last executing test programs:

35.127758193s ago: executing program 2 (id=2454):
r0 = syz_usb_connect$hid(0x5, 0x8f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x268, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x1c, r6, 0x101, 0x70bd2b, 0x25dfdbfd, {{}, {0x0, 0x4107}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4008000)
sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f00000007c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f00000006c0)={0x68, r6, 0x800, 0x70bd28, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0x5, @link='syz1\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x44000080}, 0x4010)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000040)={0x29d0, 0xb, 0x0, "edf5137ba3b3dd25df1750caa643b0813ba7601b069835e4a121cb5249a187e7", 0x47425247})
writev(r1, &(0x7f0000000540)=[{&(0x7f00000001c0)="2974a886c16ae636034e138a0a74dfb0d691e675ac90cc553ca273c6f5bdae131e4eb2c72871cd29c9e629a882a840158193c5", 0x33}, {&(0x7f00000002c0)="92b123ac7f90b9930a18e35145b0ebcfdfbe045180eb0d56a8e4f39355b0cb9e2094248afc733576f0871fcb160bfbdbe4c7d223618a07d7711098ac71c53ea7a5c53443c77da2ec1f6aa837adb8ccd2ccfff5817a5884d8754e2c5bb7ab9ac0b33eae374fb80bfcaf62186d7cdab642ed1dc82123c436b9568b0d9c2aa54925ee4735329a3931e61d0290ca583fd9444e143f2fe59e9a4f0641bf8b241f86abc26aeb3768c0d5", 0xa7}, {&(0x7f0000001440)="93a23d34eacbe14b72df7ae7dfab91e993369dc0f633014f3e5e487db92bfc7901205daaf67bca294c68c08ec8ebc9d9b01db1db48e3bee6b87c629872ca68923f7ebc2cc71fe3d5ef99b5cdbfeb593c8ce132d6f709d3772b5222dfb8734a383763985564409317bf0eed391dbd80a3a9874ce499f09e7eb7ab69484f445f9cf926fcbdd86f864ac5d1f9e9c64fd7dd7a15863f2495283db14afa6bd51e6d8b3d397188fffce3d078e78dbb2b36b1b62f7221dda79d3c9f21f8d5a5d7f73a7d50b3bec9ae0e0bcc1b58f7dc52fa8697ff6954e1b70720cd2c7802aab6cdf852d7cf100d25d1cbc78eb34992b58d774efbf0e261c7f9cdb1e5ff5baf26cd22407271241a9e026c9082ae91d69e444ee9af2b944e28cf7cc7947cd7283f1f2137c8c88ab86d7c57a4ee9ee8ed62ff92cc69eedb0527b0b533c4b894f9d49d445a1c69f0b1c073ac4712a2c5e548cb65c48dcfce6cb1060deda67b7b8457e08303deb44004eae33dfcecd3d8e4499fa94e874aeea3ca44f169a9a58399cae912bd451c4d41a14803bdcd6a7392b91d6e288222ce7f66188508de8bf67fa85801fa89faa540d22fad0b8ef7fae63ab4dd71ddbd257edfa7e0d763cd97585a4ccbd5402ce6565498245b6a3704d081bbbf0da0b13ec5a01f1ea3798c1d3584f8c0badac6e7f6cdd671c805d931ce7c82cdedd3512794e69a20f822465ee45368cb25864ba8ee5e765ce61f61d911f114ebea6296355ad3f58d792dac54dafb8c8c831b4965c63445d10d92edbcb06c8e346166ad67250773bd162f13be6f99246a7d03d2aeb03a539fed781b0f4608bf41c63db49286cf6b360b1ce598fff36f16f867ca03b83793517fcd20635b30e9ca163a7b743637eb337c5b3551920f4619ab6fe4f4e51e956d3dd269344c8593c2c3daf7f89625602ebb3a2f02e55d21b0ada63e4e959f4aed74a19458b66a01958ddcbcd09c49a6a7d95eb1d6b35a85ed14d4751389bf72bfa0e65007b516dbef755c8d107f46f217db07d47f5315e058b8339d6f1635276ae4757375e3855cd53bcf60050c8bf6142312004506ede90e0a2645da2791c96b99dfb002891b041ffb97a729508b9a167ddff507b0092c913b9d215fe369dfc2a9d12489a6d581248bed6f2b1dcd5512fd859597727e64e00c3077bb8df6d23a4cc979a673fd1072656de63476a9070585edd4ca36142b00b33761ce30883cfcb8baadbb37434258c524fb192c87b45ae5fca449a37b512092dfc533e1b28f8f221a4423b391a11282994aea1c95d4c831f6666208e9caeddf2dcba8b80ad1a7415dff144ab0c2e63d7d75abff9cac3793f01d18b097ed0573411cc0bb8086a294ad3795205303d4755ec318deceb0db68466aead19f29983591aacfb2c84ab0e4457a6739708308dbda011dd62ebb2f486f6cf21d3c87575f3675a0d83b3902a21b0de680bbca5bebc84bc3b9cf72a1ce6777095dd5e7da60277dfe7de8aff681b5e3c5886cc93932eddce7000387833b36ef5a0d9f963cfe51d466f8f33f1d17d7b76313f54b52b45e580ca12817ca5d93285ef9dcc936f8b116d492ed06ed24e7c6e6bc4aff1563496dbba22516b529640e88b7c4cfc6740f8ac24d7159c2edd3b855b631b0b3874047ea3a5470a5bf35d9b3bcd7fc1f165448fb246f35c2414c05ac6bc72b902a93bf51782440dcc326f6ff08b9c7ba4e08812de392ed2c04b45379489a61043fefb553f8a6b302fdc9ffc9a5666caf435a53a837743beeaed27ab66f6562ed732c8a40f412f705ea134760c45b2031ae1a2997bc201c30d1dcc8225d1fd214331b0612ea7ee3126054f2c14105a9df3060dbd5822b8e12881e6e2c2039c45c36ed37fd4470ff8bfd553537da68c5816ccf5df21d286d6cf9aeabd3e06a74d20c5f57e0f1ee086330181cbd51fd035579f9387f9d6b93b0aa0e96b179fefcc4cea0da665f2d0383cc19ef77f0e8db3bb384a9502482e7bf874eeeb55e39e85bb3e33aa78fa3845648826a2bd31b11bce3fffcd4e10d8fbc6f39db4cb0cd4a628dfc89bfa52b74baaf16173bc196c7dec88c62efdab420f89671e22e434a118cdf4a22adb597edd328a9fef6f49abbf4e4042297068835d61d42edb25b4779ef498e44703d0b3c6de4143583a03952411a3fd4424bc5ba3863ea28911186425eaf23c529336958b020eff479b94a25455650dcc192702177c098ea121444da1e3ef379baa43207f759f30940cb4ad2f9eee1bce9c68f20e3d078bc6ea75e71a05c6eed3320d857b6dc65a1c91067c1d40881002f1c2af1ab7e3efe9c781c58ef1dc4bcf14e100d61172117f38760d85cec4c9e584e0f238438b0df78e4b9210d298f6ca954ac0522f577a8fb54f476e6ac8849329bcfc09c2effe67d201f6dc61a3c0b9dfcf8d8ec4f9797d5297a034313a4d11bacab1999a276fcd386c1ac2b2835480515f06a4a5da4fa9af21210869b690c701e0e5adaa6e1ffb427a44d42342bef5dec762df50bf6f5a98a58668f44918a68df73ce7eb9eac1a04bcbca7dd5da914c678ba17e5f5ae9314bd84190673051a8bc21965c6574683d131b4f65340ca3d56846731f41bf628f7981f41e78929bb02edf21b5c9d3a978a52d3745267822b0fcbd940af618d880c9c8901fbb8506aa533d092993a488fee9e27bf4ef0f93eaadff3d52ff70ff3fa221fb8850f99a3f1ddd229580864d382d4cbd0f4a2349e3c84e9a20da6de7bae1a93b8edd868289d1c219fed1a14b8966c9c6834603693b21a332f1b44abc377a2474e6bf52bba9098fa982fae54910d3253ed1e4ee0a3148b02fe6b391eeecbc61fc5fafd2866d87fcb0f1984b5a58d3da6ec469d6109c13a265a25d100cd3cf3961314130ffd06a7b339d2ee743a676d5baf48ccd512f94542d7d94d026823713aa930938ca6b01878338ef41882c7b5d6420da89dd0640a9f5bf06636a5cd7ce0f336a57a3aa5d9e1c90612e72bed6f2703dadbc02d9bc6b4c05c9ff574ab2f86f5285fabb6d76b6f6f8f51faae9070b273f4380af3a14abed2a18881d42490f28d245ccd1265bce77feeae98314847c3f397bc9b33e7224d47b8889c61982ff45abf0060d0f72e8316a9996dc8f19524a97fdcbb9a3622978f564736b5bf0279dce0547338566124eb130b3e63554d21391ab7c440ab916f1c1a412d9d071ac812a1e824659406c3468979309d2a5dd6f25ef1c7cdb198c1fa6694147ae4c4ac11a4cb308ab6bd43e93a1438e2df23cff7b6d4ccefcc843688335c5bd6c207a19cd985ee8fddaaeedcff490a4ac44e33ed3c8523ddf5b6bd1e1dde9db7a3f8ce3008ae6f9fc159a849ba0051792012510445e59b58f218b93288756d8fd163c82b5cf3725e14c8ae906f08b9fa3157d76442c164722f917355552de50f5c2489b8e6f95296b5baa08539e80c5305d98745ddee8a2396ccfedb9bd4d78fc95789bb8cb1779e21e93da9e4f32026c47b9456b2313b70acd07f328837117a557a972051d03750de06b530b99ec72553e6c1c8cdd9932e185a4644d2230f289564f5a638b46bb61e7dcac7147f14a071c2ebbcb4e67650ea7da8d0ed67e4dea7ce06c4dab71a64e9d338bf147b4caad7713cd081eb6ef2a4e9ec5f2de5d7b08516623bfce29f6d78c71c563697ed691925f4cfdbba28f31ad0a95a161e27d600e4042eea54fbfc4db0b5d6a2c3742af55ad514dd69a820c9f7b3ce1acadd8e7cb635752755e29200a5429c210cafd4ed2d0310f822066ba357a077ed7160ed6b6c0107f7cf68148a97d4f2497db0acc53266976174d9c6a1450690eb608dd9dff6dccdeb4819300d7885f4fe8300b4fef06b54875cef1364d6b99a49da77cb464b60bca66de802dc1c3ffe9472d5b1fb17fe8b586cc3e89b8ce966b93b72ebb64673e6159aebf8db0fda24f37a54477059689d62c3f852e86bc5735fa0e0bcd0662daacd25c77d7f7d94526a5b20d663cc6786a18651408771628ef64b310bbd414e1d24f523c553d9d4ff6a6c493cfdb65f8cf3b1233afed7d326975434f483d138a6a7f02fccf9de2722c346ab4233e7d66320a212ad951fbb1c6ab73e58ef917c89e01df46eee0dd0ede243adacb24cbdfc59f435bf16373d75e88cd371ec9ec9ec96d6b1e4169234afb0f7cc252b9f493d9d2bad5dcb37b5e2c0e72564a593627f35c1149b10599ec0a14ce9bdfc20fb12b376911b48c6bb0e7a5c02d228c72bc84809baf3dc03772892f3d4a9231dafb37e0ae017945f61852c798231d674d0d584bb0379933c12134eb59e88c54d8c41d4afce82b5c9eb7609cb0a1daf0a14f55eda621a3c1615aa767fc7a52864bcefec08a6645dfeb01c898bc586510afcc956e8e72f574ca22c2dbd7084f27f1a1bf6b8133c2faa2eb7126984dea1e36c88415f7741a8b9aee7a5bc04a6c77f9dfd8d2e511a4a92bf148aa81553003abcb12a3b06fc80cdcedf97b75205da1c61fe654f00a948ca6d0ec3c9f432c32478aadee951ae76329d641dc5e5ec97d15e95a6cfd9dcb4bfec4abdd8cdcd092fce33828917eb1e811e58a635022abf7aa84fe8edf1de82c427a98b7edb667421a62268960891c09b52dc1b1a30f00f3bd813ea5e655e5b8c8b6499f3d140052425a782e61f7aaf6951baf2dd2647644d1c325a5e71a4cea9dd0d83dc9f6e7fa20b7799fddfcc0b4bced9f90a8ff91e1a6eac423dedc6f0e5b05f84fe4b1de09921535dd41b82808ded449f6f3dc0ae4f9645362ac172bc30a36b6790a926db66652fb6e2a0fe3c09cf122176b105380a80cf5c39b25fbd6e3cfe988678d50ce51a6b23549bd087def5196fbb8e892f77c15e477b8b9e7df34cb52ad8c30f57183986e3890464732dc9d76b1cf6e1f912a17c6c02244086496934b842ca79cdc0780695c68cc3baebe2bf81692af1a4ef92fee5a536ad0ad9ad790fd49df1bc2bf4885ded4cdfec63b209fd392b8da3221df016ae452ed8fe113b68ee8c1d8ec9186efaac328bf0803c4c5c56290cef5e61b2c32033eab2655c22922831cbdad6cc52036ef9820e5d6a8e4a7d8a8b9f7ab4beee2b092882b65a3935fbdcb8b039d2b6a5fd31c9da681e435369976e3b805caf6e3debafd1e21309ce119114357f152b0039a454bece53f22106297e7457a849cf757566c8277fc8ed3b84501f5d0fefa9ce43ee75c318a37e502ba149c9d4f663c9c8e9cf47eb7e953531df841c4128372e9ad2eb102f7a729b5db58e6134303ef6c5340ea1d4ec30fffb98d555aae2dbd353cd0a25210ee0cce981e95bce0524e6e0c76669f06d57a6bc3b3c5190bd39ec91c77ac9a9353061da681e1e2a69c76e8695aa597285c3f17bfeb22bdcfce9784cbb5166522f014edb13eeed5ecf3ec488f74bdccaea252a23223cbd91f44bdb1b526bc0bdf267a442f1467316b530054d8c5625f6f60d25d3febd45ad2d54e6ccd9c3e592655366fbebe4984dcd051b5b8d4655cca84734a9ac925137df858da89b19339d15e6f469056151b17f8971ee630e9bcbe7ceb06499107fcf4237af4170a296f168d37d24927a7df9421d979534d426229da1b97e1c3a7b1d22ca7f4c4977ac9c8aedd2f5e02f2a617742f8a157138e8b871b2bb2292bf380eb22eff5013dcdc40652e20533a36624f72c8e33013b3723b99569a1e666f3c6e169c0b768965b736018e62fdba2fdbfe838b58b0fbab78ec40df371318057a50df2dbc309b36420eda2cae365115398390f0dc8d304ca9b1a61cbb898e46", 0xffc}, {&(0x7f0000000200)="32e8c5c53402bc811cfac77998288162c0949cdc6f5a60f2d4b0b74928ce539e0183ff42f28b38720db35b3cbaa1595c7d510fb43df747ab50cf748793", 0x3d}, {&(0x7f0000000380)="d8292290e6031890af403fb0fc9686af075563f4e18c043ec2da3c4de72f3ecb0691a1655594c0413d53ebd7d40d7d426fcc02764b025e4cc4d24af4f4f516face27975f73917a9ac871a8b60b62f2e3b9ab65aac7ef73b5f444561a0e75d60156770ac8d349a2680d43d50509846bd28ad96b131e7421480a345cec5606cb8c443ea9219b10aeba04bfa2abb22ba76b08", 0x91}, {&(0x7f0000000480)="74b5d91e4b27c18db7682fe9dd38be3f30f7b5829b27cd6643b49f2efd54e7a3fa16db41d47b4d2d329128f83629e03e59b2765a2fdc82f3c1865670c29f4224a1ef3636813cc360cf22ee328d86cc75321926e369ce84fd62b2bd42bbe67bde3811a06b6f2d2e3ca2bff5a12b76f174c39580949b0f283a43a1a9bb9c962239e509c0a7d1a1a29baaadca7b5799ab0baa0d5a9fad466a00919414851c8a09d4f0584588d10b3ced38f5a5c0be14f4f5cf1ddaaa65016650fa208e9442a1", 0xbe}, {&(0x7f0000002440)}], 0x7)
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), r3)
sendmsg$IPVS_CMD_DEL_SERVICE(r7, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000b00)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="330229bd7000fcdbdf25030000001c00018008000b007369700008000b0073697000060004004e210000080006000100000014000380060004000500000008000100020000002c000380050008001000000008000300000000000600040007000000080003000300000006000400040000006800038005000800ec0000001400020076657468315f766c616e00000000000014000600fe8000000000000000000000000000bb0800030001000000060007004e2300001400020070696d3672656700000000000000000008000500ac1e0001050008043f0000001c000180070006006e710000060002002f000000080008000700000017a637db943f5c157fa6d3eb224e3d1e248806ee8967a9a03f15133f5b10e9fe6befb228e4bf4bc747758b50e1b55416f473a461e1ac34d9279b049a2aaedb42d6e8e54776f1afd301845a23b23fcf16ca1a9a73b60d559a8b35609aae706bc20a9b2a0a79cf5071611aa1399d0056c14c54817fd2e511b566875b5d39241b39d92135b8f0121a94c3c46233b3b7d4f2cda4493981d808907ad637be800edf1b80b9e357d96e07f797bd0f39ff277f2bff40af7c56807fc98f577fa39f36c3df0e9481501acb1a06b77c51a192879452edf6fae55c2df668ad8faee29c1405"], 0xfc}, 0x1, 0x0, 0x0, 0x8005}, 0x0)
fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x1)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000ac0)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

