721.512071][T30928] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7144'.
[ 1721.530939][T30928] netlink: 'syz.3.7144': attribute type 2 has an invalid length.
[ 1721.538927][T30928] netlink: 'syz.3.7144': attribute type 1 has an invalid length.
[ 1721.546970][T30928] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7144'.
[ 1722.008483][T30941] netlink: 'syz.1.7150': attribute type 10 has an invalid length.
[ 1722.036383][T20373] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 1722.172820][T28770] usb 7-1: USB disconnect, device number 37
[ 1722.216021][T20373] usb 4-1: Using ep0 maxpacket: 16
[ 1722.224895][T20373] usb 4-1: config 0 has an invalid descriptor of length 65, skipping remainder of the config
[ 1722.263628][T20373] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1722.307491][T30947] netlink: 56 bytes leftover after parsing attributes in process `syz.6.7152'.
[ 1722.320865][T20373] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1722.343875][T20373] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=98
[ 1722.351982][T20373] usb 4-1: SerialNumber: syz
[ 1722.416003][T20373] usb 4-1: config 0 descriptor??
[ 1722.631759][T30934] i2c i2c-1: Invalid block write size 156
[ 1722.654424][T30934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7147'.
[ 1722.688437][T30934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7147'.
[ 1722.705461][T20373] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1722.725594][T20373] usb 4-1: USB disconnect, device number 61
[ 1722.780023][T30957] netlink: 108 bytes leftover after parsing attributes in process `syz.1.7155'.
[ 1723.117517][T30968] veth1_to_team: entered promiscuous mode
[ 1723.525068][T30979] loop6: detected capacity change from 0 to 524287999
[ 1723.576790][T30986] netlink: 'syz.6.7166': attribute type 10 has an invalid length.
[ 1723.584868][T30986] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7166'.
[ 1723.724027][T20359] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1723.886492][T20359] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1723.897654][T20359] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1723.909580][T20359] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1723.919081][T20359] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1723.927110][T20359] usb 2-1: Product: syz
[ 1723.931266][T20359] usb 2-1: Manufacturer: syz
[ 1723.936653][T20359] usb 2-1: SerialNumber: syz
[ 1723.946729][T20359] cdc_mbim 2-1:1.0: skipping garbage
[ 1723.993900][T20361] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1724.149500][T30982] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1724.158856][T20361] usb 7-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 32
[ 1724.168923][T20361] usb 7-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1724.182180][T20361] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1724.191166][T20361] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1724.200651][T20361] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1724.213883][T20361] usb 7-1: Product: 焷ꪞ옙䃑鲰蠽䑙Ֆ跩ɄẶ⺥๧毯좍᧘횢ⶠ瑒ﲘ⸥俦퇕嫴˼層糖霈鉀ⰹ鰩㮄낯ᩅ頒⌏譯హ坆콼ᡉ檊䀿㈑蘭酌뾓،륟駊鉃䵉損᩷誙毌ᱠ葅ꊉ
[ 1724.238936][T20361] usb 7-1: Manufacturer: 、
[ 1724.243579][T20361] usb 7-1: SerialNumber: ࡃ
[ 1724.260526][T30989] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[ 1724.269996][T30989] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[ 1724.709946][T20359] cdc_mbim 2-1:1.0: failed GET_NTB_PARAMETERS
[ 1724.723826][T20359] cdc_mbim 2-1:1.0: bind() failure
[ 1724.748276][T20359] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 1724.756477][T20359] cdc_ncm 2-1:1.1: bind() failure
[ 1724.766822][T20359] usb 2-1: USB disconnect, device number 86
[ 1725.349961][T31014] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[ 1725.392304][T31017] syz_tun: entered promiscuous mode
[ 1725.401360][T31017] batadv_slave_0: entered promiscuous mode
[ 1725.408845][T31017] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1725.416952][T31017] Cannot create hsr debugfs directory
[ 1725.422481][T31017] hsr1: entered allmulticast mode
[ 1725.427646][T31017] syz_tun: entered allmulticast mode
[ 1725.432964][T31017] batadv_slave_0: entered allmulticast mode
[ 1725.463790][T28770] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1725.611593][T20361] usb 7-1: USB disconnect, device number 38
[ 1725.625213][T28770] usb 2-1: device descriptor read/64, error -71
[ 1725.658273][T31021] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[ 1725.709560][T31024] fuse: Bad value for 'fd'
[ 1725.894143][T28770] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1725.960425][T31032] ipvlan2: entered allmulticast mode
[ 1726.063825][T28770] usb 2-1: device descriptor read/64, error -71
[ 1726.183030][T28770] usb usb2-port1: attempt power cycle
[ 1726.502238][T13658] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1726.514671][T13658] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1726.523361][T13658] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1726.526888][T31045] program syz.6.7191 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1726.531037][T20373] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1726.547433][T28770] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1726.558956][T13658] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1726.572336][T13658] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1726.584891][T28770] usb 2-1: device descriptor read/8, error -71
[ 1726.650621][T31048] netlink: 'syz.6.7192': attribute type 1 has an invalid length.
[ 1726.665503][T31048] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7192'.
[ 1726.703776][T20373] usb 4-1: Using ep0 maxpacket: 16
[ 1726.716275][T20373] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1726.733723][T20373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1726.747475][T20373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1726.760769][T20373] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1726.772486][T20373] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1726.787669][T20373] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1726.797146][T20373] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1726.805477][T20373] usb 4-1: Manufacturer: syz
[ 1726.813621][T20373] usb 4-1: config 0 descriptor??
[ 1726.823766][T28770] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 1726.844634][T28770] usb 2-1: device descriptor read/8, error -71
[ 1726.958505][T28770] usb usb2-port1: unable to enumerate USB device
[ 1726.977950][T31046] chnl_net:caif_netlink_parms(): no params data found
[ 1727.083200][T31046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.092972][T31046] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1727.093972][T20373] rc_core: IR keymap rc-hauppauge not found
[ 1727.100206][T31046] bridge_slave_0: entered allmulticast mode
[ 1727.114214][T20373] Registered IR keymap rc-empty
[ 1727.115305][T31046] bridge_slave_0: entered promiscuous mode
[ 1727.119241][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.128897][T31046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.140396][T31046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1727.148252][T31046] bridge_slave_1: entered allmulticast mode
[ 1727.155978][T31046] bridge_slave_1: entered promiscuous mode
[ 1727.158373][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.170009][T20361] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1727.185057][T20373] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1727.200071][T20373] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input134
[ 1727.219526][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.242010][T31046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1727.254068][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.269157][T31046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1727.284196][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.305448][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.327429][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.333844][T20361] usb 7-1: Using ep0 maxpacket: 8
[ 1727.341159][T31046] team0: Port device team_slave_0 added
[ 1727.348724][T20361] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1727.364024][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.367661][T31046] team0: Port device team_slave_1 added
[ 1727.377955][T20361] usb 7-1: config 7 has an invalid interface number: 199 but max is 1
[ 1727.398456][T20361] usb 7-1: config 7 has an invalid interface number: 251 but max is 1
[ 1727.407118][T20361] usb 7-1: config 7 has no interface number 0
[ 1727.414140][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.423773][T20361] usb 7-1: config 7 has no interface number 1
[ 1727.429898][T20361] usb 7-1: config 7 interface 251 has no altsetting 0
[ 1727.441394][T20361] usb 7-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=14.2b
[ 1727.453207][T20361] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1727.456655][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.471933][T20361] usb 7-1: Product: syz
[ 1727.473198][T31046] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1727.478428][T20361] usb 7-1: Manufacturer: syz
[ 1727.484000][T31046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1727.490287][T20361] usb 7-1: SerialNumber: syz
[ 1727.513722][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1727.514363][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.536451][T31046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1727.550003][T31046] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1727.557589][T20373] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1727.583783][T31046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1727.612726][T20373] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1727.622310][T20373] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1727.631087][T31046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1727.668503][T20373] usb 4-1: USB disconnect, device number 62
[ 1727.733258][T31046] hsr_slave_0: entered promiscuous mode
[ 1727.744223][T31046] hsr_slave_1: entered promiscuous mode
[ 1727.937823][T31046] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1727.950727][T31046] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1727.961121][T31046] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1727.980856][T31046] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1728.067509][T31046] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1728.090166][T31046] 8021q: adding VLAN 0 to HW filter on device team0
[ 1728.103183][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1728.110312][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1728.131533][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1728.138678][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1728.321346][T31046] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1728.350627][T20361] usb 7-1: USB disconnect, device number 39
[ 1728.439501][T31046] veth0_vlan: entered promiscuous mode
[ 1728.459296][T31074] kvm: pic: single mode not supported
[ 1728.462399][T31046] veth1_vlan: entered promiscuous mode
[ 1728.510295][T31046] veth0_macvtap: entered promiscuous mode
[ 1728.526684][T31046] veth1_macvtap: entered promiscuous mode
[ 1728.550424][T31046] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1728.583160][T31046] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1728.599724][T31046] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1728.604130][T19216] Bluetooth: hci2: command tx timeout
[ 1728.610862][T31046] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1728.624608][T31046] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1728.633321][T31046] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1728.745941][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1728.760184][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1728.817792][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1728.823855][T20361] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 1728.829963][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1728.964119][T20361] usb 7-1: device descriptor read/64, error -71
[ 1728.983806][T15399] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1729.145443][T15399] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[ 1729.173895][T15399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1729.213003][T15399] usb 2-1: config 0 descriptor??