32.864714085s ago: executing program 2 (id=2462):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000900), 0x40, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000fc0)={0x8, {"3426672ee0e10bd74e4789668c610dfc49105982672a6669dc6efe098b6260db7672fcf8077103ad2a7f1d17aefca6644a8deb6a48cc354b12f1f570d7488f700cf9a28f5a31b738b109d263059a8a40095cf7a4a5bf18dce9eac9e50cdc2f8727cd0e23ccbf64fc7f85295a512795ad482fa255ed1db00784bebbf4c56d7addfccf42a367c7e77a6d3cfb0fce8f1ae750ec7d5740c9a85d8cab3f45e93615992d2d204e833acd78c42bf0da49d5f55f10cbb051eac3ccaaededaee8c3cc9e841db4eb9c558758a08bbada3049cb791fb17f6f9b85d161ef9ffda486756da7f32ca7bd523a85e332120fbf908ee37bd57fab03dade15c0bd95aca46bf0aa7bcefbb9bc23986f559a664052c3cafbd4744cd8adbbc2dd7e2113b82caeacc439e48f899ddd31d1192e7f0f084e53f240cd12602fed2ea193bcb08e70be6b5fb3836ebdca80ea3b32cd48bac46d1d0173ac4177e02193c044ba36cde5d0779faf1839ee8775a12759a9c73d043143c30e998653dd88ff62e7e458701156576022439735a06f1182f3b65181ebe04aa9c85b7336f0e439ec6b893caec384f257159546845ee285e77659f39839b884eba71c8479791cc048040ab68353ab927924a30d731c46f34ee626c1975d20b0178c929245ccc8b2b24cb550d201a415e7ad489f0826bef5ef94d3da05e97ce7248271c689cc8369c5c058bfa982fbbe2ce4f5512d42e854a568562c8cc82067c9970a0b23fb94d656a9e295b8e11daa475508e7260d086ab46d2c42a818a940ffb99e04da642c41f95de44da5ee11fdf553b4a5b7b2eeae1fedc763f97bd711bdfcc0013c2b9f49390c9f448695ffa820bba8d2a8a6c1039f989202c0347231849bf9289371efa007903518c6478f93a49f840c834be5fa020f12647588c052fec46cd083a0e93c47ce06a846f1c229d91ad45516c54a16f1241c920f12c91e7c971ff23e2803a19dc46044bc7e4594b372cee9939d46dc2444848fdfdea5d227276dd3b0c80a64a4566be57c8b228d2bf58962d5e933909a2cbaf24ce2cf342fcefd351d6066879e4c207e194ad2b3fcbeaf9ee6d74fbe363d8584b083ccd0b38bf4c0027e2dac214f5543db748bed054eb5bff7bf511b2ef6359d70e82be92466078857c193d9cca30d29e62e8e16e7f3e546c12d9fb1242c70f40d367df478cad25fa89190036edc827307646c818c8cf779bd60c40e9ed372e096495ffa7c9407808064689f81c0ab4b2e6ee1366a692b83c671a2c1b936104521159a82d472b1e53b7079868dbec0a0d534f31f0582322a9b048a246e1417c06cb40fc49c865b4c3638590b5bac5bea78df8968cd94d10d7ab4c92afa468b9e48eec209a24df921c71c9ca8c4099df5a1353605f46abfa3741fda8d585aa7ecd05cd6cc558769bf53ba2320fb236969b5d0d42649c5158193ffe54dfef740b9b8d2cfbe5a19432918039798c241f309d75b1545f5579967dd49727b924810eca0fc25a37a98e1fb8cbf720468e447089e14fe13966c0610ae15b7826d9f7e12136316b29958b96f13459665727dec197708f4a9d86e1b00a290e6356bc5090f3b28cb351997971b7552361ab881692ac2b3f4a750857c2d8e89cf1d0cae035464d7aee0f0096e06e8f2b29b1f9e84b534321290d6881769972a1f99745422b91cac46b11bc6836f563a4dc4310e589d556c5c2f7f445904f2f83cf9a3eeae1b1eeb100e04c7bd647e6954d1bb305f52e5d88166a8275a7c6cac169fb8d66d137d618834c9613a42435d5b215b5e02eede9385afe62add7f859dd1144418b6787b7eef51be68b753aa96a183115f3bfc37fe6783302902d6c75ee0bcdc47d0d3e77c2e3d6d622b4930e7ad17d1fd2d8d78c38a519803fab6e4bf500c3122d694ea6e492de194a12370149d55cf8e1e985ce517137149f7a0466203cda2f7019c9c43d9a835cd2e1e7fcf3c0885c109e584c715d184ce578edbc66d6511ee1fd913ed9d180e580dd3ef21639bc11ad7ea82f2ee96d3d550303387a4d6c88f9291ebb1268b5aa8e8bffb282d8d75f7c82a1d882dd23d133f41cf1a49ec97a3efefe7b567d9c487c5d9695a97bdba4f3adc8900217b782f4a83d6202a0d08cb758067805a55d85a0d96ede632a35e7877424770818eb7fc8bd547ce82ca36731f6fa2ee572236427713b8dfa92dc19f022f5804e6bde59075310773c19cca9dfd84ebf9070ad02a4ac9f26306a4c57a3c72091d8122a72c069f690a75067178eafeea4e90e0d801c34d7107df4b309b8b8b64bf9592f3f715352256629c4c0f47d66b2ca4722cb4720fa4defbc60e9600d8f8b289ce00ce340c67f24bcf5096ada9e1aa6a906a65c9e34e4dcbd54959f6beee110033841468bbe9a6a4d13b3f2cea4e99a588ef8d446375caec1653b4a80a9ae05afff976a98b50e15e99537f060452e9be466ad42eb4930635026e01ceb1a2db5cb75e40b553633878a46bbda39eb438e01185e635327588bc49ab8c81a9b27a1030def0c3a5c00c7fa6f8803293ee8d229c543b6be1109492b3d98f1075dbff1ed7678f47690bf4d94d1c6fba211a6913ea84a2f5f49b5b457dcd29efe35c6c60af322ba6b7750803be7a338db9d392524b83e16f49fdc52cd0657367c99270fe770ab58149eb431c2464e6130609541054fbab4abfcbc4da73fb880c7ed4d2afd49b2e8b396d849bd80ddf6ae85526eff6312b1864f415091ccc7e23256d6cfb0393651caea29e5afcf81fede02c373fe2c82637d9d087fb735f59d889d065ac16d1e62e8bc678988f0d5450454d73898fcc2794285a8de9e45a5c648bcb68ba4215c1630a7b016c46f08ddbe19f40f36a0f6c14a475c6d439be43a82691a3ceb4e7d51669ba195e85d93e1e6c5bd9056bd9c6b0beceee9af59dc1aa501c1c605fb0947c3bfc59812a57c87ef72a43d8e25e2c69b0c4a2b2939d564c44213be58b1acf25cb15c6694d4843a95763b6c2380a40c1949da8ac6137f175d42a54200a470fb7b617808f624484e30ab7ea9234b981c93a289570ddc467156c0bf011f5e471dd52338c60a411f90cf778dcdd80ffe5f87d9d742861524a517406d648962337cb816f691b7a95b77c0e73fd4cd30557b28db582ea8a9783ab529fc2ca32dadd5b5a3032244883a73043b574d7d9cb44f5d26ac13fa7260e2d48f8d742895e0134fb1aa55c3a7a0806463536f824a8dfa4b25747d7b59fe64bc9f2a073787f7828fe4b1a970f79ea2ef6c0362bbd412c398b33a72fb2398149b84db5d9fee1825100a02d88ee75a4c5fd39db62ca34df491042315bef2b257a21d287fa37231380cce93c461d5140f5017d024d6a7150019b53d20f15d9c9ec5bd174e7a029cde682a01d4ea5e1698563624cf17445b3f0c74baa3369f254f9bf09d6c1fac401ebd42e02e28c4d7f882fd51edb9698da6578ae78092dcd01dd6963d88c0faba69d6d86a032a294df0325065821cc789281c9479b3a80eefc800f7e7274578987a09ed1d2a74e70ab8ab5a6b016c6dd249d271e0aa620d18f25041564497208567e625605994c8791f7826fe7cd73b57766291123c228b99e2d74b230398c89c58d4650b243cfd58cc7780132833b9eb652f886468df6695173ff5b6c4dfca470b8ff04cc373d0789c7972cd645a52676abac8d8a11e24ad92f9065f41e788b97e9c411ae774c7d06061961c5f20aa337b8f692bd760461f96786a54cb6344087babbb4b257e954f8364835d7dfc067d98cb4703b13ec668cb9a27fc2aca209c2efec21ccd48a31704c2402e2b820272db2af77e0957fe39ac4aa6bbaaaf665bea57a3e17c65270775841202611964f6d3a3a1632026a9409b32e79266269db30489949d7fe7e05d20738f911a62ed852c1c93441af6bb5861795a5b8a5fb37ba77d0b47faeb719de869ee0f3e4495800d41bd77f66eb97d805fd59b87ef0ab81f9d6922c9e57df35aca171fe043fe33c5343c93a3cdb5381de673bcc645d19fa11822baa8f109d9994297432461941994222c143735d4c34d2bf6e6e60a3a75a72c552eac48bea512065c65e19c6572f4a410ce8641732c8d0f9bad53e7183cb36031029cdefef8ff027bdd009f8607a13ee62e465906a9db183fd0ed5c143b9da2ce1f92988902b89f37de28de08152d2311e7dbcffb0ac921eacfd19db34a8f99becbefee7c0d99b41acb8251b466659f94d4e2da01c5dd32ab507c63a6435efdb5864d8e4d41a6d167b6b9ba81cccf894437d40f0d3ff91100eba0b6a2fc426f0cb17cefceb3eb5edb4814e3ed69c332549bdad7cb8f647ea776d0290eff56e5abc0921facb9afe0b557a84f7832d4a4071cdad8d5460442a13e6558dc683db24157089ac87dd36851751924282b6212f8cd2cb60a0c39eaa8dbea54e6fbffc99275b90faee43b742a63be2151b0e8383e914127e2918c5d39600eaa28be5769af350b83aa4f941d12b3d11dc27d5c4bc4a9e203740638f4b940bcdae68187a17ba99226c1a3234dd5a43b4fb38ee6567b7f2db7462c0bcefe79b5a18786a17e4df95c93905b6c5f3e49e07bd13ec9e8c5962c35fe02860408d63ec66a300220eaca437829853a5080195c82d14f0ea60166c513e708ebcecd8270da46b0bb91961170772611f2493f3c6db3398e1739ed06197b296afe920a85e77b4fd7c17713d0f101ef311376710880352fd2930848dbe74b6047fc97732b8e46027cbc69317704bb35f5b983e3cba142edf884c1065c5dc3f329f73dc3dbc4dc9fdf987d5af3b89e43e27627f9d7107fd4e44dbd3188e4727d3f34010fa252c8d9614e416b0876cf2b3d5b936d29a40cedfde2940d52f2b0bbb83607c9e909b2ad63957f067d9afbed1d48c037eda240e47ab3b3b5b2ef76ea1edf1a24cbae65b56aab3b8527c7ec6c58326834d0062b248c2ac23cc44adfc02d5b080c8220f8b8949f0aeb62751b2efd0501d11975c4de0b7ee85f31235a22049d7a316d7570be6ee1dcc5940f4e16afa8139cf65078ef73d3cd7961d17b71ef33dd0900ca20fdb927d605cce48588b32f095d8cd7abe1b567565c06baf2d7bc63ced6ed7c36788ed0488e965a248d0719544e3cd61002d1f600a1057611eb3f06ca7f9482544f30678182734c2c77ee88c285e8bfb2366301ed1935cb842db8612d9eca002f6f3bd9e97dd3a8912c2d1ff968b7f1cafbae15456e35e15c153f800cd1d28280751bb023eb05fdcb2e9f20878ce30d31de1f768e4c2323a4f81707f19c1242994cd44446396ec28e6b2582f98de2ed0016ad92e9dcc64faa7de8a56bc8338a3ed97be5d9f73857e51f643a7dcbdd9ff37604d063a4cd65e91157e1ce528de45c5665acfa91f157e4fd4542731e6cbd28ff94c56d5be35b457a226e969d52a7e80f90e221c6d60561c6ee4e7226e98cab5fc791ed6c21f2e2880eb737ef9c5331ebf3d652209f7ed488021cf3d833605d758734e1bf43aa413d68c5e6e6bf072cc0be639c12118c9c23ed7835f6ed47bbd2666a44979bee6597667083487d540f89f7ea25ce1a37aac5413ed2361eff2ff1f23412b5651f08d918b49314f6fdf447b81746bc62f12741ceb373d883157078f9ecb68048d9e0f515dce45341cfad01669cd18204c177976e3ef1c8bc92177d8a8175df1dd13fcdaf36829bd0bbb66164ef0de253957ae7d98c02857c40783ccc0ff32cf9e9139d457c0466d5804d670b83e6e14fb943066a1829bc04ded8d70a2952ad716841f3cc5f773eccd26293aad04", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x7}, &(0x7f0000001400))
timer_settime(0x0, 0x1, &(0x7f0000000500)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
preadv(r0, &(0x7f0000000f80)=[{&(0x7f0000000d80)=""/76, 0x4c}, {&(0x7f0000000e00)=""/6, 0x6}], 0x2, 0x0, 0x1)

32.02377935s ago: executing program 0 (id=2465):
setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xb7, 0x9e, 0x69, 0x8, 0x2040, 0xd300, 0x16b3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf6, 0x0, 0x0, 0x65, 0x80, 0xca}}]}}]}}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4c, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000200), &(0x7f0000000240)=[{0x2, 0x1, 0x8, 0x9}, {0x2, 0x4, 0xa, 0x8}, {0x4, 0x4, 0xf, 0x7}], 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r3, @ANYBLOB="000080000000000018003480"], 0x38}, 0x1, 0x300}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in=@private=0xa010102, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x4e22, 0x4000, 0xa, 0x0, 0x0, 0x32}, {0x0, 0x3ff, 0x0, 0x8, 0x0, 0x6, 0x0, 0x9}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x33}, 0x2, @in=@broadcast, 0x3503, 0x1, 0x2, 0x0, 0x3, 0x8}}, 0xe8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f00000003c0)=0x1800, 0x34)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r5)
sendmsg$inet(r4, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/ieee80211', 0x0, 0x0)
symlinkat(0x0, r6, &(0x7f0000000280)='./file0\x00')
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$RTC_WKALM_SET(r7, 0x4028700f, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x0, 0xa, 0x0, 0x61}})

31.174429804s ago: executing program 2 (id=2468):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x14, &(0x7f0000000040)=ANY=[], 0x48)
connect$unix(r0, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'wg1\x00', 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
timer_gettime(0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
rt_sigpending(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000240)=""/210)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50)
r4 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x40, 0x48, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x67, 0x2, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@setneightbl={0x12, 0x43, 0x1, 0x70bd2c, 0x25dfdbff, {0xa}, [@NDTA_NAME={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

31.109441882s ago: executing program 1 (id=2469):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x5, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009863341008043440cddd0102030109022200010000000009041100000e0101000824020128030118"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000ac0)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x2d, &(0x7f0000000140)=0x7, 0x4)
fsopen(&(0x7f0000001280)='configfs\x00', 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000020000000000000000000000300000001"], 0x4c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)={0x68, 0x4b, 0x20}, 0x20, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f00000001c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000180)={r8, 0x0, 0x0, 0x4, 0xc, 0x8, 0x100, 0x80000001, 0x5, 0x5, 0xfffffff9, 0x80000000})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

30.810072278s ago: executing program 4 (id=2470):
r0 = socket(0x5, 0x80000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25017c0000100036800c00020004000000000000000c000180060006008035"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x8028, 0x80, 0xde, 0x7b03, {{0x5, 0x4, 0x0, 0x5, 0x14, 0x65, 0x0, 0x9, 0x4, 0x0, @private=0xa010102, @local}}}})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000020001c0"])
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x40000000, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x3}, {0xffff, 0xffff}, {0xfff2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x2, 0x0, 0x0, 0xffffffff}, 0xfffffc00, 0x0, 0x4, 0x8, 0x80000002, 0x11, 0x0, 0x0, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

30.42232572s ago: executing program 4 (id=2471):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000058000000060a010400000000000000000100000008000b4000000000300004802c0001800b000100736f636b657400001c0002800800014000000003080002400000000010000000000000230900010073797a300000"], 0xcc}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7)

30.265153669s ago: executing program 4 (id=2472):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff, 0x0, 0x0, 0x0, 0x3}}) (fail_nth: 12)

30.263010733s ago: executing program 0 (id=2473):
r0 = socket(0xa, 0x3, 0x3a)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x80108907, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x40c}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80602, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r4)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0x10, [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x2]}})
syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xd0}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ba"}]}], {0x14}}, 0x70}}, 0x0)

29.549464088s ago: executing program 2 (id=2475):
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x5303)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008b86d3106d04b50801d701020003090212"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = dup(r2)
write$binfmt_aout(r3, &(0x7f0000000e40)={{0xcc, 0x8f, 0x29, 0x364, 0xa6, 0x3, 0x5c, 0xe}, "", ['\x00']}, 0x120)
syz_open_dev$dri(&(0x7f0000000240), 0x5, 0x4041c0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x30}}, 0x0)
write$binfmt_script(r4, &(0x7f0000000080), 0x4)
symlinkat(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x4010, 0xffffffffffffffff, 0x26c66000)
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0xc0109207, &(0x7f00000001c0))
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000000c0)={0xf, 0x1f, 0x2, 0x3}, 0xf)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='timers\x00')
preadv(r5, &(0x7f0000002240)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1, 0x38, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4044090)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

29.457776083s ago: executing program 4 (id=2476):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000005c00), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000005c40)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000005cc0)={&(0x7f0000005c80)={0x1c, r3, 0x711, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0xf0ffff, 0x0, 0x4000084}, 0x10)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0)

29.367166474s ago: executing program 4 (id=2477):
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, 0x0, 0x400c0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004480)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000480)=""/137, 0x89}, {&(0x7f0000000540)=""/160, 0xa0}, {&(0x7f0000000600)=""/137, 0x89}, {&(0x7f00000006c0)=""/189, 0xbd}, {&(0x7f0000000400)=""/27, 0x1b}, {&(0x7f0000000800)=""/39, 0x27}], 0x7}, 0x3}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000a80)=""/231, 0xe7}, {&(0x7f0000000b80)=""/103, 0x67}, {&(0x7f0000000c00)=""/79, 0x4f}, {0x0}, {&(0x7f0000000d00)=""/202, 0xca}, {&(0x7f0000000a00)=""/32, 0x20}, {&(0x7f0000000e00)=""/96, 0x60}, {&(0x7f0000000e80)=""/145, 0x91}], 0x8}, 0x3fb}, {{0x0, 0x0, 0x0}, 0x6be}], 0x3, 0x3, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x6, 0x800000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f00000000c0)=0x4, 0x4)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000280)={r1, 0xf}, 0x8)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x60a80, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
writev(r3, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

29.230353864s ago: executing program 4 (id=2478):
syz_usb_connect(0x0, 0x40, &(0x7f0000000000)=ANY=[], &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})

27.4281176s ago: executing program 1 (id=2481):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0xc6, 0x1e, 0x40, 0x7c9, 0x12, 0xc2f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcb, 0x8e, 0x2f}}]}}]}}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x60, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4e, 0x1, 0x1, 0x0, 0x40, 0x5c, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x2, 0x6, 0x0, 0x40, {{0xb, 0x24, 0x6, 0x0, 0x0, "f12321f8673b"}, {0x5, 0x24, 0x0, 0xff7f}, {0xd, 0x24, 0xf, 0x1, 0xa, 0x200, 0x1ff, 0x9}, [@acm={0x4, 0x24, 0x2, 0x1}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x7, 0x1}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x4, 0x4, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x9f, 0x6d, 0x6}}}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x310, 0x1, 0x7, 0x2, 0x8, 0x2}, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0xa, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x413}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x82c}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x40a}}, {0xf8, &(0x7f0000001100)=ANY=[@ANYBLOB="f803fa4a208e3dd2dd9f2fc8ae8432245f54e0220a806d3900fb2e02393281e40395f1d2d9c5b2380d97602e63bc2576ae14b944d0d478b18f4315955342a7ef7eca2e6fdc8e64f3cfe666ffa7f60192503d8e5c000c1b4821441c94066d9e16e8fcb11e36eee17e314d4a65b6d5365d966d27234c3596696dac149ba74c399e2f1e4f57de06fe4876334ab3e96a12566f1092e19127d83181eca59b2cb16f4e6069889d79bbc4e8c5c4e046fc572881567423fe341f4ba67b2434b16445b77d5a7143e6cb77dd31a0515e94197b1fd57f6220cdc5d159162761ac3446ede158d8f89d9cfbde8985357bb0943dbdc7fc86b39c7990e99447cb84e6"]}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x411}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x403}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0xc1a}}, {0x48, &(0x7f00000004c0)=@string={0x48, 0x3, "7095e1c7d364c688c1fc604d9754f1fb0cf58810e7dd0fa0d7b65c96e0639a64bced6c539bcaa51e42cedca900e981b94b04cdcf18894d98674be79b4bbaba80a88a879acf9c"}}, {0x2, &(0x7f0000000540)=@string={0x2}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x44b}}]})
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180600000000001700000000000000001812", @ANYBLOB="0000000000000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ptrace(0x10, r0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
socket$inet(0x2, 0x2000000080002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000009800)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000093160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fff30000000000007f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff0000000000000000000000000000002000", 0x2000, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000002140)="c119ed7667ec1da6ce5ad10520d9f0d916f246337b0557963a20976c5c2e3b9c50442c3aa3ad8af4490e25e8a248ad6569c868927ce88fde8f6dd47700c012579d8f5517c15a8692ebbfe31637d24da9b182159a75eb201be82b5b3482e6f7d3344eb462be4e452a789b9246974e521beb91400d62ba27d79dc7e4a2511c941b7658a426f1b03867abe8958cf54e277c8c7eba60d65881156958563b415fdfb45237d979dfffc5a2399d245c064928d88f8f2ad57fc65556fc4404b0deb7fe8b794c8f853fc356646a4bd5a3bde17b164539cde75bfbcb82189d10658affc840871f99d48a657c0a490f44959ec808a7de09590156b5f4dbe9689884f22c3388c3d735ab0a38bfa911e234a40a7700258e36df5be8b1e6e8d229a9ad553628c9e2d099d87e54328d8e75a59b5add9aa55447c933e752fc3bd90aa92645449401e7a715f3b4bcc17c799eed78a917850f05886472640ec78ba017ae6e83683db81d999696d3ad34143e5d6be46724f4086dd8480e85b070e2980ee952ef91f8467bf542428b1958ead9f7a09641d0c33c1566e77a3c923d94bee7dc9046e8b6803dc5c5a6e34ba951d2a0fe9d6d03a57391560e2328e8c581474e38e40055b45f7467b4dba95d64dac57b6fc0dc8a40f054aa801a3c022dcfadc793ecfb9968d3121157b0a8b25b99b09038c58570205b4166f3bd749d7a0f8bf89033e11c0a456bb72788cf7ccfeb980ce085711f8ea531fcc57206d8e0e0aea1f3220066c7769d71026259468604a5cc7331cc971a4cd78d8552e0e0d9955deb21282a27f0a5f8364d0f9fe91016f086c10a3662a154316891ae4fb8cc3481b2253bbd09c64629f3ffcb5e82b495e6721dce47734254ab64cc119c2a446f34d6cac813a3c0444d9a13ebbc0fa4baf1bdf78b9a9cf6620fe488bf2a1bf7e857ad6ea157542761cc6a7da8d4c2242853a1fd14629491680253603b910466927c2dd4818464d7d9c246b9cd726d123d1dda95d0325370a0f1b5751796d13501a2aa1ec0dc70a5b749f8d171cb7569d9b74354883a2216f452cc712d0829c8c5f206cc7924652473931adfd2bd3940b3adaf54967c0af599d4968da74f25d2cc309dbdbe3d6faa08f2c08205365d3c4a2c8344b1047c7d0caf6b595e5d24c89ea1b532fe3094d7a16c716110b75deb22a5a281c0f133cfcfaf5238a3c493c4f97f890bb33769ea652c67149be70e62de16b65730b3bd2f547c084ee77d456a86bf8f1f7304703d2524443c4b66ceb7d2e5d97124a6ae48158c16cefa3eb94a7ec49ae43dd02f9edd0924d73c7cec977186442518b8dc642dea31dce2b79b4ec5400210817da04caf0198e933e8c618a5f0e7123ca5786c45b10a543e7de350aa4c072c85612a99ec9534f70130eebc0ef842416091a0adba1d30730d04080928c094d49a70f0a354b918725578b27a9b65f1a43a7dc9d8b6c9a23e08ba83bb8802e69454eb316a6a0188713704b30098479f5d99497e60ffb372dbbe07642dea12bf6f3f4b6c508f1e061b0211b9be792fda7bb86f51f018085f2fd5ae316c761b35d562dcfb783b87d6da0820947f5d055f0f7cd3c50f1c61f1da1a73c7ef107f0ad957977a33cdc67f6aa82e03490f5333c1ec0a1fbd14b2aa961d2b3f6315bd06029c4c9654414bd9256de44ecf3b0485a41a9f7183d0469bd327f549201924ab80e3227f228e20e9fd3b646b3134385ed058f4bff4f714cdaa855e2c364d7bbaaf26df65bdb9dfc4f6104d219e41684493c621588ca8d01ef3211c28d613bc67e498b4b80279249bd947d029315dcabea9362e0258a5a819530459df44f7c83972299e54a29afd836fb176cdc1d86398b6c7a75cd15b1f76a0070839b5a24366603a0aee35a9f784e4a633703de42e6648a9626160a25c9033242cd97eb07ffc54a01d94c48333e832ec0eefe51a266fcb526dd2954cd1147d2a2df260affac31e4cec7ece02dce3f61078b0111b94c3bbddd41487e33820ddc8cdf7a1ebc58531f280e2c12a8514bb4e7a176208b73ec6f4cf1b660393837dea00a8474fc41039db848ad6b0375a36ba35582736cf7bdb33a051d49f966fd17a80cef2f0c458d1d5c932e4193c5018105416ff1b27eddf56d4277a49d0adbf34c998a062db4c8263f5c03696cda85a6f0db49a5c58e2809d7519e6ecaa017d90e31eef725fdb3f26d77bb15a3d924d3ccb728535dfdb7517a10b9a54a551c1ec95c6770ee0901d18f24149678f1677d1f5c447aee584c6f1dbb7a952da6b91e8af3d98fe790201b89a05b61abacfe6acd7a774e3a12436d169f54b8e2572f0ed70ca78e801bbc3b783d73c96d5424b82de2d8ba84f585c67cb4c7d8175b8a2fd75a59b24db0403064924a4a6ea5423ee818b70d1c5403da14370fbc98ab4ea6a7fe78e7d3e8da1a3f04856edd96e8b9d7e80064daed38d0ca194a638a11175a9812569a640a8d373aed41e9a1e0118ff7ecade45238544dcf5864697c4d36e444fb82bbc222a8a2bec2869c623f61aa38299d3a4e8806721d579907c31a0cf50b82dcebe08d8c5a21d97a707d5a83de1fb145227d0303334e5cc73c628e818ab6901c001ef8f02557d5ec579189b620f0e3307df5273573f707ee91985823894f9ccd80415c91d7baadd31ceedb3b26212e09a62bc22392fbbf3aa5e340dd3408c1c9e3d1d144dd5260c904812952466ba31a2dc80b8826b1354335b0d754954bc93cfce0eaf93665600f67505595ed66eb38ac98a23ae6568aac700361e784fc8ff3cf0cd19e15a3508f42fb1bca1f95a6502b5ed09df0f75859527025798b890df2f0110cc20798a7096831c9822ed5a9341fd6afc85a78736b857bbfbcae5f61fb5a3ca5577c4bfb6b1ccac7f21e95cb2c1e3fbe91f5a46522bfc49a0e11b4ccae898b5215cebacac2ac8d6685b05a9df649d39e40c66f4f1373e77a722beb0ed05167fa206fd66cae5b01741f86cc1681ce7efcee5d67cf8a89627d7d02ca8ae96e32cd5d74dffa715b7c2e0f24648932930e69667939490cadcd06b4396800152fa3dfb4810ab6c4de8f0814a9fb211517d19932befe0c0613699d481ba2d3140836d9dd074ac5dbbc27284463f190442b453d4a06e1e0053d0e097420e1406b104cc8bdc486a1fc581cf1dca50f63ce3de1403eb4a5080971aa2a2a911c3d24d0370b1c062e6b21c6a694eda76e61b877e596d34ebc507f10c3bbf969793f5b71d026d03cfcc2bdda2acdeea4b7066f07be408f6bb35ba7f3b8196e9a1d1ea30ff709d8c0fa29c40056bd53e609b5217976c422efe8052e4cbda4b12dd2a1286a4460c57bb3a138c55408fa6a0888e32299cc47efb84ad61a98385854824ec253f1279f9d1ffe6becb8c427b53c57b537e6494f6acc7902347589230aa7316523108ab38842b3b97a0840d4c3eabd229232a71302edd1f3375d0092cb3a07312400c1be8a94da53a79d2fce38fed341193f6c4dc41f396774145aa18400bf108577e714f4a4c50ce408392f954eeae696d2605bb973b147ef98fa35d576c957a01f262d81157e1c8aaafc708634366afcebbf31cd4b7190d29e0b3a2960ab5ea952eecd38becbb7cf7659a95044a1ebe4240b0d26c7a932c14c1252eb24bad57be94c5632bc42aea31f722904306d39f1d0850ac029537c4425d048ecf3fcb5428638dbcb86e17d60164fc396c706c10f0a1ccb4dff2f36b47510a749dc03e32fd7f13893db135790d29a56fe1fae6d0202831d440242be2086c6e5dc71dae14089fc080a358f159faafb397da8ad8b48b1615112c76627a0e47a7cbfd2cb0e9a9c5316e96f8c2cf4ab7c875ed1bbd5a020ff2f265a1f63b6151a2288c3e83183e68cd12dce8094d392137f061d43421eeeee504e4db172c9fabc6297a5641a9a7696f16660489fd6f7ad9421068bd1294941e51b8d2b818627e3081369583e91c6b8b68c93173dc7fae27f3bb9a4c6a3d69cf5bf28b3f8b5c8fa8a8a90bfc228acd1df93c8b3f15fb318c7524ef2e8b6bc18010b4ac5b448dd3a134531654d610cfc9b393b5b1a22e90377b74ebc64aae95987881c0602311c0fa94cd612889125da49b810acf9617263b55e504b1b9160675cfbef83170fba4134640cc2be541bdb54077dd65304eddabcef91a3445804bcdbf00f53dbd3345c190c2ec117dfa986dd04c3f02b7ba9eee47538c5fda856d432cf343596c53cf3c109ada41fc6d7b09c3f14b60c2c8a4cdf5ee0791017cd25f7ad96d0c51a5cc52e2647826662a99266a2f2072b7b1acf805d44d8064d419999df38537ffcd78a78ce3837bfe1faf7dc79f5e0d32ea5e62c06e6aa716e0e048cd5c5fa8b4212ac668ffaca2a4e8afb91aa7425a800fef89fd97587569489088b434510a38a49e8ee3e1b96a307dcd999268967405f354dc0478bac5229203eb9d6aacc2db83e233ce852ad55b799b6923653d3d5788ac56ffdfeb206acac33010161536e3573d54eea1925b6f4edc6aa193e9e362681e34564d146b49ed916ab8d6aea1a78e526c7a0dc56f5ca90d07862d17cb3f21307f2e012ffd011ec64d4cc23faa4a08c4128c0892be5d5999f681dd28bd6796f83e1e0b80ab61249e5049e81c2e692e360194129d1c9aa13d5302d3cbc6060159632c6d3c2db27c3fab53e0919a81ff5878f6328536292905883095b65581b696ee94a8a0dd7d0d11a2e269959a6f848c87eefef283e57fadf325b665ade2d6591b283c33ce9092ceb39df5bf6ff92cd6180353d8021cd3b8a7efb9be4f79b37ee19e4b9eccfec49b1f526420aed78424d5129afca3e28e1e6cb5cfdd894289abd5ee69d29413c548f65baea4c99ae73055000adb0dab38e7bc6c9c562a3214e3b279decf1dc731ceed1e4def2d70360953886da1eb7b18b745fd6d8751d038c6cde166d4101df1418689468d3add001cc44c8f2ab8105fc362cf5792d5c270441af890ba4bd563ce68b57a0f99b80ba93f7fea3765ec1fdadfc7274d4d7c46da05fbaf47e29de56ffc53f71188f94cc3ea26197eb9274aea10f793e348541feda0cb82915fbc966d317b74ef23a851f3a7886fe99c4bf917d5932dc9576313518276f690f400b8de28cc92c2b753ae283c7fa1639af82ab939e3be687621a525dbed50d33cd6366d559a75f1bd1cf25a0bc421c79debae4263beb171539835e6e5447d411383c3d7ebc8157892ab6d5013d49b0b777dc27f629e9e0924d889702dec588045563cc09cf1bea68fcfd0a2c6943248009b95cb6055b5c2f521c4120ecb4233c47d7f0454afa93063d5b26b94530b3b3089b85b64ebc684e5c38a561ba437b09582d38fd379e48e752cffc532bb8bec2999b2ce70fb9e5d7101d740008c935680537e8992b576c9f5dbcfb35513c11fa48caaedf52a6bc350aa2acbf1ec561680d8ee9837d3373e2d51183279a95d41eeb9558dee0fa43256b9a19012b3091a4bc1e94961beb05c33869915e69413122a953e0be0fb9759c9b8ac1254aabcce151638d60d197458e9757a1d1b0e7286fd66dbbe9deb51ca7274b3e0efb464ff44aafd5024cc534ce0d725bdd4e43601279231b6fda22ec25a680588794f086a9c094b751c575d0e0251afa27381c55a9c190ee3af55af0d20424db2411233fe46c537b41dc576639979469925a8c8e515539bebba248d3372ec80875afd26a04ef5d1aeb61390901eccf4df562680445ccd6a90fc70cf0ec08910b23e108ba9b35a689fecbeeacccda80a2ac86d2e7ed2990ac386ff3cc7992ea29d94bbe7d13c96cd31763cb8a5a150c6ee1781160e27df9b51678e650d009e95322a0a63a9165288be42681e3dea6262e00ffdea6f076b9bc810880cfed87a609f1096dcf6af0f053b5ed80c2053157b97396d2876f6600149cda0fcbdac08621ae99e9fd24393d30c3911da7573c3675a695f9e014a3dc2d2e45296abaff428a733cb742a01df7059828f64e515099141081ab3a263c7c38459dbc0d32fa8768b8fc3550131d286637e25466d2a129d587663d9d0eaf4079a72cf37c9fccf5f2cdda2e9db69d82a87b4cf9c20dee03d935cf6099d1d1174344d551cb569a73c21ccafa6c59b988e0681bb175edd912cd64670598b444825c8f4a280dfee91ba18f50aa0f2fb529e5f73302fa09c4b9937f19ff6175af4f1321d3dc09e692ca7e1934f31ac91fb6e6fca4b1dda3a0063c8eeb5f68d43c820f8b9e1c6903ec1a2626ca3536bc386f42e7d865102daa82db5b2d2b580825afcfb65ca9c5cca7de06d838f84a84ee4f8381c05de2a0ec53bdcc447df8e8b9921c21cdd43312e1454790d727ae9c33487239195afc93149090e3c47dd9ec03feb51551ae92e9dc21ce5ebc4e8c8b99b9dd09ecd33a949aac69299024a52680c91244fcfefb9e2def28d0cdb621d7be8442c67c61b18a1228d341014a3116e9b8f2829e291f788e368b6e36460a6a76987918caa641f06184ab0a3910a43dfa97b3e5c31c837a12a436ee8796f9f507cfc438e6b061a59342be0c0bef0b646973d58830063a28c1cd3f434173f450c2ca3a846adcedf6b5d0bfd0813948e79fb8b6bdf9a5add644ab2a1d9795faae8ab680db6a4ad933848ec6ad09b212605ce497b2dba4eea307c45c17099a3f116508c73371d6f3dad906cf8ee9a9eab88e9365fc78112dfc8a4f865e627f1f6e11357632a3a1a2e9391f56376f8e181555ffc98ab9d93874392e81aa4183e8caec57a4a29613a3c4319595553143adf28bae56b719b8be0b2acc4b03038d48de63b19ca362945637d4a385becaaddad5b3dba297ffe71ca0cc9c9c1ff843ea5f0dff511b88ec7a6001a2570d09606c36d6bede06c4c7e93c77ca3da73f9933b16650df963a39ff34a3e83bad1c14a5a9457166f13c53502e9b9600982aa99598f711ef22720204282c9b02fea3eb55d568160f0fd62633787a77fd8acaed92f2607020c26f6f9386f9021f9123204a3f20e745caf37849b25f360e174718e1d78a32dbdab5d5aeb36c9b3366167b0fee60883a9b0f8bcd9695472ff4820462fa6f75801abe45c4ce02c6de61bddb434bf020b1145f0ca58f035f46107ca63a507498d7a1ffd9f6d3071479aec5999c1e7abc0e014c5be04b92486dce4d8bd88c321f3017050c599a6ed8888f810c75f2607fd35a8795b7478d1c346ce6694a0e1e3604cbe2ec7a31415d80508dd23ffe4db304a2ca1bc65681cff1135b95fc05f0a3b8cada0f5c83e8d0f3cdcbd4bfb48a7895cc9535d81d13ccc8f9534dfc542d9837e352eddd62577ee711d26bb07f41e9948d4b917a926eb8093944ae45cc6dd13ec9b61816950d158226ab7f1b8d8a1465f3eef2e9a63b3ff097282d2541fef5102c8b651ded051d3219f6527d4b5b6fcb1bd0fffe7080abde84ea1acbd2b89b0c9577fd7273675527a12dcaec02b3262389b05c2c09792ce465f7a879de0270fc2b6f28403a1dca0c5fc28f0687351c5bb346de8cfea7532b834904bb012731ef8fe83036c95251c757683834672fa80ba8383308e3e9e536fb0e906a9727e6b2870c3a8ee056d353a3fafe8e9ffde7b0ce951b60b35fc2f7d1e476ad1c45f2559ac66dd007fc27253256f98877a4476ad273880a874023e3f75b14b32366172bf860eb6dbcb0a98b83972e23b02fd02027ca7f9eaa0ee38eef55ccbace6ea3051d79c6017c34b5b502a9b0e52c8b4bd80391af549e6f4accb1cfdf2071de59ba903dde378d9e66ed0cbbddd66ac365e64c8fdb93b97305a55cb39beb745d4a824d1de5282b1b839a72603fe033f8c7aae2cbab65fcfb54eff28eb0bd4c72e3e892f953e3251b88ce178641e79ab5484bff93a8eaaf601be15368b46690ca10e70188f581f999eac931fe48f31b8951ccff1ba5d6cc007246595bdb22a3dcbfb2c9fe0d010bbab856f4c651dc5ab7e8fb0193b1c9924facf3c05a255ef328d589a0a89bfe67c7d971bd7b708517c8540391f6a6b9724069e572be3f85ca86e46e6fdedd22695fd8b364f3d10723a34971a39e1822eac8f51661ecd13c41e6349c030434a0dff79f441cb195bb08717345cf29401c834c35d9009895b6e5c03406b202ee333d7f531898967f93aaea74265fc605fb4b5a5750305ab82203f2fb49493a5d3deb285a2777c8641b3d5df1c7cdde888786d314ccdf20b60c5e05279160fae24073027d8b8b61aa4e4760d8d7d785d2fa1e551c2ff644bb83e69fc574c754a195efbca225e7a5e5ffb1f0852cc80187661295786fa35cca2baba685f744ec9e193e212823741437dde5ca003973261a167a389f2e5ead402feecbb4045a39d3ebd76c4bfcc65f60bc841f8488d08f258a95caf36cbac22671ac59a7e3ebd22d600bc417b15daaf296b562928ca6a2d7c11c5e96d3c1f56e683f1a55c07dde2cf889be2ca901606b613a299703312e74f80092ff6128835ea200fad70e0c2d094818ba6178200a211d6b2d2b068a4a0d757361535a73ad59a309c2167c874b23b2abf4e5eaf76e7e6851d4232303b8c9073ccea7398d34732289d0530f4183d004cc4c9827668005d28799ed2b23005f70bfbdcf2f4b6a821c2ca12b7915a5bd6098753218ebc41b16475c8611f492f85b08f551fee983915a5cfc82d24abd29a281963feadfe33cfe14735168b2e0528b0493011aa234d18450d9b29322d7094f3202f6a6b49094dad52707a3a80324835bf34daf557ac5f18695069601c6011f148084355af3b531fb0e16a6ff81a8f9708e1a610d38dda66365255c7aa3a3d37bd4b58baa13d1b910280567642f97bf4836a1fcf336bf6e9a0fb347abcd1cdccfda04acdca918766a64fe7904b2e67b8872afd4366f9feb944f9b9ae5577c76c55c24b85e44b48d464333ba1a9f6e1e8ba10b57d7d8aab05e86702637485998fecc12b3fb12ff7ba3fd26223881a06350f215a8bffc46eba2cba0af2e11439ce012c667c5cafe3d0690c77b3f1ba108caffd5726393e61f194295cf4c51d0d383632cd9b75daeceb84ec450a0d344b08596530f1b95ff8b034c04b263a530c59d822e9c8c5c7328e539a18a2905c117944e22eceb60247b7aaaabdf0859a9143ffe2935454b6a87f21bc1de97893c23b48ce03782252f60e880f56b839daae71aa8a19e753506b370739ea88294ca2e0c1af31438ea33b084c43c6fa1381b7f1b9423685c53f3438e1e8893c6d157b297b336cf7f032ab4c01248ea5b2222e24f90240d8f28f6455e36cc423dbd2888d56c3fe6bdbcacf397ac13a1983797f7ccb84a1cb83339d4e9f599a154ac406a3bee3d4b3749b4f0768b0b225f31c9c91dc26a45a2e109a218ddd22af93b86b6fe336d3a051f7e07ff1d1d5eb662de4cfda0dacce0e20c37f34c75a97815591da22aacaa1e3a8028af1b5e15e470e800fd1dbdc99f21687724f07737c2c315e0836cb169f71e689fca00a2c73fe666699cd6571ea106767bd7f0bca061f0b4a21991fd02b8e695b78474ee1c9bc13bcdb9e477c02acf2343d449f9b85bd618bf7a2bc353c356b9578d3316b17f8bd3fc20f2b1a7a4cdc518e79c77d472c5cb6762693388d3124579d884a49a69d7f07c332be891c3244525c2e6b9387c041b93706a0121365cdf69aa839346e5e180945d8af7da0a8f65cd1bad1377d13ff6d02e7ea54d4377a1d3d49d3d357e61890034409b19f44fc02f5574f40fe535bd423bbd96a0a542ccade1b478b78265b25c1322fbbb8ec99cb45b22d737ee248169fe08f8a2958b925ace6372bcf1d1be57e9b4de97bd0db62425c53d869794d4390312b67db5e61d1b42c5afa549065005f359c47734f54b7f30918be1e2d0ff21596258caa287159fbe6dc0090242c43815367bb45067a55e0658d58eefd081b1541cf393561a5a369fe90c6d5d8caba63198c84fa0467fae813ecd3fb740a3783a53dfad07c9493fb3936b802e1bd9fb558bae88c44d9a4795aa634c13a5fba50923636ac6e2952da6c8424cc616eb364c11f876663d105fed392c15dbb00f9caf50af20c44e4fea91480cb4bfecaf126451e6f19146bb2ff26d310416c62410c37b000a1d1f0480419e5f5f320827fce26fbb25c9ab882ad4bdf6a674aaee87b85309a9783bbd34606ed46f6f761c5e124825b0e5df507c505814c769323bfa36170015e1720e2cbf30f79cc8515df1fb7d58695ecf8825e924e098d0dfcd5e396093d996a2fd4a9c5de03254b12dfcd2342f49acbecf18dc3417382e5b507652b1d089eed0805479546eba0fc7d17ecf11d692b4ce817f270720cf20737d3f02e302cf5e18d649bf3405fd262dba305e916280a38e3511307033dd70d2cde39d528e676f6a051ebc73b6ff0d5f63b58970e38e39ea366977a0809e22eed665620f65bbdd2f94ad82f3faaba1bfac309f60f843fe89573787092c8f7a7b44018ba7daba13e6b093b496f79adc0732574cac1cc33e5234d7770ad6cb534dab9856e390e172a91532ae77f4ec98054f4c12b02d0438ddf8d8d173e6a59f66564accb785693897b335199d9d8338e242703ad120f465a19153a1a330dcc275a399af921e0dac2b6d79ea51ec72fe932be071352c12933367487d7385de66d62b2bf5cae6c4d54f099d7c4ee10919dcb33a2b31498d979504b619a6eaf64ed400e491859f9c78c1d9d434d6ac69d570796088d76a47b4999816eb3b15e8de155f1392b75c1517c91df38ef0793610451ad31a0906eecf14c80b679202a6df9f00c7d28d1449988410c652740dde2ace85080e2a4f16024cde15ec4023b1fc4537d6947f1e001d37c90acae2995aab5476a99d3a20af07ae2e564e27e31b30d7bc3b8aa016e3b5c38feb9fc947ace24e83e7ba4f69f72e92f8f26bda8dd09ca791fe9cb1d0e14278c89a20ee2896924e88ba9cb3b916aff3b7a5924a91b4495d0305fb4adb3e036a31e2f200f272d4fa7285f96ab7e7b934464227e108511ded2ae4337aee944e4067c7b741d2f55483243d641b8bcca425bb69f591065a3b45c6f9513b472aff95c1b3e71133b3479cd5fc51e9eefe5bf0f7c2f9256f8d49a2ceb2d11ca0f0eab1e42464cb7d6aaa0c023147c1f108c3d6d1fa379638979170cb6d94fa92e5cf5f69316fd64c027eb10ddfd9b91fc91829f347cd73433e5197fd97fb10e99d2ed8868d49e24d59efa6758667f6ffc18e5258f98afeb01a3d794813fc2b9190090ccceaca0526f06a948d45bc7e2e40cdec3cf78c10676a8bb8a3e5e7200b3726b3407bf666862f9038d8216f9505cf7aa9a04f934d6da311d6500452676dccfd60977c4c99d56dcb7bb45fb2081e19803841a8edd8cc55b08082d9798a5c3a80de66f4ba2ccd90566d393d94608f17724719393b9df7725baacdf0e4e984b454576ad4f793143f4c8dc5f1ca822fbcdc90e9636727ee0638fb26759e6ff79b19c97ad224e5a85e1075833fe7fd2f3424420a5197eaa9d440c52807fc3e96c647dd745e49189f427454aae6aede782a8ac40582d85acc9ae68f95af556945889ae1fe381e69ed18aecb08866f5558ae36b6ff61c86fdb2b6f3eca083dc41c0", 0x2000, &(0x7f0000000b00)={&(0x7f0000000280)={0x50, 0xffffffffffffffda}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fdatasync(r3)
fdatasync(r3)
semget$private(0x0, 0x1, 0x40)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000000)=0x100000001, 0x4)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})
mkdir(&(0x7f0000000ec0)='./file0\x00', 0x1a9)