[ 1729.218817][T20361] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1729.249616][T15399] usb 2-1: selecting invalid altsetting 1
[ 1729.323175][T15399] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 1729.335432][ T6163] udevd[6163]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1729.353294][T31097] tipc: Started in network mode
[ 1729.365913][T31097] tipc: Node identity -:, cluster identity 4711
[ 1729.374372][T20361] usb 7-1: device descriptor read/64, error -71
[ 1729.392442][T31097] tipc: Enabling of bearer <udp:s�> rejected, failed to enable media
[ 1729.472279][T15399] usb 2-1: USB disconnect, device number 91
[ 1729.484323][T20361] usb usb7-port1: attempt power cycle
[ 1729.532310][   T30] kauditd_printk_skb: 58 callbacks suppressed
[ 1729.532325][   T30] audit: type=1326 audit(1751209828.493:4171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31094 comm="syz.3.7204" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c9138e929 code=0x0
[ 1729.560278][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1729.864126][T20361] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1729.892229][T20361] usb 7-1: device descriptor read/8, error -71
[ 1730.191088][T20361] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1730.244051][T20361] usb 7-1: device descriptor read/8, error -71
[ 1730.280264][T31128] netlink: 'syz.1.7216': attribute type 1 has an invalid length.
[ 1730.289686][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.296167][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.352387][T31128] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1730.354899][T20361] usb usb7-port1: unable to enumerate USB device
[ 1730.386301][T31130] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1730.683973][T19216] Bluetooth: hci2: command tx timeout
[ 1730.893852][T28770] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 1731.069769][T28770] usb 2-1: Using ep0 maxpacket: 16
[ 1731.100442][T28770] usb 2-1: config 0 has no interfaces?
[ 1731.109098][T28770] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1731.122431][T31143] binder: BINDER_SET_CONTEXT_MGR already set
[ 1731.134269][T31143] binder: 31141:31143 ioctl 4018620d 200000000040 returned -16
[ 1731.135918][T28770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1731.154936][T31143] binder: 31141:31143 ioctl c0306201 200000000240 returned -11
[ 1731.173929][T28770] usb 2-1: config 0 descriptor??
[ 1731.258271][T31145] Cannot find add_set index 0 as target
[ 1731.372855][T31147] team_slave_0: entered promiscuous mode
[ 1731.378645][T31147] team_slave_1: entered promiscuous mode
[ 1731.385199][T31147] vlan2: entered promiscuous mode
[ 1731.390720][T31147] team0: entered promiscuous mode
[ 1731.943909][T15880] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1732.093752][T15880] usb 7-1: Using ep0 maxpacket: 32
[ 1732.101215][T15880] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1732.117121][T15880] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[ 1732.127407][T15880] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[ 1732.144285][T15880] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1732.154090][T15880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1732.162687][T15880] usb 7-1: SerialNumber: syz
[ 1732.173913][T31151] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1732.187302][T15880] cdc_acm 7-1:1.0: Control and data interfaces are not separated!
[ 1732.388112][T15880] cdc_acm 7-1:1.0: ttyACM0: USB ACM device
[ 1732.400418][T15880] usb 7-1: USB disconnect, device number 44
[ 1732.604162][T20373] usb 4-1: new low-speed USB device number 63 using dummy_hcd
[ 1732.755639][T20373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1732.773992][T19216] Bluetooth: hci2: command tx timeout
[ 1732.781415][T20373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1732.791360][T20373] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[ 1732.800710][T20373] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1732.811449][T20373] usb 4-1: config 0 descriptor??
[ 1733.027683][T31155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1733.049469][T31155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1733.210761][T31159] netlink: 'syz.6.7228': attribute type 10 has an invalid length.
[ 1733.219110][T31159] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7228'.
[ 1733.287845][T20373] steelseries 0003:1038:1410.0038: unbalanced collection at end of report description
[ 1733.304473][T20373] steelseries 0003:1038:1410.0038: parse failed
[ 1733.313871][T31161] netlink: 52 bytes leftover after parsing attributes in process `syz.6.7229'.
[ 1733.323342][T20373] steelseries 0003:1038:1410.0038: probe with driver steelseries failed with error -22
[ 1733.476796][T20361] usb 4-1: USB disconnect, device number 63
[ 1733.621007][T20373] usb 2-1: USB disconnect, device number 92
[ 1734.037990][T15880] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1734.215481][T15880] usb 7-1: Using ep0 maxpacket: 16
[ 1734.245187][T20361] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1734.308736][T15880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1734.349222][T15880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1734.376102][T15880] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1734.405887][T15880] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1734.427054][T20361] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1734.442717][T20361] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1734.466592][T15880] usb 7-1: config 0 descriptor??
[ 1734.467669][T20361] usb 2-1: New USB device found, idVendor=056a, idProduct=0059, bcdDevice= 0.00
[ 1734.488918][T20361] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1734.510331][T20361] usb 2-1: config 0 descriptor??
[ 1734.522394][T20361] usbhid 2-1:0.0: can't add hid device: -22
[ 1734.529329][ T5914] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1734.543610][T20361] usbhid 2-1:0.0: probe with driver usbhid failed with error -22
[ 1734.584046][T31192] ipvlan2: entered allmulticast mode
[ 1734.589847][T31192] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[ 1734.691210][ T5914] usb 4-1: config 0 has no interfaces?
[ 1734.719705][ T5914] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1734.742835][T19216] Bluetooth: hci4: unexpected event 0x20 length: 19 > 7
[ 1734.749448][T31194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7240'.