26.776633883s ago: executing program 0 (id=2482):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0)
ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05", @ANYRES32=r1, @ANYRES16=r2], 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setpgid(0xffffffffffffffff, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r4, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r5], 0x3c}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
socket$alg(0x26, 0x5, 0x0)
syz_io_uring_setup(0x4e1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x2a, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x6, 0x1, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x40c8011)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000006, 0x4000010, r5, 0x9ee16000)
r8 = accept4(r6, 0x0, 0x0, 0x0)
recvmmsg$unix(r8, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002a00)=""/4100, 0x1004}], 0x1}}], 0x1, 0x10000, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001600)=ANY=[@ANYBLOB="10100000", @ANYRES16=0x0, @ANYBLOB="080029bd7000fedbdf25750000001800f0800a000800080211000000000005000f007f0000004c00f0800a00080008021100000000000a00020007390d032dd8000008000a000d00000024000c80040001001c0004800a00060008021100000100000a000600080211000000000004000500b803f080040004000500010002000000b0fd0e80a90000002f6ea88762ad43056ba0a5e27e2346a827e651414753fd53dbd6bfc517a45f94237b8ec29d0bf209f6d61e4cb9f2dc06442c2dc077b0f2dcbd13ed5dba41f05d69dd0401046aa10b249ecfbcda700d4b5adc155808455c9426e0351e186ac53777dfc3dd170ac71bc284b418800e1550502a2b2423b43fc0949f3d590c50c288af1b00e78e55644c2b368fe929e287dcdd797b4e3bd301674cf55247f49774139a6425af0400000041000000b3726940265c88903d775f9ed6552ba8c2a290ba493013fd3864d611d6ee8f1d12a075759d0b0bd8330bc5703dcddfcdfcad20cf7f6db637d0338610d500000001010000b8f35c27fa515249734024920f308b49ef379c72afe1901722da5dac223f418ac609870f61399d3b5ee63889ffa3ff078b629ed6e5502209f701953f44f4d6bbe24e4909a5686bd6cf3f2e51a10c92093167a188373bdef587821b66113093780b2a0ff7a7b4589c217cf4d58f79c7f96c752b2274238db71752ef70ddcc4ca3fb1698f37a2e97a5c3f2dba949e81f7ec129ea6d6a372d6079c6f30055773b8f336e920de0bc0cdf7265009b33f1707aa33cdfe7ae3818cdfca8a05bbc101fe251379a94b5a6a672de313beb5237a4ba6f732e32027b15a5739e7a347f089d3f259fa97306ce326dd16dbbdee50731b04ce16ede17f06f13c1075b6e200000000400040014010c800500030005000000030102008edf95d0bd7df0fd291a57d8ec328262700ee907a4b964b9a4d561408fba4cd38649f7923d76e6ec8722f2d51cb291f5a6a917585ca65998986903bc943406b772f814354ab7616e723778bf48367c203b4959312203793ca87ad3965955f85d07c121d753b2bf6f2152c66d69c820e193ed11b588822be1c777a45a908621a19c9a1027623bc426c3ed57abe41b2a091e8db351bb966899f9107393124a5d17041035bc76a4febbd5805137eff494adf4dcdebe7326d6575a30fb78acc06ec13462e5536b604cf50a999f5256b7bad53913dcd340d0ca26ef419f90015c337f9808fda508c78f0e8dc55dbd1aeaf2d660b65aa363b70a827e95eca89a271700040001000500010000000000050006006d00000079000b0025b65ad92f41e06d18c2c51143c417d65f392307bc0790a80dece518057c2c9bfa52a4128bf490fe0de67d79f8968a2366d60150a50eaa28a0d94d9efa99f57c71648d40452f8a34cff79057433f4b217b52ba4bd2c029abbd8cd218e2292d56a95e3e0d2f11814ac3fc5cf0e0caebb233f545f58d0000000a000200c5814e0f74c30000e00bf080050007000200000005000100010000000a000800ffffffffffff0000a9000b00446631b40f0c2e3b8bdf0d1ef4060a8a8317349b2d13324b7b5ffe94814e7f4c0d3ca5e598a331967842334a6dac0cf532b7ee7f001216b3839a5cb9182aa14e409af6c59189a3eaeec8900e6e6769f57544666f0a98b3ca16c0442061e65039089268c62f24e27f5666a6bb9d20f75d87d687199f32376dce1d55cdb49eceb2dcec2ed01187874a2b51b21c7ec5f17a7fd70b588d6748a056d42a6afde7965a223bbdade3000000140b0d800d0b00007019ef1bca17a03bd28897623f426dc496455d4f8278c1f9818afc02f7d67733cd157ec9b4cee8f50035699564b82d0624bec462e34dfae56b16c8fa8bb8ee979e617040c8ee40b5d13977f5aec0bef66e0c8e7b5e409a1199d53eb7a09248124eb5fbc7e602cbc5376f6affb1a3fb769feb26b48d36c24f7ecec9b414590f081560caaa2540b61a551ad5953417b39ca49c0189e0abcb5dbf853d89dbf48db591d762bc02ce59aae4f50437e3d32aaec1be20b04b7e794cded983943caf85bff2e7ac6c882a70c4d42ca90f65f46b185b3ae2505e373e734296ef78509bebb95c38f6ca7042cc21c4d1966cc691e782f825906d5067708d4fe0c8c0d78c9eb467bdbcf17baf04aa5cc64f90af4d73f51489dcb42d0ddbb81132c1bb69fb49fd6da432436788f5ee957cdca11582cb0831dbfbfb43ad657219660c6ae50ac7d72ec5971201dee6ef62dd7b553bd0e779cc6e5900970c2e8cd74c8b31408081e7a22b9961934069c76842337cc5d0a3c95c11b157b7c6ccb6776b64aff53f08710486ae37661971b614ff1dd828d86117235dcbb129b93a9cde8b58740164185662ff19ad36df9018194a45085b49e8b12a371bc8eeb6de65d92080e44402c730b84c4138e5e7ab8d7e2955e393d130d43f3ef5e8126dc314f56ba5ec42b0611824506d993fde37508af61a89d40ab4155bab7990c035d455c4afbf5ffdd5004febee9bd4d3c071094019f68805f8ee8405a1c54e5942de298cdc1db6366aea94ed7211b23c47ad0ef07f00df1137b0e7cc1f801f7137997d75e0a82e54310190faab5ad2079c3accbababde0954f07ae6e89e8d3cfaec2878898b2998750775892bb892318384700146faecb74ae44172dff7a1bd9543aeb5165452b523c0370dfdbdb6626a0bccdece000c96822462c2fc9e8918560ffdccddcfaa99017700079939d939f6a6e0bd555800734bf5b8663f17b77edd0f129ed5701e59aa45b366626fe01cbb97c15d4432032874078671bdf00cf6ea736295c47dd6a3ca2d9463509e91a29c987192eca00d903f64d06b426da4d450a3bf7d5c780f57e61bf45edbd687c5f19e0b84bc9e6a2322783c10e0c9fe6534d0c4fe3c4ad32378bb8e06cb20e4e79ca06b35635eb82aba28246cfcfc26fe97abaefa5dff7507afcf00d20c2e9f0613e585d4e0c4c6fbf3cb4fab58a18ab3a78298aac837a946d33046f6b2a7a6382d4581e4dd82961e6fb468ce16e70b631f4f15832d62b18c6beacb1bb6043e2a4cf43cf672e065bae1d44344cdad61f138c12d533f84be5d32ffa75f1c7dbea706b5061ba4832357978903c6ed294359fcdf646586187c187b5a7feb2fd520eb857975a6c21d3c6b63d6eb847187db6c89870f38038f315728fb27dedc91667e8df5d4a297a2006439ebafca300ba13d3646566a4873f013e1c4db005ced3102dd52354411acfdb3e6613ea7c088656333d7eb9d9cbad2ba4f9583c0d504484cdfeda8b7938a84103685ff71f619a20bb3cdefb1efb222d330cbba7973c69014d21ca45e6bf69cb5b2e114cb89a52aa2635941d0d0e6b4a44bf8ba0e8515fec6bab816aa3a30c7f8c5bb809103178d4a661fde5fb6a8f5fccd19034fef220acfdde03e1d832b53c4f76a678d13c7fb41a3d4cb8af105c5a8cafae3fe0a7adddbb4e59cd8ff0d9e034dadd68fed99bab9932f3d9fa6ce1ba86f1d122f7f7f6ad6ee6cd0bb5072cfb6fcccdd5fe2d182c63f242e9bfb24c2603b9ae4d93237fa45784655cd480015b38b8bce246d65b9cc7e7bc2a272423b11db39e339041935a7d426f3bbc248e73c19aa3b0a18046c1e01fff10ac43006a809a9c79107b0a5110af5253fdf9fe356c1d61731b0e1fb32c042837d357a2e4e3ddae9501087bc4ea43560dc61ed42624801370cd718aaf0c89189f0c66b4e72c1b74ff0a2116b1c406eedfe6f4b09d71c88199ac8837b33978fb652f51d5440b453b24bb1e7ff19ead14531be6ed3a024f175f04c0620a26b8cea8c0cf8330384083c63abb2de1f3729b9ac4fc7f1c9640a963caf952e755e4d806510a85461438494892793d1d80f25141b223cec7b5cc7db29167ae28a15f3f00e1e01ff2b91b7d8936410fbcfba6c1aa18c60dfa4448eefa286a4292316a5a99551f66d58a322dada922c1cb0718497772595a9d2aadef0c06247733277488c89c43e61629699855adf48ffe1978796c327f09b6a7ee53e4928e32d3e980a2d38cf10e70c41e9a4f3d32750793894e52b1f35de5829dda5295bc1b4f2850aafa94052013427130193ea182b88530de5abadc41f34e3f06f007907749ef43bfc7ab941f5597ca058feaf10d05b11403749dd792d9ad6b3c5a86563f3b2e7ca9334f3d142047bdf7ae9c6dc2b02cf0fdb4682a9adf5f4a8c3c608d6553178790a8a83047c4dc22e092b429e6bd93d74f7ba95d8a12a1cd425a790b4de47f7dd74cac41839b9946007ba5b214ac07a5401733971c6e695f934fc5b5f629fa475f71ba74209aa9f287cfa1d548fee18a37e98a2f009bb0689a2c8744ce5afefbf143e45413e08ffbd0e704fcd1e51af57f3ecfc93f55e2f63f9682c621f3f05b62391e7fa60d70563ce707123389584edd76548d4c47288000e02599ce3dee50b47576d5a57a9921d16a9329179992988b661f2379e2ade521d29a846363d785418a9dba46c28debb9166c12e288f84296bdc1a9c98b72f83d219e09a43909da4bd6cb40bc76b65c003e63011a297e84896f52236338a15a2dc520261dcf3944900a1a1c11c7fbd349975d763f2a5a0667779d59cdb98d5ebc8d1aecdc1f358e3c7ecc7ea19557dcf1fd78f9fdec9194d1f232997c86eab0a5043c07bc3a65d54d01e6b6c755afec26cd0af396e99c96e2246e3a91b7da535651c8f4bd9ee2b99088f30f7515d3fab02da5c5624e4c4f3da467b21cc9ac0dad614fb224734559f6611eeebbf9705f7f75d891831d99b2057bff2c79ea555e5164514aa464f3b2e83396ba63d779562ea903e765d65538c727cfd072cf27892dd78e0b5c3e0d1a6028aa0539a24b453acfc729837cdc51f1730aa771eeb0e1cf4ca59ee6cb089b1522aed01a8eaa0c477b53131038c3582cfdca28263e1490ae95fb7f514379297f1e757236a6a9d1736c66a2dea2ff189f4ae75c10600701c45127d5c02e6d1acd120bbcaf648392eda67e28f28e333902da555f584e0094377753b7342c683ac7202f47bac443e15e4172ffb7e82b628ab62b8196279f3b29875b7047ae712c3e8b54b6fe6dd9bbe50b7baeb15176323539e67d2216e216542a39f3aae2cc249be9e6ea4eb50fad885213635f2b18867129f83b5d255904af452acebb7e65f924c0f01fc623dddc2df23a9a4885ee2b9b72629655133f1483b6eed24163d2477bab7be2b102caf8703181d35ff076348d5930f1ea5b1b998adcbd96e81c74d83f8a10f2b0b4e145ecc8d75ed8283e1ae61169b0fb17430faaed6d152251ff8878cda3d270a3bf5fe5fa42bf1218e3dc05909e41ef55e48bcba40df1ca06b62741a23d052e1e9d4bc11830640a5db87004d78fbcd548215dc1b38baf2262fc697e10ce1a11d50eab00d39a796ee1b3b1f2aa1a4493805b1f71a67f688fcef12dbb6da4d33d4891fae9d286fe9a9aa1b4d8a4dbe4226f8bcb9648fff858cee7dfb2b001b888137af3d313cc2337df3c769d16ce8362703865b4b1c55ad09dc401668758dfc0910c127fd2b939c1b85714471e93fa81d7a176342ef5e6f8382b3f7eb48f82d7ab290df042297c51208eb30febe35e97ac5d0f7859bfe4f8d236d02aee781fade3cb7b1800b44f1906b626deba893c6c9b0a3f96511a21033d1bf00219a72413d291993e54f1547af9a6374f9f9d74453fcb488dbd894d1c5126fe3d2d3aa47a91a02ac69b6b377447e20718b4ace4771dcf7f1a0dbdcf4ad666538526855fd664f22ea53d079fc05a2654957bdbf7000000"], 0x1010}, 0x1, 0x0, 0x0, 0x844}, 0x24044804)

25.409435018s ago: executing program 2 (id=2483):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0xfffffffffffffff8}, 0x0)
r3 = syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x4000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140))
socketpair(0x1e, 0x100000005, 0x7fffffff, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES64=r6, @ANYRESHEX=r3, @ANYBLOB="f7c90600", @ANYRESHEX=r1, @ANYBLOB="b1a6d3aa7960dffc24e3fdaf74033927b0558570121f1e3647f32bb7e1aea01aaa886c3d65e17fbdf85b488dd9e571aa546b0b6890dbab9394fa9bdab50c17d51cac4752e0ae55605710a0225ea1a6debaeee90672213a8a7b712c2ac920748fee4d46084a26306c04745d9732a3a3c167e8baf97c20e50ec367b7a458d8f5fcb320b364ee26d42d6545a7690bd15e2c1f81441e9736c95d5147edce3a4fe8aa247daa17cb42fe0f6490c6bc7b09fb6729be38736ba030ae92d6f20fc8e1faed0c44c78b180597479956bbde4528ac29cdc4fb93367bba8bf317b1bfbc3289d2f0128edb10202081e331ac31d6eecf55a2a4532eedf2b7ae24e132cd9e117b67d5ca557903aa0c5055d865f1eb7877650358b76c6fcab139a69296925c64cd7b3d5585dc0e453c47a2ec7d42c42a67254880d1bc0a9895e0d4cd1c4d6686d165662ec990882728d47b0453bd4b435f73815650afaba5df9fbffec28c9492772c19039b"], 0x24}}, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r7, 0x0, 0x78)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYRES16=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
unshare(0x2a020400)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8001, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRES8=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESDEC=r3], 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x408002)
r9 = fcntl$dupfd(r2, 0x406, r5)
write$sndseq(r9, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick=0x81, {0x0, 0xfe}, {}, @quote={{0x71, 0x9}, 0x1, &(0x7f0000000480)={0x9, 0x9c, 0x5, 0x5, @time={0x5, 0x7}, {0x10, 0x7}, {0xa6}, @raw32={[0x2, 0x3, 0x8]}}}}, {0x0, 0x0, 0x0, 0x0, @time={0x7, 0x5}, {}, {}, @note={0x6, 0x0, 0x96, 0x2, 0xf000}}], 0x38)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r9, 0xc0c89425, &(0x7f0000000900)={"7a69794cc4e19c94b93a4d44ba7c5a07", 0x0, <r10=>0x0, {0x2, 0xbe7e}, {0xcef, 0x2}, 0x7fff, [0xff, 0x40, 0x79, 0x7fffffffffffffff, 0x7, 0x4, 0x3, 0xffff, 0x5, 0x35, 0x0, 0x0, 0x7fffffff, 0x2, 0x4, 0x4a2b]})
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000200)=@arm64={0x0, 0xa, 0x4, '\x00', 0x6})
ioctl$BTRFS_IOC_WAIT_SYNC(r9, 0x40089416, &(0x7f00000001c0)=r10)
ioctl$SG_GET_REQUEST_TABLE(r9, 0x2275, &(0x7f00000018c0))

24.324046754s ago: executing program 3 (id=2484):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x5f, 0x2a, 0xb4, 0x20, 0xc72, 0xd, 0x279b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xdb, 0xa2, 0x92}}]}}]}}, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
r3 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r4=>0x0, &(0x7f0000000a40)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x40}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x4881}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000280)={0x40, 0x6}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

24.291554638s ago: executing program 1 (id=2485):
unshare(0x62040200)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(r1, &(0x7f0000000080)={0x11, 0x4, r2, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}, 0x14)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000780)=@getchain={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xd, 0xfff3}, {0x9, 0xfff2}, {0x0, 0xe}}}, 0x24}}, 0x40004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x2)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
syz_emit_ethernet(0x66, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x30, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xc, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x9, 0x8}, @generic={0x1, 0xf, "539e5d238ab988ad84107fd270"}]}}}}}}}}, 0x0)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x3, 0x1, 0x0, @tick=0x9492, {}, {}, @raw8={"280eda6bb4225bbf0a0381a2"}}, {0x2, 0x0, 0x0, 0x6, @tick=0x1, {0x81}, {0x0, 0x8}, @quote}], 0x38)
write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x2, 0x0, @tick, {}, {}, @raw8={"52536153c0d339c837664017"}}, {0x0, 0x0, 0x0, 0x2, @tick, {}, {0x0, 0x7}, @control={0x2, 0x0, 0x7f}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0x54)
ioctl$SG_GET_NUM_WAITING(r5, 0x227d, &(0x7f0000000080))

23.649228414s ago: executing program 0 (id=2486):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x14, &(0x7f0000000040)=ANY=[], 0x48)
connect$unix(r0, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'wg1\x00', 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
timer_gettime(0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
rt_sigpending(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000240)=""/210)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50)
r4 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x40, 0x48, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x67, 0x2, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@setneightbl={0x12, 0x43, 0x1, 0x70bd2c, 0x25dfdbff, {0xa}, [@NDTA_NAME={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

22.485604115s ago: executing program 1 (id=2487):
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_io_uring_setup(0x23a, &(0x7f0000000400)={0x0, 0x80d7, 0x10, 0x5, 0x2cd}, &(0x7f0000000380)=<r1=>0x0, &(0x7f00000002c0)=<r2=>0x0)
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f00000001c0)={0xc}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000100)=0xff, 0x0, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r5, 0x29, 0xd0, &(0x7f0000000080)=0x6, 0x4)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRESHEX=r2, @ANYRES16=r6], 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
r7 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x10000000000000}, 0x0, &(0x7f0000000680)={0xff, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0x0)
ioctl$EVIOCGBITSND(r7, 0x40044591, 0x0)
r8 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000140)='source\x00\xb5\x838\x8d\xbd\xdf\xfe\x9a\xf2RM\xb6\xe0\xf9\xac\xa2\x06\x1cD\xe7C\xa5<\xd1=\x93\xf7\xf7Sn\xcb\xd5\xa7\xc9@D\x81\xff\xaar\xc8\xa9\x13\b\x9a\x8bF\v\x8a\x93F\x00\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f00000001c0)='.\n#)|.\x02\xd8\b\xb2f\xcd\x04\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\x06\x13o\xd6w\xbf\xfa\xd5?\xa3\'\xca%\xd0\x8fKAq\x89f\xbb\x9dC\xd6\xea\xa8\xc2z\xbfe\xadSb3L)Hy\xfao\b\xa4\xb6\xff\xff\xff\xff\xff\xff\xff\xf7\xc7\xa4\xdcY\x9aM\x90\xa4\x05\xa8\xec\xf3\xa4h\x11\x19\x87E$\n://\xf3\x96\xaf\x1c8\b\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495/\x00d\xd2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xb7\x1e\xf7Ys#m\xd40\xceP\xdc\x15FI>\x01\xfa\x15\x93\x9a&\xb4):\xc7?\x8d\x8e\x02\xc6\xf61\xbd\xbcBq\xba\xc6\x8e\x89\x15UTaf\xfc\x89\xab\x19\xd7\x82\x16\x94m\x0e\xb7$\x8c\xd76K\xdc\xd1;\\QPh@$\x06F\x81\xc9\xf8\xf8H\xb2\x85\xa8Cl\xa6\xcd\xb5\xf0\xd0\x1f\'\xc30]\xad7\x1eZA7\x89\xf5\x81b\r\xc1\x7f[\x84y\xac\x12\xaa\xa2-t\x16>V\xfc\xbf\xdb\xe4\x9a\x9eE^\x90oe\xc0\xd9\xc68\x0f\xd4\xcdKC\xadp\xba\xaa\xab\'\x1cRO\x89\x17i\x88\"\x8dQI\xed\x1d\xe1v\xe6&\xd3\x14\xe92\xca\x9dBe\\\x8f\xff\x9b\xc7Sd!\xf8(Z\xd42\xa2\xcdjjBP\xae3\xbd\xec\x8a\x8f:\xeb1\x1cK\xf2\x04s\b\xcb\xa9\x17\x8529\xd7`\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xa4C\x81\xc8iy\xc4\xf7\x7f\x90\xf80\x18jT\xd45\xde\b\x88\xc9Xw\xe9\xf4\xa4\x94Q\x03s/\xac\xd4\xb7o\x99\xf5\xdb\xf9\x99,+\b\x17\xe4\xf4r}\xda\xf5\x12\x16\xb6g\x00\'(\x02[\xef\x03\x90W% \xe6b\xa2\\\x86\xac\xdax\x997AOJ=\x1f\x00\xe1/\n\xael\x15\xcfR\v\x0e\xbc!\xe8\x1cV-`\xf0$\xa6a \x93PV\x8dm@\x9c', 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f00000001c0)={'wg1\x00'})

21.975611917s ago: executing program 0 (id=2488):
socket(0x2, 0x2, 0x1)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c8, 0x12)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
unlink(0x0)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f00007d3000/0x3000)=nil, 0x3000, 0x1000000, 0x40010, r0, 0x0)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000676000/0x1000)=nil, 0x1000, 0x0, 0x8010, r2, 0x10000000)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r2, 0x0, &(0x7f0000000300)="bcf70cf0a5da1225643642fbab4724227432dc539a6228d3c3c186c1f496c25442c71e018db301735cfc44925eb4f947714be7df0d4728202fcb03b87ec682a15ac0bb5cebd41c6638e375323dc8633f9480438bfb79a0c0d0aa", 0x5a, 0x5, 0x1, {0x0, r6}})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x2c0004080, 0x0, 0x0, 0x0, {0x2}, 0x0, 0x0, 0x0, 0x0}, 0x58)

21.649849508s ago: executing program 3 (id=2489):
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f00000001c0))
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x3)
creat(0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x5)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x14, r6, 0xf03, 0x70bd26}, 0x14}, 0x1, 0x0, 0x0, 0x2000d880}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f00000000c0)=0x20)
r7 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r7, 0xc1105511, &(0x7f00000003c0)={{0x7, 0x0, 0x3, 0x1, 'syz0\x00', 0x9}, 0x3, 0x30, 0x1, 0x0, 0x0, 0x7fff, 'syz0\x00', 0x0})
write$binfmt_elf32(r4, 0x0, 0x4cd)
write$dsp(r4, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)

21.349319274s ago: executing program 2 (id=2490):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x5, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009863341008043440cddd0102030109022200010000000009041100000e0101000824020128030118"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000ac0)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x2d, &(0x7f0000000140)=0x7, 0x4)
fsopen(&(0x7f0000001280)='configfs\x00', 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000020000000000000000000000300000001"], 0x4c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)={0x68, 0x4b, 0x20}, 0x20, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f00000001c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000180)={r8, 0x0, 0x0, 0x4, 0xc, 0x8, 0x100, 0x80000001, 0x5, 0x5, 0xfffffff9, 0x80000000})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

19.252672552s ago: executing program 1 (id=2491):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0xf5ffffff, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa4, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x7c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x44, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0xc, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8faa"}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x118}}, 0x0)

19.127439701s ago: executing program 1 (id=2492):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x1, 0x4, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFULA_CFG_MODE={0xa, 0x2, {0x6, 0x1}}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x10000}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xe05e39709130f3de}, 0x4000000)
close(0xffffffffffffffff)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe)
ioctl$VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "e5e81571c97b166978ff61fcfd2409b2b73e0f936ed774de107de8a9041b5113"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000540)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x7})

18.95542018s ago: executing program 0 (id=2493):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$vbi(0x0, 0x1, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000020303000000000000000020000000100800010001"], 0x1c}}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, 0x0, 0x0)
getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240))
io_setup(0x81, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d7401097307733960000000109021200"], 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000ac0)={0x2c, &(0x7f0000000780)={0x40, 0xa, 0x35, {0x35, 0xe, "bce04159134eb82fc6139ec434ce33c1283819a9ea14ce592c532683dddd321e92b785b08b8fbb8ad5a70b34929707cafe0956"}}, &(0x7f0000000980)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f0000000500)={0x0, 0xf, 0x30, {0x5, 0xf, 0x30, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0xd, 0x48}, @ssp_cap={0x10, 0x10, 0xa, 0xad, 0x1, 0x24000, 0xf0f, 0x7, [0xff]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "0949a6cae6252f4627908fd2a4f57365"}]}}, &(0x7f0000000a40)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x60, 0x3, 0x4, "58964b74"}}, &(0x7f0000000a80)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3}}}, &(0x7f0000000f80)={0x84, 0x0, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x9}, 0x0, &(0x7f0000000c80)={0x20, 0x0, 0x4, {0x800, 0x20}}, &(0x7f0000000cc0)={0x40, 0x7, 0x2, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f00)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000f40)={0x40, 0x21, 0x1, 0x6}})
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r9, {0xfff2}, {}, {0x8, 0x10}}}, 0x24}}, 0x0)
sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)

18.27031695s ago: executing program 3 (id=2494):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x141000, 0x57)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x189000, 0x0)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x3, 0x158}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6", 0x49}], 0x1, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000098000000", @ANYBLOB="0000000000000000b702000014000000b7030400000000008500000083000000bf09000000000000550901000000000095000000000000008520000002000000d72b1000000000009500", @ANYRES32=r3], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x2, 0x9, 0x5, 0xb}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000380)=[{0x0, 0x2, 0x10, 0x1}, {0x4, 0x5, 0x4, 0x4}, {0xc21, 0x5, 0x4, 0x3}], 0x10, 0x3ff, @void, @value}, 0x94)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

17.221702279s ago: executing program 3 (id=2495):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x0)
getdents(r1, &(0x7f0000000080)=""/44, 0x2c)
syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x84, &(0x7f0000000b80)={0x40, 0xe, 0x3, "72cc59"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