[ 1734.766275][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1734.782724][ T5914] usb 4-1: Product: syz
[ 1734.788007][ T5914] usb 4-1: Manufacturer: syz
[ 1734.792620][ T5914] usb 4-1: SerialNumber: syz
[ 1734.826089][ T5914] usb 4-1: config 0 descriptor??
[ 1734.829833][T31194] netlink: 'syz.0.7240': attribute type 2 has an invalid length.
[ 1734.844082][T19216] Bluetooth: hci2: command tx timeout
[ 1734.875621][T31194] netlink: 'syz.0.7240': attribute type 1 has an invalid length.
[ 1734.900452][T31194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7240'.
[ 1734.935603][T31198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1734.947274][T31198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1735.088288][T31201] netlink: 'syz.0.7242': attribute type 1 has an invalid length.
[ 1735.106004][T31201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7242'.
[ 1735.167384][T31186] FAULT_INJECTION: forcing a failure.
[ 1735.167384][T31186] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1735.185975][T31186] CPU: 1 UID: 0 PID: 31186 Comm: syz.3.7237 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1735.185999][T31186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1735.186011][T31186] Call Trace:
[ 1735.186020][T31186]  <TASK>
[ 1735.186029][T31186]  dump_stack_lvl+0x189/0x250
[ 1735.186071][T31186]  ? __pfx____ratelimit+0x10/0x10
[ 1735.186096][T31186]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1735.186122][T31186]  ? __pfx__printk+0x10/0x10
[ 1735.186143][T31186]  ? __might_fault+0xb0/0x130
[ 1735.186171][T31186]  should_fail_ex+0x414/0x560
[ 1735.186198][T31186]  _copy_from_iter+0x1db/0x16f0
[ 1735.186226][T31186]  ? aa_file_perm+0x11f/0xed0
[ 1735.186254][T31186]  ? __pfx__copy_from_iter+0x10/0x10
[ 1735.186292][T31186]  vhost_chr_write_iter+0xc3/0xad0
[ 1735.186322][T31186]  ? end_current_label_crit_section+0x152/0x180
[ 1735.186341][T31186]  ? __pfx_vhost_chr_write_iter+0x10/0x10
[ 1735.186365][T31186]  ? security_file_permission+0x75/0x290
[ 1735.186386][T31186]  vfs_write+0x548/0xa90
[ 1735.186411][T31186]  ? __pfx_vhost_net_chr_write_iter+0x10/0x10
[ 1735.186432][T31186]  ? __pfx_vfs_write+0x10/0x10
[ 1735.186460][T31186]  ? __fget_files+0x2a/0x420
[ 1735.186483][T31186]  ksys_write+0x145/0x250
[ 1735.186498][T31186]  ? __pfx_ksys_write+0x10/0x10
[ 1735.186510][T31186]  ? rcu_is_watching+0x15/0xb0
[ 1735.186535][T31186]  ? do_syscall_64+0xbe/0x3b0
[ 1735.186558][T31186]  do_syscall_64+0xfa/0x3b0
[ 1735.186577][T31186]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1735.186595][T31186]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1735.186610][T31186]  ? clear_bhb_loop+0x60/0xb0
[ 1735.186628][T31186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1735.186642][T31186] RIP: 0033:0x7f3c9138e929
[ 1735.186655][T31186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1735.186668][T31186] RSP: 002b:00007f3c921e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1735.186684][T31186] RAX: ffffffffffffffda RBX: 00007f3c915b6160 RCX: 00007f3c9138e929
[ 1735.186695][T31186] RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 0000000000000008
[ 1735.186704][T31186] RBP: 00007f3c921e7090 R08: 0000000000000000 R09: 0000000000000000
[ 1735.186714][T31186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1735.186723][T31186] R13: 0000000000000000 R14: 00007f3c915b6160 R15: 00007f3c916dfa28
[ 1735.186745][T31186]  </TASK>
[ 1735.427294][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1735.721598][T31204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7243'.
[ 1735.782289][T31206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7244'.
[ 1735.811718][T31206] vlan2: entered promiscuous mode
[ 1736.703723][T15880] usbhid 7-1:0.0: can't add hid device: -71
[ 1736.709834][T15880] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1736.731535][T15880] usb 7-1: USB disconnect, device number 45
[ 1736.848808][T10095] usb 2-1: USB disconnect, device number 93
[ 1737.179934][T15880] usb 4-1: USB disconnect, device number 64
[ 1737.303929][T10095] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1737.406864][T31225] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7250'.
[ 1737.453810][T10095] usb 2-1: Using ep0 maxpacket: 8
[ 1737.492485][T10095] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1737.515124][T10095] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1737.538919][T10095] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1737.560520][T10095] pvrusb2: **********
[ 1737.585616][T10095] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1737.609166][T10095] pvrusb2: Important functionality might not be entirely working.
[ 1737.619832][T10095] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1737.635070][T10095] pvrusb2: **********
[ 1737.823003][ T2345] pvrusb2: Invalid write control endpoint
[ 1738.034919][ T2345] pvrusb2: Invalid write control endpoint
[ 1738.040693][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1738.078426][T28770] usb 2-1: USB disconnect, device number 94
[ 1738.132686][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1738.170953][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1738.201622][ T2345] pvrusb2: Device being rendered inoperable
[ 1738.222404][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[ 1738.246238][T31237] binder: 31233:31237 ioctl c0306201 0 returned -14
[ 1738.283763][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1738.316371][ T2345] pvrusb2: Attached sub-driver cx25840
[ 1738.330113][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1738.354756][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1738.502193][T31242] netlink: 'syz.6.7256': attribute type 1 has an invalid length.
[ 1738.519399][T31241] netlink: 152 bytes leftover after parsing attributes in process `syz.7.7255'.
[ 1738.531824][T31242] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1738.541294][T31245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7257'.
[ 1738.558662][T31241] tipc: Started in network mode
[ 1738.586992][T31241] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[ 1738.611189][T31241] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1739.082509][T31262] bond0: left promiscuous mode
[ 1739.120556][T31262] bond0: left allmulticast mode
[ 1739.161475][T31262] team0: Port device bond0 removed
[ 1739.172212][T31267] netlink: 'syz.0.7262': attribute type 10 has an invalid length.
[ 1739.244165][T20361] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1739.386854][T31262] team0: Port device bridge2 removed
[ 1739.427439][T20361] usb 2-1: config 0 has an invalid interface number: 46 but max is 0
[ 1739.439648][T20361] usb 2-1: config 0 has no interface number 0
[ 1739.452181][T20361] usb 2-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=9e.b9
[ 1739.482189][T20361] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1739.490537][T31267] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1739.498006][T31267] bond0: entered promiscuous mode
[ 1739.507891][T31267] bond0: entered allmulticast mode
[ 1739.518729][T31267] team0: Port device bond0 added
[ 1739.530720][T20361] usb 2-1: Product: syz
[ 1739.537662][T20361] usb 2-1: Manufacturer: syz
[ 1739.552356][T20361] usb 2-1: SerialNumber: syz
[ 1739.573344][T20361] usb 2-1: config 0 descriptor??
[ 1739.591673][T20361] xr_serial 2-1:0.46: More than one union descriptor, skipping ...