15.313833004s ago: executing program 3 (id=2496):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$video(&(0x7f0000000000), 0xd, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000002c0)={0x6, @pix={0x2, 0x0, 0x42474752, 0x0, 0x0, 0x0, 0x6, 0xfeedcafe, 0x3, 0x0, 0x1, 0x5}})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0x8}, {r2, 0x3048}], 0x2, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="9991d105209871ef37a64b141c54900a10c14a1ca39afae4bf96ce821e42246e885667ccd72d3857fb76e2d7e0472fccebdbd6f69bd509af099a0ad9570c667fac05a0175afe03da053020d30b847b5ed7fce5db49dcb788489875f24868347301de535db18b69613f58178bbf40eadf871562ae", @ANYBLOB="0500000000c33927de000600000008000300", @ANYRESHEX=r0, @ANYBLOB="2f65a687d286debca40385debf963ba957ecc768d981c4bffeb4faaedf3872a47b9da7c4196b12b87b44daca6fdb1904fa523cca12e8e80c8f9282f29e2b12598087fe322027f779097f3b5071e52949062e569567089a8a9f8fa7887118fa8f94c5de6c6e23c80b9a573a6d10292674a48ec7206919e4f7a2a10b9ecbbf7ae63d94cc84871bbe7aee4e5bfdfb602f9ba4392f598c87307f1cfc4691d723af130e0eb989cbf1c6286862c06a"], 0x83}, 0x1, 0x0, 0x0, 0x801}, 0x20004094)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1b00000000000000000056a1424eb6f0ad7e180080000000002f86b594a20cb7bf7d92941ad7bac4fadcac9e36202099099a28ba5a3f9d5366a9540d13d7f3bf2a9d459f45bd7d2ce660c7ebcd3d65375f3db6005664bdc1b59c41267968b6a051476666199df53533a9c33d28ccc06b9f7a1d59a9ab06b66f3e0e7e973520d18df5414e1257edcf3e8472fa75cea4bb4f012e528a1920bc1cd860a9cec69a15c816188d0177028e292b52e9fd6a3bc1bec373e56b1bc4d40f52a70a000000000000004e4d6ba1f3e9c5", @ANYRES32=0x0, @ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRES32=0x0, @ANYBLOB="feffffff00"/28], 0x50)
r3 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1061, 0x80, 0x4, 0x1ab}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000001500)="6c12a93ad50663a686493277e963eec81b456049bc2a6746304fe386732b539a0320ac7c3477a4153c15d357c026b603bac7164d00aefabf3908b6f7220c1bd1d6184fc30ceb461b1e3a2205bd14bd50ca80bcc32105987fa5d0590df302dcd8dd12b28e5dbda310d7fe52329723b54b6b1a2cc0125dcce28c712cfe0c8ad63ebab450585a058821ef58cfc90f0437a1539dea655dbb2ecef92dd68e1d5ae23b70a6eea86049e4427988046e2956f253983817ebd139a3e41c086370b9b5064b2e00e976af64eed3308aac24a2ce871071d00528d02c122db5cb2652eddf6027d8c802d6dc0734894f5d7e9fa0480e8585fc362268618b565b8cd95df1f2f82cb20cd279f961ced6d20fc2a069830f32fbde9551f259df5ab5a773a5a268efaa0ddf310719bd851751ca731a4f6595f1cbb8b9dced951b1ce042c08c6572651feb4ec041a9d07d095f5193105fccfe255b20be4b4f3ac571a1689a017e1d2534fae6e8f69e7b49c4b5ba384f54e46b4919b6ddd03816bb4993cac39bebb3f4fb5641a5faaf03f112752ccac78e5045fcc86f7986a5f5897f40f33b4fc17c90d0c8e0eabdcd518c8594b1f4c1fad50d061b0ccdb18c02a22cda1d55f840dcbe796ff7ba956ff8db9ed399790b0038ef6c4bbb0f7ab8af0c5b2f12fbe71129024fb4076c3daadaacd3774334364acd7f7218c8c846656b90a2a0cc6829774e7f39bb1df28088d58c52ec49b6fbbb9ae73c7522952550c69d11a8d0b1f08689a712921412a2d612577167d07ba75307bbed9baf54c52560bc18c34bd68cc38b953b1c0263dfdd196b51e412a52439ecc2c036f1e1f09fd6f28e1e7e320c539dd16a37045b9451b2e04bbad3e083646ce6417a5b30a52106c27a139841ab7aa77e6e6ac5321147dc2cf85f662283c1a2b6aec36c8ea5a9a9c32a1b2b24ecd4aa211c1418338672eb11a8b963f8f8647fcd5b5085a30bc366d13156edbee8c4d7aeeb19cd9a2a6e3012792b2c50ec1bf5282a939cb8ccf23bdb670fff978695d677aa209b136a8041d0fbb3fedc0bec49cb56ed9f6ccaf9d8a9a5004ed152902d08f0190771299049ad092ba53a927f6aa21772d209c4ba2bb9a95a4fba70b0c2e6153c5f9845893f99ce9c54f454be0e9a18e3983ce2cfe83f0d3d8d236887b42f94b59d8530cc59ea0c7542eb76d5d2111b385324cc40696fc7debe6f9717311974cd096bdb526dadc49de11f9b9062d0cc49cd554ded300d96f32e7882eb5317f420ab624962a61d134487b391111098492723a220a663f90c3a20f387f527c1a2fd84ad387626b3227caf3c83b9d2cf7d3cd36382c0375db210546577168ab3c742397b42870c2a86ec8f3d13cd2f21c7a1f79ed3412a7aa644eec73ca010f17e6b389767d0e44e5094dac725d6dbd33f199a22b85f0ac011eeef4e9e887d199437d75d391b855e3d57f50fcc279d3423fce6b8fd2c32758727819d7a6e3ee3110f2c6878bd95ca8d42d35abaa8a02f31d04cda51f4959ac8e1973c067ec15d4e1f50d6e6bd7cbcb65071c36d350626475c7ee4ea9b5dfc8ad8dd6b63c5540ccc392bd3aca1cdbb5c1194ba2b32fe6e8e96632ebba1f07e55944fd1a624377563e05c6f2c6045a274666ed5cc89a641b2a3747088a91fbfe15f1a13771ca74cb54c8a02803912b4de1fe0452d74b8e8f793df744d0f69b5d1a0aebc8f208a3d06819767b535a1831886f1d7c9e4fccb2e2372df9d4949863e1f2e3bb8bb4c9e8b8dd408e5af6e22da0c677189de56beb5ebfade4111930f697cb8c79ccff8f7e7574c2194a471b27a74e7e8b21d55d96a19dae2209fedb6b52b16ded4a3d5894df19711272e3eaca1b4786eb970976876aec7f95bb498fdda8dda5af0911f4a4fcde4b65a92c5914dc7bea3284f49184bee8b1acfbf6621bc0521c3549b3ef63f4ecda87433486728301370ebcd676c7e9f42ef8ed85b7616abcb046aee1814abed2fa9b7fb3abe1aaa89a390b4be5058fb1c3f3f149f52df0189d65c80b93bf65028a53de1942c34244b91e9492ec28408715743e9a9d9939c8f785c5f8d2cb600ffbac6babc2e52b2c04a4cf1f15787d3d7e555e642377746fe73c31dfbf1ebd985bc4144665dcbc5d3bf4cc85396c5af2ff4af48a87a5dfa00ef67b19ff8bc3999325568c4b58b18b83c816f9f7533babbcfe2cc0223c3ced95ffe3cd11d1ba4951d6a2dca74a2446829ac03c59d2b448f6a5251a8e4f18f7bb40ec96216d4af452fc93f03e991b4550030cb645f63eaef9c166452d77f3d165c2ba669de4f224bc536541ea479b214edebf2d061f32606cbd4a7a9d08ea9cd8edf29b0797caa08bbac23a3e9b9ea0686ad0a1d4ae5f7c7809e4d95039fb2e6902151120d6fa9d102fdbbd156a251c5f70c62a70097743412409add1e051290ae573e56fafcb0dc1ef910a505ea2756bbaa5acd1cc3192fbb5bb63812c2a284666f84665437e34303459a89b79ee51bcbfd6a5eae94604a0e65610348bde5d94adcf31509e350b1af2ec2fd879a3d3f2d631f99978c9bade641be1d95563ad5475d0baca5f7cb22700484501aa9b4a6a343fb08ff408d833366b3b40893d07f20e4f8a2502aff4d741ac07382f15901059265881702ce8d86405c4f6c654a7cf1cf29c34cb7b00c84418816cc4b6725c87a807fd3f82a056b65230bd3cf8f91e891c17b1e528b372df913544a84071886ff7692272744a3637045217d769344f618cd556d17c9ae221363dfe3ca5d550fdf6b6a5dfbfbc3a1c263dd8e5bc41519924a59e64e651da8468902054e18827b7bbfabd49a3fa06af65586bbb1b62cc1a9c26f7809f3c2e7b6967453bc4c45141a2ed4bf4f53228318e5ed68b927bc784bb6a555febc0588effa8d376d0877c2940ab69a1154a7f599d79b902329b59b8cf14c4f988c5573a0feec7048168421384e623379ceb1775746bcc761a82869c13fecf4d9c649c477cd117fcd6790cce9388f67005af3fdbdc33bd17cf24868b6325e44519b01e3ee0412da851d86fd616f9ef6077280ee5043abda9a25c623054c9d9a778e486f992f98ae1738b93dec565ea663e1f58a7ea1f845da00bb264f618d66d66c736da3732eb232cc9374c27d2cb9580766c586653b5f20e0ba81b5494aba7f46c0f9f5e008574070b2000c62ac4c0c5430f14ff05991af1ca761a52c38277fa2fa4d8d9a3e3fa5b73cd9ccc60d5570d17461354c991405a2dc67662c3b446821561f3fe93c90ba7e1ec8daf3b73dca32cf4622cd199249fdb6ce01ea05b34aed72a1053edd85b87ae460f65a0d1069c747b029d910af12cc7df4a69fa29a17bdd2f612e0fe5aac7c7326d320ed805524d4af257a16ce65a6b16dc0fe4172b8b10921bfbb4ad50ebc1fac8850caeadffe8243a10c9a69155a64e3090e1595c229e38473a05e558e41c90a1e0e4cdd28fac1ae234d382c7f97589d358ea789a5b156104bf224ea9fdb054e8cd8798f3464f3b3c9f2e093fdaebe639d85c9e369648ba74d9d3286c645a93501341c42e484b2261d01b3d7e6d15944c28781fed744822a04a33bdd98c7a3a6d83753606b23066a92ae17b5d3e9ae54a62134241e1ef387c5142f63725bb2bcd3d08936402bc218831c779854cf98b01334d905a2e7db16cf25d267abcc79328dacbea0f2ea5769f68cf98e3be43c8d2266d216042caffe469e2ccdfb58e197227b5ef2ee3a41eadc0049b78169f5bfdc7975ec3d5bacc3aab3b283d6dc694578769853c660a6a2f95b4b6efec458ab9dd5a06277357223418e7ce3809a7c9d326b418e6473a13acb2f67bffeb7aa8b490a0226a472bf387c34cc0593106342d6c4f6a8e399ae14d386c3a1dce743bc81ea1cca2b3647e2b8dccd65b083ac1fd23c7cd056ea53dcebf978cdac8d69af819fcf94d02cf44b55b5afcb0fa00e459b212ee4e0cdce01ccfce915dd53eef308659d29ccde90a9dec0614981665e71d1d3da8c2c84e47aed007350442cdc67051e8a097d0125b8f98b74b80907cfa413bf80e65ad3d82b0628b68284522d1e5ec6d43e42ec37e50334cc9e4578be08542fbb42e8798de44ae0b2316fd8bf47c45dc0c713445a80d419900336a032d0b293b6401e0ca1cf90c346fc818dab6a307e29e3403901ace0d6e004e8e3244f05aae6092abfe69bfc523e8eb0fd8e233cd506594c366ab41ac98a143c72dd7eab368b574a7822e5b3930232ac447d23411736ae59edbb6ecf1e5cd25dfb94cc0c4bd5fcc8ad79e9ee5345e3c01567b52de7d23ffa3a6ec67c494f060e769788bdce7df88f91db17998de12f63683d44d442aad49537dd19f4f0e689f0e2a17bcb81f4d28ec092599cbe535ff83fcafcf79bb744f0b82c32181f873995ee62de9c22606f8d302743b9ac635a89624b922c95be582bddfdddcf42064e4a27f90556b1263f614957ca941be9a088f4cd64298954da61dc0152f87a44248d229593174d9400f3d55ddd9d4cb1e5d2ce5145048c995927fa2271f4632bf2c8fabf3916ef1e1bce98a2f739da651ce8247147b5d8c1ea35d9bd2d3a291f3ae79195b09e9bc7f4938d2047b463810c7d3132baf72122c8b2f63bcc996616d90e158af69ad96afd0e0090b4c91b8c5a97b6a731a2acae4c313bd1ba776b36c57d3db29a216f7636b29c743af6e4084dbdb801e092c0f4216b4fca584b6693743fc7aa1409caeb8e6d444bb1a0b791c270349f2265e84b1f09d5a24b366a2404e2a55f9d39736c0d2e4494172b90ed33c6ff9ee37d6cb6309c827b7df9697873fb98a8e6b35a799e26f9decad9b857e3a2391a016bf4dbf31ef1f3358af6656b06e7659f380415815e4557ee536bca885169899bb1a2561202188e57691104bbeca27364058573f42c00252999aae6af45f6181effea2d6108067ea62b0679ab94a62dc577711baa64c3bd080ded5b8f12a7d8590e5e62db39ed0ef5604467b7acb001e54dad6241d553c5cc8fdf629866ba7fbb74c4bdab360fad718baa1f753ebb06acdc88b6d90c17d7cd0db6fae7c30b60ef6f27c9c36c1d508e0381f844bf9a36ad171e173e998d347eeb4e983fb9bcebec2b4079447c28b31bcffc8aefbe0501ab6e3be414cd82be919e7b4de4194a5a8d840bb267489d0b10607a97fbaa5e875bb1fb6446c27899140adb98dbdb39dd7c295d2e0fd50413d2bac04148c644b4e5825fc669b4b14b90f3de555dabd1e35c3aef4806398b78700edaa56077b34726bd1212e442295c4704cd6c8e1d3734a0fac3dd9ed12addf46b9ff830d73efb6ecf262a8eaa60d012c115a6029f610b574fcc4b7c866516b6825111e8b1a83af0a7a35f55b197cbab41122a3986fdf60572e706893cf7c5b930bad12b9226f396aa93e08b44d907e64bf1c6089aaf03bc859e73ecb3c94411f72cf0e17958bcff8a361b5c518d6405f2848d7675f2542ecf3ae6ca34d55acee40227a65544b385c5963d88450cdd7d365c5721a66537a3581c8716509e3d36fcd541cb22cce47bfcfb416503bcd701f569c855b4ac3e1a1ca51dcf958dd0e57b9e50d8a2864de64714ec9c5321b5b48a4c83b27d65671acece7fd03e56fc81fb17e338020a6e1cd0a7fd774acda3a301fb0e6c5f1597c5927443af67bea655b17c406726c61ee7fb73620498aff5b7adc3839b6af13f6662ab1a49809d965b092680ade90400445b644daac2dd5469214cda63513b43ec93feb5616e3fee35bc45cd16dcfa62fb8ae5db338a61215e64166a1621ab44f381d7f4", 0xffe}, {&(0x7f0000000140)="ecc59c", 0x3}], 0x2, 0x8, 0x1, {0x2}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x47f8, 0x0, 0x0, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x11, &(0x7f00000002c0)={0x4, 0x9, 0x4c})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000a0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0xc008ae05, &(0x7f0000000040)=""/13)

15.11700177s ago: executing program 3 (id=2497):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x14, &(0x7f0000000040)=ANY=[], 0x48)
connect$unix(r0, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'wg1\x00', 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
timer_gettime(0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
rt_sigpending(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000240)=""/210)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50)
r4 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x40, 0x48, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x67, 0x2, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@setneightbl={0x12, 0x43, 0x1, 0x70bd2c, 0x25dfdbff, {0xa}, [@NDTA_NAME={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

6.005659649s ago: executing program 32 (id=2490):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x5, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009863341008043440cddd0102030109022200010000000009041100000e0101000824020128030118"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000ac0)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x2d, &(0x7f0000000140)=0x7, 0x4)
fsopen(&(0x7f0000001280)='configfs\x00', 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000020000000000000000000000300000001"], 0x4c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)={0x68, 0x4b, 0x20}, 0x20, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cgroups\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f00000001c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000180)={r8, 0x0, 0x0, 0x4, 0xc, 0x8, 0x100, 0x80000001, 0x5, 0x5, 0xfffffff9, 0x80000000})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

4.002033693s ago: executing program 33 (id=2492):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x1, 0x4, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFULA_CFG_MODE={0xa, 0x2, {0x6, 0x1}}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x10000}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xe05e39709130f3de}, 0x4000000)
close(0xffffffffffffffff)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe)
ioctl$VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "e5e81571c97b166978ff61fcfd2409b2b73e0f936ed774de107de8a9041b5113"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000540)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x7})

2.994813614s ago: executing program 34 (id=2493):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$vbi(0x0, 0x1, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000020303000000000000000020000000100800010001"], 0x1c}}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, 0x0, 0x0)
getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240))
io_setup(0x81, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d7401097307733960000000109021200"], 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000ac0)={0x2c, &(0x7f0000000780)={0x40, 0xa, 0x35, {0x35, 0xe, "bce04159134eb82fc6139ec434ce33c1283819a9ea14ce592c532683dddd321e92b785b08b8fbb8ad5a70b34929707cafe0956"}}, &(0x7f0000000980)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f0000000500)={0x0, 0xf, 0x30, {0x5, 0xf, 0x30, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x4, 0xd, 0x48}, @ssp_cap={0x10, 0x10, 0xa, 0xad, 0x1, 0x24000, 0xf0f, 0x7, [0xff]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "0949a6cae6252f4627908fd2a4f57365"}]}}, &(0x7f0000000a40)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x60, 0x3, 0x4, "58964b74"}}, &(0x7f0000000a80)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x4, 0x5, 0x1, 0x2, 0x9, 0x3}}}, &(0x7f0000000f80)={0x84, 0x0, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x9}, 0x0, &(0x7f0000000c80)={0x20, 0x0, 0x4, {0x800, 0x20}}, &(0x7f0000000cc0)={0x40, 0x7, 0x2, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f00)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000f40)={0x40, 0x21, 0x1, 0x6}})
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r9, {0xfff2}, {}, {0x8, 0x10}}}, 0x24}}, 0x0)
sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)

0s ago: executing program 35 (id=2497):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x14, &(0x7f0000000040)=ANY=[], 0x48)
connect$unix(r0, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'wg1\x00', 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
timer_gettime(0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
rt_sigpending(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000240)=""/210)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50)
r4 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x40, 0x48, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x0, 0x80, 0x0, 0x0, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x67, 0x2, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@setneightbl={0x12, 0x43, 0x1, 0x70bd2c, 0x25dfdbff, {0xa}, [@NDTA_NAME={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):