[ 1739.653998][T20359] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1739.725934][T20361] tipc: Node number set to 4269801514
[ 1739.831786][T20359] usb 7-1: config 160 has an invalid interface number: 200 but max is 0
[ 1739.854706][T20359] usb 7-1: config 160 has no interface number 0
[ 1739.871247][T20359] usb 7-1: config 160 interface 200 has no altsetting 0
[ 1739.927384][T20359] usb 7-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[ 1739.938804][T20359] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1739.947619][T20359] usb 7-1: Product: syz
[ 1739.951910][T20359] usb 7-1: Manufacturer: syz
[ 1739.957736][T20359] usb 7-1: SerialNumber: syz
[ 1740.535554][T10095] usb 2-1: USB disconnect, device number 95
[ 1740.853927][T31288] Cannot find add_set index 0 as target
[ 1742.691950][T20359] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1742.699811][T20359] usb 7-1: MIDIStreaming interface descriptor not found
[ 1742.824297][T20359] usb 7-1: USB disconnect, device number 46
[ 1742.898253][T11674] udevd[11674]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1743.058310][T31237] syz.3.7254 (31237): drop_caches: 1
[ 1743.194938][T31310] openvswitch: netlink: Multiple metadata blocks provided
[ 1743.428700][T31314] netlink: 72 bytes leftover after parsing attributes in process `syz.6.7279'.
[ 1743.481230][T31314] tipc: Started in network mode
[ 1743.511112][T31314] tipc: Node identity , cluster identity 4711
[ 1743.537580][T31314] tipc: Failed to obtain node identity
[ 1743.560388][T31314] tipc: Enabling of bearer <eth:wg1> rejected, failed to enable media
[ 1743.704206][T31308] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7278'.
[ 1743.720089][T31316] loop6: detected capacity change from 0 to 524287999
[ 1744.477504][T31332] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7285'.
[ 1744.659945][T31332] vlan2: entered promiscuous mode
[ 1744.687380][T31332] team0: entered promiscuous mode
[ 1745.373398][T31352] netlink: 'syz.7.7292': attribute type 46 has an invalid length.
[ 1745.393450][T31352] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7292'.
[ 1745.414197][T31355] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7293'.
[ 1745.434181][T31352] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7292'.
[ 1745.529204][T31357] tipc: Enabling of bearer <udp:s�> rejected, failed to enable media
[ 1745.545190][T15399] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1745.559212][T20359] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1745.739953][T31363] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7296'.
[ 1745.743748][T15399] usb 4-1: Using ep0 maxpacket: 16
[ 1745.761223][T20359] usb 7-1: config 0 has no interfaces?
[ 1745.771129][T15399] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1745.782591][T15399] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1745.804954][T20359] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1745.814280][T20359] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1745.825493][T31363] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511)
[ 1745.826698][T20359] usb 7-1: Product: syz
[ 1745.854626][T31363] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[ 1745.856959][T15399] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1745.875374][T20359] usb 7-1: Manufacturer: syz
[ 1745.881970][T20359] usb 7-1: SerialNumber: syz
[ 1745.891103][T15399] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1745.901486][T20359] usb 7-1: config 0 descriptor??
[ 1745.939917][T15399] usb 4-1: config 0 descriptor??
[ 1746.113618][T31353] FAULT_INJECTION: forcing a failure.
[ 1746.113618][T31353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1746.136229][T31353] CPU: 0 UID: 0 PID: 31353 Comm: syz.6.7291 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1746.136254][T31353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1746.136269][T31353] Call Trace:
[ 1746.136277][T31353]  <TASK>
[ 1746.136286][T31353]  dump_stack_lvl+0x189/0x250
[ 1746.136315][T31353]  ? __pfx____ratelimit+0x10/0x10
[ 1746.136341][T31353]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1746.136366][T31353]  ? __pfx__printk+0x10/0x10
[ 1746.136386][T31353]  ? __might_fault+0xb0/0x130
[ 1746.136415][T31353]  should_fail_ex+0x414/0x560
[ 1746.136442][T31353]  _copy_from_iter+0x1db/0x16f0
[ 1746.136470][T31353]  ? aa_file_perm+0x11f/0xed0
[ 1746.136497][T31353]  ? __pfx__copy_from_iter+0x10/0x10
[ 1746.136530][T31353]  ? iov_iter_advance+0x8b/0x1c0
[ 1746.136554][T31353]  vhost_chr_write_iter+0x22c/0xad0
[ 1746.136584][T31353]  ? end_current_label_crit_section+0x152/0x180
[ 1746.136602][T31353]  ? __pfx_vhost_chr_write_iter+0x10/0x10
[ 1746.136626][T31353]  ? security_file_permission+0x75/0x290
[ 1746.136648][T31353]  vfs_write+0x548/0xa90
[ 1746.136672][T31353]  ? __pfx_vhost_net_chr_write_iter+0x10/0x10
[ 1746.136693][T31353]  ? __pfx_vfs_write+0x10/0x10
[ 1746.136722][T31353]  ? __fget_files+0x2a/0x420
[ 1746.136744][T31353]  ksys_write+0x145/0x250
[ 1746.136767][T31353]  ? __pfx_ksys_write+0x10/0x10
[ 1746.136778][T31353]  ? rcu_is_watching+0x15/0xb0
[ 1746.136803][T31353]  ? do_syscall_64+0xbe/0x3b0
[ 1746.136826][T31353]  do_syscall_64+0xfa/0x3b0
[ 1746.136846][T31353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1746.136860][T31353]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1746.136874][T31353]  ? clear_bhb_loop+0x60/0xb0
[ 1746.136891][T31353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1746.136905][T31353] RIP: 0033:0x7f650af8e929
[ 1746.136918][T31353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1746.136931][T31353] RSP: 002b:00007f650be6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1746.136948][T31353] RAX: ffffffffffffffda RBX: 00007f650b1b6160 RCX: 00007f650af8e929
[ 1746.136958][T31353] RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 0000000000000008
[ 1746.136968][T31353] RBP: 00007f650be6b090 R08: 0000000000000000 R09: 0000000000000000
[ 1746.136977][T31353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1746.136986][T31353] R13: 0000000000000000 R14: 00007f650b1b6160 R15: 00007f650b2dfa28
[ 1746.137009][T31353]  </TASK>
[ 1746.383911][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1746.413892][T31371] No such timeout policy "syz1"
[ 1746.457945][T31373] netlink: 'syz.1.7299': attribute type 11 has an invalid length.
[ 1746.666030][T31378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1746.715357][T31378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1747.043861][T15880] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1747.215997][T15880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1747.237384][T15880] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1747.253557][T15880] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1747.263600][T15880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1747.309893][T15880] usb 2-1: config 0 descriptor??
[ 1747.760041][T31408] netlink: 'syz.0.7314': attribute type 10 has an invalid length.
[ 1747.933539][T31382] macsec1: entered promiscuous mode
[ 1747.938965][T31382] ip6gretap0: entered promiscuous mode
[ 1747.948114][T31382] macsec1: entered allmulticast mode
[ 1747.956017][T31382] ip6gretap0: entered allmulticast mode
[ 1747.972091][T31382] ip6gretap0: left allmulticast mode
[ 1747.980720][T31382] ip6gretap0: left promiscuous mode
[ 1748.060378][T15880] usbhid 2-1:0.0: can't add hid device: -71
[ 1748.074143][T15880] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1748.088106][T15880] usb 2-1: USB disconnect, device number 96
[ 1748.105671][T31416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7317'.
[ 1748.114837][T31416] netlink: 'syz.0.7317': attribute type 6 has an invalid length.
[ 1748.128438][T31416] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7317'.
[ 1748.180693][T15399] usbhid 4-1:0.0: can't add hid device: -71
[ 1748.192446][T15399] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1748.230139][T15399] usb 4-1: USB disconnect, device number 65
[ 1748.280230][T15880] usb 7-1: USB disconnect, device number 47
[ 1748.313044][T31418] netlink: 56 bytes leftover after parsing attributes in process `syz.3.7318'.