[  628.380871][   T24] usb 1-1: config 0 descriptor??
[  628.388662][   T24] gspca_main: se401-2.14.0 probing 047d:5003
[  628.448699][T14265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.460599][T14265] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.797761][   T24] gspca_se401: Bayer format not supported!
[  628.883097][ T5897] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  629.031863][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  629.043091][ T5897] usb 4-1: Using ep0 maxpacket: 16
[  629.045435][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  629.060346][T14245] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2210'.
[  629.061185][ T5897] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  629.086414][ T5897] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  629.094305][    T9] usb 1-1: USB disconnect, device number 4
[  629.097831][ T5897] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  629.113309][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.121493][ T5897] usb 4-1: Product: syz
[  629.126118][ T5897] usb 4-1: Manufacturer: syz
[  629.130721][ T5897] usb 4-1: SerialNumber: syz
[  629.138513][T14278] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2220'.
[  629.153472][T14278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2220'.
[  629.352366][T14272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  629.370009][T14272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  629.385615][ T5897] usb 4-1: 0:2 : does not exist
[  629.394718][ T5897] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  629.420180][ T5897] usb 4-1: USB disconnect, device number 28
[  629.468542][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  630.281686][T14309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  630.292951][T14309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  630.317442][T14308] usb usb8: usbfs: process 14308 (syz.2.2228) did not claim interface 0 before use
[  630.885152][T14318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2230'.
[  630.907124][T14318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2230'.
[  630.919252][T14318] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2230'.
[  632.213475][ T5897] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  632.246986][T14326] delete_channel: no stack
[  632.373058][ T5897] usb 4-1: Using ep0 maxpacket: 8
[  632.386656][ T5897] usb 4-1: config 0 has an invalid interface number: 246 but max is 0
[  632.401011][ T5897] usb 4-1: config 0 has no interface number 0
[  632.411091][ T5897] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  632.423497][ T1209] usb 2-1: new low-speed USB device number 19 using dummy_hcd
[  632.431653][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.440184][ T5897] usb 4-1: Product: syz
[  632.446888][ T5897] usb 4-1: Manufacturer: syz
[  632.453221][ T5897] usb 4-1: SerialNumber: syz
[  632.470300][ T5897] usb 4-1: config 0 descriptor??
[  632.571119][ T5897] msi2500 4-1:0.246: Registered as swradio24
[  632.578093][ T5897] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  632.595048][ T1209] usb 2-1: config 0 has an invalid interface number: 62 but max is 0
[  632.617913][ T1209] usb 2-1: config 0 has no interface number 0
[  632.670585][ T1209] usb 2-1: too many endpoints for config 0 interface 62 altsetting 0: 158, using maximum allowed: 30
[  632.738339][ T1209] usb 2-1: config 0 interface 62 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 158
[  632.769993][T14331] netlink: 'syz.3.2233': attribute type 10 has an invalid length.
[  632.780832][T14331] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2233'.
[  632.811437][ T1209] usb 2-1: New USB device found, idVendor=12d1, idProduct=1417, bcdDevice= 0.00
[  632.861086][ T1209] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.909923][ T1209] usb 2-1: config 0 descriptor??
[  632.917417][ T5897] usb 4-1: USB disconnect, device number 29
[  633.047486][T14343] program syz.0.2236 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  633.133273][T14335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.142177][T14335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  633.199376][T14347] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2238'.
[  633.416506][ T1209] usb 2-1: string descriptor 0 read error: -71
[  633.433397][ T1209] usb-storage 2-1:0.62: USB Mass Storage device detected
[  633.483817][T14355] usb usb8: usbfs: process 14355 (syz.4.2240) did not claim interface 0 before use
[  633.513049][ T5897] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  633.568566][ T1209] usb 2-1: USB disconnect, device number 19
[  633.593329][ T5919] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  633.693138][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  633.753120][ T5919] usb 1-1: Using ep0 maxpacket: 8
[  633.802791][ T5919] usb 1-1: config 0 has an invalid interface number: 246 but max is 0
[  633.811241][ T5919] usb 1-1: config 0 has no interface number 0
[  633.821560][ T5919] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  633.834497][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.842551][ T5919] usb 1-1: Product: syz
[  633.847441][ T5919] usb 1-1: Manufacturer: syz
[  633.894272][ T5919] usb 1-1: SerialNumber: syz
[  633.909998][ T5919] usb 1-1: config 0 descriptor??
[  634.041869][ T5919] msi2500 1-1:0.246: Registered as swradio24
[  634.048027][ T5919] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  634.151587][T14351] netlink: 'syz.0.2239': attribute type 10 has an invalid length.
[  634.300455][T14351] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2239'.
[  634.592783][ T1209] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  634.763387][   T24] usb 1-1: USB disconnect, device number 5
[  634.833300][ T1209] usb 2-1: Using ep0 maxpacket: 8
[  634.842469][ T1209] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  634.859190][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.880552][ T1209] usb 2-1: Product: syz
[  634.900044][ T1209] usb 2-1: Manufacturer: syz
[  634.919831][ T1209] usb 2-1: SerialNumber: syz
[  634.948784][ T1209] usb 2-1: config 0 descriptor??
[  634.961893][ T1209] gspca_main: sq930x-2.14.0 probing 2770:930c
[  635.486797][ T1209] gspca_sq930x: reg_r 001f failed -110
[  635.503097][ T1209] sq930x 2-1:0.0: probe with driver sq930x failed with error -110
[  636.195272][ T5897] usb 3-1: unable to get BOS descriptor or descriptor too short
[  636.224656][ T5897] usb 3-1: unable to read config index 0 descriptor/start: -71
[  636.282445][ T5897] usb 3-1: can't read configurations, error -71
[  636.400274][T14385] FAULT_INJECTION: forcing a failure.
[  636.400274][T14385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  636.471019][T14385] CPU: 1 UID: 0 PID: 14385 Comm: syz.4.2248 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  636.471043][T14385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  636.471053][T14385] Call Trace:
[  636.471059][T14385]  <TASK>
[  636.471067][T14385]  dump_stack_lvl+0x189/0x250
[  636.471096][T14385]  ? __pfx____ratelimit+0x10/0x10
[  636.471118][T14385]  ? __pfx_dump_stack_lvl+0x10/0x10
[  636.471141][T14385]  ? __pfx__printk+0x10/0x10
[  636.471158][T14385]  ? __might_fault+0xb0/0x130
[  636.471184][T14385]  should_fail_ex+0x414/0x560
[  636.471209][T14385]  _copy_from_user+0x2d/0xb0
[  636.471227][T14385]  ___sys_sendmsg+0x158/0x2a0
[  636.471252][T14385]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.471306][T14385]  ? __fget_files+0x2a/0x420
[  636.471324][T14385]  ? __fget_files+0x3a0/0x420
[  636.471352][T14385]  __x64_sys_sendmsg+0x19b/0x260
[  636.471375][T14385]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  636.471405][T14385]  ? __pfx_ksys_write+0x10/0x10
[  636.471419][T14385]  ? rcu_is_watching+0x15/0xb0
[  636.471447][T14385]  ? do_syscall_64+0xbe/0x3b0
[  636.471466][T14385]  do_syscall_64+0xfa/0x3b0
[  636.471480][T14385]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.471503][T14385]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.471519][T14385]  ? clear_bhb_loop+0x60/0xb0
[  636.471540][T14385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.471556][T14385] RIP: 0033:0x7fc2bb98e929
[  636.471572][T14385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  636.471587][T14385] RSP: 002b:00007fc2b97f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  636.471612][T14385] RAX: ffffffffffffffda RBX: 00007fc2bbbb5fa0 RCX: 00007fc2bb98e929
[  636.471625][T14385] RDX: 0000000000044080 RSI: 0000200000000040 RDI: 0000000000000003
[  636.471636][T14385] RBP: 00007fc2b97f6090 R08: 0000000000000000 R09: 0000000000000000
[  636.471647][T14385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  636.471658][T14385] R13: 0000000000000000 R14: 00007fc2bbbb5fa0 R15: 00007fc2bbcdfa28
[  636.471685][T14385]  </TASK>
[  636.764718][   T92] usb 2-1: USB disconnect, device number 20
[  637.062843][   T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  637.213831][T14399] usb usb8: usbfs: process 14399 (syz.2.2252) did not claim interface 0 before use
[  637.238958][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  637.249497][   T24] usb 4-1: config 0 has no interfaces?
[  637.259469][   T24] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  637.313158][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.358301][   T24] usb 4-1: config 0 descriptor??
[  637.537709][T14401] syz.1.2253 (14401): drop_caches: 1
[  637.620032][T14390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2249'.
[  637.746213][T14404] syz.1.2253 (14404): drop_caches: 1
[  637.803642][T14401] syz.1.2253 (14401): drop_caches: 1
[  637.942985][ T1209] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  638.093081][ T1209] usb 1-1: Invalid ep0 maxpacket: 9
[  638.232902][ T1209] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  638.392808][ T1209] usb 1-1: Invalid ep0 maxpacket: 9
[  638.398388][ T1209] usb usb1-port1: attempt power cycle
[  638.521827][T14419] FAULT_INJECTION: forcing a failure.
[  638.521827][T14419] name failslab, interval 1, probability 0, space 0, times 0
[  638.536053][T14419] CPU: 0 UID: 0 PID: 14419 Comm: syz.2.2259 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  638.536076][T14419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  638.536087][T14419] Call Trace:
[  638.536095][T14419]  <TASK>
[  638.536103][T14419]  dump_stack_lvl+0x189/0x250
[  638.536133][T14419]  ? __pfx____ratelimit+0x10/0x10
[  638.536157][T14419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  638.536182][T14419]  ? __pfx__printk+0x10/0x10
[  638.536203][T14419]  ? __pfx___might_resched+0x10/0x10
[  638.536226][T14419]  ? fs_reclaim_acquire+0x7d/0x100
[  638.536251][T14419]  should_fail_ex+0x414/0x560
[  638.536277][T14419]  should_failslab+0xa8/0x100
[  638.536297][T14419]  __kmalloc_noprof+0xcb/0x4f0
[  638.536313][T14419]  ? tomoyo_encode+0x28b/0x550
[  638.536339][T14419]  tomoyo_encode+0x28b/0x550
[  638.536366][T14419]  tomoyo_realpath_from_path+0x58d/0x5d0
[  638.536388][T14419]  ? tomoyo_domain+0xd9/0x130
[  638.536416][T14419]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  638.536435][T14419]  tomoyo_path_number_perm+0x1e8/0x5a0
[  638.536458][T14419]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  638.536495][T14419]  ? __lock_acquire+0xab9/0xd20
[  638.536538][T14419]  ? __fget_files+0x2a/0x420
[  638.536560][T14419]  ? __fget_files+0x2a/0x420
[  638.536577][T14419]  ? __fget_files+0x3a0/0x420
[  638.536594][T14419]  ? __fget_files+0x2a/0x420
[  638.536617][T14419]  security_file_ioctl+0xcb/0x2d0
[  638.536638][T14419]  __se_sys_ioctl+0x47/0x170
[  638.536671][T14419]  do_syscall_64+0xfa/0x3b0
[  638.536688][T14419]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.536703][T14419]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  638.536719][T14419]  ? clear_bhb_loop+0x60/0xb0
[  638.536740][T14419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.536759][T14419] RIP: 0033:0x7fd2bf38e929
[  638.536775][T14419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.536790][T14419] RSP: 002b:00007fd2c01cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  638.536809][T14419] RAX: ffffffffffffffda RBX: 00007fd2bf5b5fa0 RCX: 00007fd2bf38e929
[  638.536822][T14419] RDX: 00002000000000c0 RSI: 000000004048aecb RDI: 0000000000000005
[  638.536833][T14419] RBP: 00007fd2c01cd090 R08: 0000000000000000 R09: 0000000000000000
[  638.536844][T14419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.536855][T14419] R13: 0000000000000000 R14: 00007fd2bf5b5fa0 R15: 00007fd2bf6dfa28
[  638.536883][T14419]  </TASK>
[  638.537215][T14419] ERROR: Out of memory at tomoyo_realpath_from_path.
[  638.752831][ T5897] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  638.823060][ T1209] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  638.843882][ T1209] usb 1-1: Invalid ep0 maxpacket: 9
[  638.982734][ T1209] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  639.007235][T14422] input: syz0 as /devices/virtual/input/input48
[  639.030719][T14424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  639.045152][ T1209] usb 1-1: Invalid ep0 maxpacket: 9
[  639.045348][T14424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  639.051902][ T1209] usb usb1-port1: unable to enumerate USB device
[  639.077418][ T5897] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  639.086468][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  639.135794][ T5897] usb 2-1: config 0 has no interface number 0
[  639.167721][ T5897] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  639.208539][ T5897] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  639.315782][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  639.383279][ T5897] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  639.399758][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.418097][ T5897] usb 2-1: Product: syz
[  639.429468][ T5897] usb 2-1: Manufacturer: syz
[  639.439039][ T5897] usb 2-1: SerialNumber: syz
[  639.450852][ T5897] usb 2-1: config 0 descriptor??
[  639.492984][    T9] usb 3-1: Using ep0 maxpacket: 16
[  639.510399][    T9] usb 3-1: config 7 has an invalid interface number: 154 but max is 0
[  639.528859][    T9] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  639.540254][    T9] usb 3-1: config 7 has no interface number 0
[  639.549363][    T9] usb 3-1: config 7 interface 154 altsetting 9 has an endpoint descriptor with address 0xD3, changing to 0x83
[  639.562233][    T9] usb 3-1: config 7 interface 154 altsetting 9 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  639.576868][    T9] usb 3-1: config 7 interface 154 altsetting 9 endpoint 0x83 has invalid wMaxPacketSize 0
[  639.588615][    T9] usb 3-1: config 7 interface 154 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  639.595000][   T92] usb 4-1: USB disconnect, device number 30
[  639.604861][    T9] usb 3-1: config 7 interface 154 has no altsetting 0
[  639.646614][    T9] usb 3-1: New USB device found, idVendor=0438, idProduct=b002, bcdDevice=4d.27
[  639.697547][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.720668][ T5897] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71
[  639.724201][    T9] usb 3-1: Product: syz
[  639.754711][ T5897] usb 2-1: USB disconnect, device number 21
[  639.759010][    T9] usb 3-1: Manufacturer: syz
[  639.775683][    T9] usb 3-1: SerialNumber: syz
[  639.841322][T14431] usb usb8: usbfs: process 14431 (syz.4.2264) did not claim interface 0 before use
[  640.028859][    T9] em28xx 3-1:7.154: New device syz syz @ 480 Mbps (0438:b002, interface 154, class 154)
[  640.114403][   T92] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  640.118101][    T9] em28xx 3-1:7.154: Audio interface 154 found (Vendor Class)
[  640.203427][    T9] em28xx 3-1:7.154: unknown em28xx chip ID (0)
[  640.209917][    T9] em28xx 3-1:7.154: Config register raw data: 0xfffffffb
[  640.217604][    T9] em28xx 3-1:7.154: AC97 chip type couldn't be determined
[  640.224776][    T9] em28xx 3-1:7.154: No AC97 audio processor
[  640.244674][    T9] usb 3-1: USB disconnect, device number 17
[  640.273091][   T92] usb 4-1: Using ep0 maxpacket: 8
[  640.286782][   T92] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  640.296860][   T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.321258][   T92] usb 4-1: Product: syz
[  640.325750][   T92] usb 4-1: Manufacturer: syz
[  640.345008][   T92] usb 4-1: SerialNumber: syz
[  640.361519][   T92] usb 4-1: config 0 descriptor??
[  640.378733][   T92] gspca_main: sq930x-2.14.0 probing 2770:930c
[  640.743728][T14444] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2269'.
[  640.941540][   T92] gspca_sq930x: reg_r 001f failed -110
[  640.966106][   T92] sq930x 4-1:0.0: probe with driver sq930x failed with error -110
[  640.998434][T14444] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2269'.
[  641.388520][T14458] usb usb8: usbfs: process 14458 (syz.2.2274) did not claim interface 0 before use
[  641.446374][T14459] syz.4.2272 (14459): drop_caches: 1
[  641.457134][T14458] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2274'.
[  641.593440][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2274'.
[  641.615659][ T5919] usb 4-1: USB disconnect, device number 31
[  641.661195][T14459] syz.4.2272 (14459): drop_caches: 1
[  641.673372][   T92] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  641.784419][T14460] syz.4.2272 (14460): drop_caches: 1
[  641.848385][T14463] usb usb8: usbfs: process 14463 (syz.2.2275) did not claim interface 0 before use
[  641.882721][   T92] usb 1-1: Using ep0 maxpacket: 16
[  641.905928][   T92] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  641.925617][   T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.948591][   T92] usb 1-1: Product: syz
[  641.960769][   T92] usb 1-1: Manufacturer: syz
[  641.970905][   T92] usb 1-1: SerialNumber: syz
[  641.992490][   T92] usb 1-1: config 0 descriptor??
[  642.029094][   T92] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  642.062405][   T92] usb 1-1: Detected FT232H
[  642.273593][T14479] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2280'.
[  642.441647][   T92] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  642.450007][   T92] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[  642.458788][   T92] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  642.495324][   T92] usb 1-1: USB disconnect, device number 10
[  642.687578][   T92] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  642.716317][   T92] ftdi_sio 1-1:0.0: device disconnected
[  642.886004][T14490] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  642.892527][T14490] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  642.910256][T14490] vhci_hcd vhci_hcd.0: Device attached
[  643.243944][T14490] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  643.282984][ T1209] usb 39-1: new high-speed USB device number 8 using vhci_hcd
[  643.532840][    T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  643.554635][T14496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.563495][T14496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.613277][T14496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.641496][T14496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.694829][    T9] usb 4-1: Using ep0 maxpacket: 16
[  643.701523][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.722025][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  643.772981][ T5829] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  643.792854][    T9] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  643.830547][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.864759][    T9] usb 4-1: config 0 descriptor??
[  643.923458][    T9] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input51
[  643.963704][ T5829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  643.983104][ T5829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  644.013145][ T5829] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  644.027381][ T5829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.065533][ T5829] usb 1-1: config 0 descriptor??
[  644.098669][    T9] usb 4-1: USB disconnect, device number 32
[  644.125077][T14509] usb usb8: usbfs: process 14509 (syz.1.2286) did not claim interface 0 before use
[  644.165733][T14491] vhci_hcd: connection reset by peer
[  644.175683][ T2992] vhci_hcd: stop threads
[  644.286230][ T2992] vhci_hcd: release socket
[  644.298427][ T2992] vhci_hcd: disconnect device
[  644.301516][ T5829] usbhid 1-1:0.0: can't add hid device: -71
[  644.340738][ T5829] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  644.367368][ T5829] usb 1-1: USB disconnect, device number 11
[  644.932240][T14523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.941259][T14523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.354589][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  645.877899][   T24] usb 1-1: Using ep0 maxpacket: 16
[  645.898511][   T24] usb 1-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  645.934015][   T24] usb 1-1: config 253 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 32
[  645.951618][   T24] usb 1-1: config 253 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  645.979739][   T24] usb 1-1: config 253 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  646.035111][   T24] usb 1-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  646.269151][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  646.312950][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  646.373909][   T24] usb 1-1: SerialNumber: syz
[  646.457015][T14522] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  646.506567][T14522] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  646.541294][T14522] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  647.065699][   T24] usb 1-1: USB disconnect, device number 12
[  647.653790][   T24] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  647.826111][T14545] syz.3.2296 (14545): drop_caches: 1
[  647.838983][T14548] syz.3.2296 (14548): drop_caches: 1
[  647.890404][T14553] usb usb8: usbfs: process 14553 (syz.0.2297) did not claim interface 0 before use
[  647.892758][   T24] usb 2-1: Using ep0 maxpacket: 16
[  647.930537][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  647.987579][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.007984][   T24] usb 2-1: Product: syz
[  648.039829][   T24] usb 2-1: Manufacturer: syz
[  648.056577][   T24] usb 2-1: SerialNumber: syz
[  648.056686][T14555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2298'.
[  648.092433][T14555] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2298'.
[  648.106859][   T24] r8152-cfgselector 2-1: Unknown version 0x0000
[  648.122233][   T24] r8152-cfgselector 2-1: config 0 descriptor??
[  648.154656][T14545] syz.3.2296 (14545): drop_caches: 1
[  648.436360][   T24] r8152-cfgselector 2-1: Unknown version 0x0000
[  648.451887][T14559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.465298][   T24] r8152-cfgselector 2-1: bad CDC descriptors