[ 1748.697365][T31431] fuse: Bad value for 'user_id'
[ 1748.702447][T31431] fuse: Bad value for 'user_id'
[ 1749.021479][T31442] netlink: 2052 bytes leftover after parsing attributes in process `syz.0.7327'.
[ 1749.070938][T31444] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1749.086867][T31442] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1749.183372][T31448] Cannot find add_set index 0 as target
[ 1749.468671][T31456] netlink: 'syz.3.7335': attribute type 1 has an invalid length.
[ 1749.517374][T31456] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1749.557040][T31459] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1749.791326][T31463] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.7337'.
[ 1749.919156][T31468] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7340'.
[ 1749.928380][T31468] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7340'.
[ 1749.947212][T31469] FAULT_INJECTION: forcing a failure.
[ 1749.947212][T31469] name failslab, interval 1, probability 0, space 0, times 0
[ 1749.968975][T31469] CPU: 1 UID: 0 PID: 31469 Comm: syz.0.7339 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1749.968998][T31469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1749.969006][T31469] Call Trace:
[ 1749.969011][T31469]  <TASK>
[ 1749.969016][T31469]  dump_stack_lvl+0x189/0x250
[ 1749.969035][T31469]  ? __pfx____ratelimit+0x10/0x10
[ 1749.969050][T31469]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1749.969064][T31469]  ? __pfx__printk+0x10/0x10
[ 1749.969078][T31469]  ? __ip_dev_find+0x444/0x4e0
[ 1749.969092][T31469]  should_fail_ex+0x414/0x560
[ 1749.969108][T31469]  should_failslab+0xa8/0x100
[ 1749.969119][T31469]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1749.969134][T31469]  ? dst_alloc+0x105/0x170
[ 1749.969149][T31469]  dst_alloc+0x105/0x170
[ 1749.969160][T31469]  ? ip_check_mc_rcu+0x4c7/0x680
[ 1749.969173][T31469]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[ 1749.969192][T31469]  ? ip_route_output_key_hash+0xde/0x2e0
[ 1749.969206][T31469]  ip_route_output_key_hash+0x1b9/0x2e0
[ 1749.969219][T31469]  ? __lock_acquire+0xab9/0xd20
[ 1749.969233][T31469]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1749.969255][T31469]  ip_route_output_flow+0x2a/0x150
[ 1749.969266][T31469]  ? security_sk_classify_flow+0x70/0x180
[ 1749.969283][T31469]  udp_sendmsg+0x1405/0x2300
[ 1749.969299][T31469]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1749.969315][T31469]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1749.969329][T31469]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1749.969347][T31469]  ? count_memcg_event_mm+0x21/0x260
[ 1749.969364][T31469]  ? count_memcg_event_mm+0x21/0x260
[ 1749.969384][T31469]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1749.969393][T31469]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1749.969408][T31469]  ? sock_rps_record_flow+0x19/0x410
[ 1749.969423][T31469]  ? inet_sendmsg+0x29c/0x370
[ 1749.969435][T31469]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1749.969450][T31469]  __sock_sendmsg+0x19c/0x270
[ 1749.969465][T31469]  ____sys_sendmsg+0x52d/0x830
[ 1749.969486][T31469]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1749.969502][T31469]  ? import_iovec+0x74/0xa0
[ 1749.969513][T31469]  ___sys_sendmsg+0x21f/0x2a0
[ 1749.969526][T31469]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1749.969556][T31469]  ? __fget_files+0x2a/0x420
[ 1749.969566][T31469]  ? __fget_files+0x3a0/0x420
[ 1749.969582][T31469]  __sys_sendmmsg+0x227/0x430
[ 1749.969596][T31469]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1749.969606][T31469]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1749.969637][T31469]  ? rcu_is_watching+0x15/0xb0
[ 1749.969655][T31469]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1749.969668][T31469]  do_syscall_64+0xfa/0x3b0
[ 1749.969681][T31469]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1749.969693][T31469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1749.969703][T31469]  ? clear_bhb_loop+0x60/0xb0
[ 1749.969715][T31469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1749.969724][T31469] RIP: 0033:0x7fc5e338e929
[ 1749.969736][T31469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1749.969745][T31469] RSP: 002b:00007fc5e42aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1749.969757][T31469] RAX: ffffffffffffffda RBX: 00007fc5e35b5fa0 RCX: 00007fc5e338e929
[ 1749.969764][T31469] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000006
[ 1749.969771][T31469] RBP: 00007fc5e42aa090 R08: 0000000000000000 R09: 0000000000000000
[ 1749.969777][T31469] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000001
[ 1749.969783][T31469] R13: 0000000000000000 R14: 00007fc5e35b5fa0 R15: 00007fc5e36dfa28
[ 1749.969798][T31469]  </TASK>
[ 1750.314770][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1750.718058][    C0] vcan0: j1939_tp_rxtimer: 0xffff888055129c00: rx timeout, send abort
[ 1750.843988][T15399] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1750.932524][T31494] syzkaller1: entered promiscuous mode
[ 1750.938197][T31494] syzkaller1: entered allmulticast mode
[ 1751.033864][T15399] usb 2-1: Using ep0 maxpacket: 8
[ 1751.044321][T15399] usb 2-1: config index 0 descriptor too short (expected 30768, got 18)
[ 1751.044348][T15399] usb 2-1: config 102 has too many interfaces: 102, using maximum allowed: 32
[ 1751.044367][T15399] usb 2-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config
[ 1751.044386][T15399] usb 2-1: config 102 has 0 interfaces, different from the descriptor's value: 102
[ 1751.044420][T15399] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1751.044442][T15399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1751.225228][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805512b800: rx timeout, send abort
[ 1751.226363][    C0] vcan0: j1939_tp_rxtimer: 0xffff888055129c00: abort rx timeout. Force session deactivation
[ 1751.294461][T15399] usb 2-1: string descriptor 0 read error: -32
[ 1751.506160][T31496] netlink: 36 bytes leftover after parsing attributes in process `syz.7.7351'.
[ 1751.633864][T15880] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1751.725275][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805512b800: abort rx timeout. Force session deactivation
[ 1751.727684][T28770] usb 2-1: USB disconnect, device number 97
[ 1751.814854][T15880] usb 4-1: Using ep0 maxpacket: 32
[ 1751.861661][T15880] usb 4-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1751.874876][T15880] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1751.889229][T15880] usb 4-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.40
[ 1751.898825][T15880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1751.909471][T15880] usb 4-1: Manufacturer: ᰁ
[ 1751.914281][T15880] usb 4-1: SerialNumber: 㐉
[ 1751.946831][T31514] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7357'.
[ 1751.963322][T31514] tipc: Enabled bearer <eth:wg1>, priority 10
[ 1752.693525][T15880] usbhid 4-1:1.0: can't add hid device: -71
[ 1752.720912][T15880] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1752.745701][T31524] syz_tun: entered allmulticast mode
[ 1752.770861][T15880] usb 4-1: USB disconnect, device number 66
[ 1752.770978][T31523] syz_tun: left allmulticast mode
[ 1752.813854][T15399] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1752.852732][T31528] fuse: Bad value for 'fd'
[ 1753.003527][T15399] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1753.027623][T15399] usb 2-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40
[ 1753.042145][T15399] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1753.056084][T15399] usb 2-1: Product: syz
[ 1753.060314][T15399] usb 2-1: Manufacturer: syz
[ 1753.065993][T15399] usb 2-1: SerialNumber: syz
[ 1753.074126][T15880] tipc: Node number set to 4269801514
[ 1753.289856][T31522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1753.329457][T31522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1753.382196][T15399] usbhid 2-1:1.0: can't add hid device: -71
[ 1753.391432][T15399] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[ 1753.407797][T15399] usb 2-1: USB disconnect, device number 98
[ 1753.516760][T31550] netlink: 'syz.6.7371': attribute type 4 has an invalid length.
[ 1753.524675][T31550] netlink: 152 bytes leftover after parsing attributes in process `syz.6.7371'.
[ 1753.538093][T31550] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1754.178225][T31552] loop6: detected capacity change from 0 to 7
[ 1754.187218][ T6163] Dev loop6: unable to read RDB block 7
[ 1754.192829][ T6163]  loop6: unable to read partition table
[ 1754.199158][ T6163] loop6: partition table beyond EOD, truncated
[ 1754.206912][T31552] Dev loop6: unable to read RDB block 7
[ 1754.225899][T31552]  loop6: unable to read partition table
[ 1754.231761][T31552] loop6: partition table beyond EOD, truncated
[ 1754.293824][T31552] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1754.371779][T31558] No such timeout policy "syz1"
[ 1754.554214][T15399] usb 2-1: new low-speed USB device number 99 using dummy_hcd
[ 1754.693828][T20361] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1754.725356][T15399] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid maxpacket 64, setting to 8
[ 1754.739514][T15399] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1754.746635][T15399] usb 2-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00
[ 1754.756057][T15399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1754.769313][T15399] usb 2-1: config 0 descriptor??
[ 1754.776554][T31556] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1754.844036][T20361] usb 7-1: Using ep0 maxpacket: 16
[ 1754.858187][T20361] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1754.874807][T20361] usb 7-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00
[ 1754.887828][T20361] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1754.898623][T20361] usb 7-1: config 0 descriptor??
[ 1755.197220][T15399] lenovo 0003:17EF:60B5.0039: hidraw0: USB HID vff.ff Device [HID 17ef:60b5] on usb-dummy_hcd.1-1/input0
[ 1755.324111][T20361] usbhid 7-1:0.0: can't add hid device: -71
[ 1755.333106][T20361] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1755.346729][T20361] usb 7-1: USB disconnect, device number 48
[ 1755.678764][T31579] PKCS7: Unknown OID: [5] (bad)
[ 1755.683932][T31579] PKCS7: Only support pkcs7_signedData type
[ 1755.973786][T28770] usb 4-1: new low-speed USB device number 67 using dummy_hcd
[ 1757.288490][T28770] usb 4-1: device descriptor read/64, error -71
[ 1757.372832][T31590] fuse: Unknown parameter ''
[ 1757.518316][T15880] usb 2-1: USB disconnect, device number 99
[ 1757.534583][T28770] usb 4-1: new low-speed USB device number 68 using dummy_hcd
[ 1757.684795][T28770] usb 4-1: device descriptor read/64, error -71
[ 1757.794124][T28770] usb usb4-port1: attempt power cycle
[ 1757.817040][T31600] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7389'.
[ 1758.013762][T15880] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1758.105081][T20373] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1758.143776][T28770] usb 4-1: new low-speed USB device number 69 using dummy_hcd
[ 1758.243770][T15880] usb 2-1: Using ep0 maxpacket: 16
[ 1758.271950][T15880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1758.301826][T20373] usb 7-1: device descriptor read/64, error -71
[ 1758.308472][T15880] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1758.329755][T15880] usb 2-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[ 1758.339635][T15880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1758.414640][T15880] usb 2-1: config 0 descriptor??
[ 1758.421561][T31608] netlink: 'syz.7.7393': attribute type 1 has an invalid length.
[ 1758.439722][T31608] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1758.447009][T31608] IPv6: NLM_F_CREATE should be set when creating new route
[ 1758.498290][T15880] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1758.728781][T20373] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1758.895071][T31610] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7394'.
[ 1759.000111][T28770] usb 4-1: device descriptor read/8, error -71
[ 1759.008764][T20373] usb 7-1: device descriptor read/64, error -71
[ 1759.144267][T20373] usb usb7-port1: attempt power cycle
[ 1759.486288][T20373] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 1759.515499][T20373] usb 7-1: device descriptor read/8, error -71
[ 1759.518973][T31626] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7401'.
[ 1759.597403][T31628] veth1_to_team: entered promiscuous mode
[ 1759.775036][T20373] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 1759.809618][T31633] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7405'.
[ 1759.820520][T31633] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7405'.
[ 1759.830141][T31633] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7405'.
[ 1759.835533][T20373] usb 7-1: device descriptor read/8, error -71
[ 1759.846899][T31633] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7405'.
[ 1759.919246][T31632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1759.958200][T20373] usb usb7-port1: unable to enumerate USB device
[ 1761.314128][T28770] usb 2-1: USB disconnect, device number 100
[ 1761.488590][T31652] bridge4: entered promiscuous mode
[ 1761.499821][T31652] bridge4: entered allmulticast mode
[ 1761.507279][T31652] team0: Port device bridge4 added
[ 1762.256517][T31659] netlink: 72 bytes leftover after parsing attributes in process `syz.0.7414'.
[ 1762.270152][T31659] tipc: Enabled bearer <eth:wg1>, priority 10
[ 1762.280611][T31661] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7413'.
[ 1762.733567][T31666] gretap0: entered promiscuous mode
[ 1762.744080][T31672] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2305737721 (36891803536 ns) > initial count (32345342560 ns). Using initial count to start timer.
[ 1762.763275][T31666] macsec2: entered promiscuous mode
[ 1762.787495][T31672] IPVS: set_ctl: invalid protocol: 47 172.20.20.187:28
[ 1762.811584][T31666] gretap0: left promiscuous mode
[ 1763.383765][ T5914] tipc: Node number set to 1835347501
[ 1764.214912][T10095] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1764.224596][T31693] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7426'.
[ 1764.413726][T10095] usb 2-1: config 0 has no interfaces?
[ 1764.492041][T10095] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1764.523092][T10095] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1764.592670][T31695] loop6: detected capacity change from 0 to 524287999
[ 1764.623969][T10095] usb 2-1: Product: syz
[ 1764.636014][T10095] usb 2-1: Manufacturer: syz
[ 1764.659028][T10095] usb 2-1: SerialNumber: syz
[ 1764.733589][T10095] usb 2-1: config 0 descriptor??
[ 1764.991121][T31711] tipc: Enabling of bearer <udp:s�> rejected, failed to enable media
[ 1766.259398][T31728] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7437'.
[ 1766.430424][T20359] usb 2-1: USB disconnect, device number 101
[ 1766.503820][T28770] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1766.570629][T31736] Cannot find add_set index 0 as target
[ 1766.663721][T28770] usb 4-1: Using ep0 maxpacket: 16
[ 1766.665397][T28770] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1766.665425][T28770] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1766.665437][T28770] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1766.667048][T28770] usb 4-1: config 0 descriptor??
[ 1766.671009][T28770] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input135
[ 1767.095606][ T5185] bcm5974 4-1:0.0: could not read from device
[ 1767.103105][ T5185] bcm5974 4-1:0.0: could not read from device
[ 1767.111717][T28770] usb 4-1: USB disconnect, device number 71
[ 1767.118065][ T5185] bcm5974 4-1:0.0: could not read from device
[ 1767.127724][ T5185] bcm5974 4-1:0.0: could not read from device
[ 1767.389586][T31759] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7450'.
[ 1767.579248][T31765] netlink: 'syz.6.7452': attribute type 1 has an invalid length.
[ 1767.724069][T28770] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1767.758298][T31765] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1767.844646][T31768] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1767.885832][T28770] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[ 1767.895788][T28770] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1767.927015][T28770] usb 2-1: config 0 descriptor??
[ 1767.947340][T28770] gspca_main: spca508-2.14.0 probing 8086:0110
[ 1768.013940][T15399] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1768.213941][T15399] usb 4-1: Using ep0 maxpacket: 16
[ 1768.225430][T15399] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.236690][T15399] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1768.346510][T31761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1768.364106][T31761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1768.461793][T28770] gspca_spca508: reg_read err -71
[ 1768.462073][T15399] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1768.476663][T28770] gspca_spca508: reg_read err -71
[ 1768.495269][T28770] gspca_spca508: reg_read err -71
[ 1768.512102][T15399] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.532126][T15399] usb 4-1: config 0 descriptor??
[ 1768.546237][T28770] gspca_spca508: reg_read err -71
[ 1768.570536][T31714] BUG: Bad page state in process syz.0.7432  pfn:82601
[ 1768.588443][T28770] gspca_spca508: reg write: error -71
[ 1768.589959][T31714] page does not match folio
[ 1768.600703][T31714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x82601
[ 1768.611201][T31714] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1768.625477][T28770] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[ 1768.631810][T31714] raw: 00fff00000000000 ffffea0002098000 00000000ffffffff ffffffffffffffff
[ 1768.643142][T31714] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1768.652971][T31714] page dumped because: nonzero pincount
[ 1768.659007][T31714] page_owner tracks the page as allocated
[ 1768.669001][T28770] usb 2-1: USB disconnect, device number 102
[ 1768.679292][T31714] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 31694, tgid 31694 (syz.6.7427), ts 1764438730752, free_ts 1744790809697
[ 1768.700149][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.730743][T31714]  post_alloc_hook+0x240/0x2a0
[ 1768.736164][T31714]  get_page_from_freelist+0x21e4/0x22c0
[ 1768.757836][T31714]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1768.770354][T31714]  alloc_pages_mpol+0x232/0x4a0
[ 1768.776925][T31714]  alloc_pages_noprof+0xa9/0x190
[ 1768.782044][T31714]  folio_alloc_noprof+0x1e/0x30
[ 1768.791069][T31714]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1768.798534][T31714]  page_cache_ra_order+0x5e5/0xc70
[ 1768.806999][T31714]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1768.812939][T31714]  filemap_fault+0x62a/0x1200
[ 1768.820265][T31714]  __do_fault+0x135/0x390
[ 1768.829886][T31714]  __handle_mm_fault+0x198b/0x5620
[ 1768.837522][T31714]  handle_mm_fault+0x40a/0x8e0
[ 1768.843173][T31714]  do_user_addr_fault+0xa81/0x1390
[ 1768.853192][T31714]  exc_page_fault+0x76/0xf0
[ 1768.859958][T31714]  asm_exc_page_fault+0x26/0x30
[ 1768.868275][T31714] page last free pid 6163 tgid 6163 stack trace:
[ 1768.876411][T31714]  free_unref_folios+0xc66/0x14d0
[ 1768.881729][T31714]  folios_put_refs+0x559/0x640
[ 1768.890549][T31714]  truncate_inode_pages_range+0x346/0xda0
[ 1768.900267][T31714]  blkdev_flush_mapping+0x108/0x270
[ 1768.939243][T31714]  bdev_release+0x417/0x650
[ 1768.943953][T31714]  blkdev_release+0x15/0x20
[ 1768.948510][T31714]  __fput+0x44c/0xa70
[ 1768.952573][T31714]  task_work_run+0x1d1/0x260
[ 1768.960181][T31714]  exit_to_user_mode_loop+0xec/0x110
[ 1768.965728][T31714]  do_syscall_64+0x2bd/0x3b0
[ 1768.970355][T31714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1768.979741][T31714] Modules linked in:
[ 1768.984336][T31714] CPU: 0 UID: 0 PID: 31714 Comm: syz.0.7432 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1768.984355][T31714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1768.984362][T31714] Call Trace:
[ 1768.984367][T31714]  <TASK>
[ 1768.984372][T31714]  dump_stack_lvl+0x189/0x250
[ 1768.984392][T31714]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1768.984407][T31714]  ? __pfx_print_modules+0x10/0x10
[ 1768.984420][T31714]  ? percpu_ref_put+0x19/0x180
[ 1768.984433][T31714]  ? percpu_ref_put+0xf9/0x180
[ 1768.984445][T31714]  bad_page+0x180/0x1c0
[ 1768.984460][T31714]  free_tail_page_prepare+0x2c3/0x4f0
[ 1768.984472][T31714]  __free_frozen_pages+0x8aa/0xe70
[ 1768.984487][T31714]  __folio_put+0x21b/0x2c0
[ 1768.984500][T31714]  ? __pfx___folio_put+0x10/0x10
[ 1768.984517][T31714]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1768.984532][T31714]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1768.984546][T31714]  ? __pfx_block_invalidate_folio+0x10/0x10
[ 1768.984560][T31714]  ? __pfx_workingset_update_node+0x10/0x10
[ 1768.984572][T31714]  ? folio_mapping+0x16f/0x240
[ 1768.984586][T31714]  ? truncate_cleanup_folio+0x34a/0x430
[ 1768.984602][T31714]  truncate_inode_pages_range+0x28a/0xda0
[ 1768.984622][T31714]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1768.984649][T31714]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1768.984664][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1768.984695][T31714]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1768.984710][T31714]  blkdev_flush_mapping+0x108/0x270
[ 1768.984727][T31714]  ? bdev_release+0x40f/0x650
[ 1768.984741][T31714]  bdev_release+0x417/0x650
[ 1768.984758][T31714]  ? __pfx_blkdev_release+0x10/0x10
[ 1768.984768][T31714]  blkdev_release+0x15/0x20
[ 1768.984777][T31714]  __fput+0x44c/0xa70
[ 1768.984795][T31714]  task_work_run+0x1d1/0x260
[ 1768.984809][T31714]  ? __pfx_task_work_run+0x10/0x10
[ 1768.984826][T31714]  do_exit+0x6b5/0x22e0
[ 1768.984842][T31714]  ? do_raw_spin_lock+0x121/0x290
[ 1768.984855][T31714]  ? __pfx_do_exit+0x10/0x10
[ 1768.984874][T31714]  do_group_exit+0x21c/0x2d0
[ 1768.984885][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1768.984900][T31714]  get_signal+0x1286/0x1340
[ 1768.984925][T31714]  arch_do_signal_or_restart+0x9a/0x750
[ 1768.984937][T31714]  ? count_memcg_event_mm+0x21/0x260
[ 1768.984955][T31714]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1768.984981][T31714]  ? exit_to_user_mode_loop+0x40/0x110
[ 1768.984997][T31714]  exit_to_user_mode_loop+0x75/0x110
[ 1768.985010][T31714]  do_syscall_64+0x2bd/0x3b0
[ 1768.985023][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1768.985036][T31714]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1768.985045][T31714]  ? clear_bhb_loop+0x60/0xb0
[ 1768.985057][T31714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1768.985067][T31714] RIP: 0033:0x7fc5e338e929
[ 1768.985081][T31714] Code: Unable to access opcode bytes at 0x7fc5e338e8ff.
[ 1768.985090][T31714] RSP: 002b:00007fc5e4289038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1768.985108][T31714] RAX: 0000000000010106 RBX: 00007fc5e35b6080 RCX: 00007fc5e338e929
[ 1768.985120][T31714] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1768.985132][T31714] RBP: 00007fc5e3410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1768.985142][T31714] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1768.985149][T31714] R13: 0000000000000001 R14: 00007fc5e35b6080 R15: 00007fc5e36dfa28
[ 1768.985164][T31714]  </TASK>
[ 1768.985184][T31714] Disabling lock debugging due to kernel taint
[ 1769.034052][T31784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1769.325130][T31714] BUG: Bad page state in process syz.0.7432  pfn:82600
[ 1769.332014][T31714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x82600
[ 1769.336876][T31784] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1769.368024][T31714] head: order:0 mapcount:0 entire_mapcount:1 nr_pages_mapped:0 pincount:0
[ 1769.378922][T31714] flags: 0xfff1800000024d(locked|referenced|uptodate|workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1769.391016][T31714] raw: 00fff1800000024d dead000000000100 dead000000000122 0000000000000000
[ 1769.400874][T31714] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1769.414660][T31714] head: 00fff1800000024d dead000000000100 dead000000000122 0000000000000000
[ 1769.423999][T31714] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1769.434653][T31714] head: 00fff00000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1769.445293][T31714] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1769.456820][T31714] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 1769.465588][T31714] page_owner tracks the page as allocated
[ 1769.472162][T31714] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 31694, tgid 31694 (syz.6.7427), ts 1764438730752, free_ts 1744790809697
[ 1769.495124][T31714]  post_alloc_hook+0x240/0x2a0
[ 1769.501703][T31714]  get_page_from_freelist+0x21e4/0x22c0
[ 1769.508247][T31714]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1769.515940][T31714]  alloc_pages_mpol+0x232/0x4a0
[ 1769.521421][T31714]  alloc_pages_noprof+0xa9/0x190
[ 1769.530180][T31714]  folio_alloc_noprof+0x1e/0x30
[ 1769.536727][T31714]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1769.543256][T31714]  page_cache_ra_order+0x5e5/0xc70
[ 1769.549807][T31714]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1769.557990][T31714]  filemap_fault+0x62a/0x1200
[ 1769.580672][T31714]  __do_fault+0x135/0x390
[ 1769.585500][T31714]  __handle_mm_fault+0x198b/0x5620
[ 1769.590645][T31714]  handle_mm_fault+0x40a/0x8e0
[ 1769.596525][T31714]  do_user_addr_fault+0xa81/0x1390
[ 1769.601655][T31714]  exc_page_fault+0x76/0xf0
[ 1769.606643][T31714]  asm_exc_page_fault+0x26/0x30
[ 1769.611527][T31714] page last free pid 6163 tgid 6163 stack trace:
[ 1769.618869][T31714]  free_unref_folios+0xc66/0x14d0
[ 1769.624029][T31714]  folios_put_refs+0x559/0x640
[ 1769.628808][T31714]  truncate_inode_pages_range+0x346/0xda0
[ 1769.634720][T31714]  blkdev_flush_mapping+0x108/0x270
[ 1769.639999][T31714]  bdev_release+0x417/0x650
[ 1769.644912][T31714]  blkdev_release+0x15/0x20
[ 1769.649441][T31714]  __fput+0x44c/0xa70
[ 1769.653424][T31714]  task_work_run+0x1d1/0x260
[ 1769.658183][T31714]  exit_to_user_mode_loop+0xec/0x110
[ 1769.663552][T31714]  do_syscall_64+0x2bd/0x3b0
[ 1769.669986][T31714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.677262][T31714] Modules linked in:
[ 1769.681186][T31714] CPU: 0 UID: 0 PID: 31714 Comm: syz.0.7432 Tainted: G    B               6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1769.681202][T31714] Tainted: [B]=BAD_PAGE
[ 1769.681206][T31714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1769.681212][T31714] Call Trace:
[ 1769.681216][T31714]  <TASK>
[ 1769.681221][T31714]  dump_stack_lvl+0x189/0x250
[ 1769.681238][T31714]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1769.681251][T31714]  ? __pfx_print_modules+0x10/0x10
[ 1769.681264][T31714]  bad_page+0x180/0x1c0
[ 1769.681277][T31714]  __free_frozen_pages+0xe17/0xe70
[ 1769.681293][T31714]  __folio_put+0x21b/0x2c0
[ 1769.681304][T31714]  ? __pfx___folio_put+0x10/0x10
[ 1769.681316][T31714]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1769.681327][T31714]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1769.681342][T31714]  ? __pfx_block_invalidate_folio+0x10/0x10
[ 1769.681354][T31714]  ? __pfx_workingset_update_node+0x10/0x10
[ 1769.681366][T31714]  ? folio_mapping+0x16f/0x240
[ 1769.681379][T31714]  ? truncate_cleanup_folio+0x34a/0x430
[ 1769.681392][T31714]  truncate_inode_pages_range+0x28a/0xda0
[ 1769.681407][T31714]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1769.681426][T31714]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1769.681440][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1769.681459][T31714]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1769.681470][T31714]  blkdev_flush_mapping+0x108/0x270
[ 1769.681485][T31714]  ? bdev_release+0x40f/0x650
[ 1769.681498][T31714]  bdev_release+0x417/0x650
[ 1769.681511][T31714]  ? __pfx_blkdev_release+0x10/0x10
[ 1769.681520][T31714]  blkdev_release+0x15/0x20
[ 1769.681528][T31714]  __fput+0x44c/0xa70
[ 1769.681541][T31714]  task_work_run+0x1d1/0x260
[ 1769.681554][T31714]  ? __pfx_task_work_run+0x10/0x10
[ 1769.681576][T31714]  do_exit+0x6b5/0x22e0
[ 1769.681598][T31714]  ? do_raw_spin_lock+0x121/0x290
[ 1769.681618][T31714]  ? __pfx_do_exit+0x10/0x10
[ 1769.681641][T31714]  do_group_exit+0x21c/0x2d0
[ 1769.681660][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1769.681674][T31714]  get_signal+0x1286/0x1340
[ 1769.681691][T31714]  arch_do_signal_or_restart+0x9a/0x750
[ 1769.681704][T31714]  ? count_memcg_event_mm+0x21/0x260
[ 1769.681718][T31714]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1769.681732][T31714]  ? exit_to_user_mode_loop+0x40/0x110
[ 1769.681747][T31714]  exit_to_user_mode_loop+0x75/0x110
[ 1769.681769][T31714]  do_syscall_64+0x2bd/0x3b0
[ 1769.681791][T31714]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1769.681813][T31714]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.681828][T31714]  ? clear_bhb_loop+0x60/0xb0
[ 1769.681839][T31714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.681856][T31714] RIP: 0033:0x7fc5e338e929
[ 1769.681865][T31714] Code: Unable to access opcode bytes at 0x7fc5e338e8ff.
[ 1769.681870][T31714] RSP: 002b:00007fc5e4289038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1769.681881][T31714] RAX: 0000000000010106 RBX: 00007fc5e35b6080 RCX: 00007fc5e338e929
[ 1769.681888][T31714] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1769.681895][T31714] RBP: 00007fc5e3410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1769.681901][T31714] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1769.681907][T31714] R13: 0000000000000001 R14: 00007fc5e35b6080 R15: 00007fc5e36dfa28
[ 1769.681916][T31714]  </TASK>
[ 1769.995055][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1770.785276][T15399] usbhid 4-1:0.0: can't add hid device: -71
[ 1770.791290][T15399] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1770.810047][T15399] usb 4-1: USB disconnect, device number 72