[  648.480394][T14559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.502813][ T1209] vhci_hcd: vhci_device speed not set
[  648.641314][   T24] r8152-cfgselector 2-1: USB disconnect, device number 22
[  650.796242][ T5897] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  650.799883][T14592] usb usb8: usbfs: process 14592 (syz.4.2308) did not claim interface 0 before use
[  650.932759][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  651.092756][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  651.101302][ T5897] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  651.116314][ T5897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  651.126995][   T24] usb 1-1: Using ep0 maxpacket: 8
[  651.137009][ T5897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  651.148155][   T24] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  651.159126][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.170798][   T24] usb 1-1: Product: syz
[  651.177686][ T5897] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  651.187725][   T24] usb 1-1: Manufacturer: syz
[  651.192375][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.202252][   T24] usb 1-1: SerialNumber: syz
[  651.210583][ T5897] usb 3-1: Product: syz
[  651.217060][   T24] usb 1-1: config 0 descriptor??
[  651.226120][ T5897] usb 3-1: Manufacturer: syz
[  651.235001][   T24] gspca_main: sq930x-2.14.0 probing 2770:930c
[  651.241221][ T5897] usb 3-1: SerialNumber: syz
[  651.341638][T14596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.370831][T14596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.665901][ T5897] usb 3-1: 0:2 : does not exist
[  651.753152][   T24] gspca_sq930x: reg_r 001f failed -110
[  651.759047][   T24] sq930x 1-1:0.0: probe with driver sq930x failed with error -110
[  653.283009][ T5829] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  653.372218][ T1209] usb 1-1: USB disconnect, device number 13
[  653.454686][ T5829] usb 2-1: too many configurations: 33, using maximum allowed: 8
[  653.490719][ T5829] usb 2-1: New USB device found, idVendor=0eb1, idProduct=6668, bcdDevice=57.b8
[  653.506094][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.515149][ T5829] usb 2-1: Product: syz
[  653.527543][ T5829] usb 2-1: Manufacturer: syz
[  653.538881][ T5829] usb 2-1: SerialNumber: syz
[  653.551818][ T5829] usb 2-1: config 0 descriptor??
[  653.572063][ T5829] go7007-loader 2-1:0.0: can't handle multiple config
[  653.583716][ T5829] go7007-loader 2-1:0.0: probe failed
[  653.768668][T14607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2312'.
[  653.787647][T14607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2312'.
[  653.809990][T14607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.845380][T14607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.880689][ T1209] usb 2-1: USB disconnect, device number 23
[  654.012243][T14618] usb usb8: usbfs: process 14618 (syz.0.2315) did not claim interface 0 before use
[  654.064400][T14618] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2315'.
[  654.184068][T14621] netlink: 'syz.0.2316': attribute type 4 has an invalid length.
[  654.203026][T14621] netlink: 'syz.0.2316': attribute type 4 has an invalid length.
[  654.309811][ T5897] usb 3-1: 1:0: cannot get min/max values for control 2 (id 1)
[  654.323296][ T1209] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  654.445859][ T5897] usb 3-1: USB disconnect, device number 18
[  654.482849][ T1209] usb 2-1: Using ep0 maxpacket: 32
[  654.505081][ T1209] usb 2-1: unable to get BOS descriptor set
[  654.512249][ T1209] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  654.540875][ T1209] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  654.870590][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  654.903343][ T1209] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  654.944423][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.953703][T14633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2319'.
[  654.994271][ T1209] usb 2-1: Product: ࠄ
[  655.031521][ T1209] usb 2-1: Manufacturer: 팋耫岥負ສꄙﭔ⾒沊瀞㭱其ꚷ틀⭯겭褖軎㖓낂ʧ홍犺ꗀ甼꾪縉䘳睡뫯襜ꢍ鈿ꬱ熊↕퐎旺驿㩪⣄ﶢ뽝쐗䷷챈엥ꅤ늓쒜錸⁦쭎퀾獇〹谎쮶謲土⳧锠⛘顏ﳚ둢냹쭶궜軤줘爠鍙헴魤耊퀳짍鿇潿끸䲉ё㸪
[  655.062418][T14633] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2319'.
[  655.111763][T14633] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2319'.
[  655.134665][T14633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2319'.
[  655.147101][ T1209] usb 2-1: SerialNumber: 놬鳏爊䳠ꈥ㾮𥉉秂❐鄐该찻젒ℰ벤椫儌ﾑ㒬茰백餉橳칎佰²
[  655.313339][ T5897] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  655.502237][ T1209] usb 2-1: 0:2 : does not exist
[  655.517171][ T5897] usb 3-1: Using ep0 maxpacket: 8
[  655.566990][ T5897] usb 3-1: descriptor type invalid, skip
[  655.579102][ T1209] usb 2-1: USB disconnect, device number 24
[  655.579273][ T5897] usb 3-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  655.640331][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.654778][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  655.678257][T14616] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2314'.
[  655.722088][ T5897] usb 3-1: Product: syz
[  655.777534][ T5897] usb 3-1: Manufacturer: syz
[  655.782138][ T5897] usb 3-1: SerialNumber: syz
[  655.828332][ T5897] usb 3-1: config 0 descriptor??
[  656.068294][ T5897] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  656.184679][ T5897] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  656.192873][ T5897] dib0700: firmware download failed at 7 with -22
[  656.203472][ T5904] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  656.226248][ T5897] usb 3-1: USB disconnect, device number 19
[  656.372922][ T5904] usb 4-1: Using ep0 maxpacket: 16
[  656.390413][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.416207][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.433592][ T5904] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  656.456294][ T5904] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  656.478617][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.525692][ T5904] usb 4-1: config 0 descriptor??
[  657.036156][ T5904] microsoft 0003:045E:07DA.0038: unknown main item tag 0x0
[  657.056091][ T5904] microsoft 0003:045E:07DA.0038: item fetching failed at offset 31/34
[  657.084106][ T5904] microsoft 0003:045E:07DA.0038: parse failed
[  657.090292][ T5904] microsoft 0003:045E:07DA.0038: probe with driver microsoft failed with error -22
[  657.337380][ T1209] usb 4-1: USB disconnect, device number 33
[  657.498076][T14660] FAULT_INJECTION: forcing a failure.
[  657.498076][T14660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.601780][T14660] CPU: 1 UID: 0 PID: 14660 Comm: syz.3.2325 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  657.601804][T14660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  657.601816][T14660] Call Trace:
[  657.601823][T14660]  <TASK>
[  657.601832][T14660]  dump_stack_lvl+0x189/0x250
[  657.601861][T14660]  ? __pfx____ratelimit+0x10/0x10
[  657.601885][T14660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.601910][T14660]  ? __pfx__printk+0x10/0x10
[  657.601941][T14660]  should_fail_ex+0x414/0x560
[  657.601977][T14660]  _copy_to_user+0x31/0xb0
[  657.601997][T14660]  simple_read_from_buffer+0xe1/0x170
[  657.602020][T14660]  proc_fail_nth_read+0x1df/0x250
[  657.602044][T14660]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.602068][T14660]  ? rw_verify_area+0x258/0x650
[  657.602091][T14660]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.602113][T14660]  vfs_read+0x1fd/0x980
[  657.602140][T14660]  ? __pfx___mutex_lock+0x10/0x10
[  657.602165][T14660]  ? __pfx_vfs_read+0x10/0x10
[  657.602189][T14660]  ? __fget_files+0x2a/0x420
[  657.602209][T14660]  ? __fget_files+0x3a0/0x420
[  657.602224][T14660]  ? __fget_files+0x2a/0x420
[  657.602250][T14660]  ksys_read+0x145/0x250
[  657.602276][T14660]  ? __pfx_ksys_read+0x10/0x10
[  657.602297][T14660]  ? rcu_is_watching+0x15/0xb0
[  657.602325][T14660]  ? do_syscall_64+0xbe/0x3b0
[  657.602344][T14660]  do_syscall_64+0xfa/0x3b0
[  657.602357][T14660]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.602378][T14660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.602395][T14660]  ? clear_bhb_loop+0x60/0xb0
[  657.602415][T14660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.602431][T14660] RIP: 0033:0x7f1d3398d33c
[  657.602447][T14660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  657.602461][T14660] RSP: 002b:00007f1d34785030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  657.602480][T14660] RAX: ffffffffffffffda RBX: 00007f1d33bb5fa0 RCX: 00007f1d3398d33c
[  657.602493][T14660] RDX: 000000000000000f RSI: 00007f1d347850a0 RDI: 0000000000000007
[  657.602504][T14660] RBP: 00007f1d34785090 R08: 0000000000000000 R09: 0000000000000000
[  657.602515][T14660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  657.602526][T14660] R13: 0000000000000000 R14: 00007f1d33bb5fa0 R15: 00007f1d33cdfa28
[  657.602554][T14660]  </TASK>
[  657.830984][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.975493][T14664] usb usb8: usbfs: process 14664 (syz.4.2326) did not claim interface 0 before use
[  658.171019][T14657] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  658.234554][T14664] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2326'.
[  658.410578][T14671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.425030][T14671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.451872][T14671] netlink: 'syz.4.2328': attribute type 10 has an invalid length.
[  658.482797][T14671] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2328'.
[  658.622745][   T92] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  658.813097][   T92] usb 4-1: Using ep0 maxpacket: 16
[  658.823805][   T92] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  658.836723][   T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.852608][   T92] usb 4-1: Product: syz
[  658.880233][   T92] usb 4-1: Manufacturer: syz
[  658.900663][   T92] usb 4-1: SerialNumber: syz
[  658.957112][   T92] usb 4-1: config 0 descriptor??
[  659.004071][   T92] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  659.504121][   T92] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  659.915710][ T1209] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  660.134595][ T1209] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  660.149091][ T1209] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  660.191611][ T1209] usb 1-1: config 0 has no interface number 0
[  660.211834][ T1209] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  660.240189][ T1209] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  660.331744][ T1209] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  660.341355][ T1209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.365451][ T1209] usb 1-1: Product: syz
[  660.381981][ T1209] usb 1-1: Manufacturer: syz
[  660.392121][ T1209] usb 1-1: SerialNumber: syz
[  660.396973][ T5918] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  660.424794][ T1209] usb 1-1: config 0 descriptor??
[  660.565314][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.615053][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.625637][ T5918] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  660.642360][ T5918] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  660.660206][T14701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2335'.
[  660.890571][ T1209] usbtouchscreen 1-1:0.117: probe with driver usbtouchscreen failed with error -71
[  660.932247][ T1209] usb 1-1: USB disconnect, device number 14
[  660.982121][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.001285][ T5918] usb 2-1: config 0 descriptor??
[  661.255632][    T9] usb 4-1: USB disconnect, device number 34
[  661.446738][ T5918] plantronics 0003:047F:FFFF.0039: reserved main item tag 0xe
[  661.472928][ T5918] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0
[  661.483252][ T5904] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  661.501626][ T5918] plantronics 0003:047F:FFFF.0039: No inputs registered, leaving
[  661.576397][ T5918] plantronics 0003:047F:FFFF.0039: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  661.637673][ T5904] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  661.646103][ T5904] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.780718][ T5904] usb 3-1: config 0 has no interface number 0
[  661.809604][ T5918] usb 2-1: USB disconnect, device number 25
[  661.820101][T14711] fido_id[14711]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  661.875403][ T5904] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  661.888838][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.891298][T14715] usb usb8: usbfs: process 14715 (syz.0.2339) did not claim interface 0 before use
[  661.967519][ T5904] usb 3-1: Product: syz
[  661.978217][ T5904] usb 3-1: Manufacturer: syz
[  661.991689][ T5904] usb 3-1: SerialNumber: syz
[  662.003412][T14715] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2339'.
[  662.021074][ T5904] usb 3-1: config 0 descriptor??
[  662.067068][ T5904] hub 3-1:0.31: bad descriptor, ignoring hub
[  662.077946][ T5904] hub 3-1:0.31: probe with driver hub failed with error -5
[  662.115117][ T5904] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  662.253424][ T5904] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized!
[  662.271783][T14717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.280821][ T5904] usb 3-1: Failed to create links for entity 6
[  662.300908][ T5904] usb 3-1: Failed to register entities (-22).
[  662.319841][T14717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.561212][   T30] audit: type=1326 audit(1750713646.283:4451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.593960][   T30] audit: type=1326 audit(1750713646.283:4452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.622855][   T30] audit: type=1326 audit(1750713646.283:4453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.649151][   T30] audit: type=1326 audit(1750713646.283:4454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.673868][   T30] audit: type=1326 audit(1750713646.283:4455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.706284][   T30] audit: type=1326 audit(1750713646.283:4456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.731436][   T30] audit: type=1326 audit(1750713646.283:4457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.789370][   T30] audit: type=1326 audit(1750713646.283:4458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.821466][   T30] audit: type=1326 audit(1750713646.353:4459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  662.949419][   T30] audit: type=1326 audit(1750713646.353:4460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14721 comm="syz.0.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc84dd8e929 code=0x7ffc0000
[  664.343696][ T5919] usb 3-1: USB disconnect, device number 20
[  664.628287][T14749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.644929][T14749] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.234663][T14754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.247622][T14754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.566693][T14756] usb usb8: usbfs: process 14756 (syz.3.2350) did not claim interface 0 before use
[  665.869167][T14764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  666.227879][T14771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.241593][T14771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.260960][ T5919] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  666.434803][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  666.446913][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  666.452997][ T1209] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  666.470600][ T5919] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  666.486294][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  666.499979][ T5919] usb 2-1: SerialNumber: syz
[  666.643158][ T1209] usb 1-1: Using ep0 maxpacket: 32
[  666.651670][ T1209] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  666.672169][ T1209] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  666.680988][ T1209] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  666.697446][ T1209] usb 1-1: config 1 has no interface number 0
[  666.704973][ T1209] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  666.722327][ T1209] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  666.742129][ T1209] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  666.751496][ T1209] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.777065][ T1209] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  666.901441][ T5919] usb 2-1: 0:2 : does not exist
[  666.926696][T14773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.958077][ T5919] usb 2-1: USB disconnect, device number 26
[  666.968504][T14773] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.011957][ T1209] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[  667.035791][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  667.049453][T14773] netlink: 'syz.4.2356': attribute type 10 has an invalid length.
[  667.059744][T14773] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2356'.
[  667.416304][ T1209] usb 1-1: USB disconnect, device number 15
[  667.425082][ T1209] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  667.732853][ T5919] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  668.133563][ T5919] usb 3-1: Using ep0 maxpacket: 16
[  668.165588][ T5919] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  668.190810][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.216210][ T5919] usb 3-1: Product: syz
[  668.221651][ T5919] usb 3-1: Manufacturer: syz
[  668.236371][ T5919] usb 3-1: SerialNumber: syz
[  668.309822][ T5919] r8152-cfgselector 3-1: Unknown version 0x0000
[  668.326325][ T5919] r8152-cfgselector 3-1: config 0 descriptor??
[  668.362998][   T92] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  668.612703][   T92] usb 1-1: Using ep0 maxpacket: 8
[  668.621093][   T92] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  668.633163][   T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.641504][   T92] usb 1-1: Product: syz
[  668.650685][   T92] usb 1-1: Manufacturer: syz
[  668.655684][   T92] usb 1-1: SerialNumber: syz
[  668.665892][ T5919] r8152-cfgselector 3-1: Unknown version 0x0010
[  668.672251][ T5919] r8152-cfgselector 3-1: bad CDC descriptors
[  668.709299][   T92] usb 1-1: config 0 descriptor??
[  668.764089][   T92] gspca_main: sq930x-2.14.0 probing 2770:930c
[  668.877871][ T5919] r8152-cfgselector 3-1: USB disconnect, device number 21
[  669.164789][ T1209] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  669.273343][   T92] gspca_sq930x: reg_r 001f failed -110
[  669.279142][   T92] sq930x 1-1:0.0: probe with driver sq930x failed with error -110
[  669.329637][ T1209] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  669.339272][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.357374][ T1209] usb 4-1: Product: syz
[  669.370356][ T1209] usb 4-1: Manufacturer: syz
[  669.385067][ T1209] usb 4-1: SerialNumber: syz
[  669.394722][T14806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.417919][T14806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.427531][ T1209] usb 4-1: config 0 descriptor??
[  669.514984][   T92] usb 1-1: USB disconnect, device number 16
[  669.647652][ T1209] hso 4-1:0.0: Failed to find BULK IN ep
[  669.666238][ T1209] usb-storage 4-1:0.0: USB Mass Storage device detected
[  669.819889][T14813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2367'.
[  670.071691][ T1209] usb 4-1: USB disconnect, device number 35
[  670.359465][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  670.359482][   T30] audit: type=1326 audit(1750713654.083:4473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm="syz.4.2368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.501104][   T30] audit: type=1326 audit(1750713654.083:4474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm="syz.4.2368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.536568][   T30] audit: type=1326 audit(1750713654.123:4475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm="syz.4.2368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.565011][   T30] audit: type=1326 audit(1750713654.123:4476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.588933][   T30] audit: type=1326 audit(1750713654.123:4477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.664545][   T92] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  670.689667][   T30] audit: type=1326 audit(1750713654.123:4478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.717038][T14825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.739944][T14825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.759518][   T30] audit: type=1326 audit(1750713654.123:4479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.814610][   T30] audit: type=1326 audit(1750713654.123:4480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  670.856887][T14823] syz.3.2371 (14823): drop_caches: 1
[  670.857534][T14826] syz.3.2371 (14826): drop_caches: 1
[  670.902076][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.922990][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.962800][   T92] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  670.989432][T14823] syz.3.2371 (14823): drop_caches: 1
[  670.999434][   T30] audit: type=1326 audit(1750713654.153:4481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  671.043135][   T92] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  671.072422][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.101570][   T92] usb 1-1: config 0 descriptor??
[  671.115811][   T30] audit: type=1326 audit(1750713654.153:4482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14814 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bb98e929 code=0x7ffc0000
[  671.593338][   T92] plantronics 0003:047F:FFFF.003A: reserved main item tag 0xe
[  671.711109][   T92] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0
[  671.724056][   T92] plantronics 0003:047F:FFFF.003A: No inputs registered, leaving
[  671.814685][   T92] plantronics 0003:047F:FFFF.003A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  672.046449][    T9] usb 1-1: USB disconnect, device number 17
[  672.162349][T14845] FAULT_INJECTION: forcing a failure.
[  672.162349][T14845] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  672.184165][T14843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2377'.
[  672.213189][T14845] CPU: 1 UID: 0 PID: 14845 Comm: syz.4.2378 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  672.213212][T14845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  672.213222][T14845] Call Trace:
[  672.213229][T14845]  <TASK>
[  672.213237][T14845]  dump_stack_lvl+0x189/0x250
[  672.213270][T14845]  ? __pfx____ratelimit+0x10/0x10
[  672.213294][T14845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.213319][T14845]  ? __pfx__printk+0x10/0x10
[  672.213348][T14845]  should_fail_ex+0x414/0x560
[  672.213366][T14845]  _copy_to_user+0x31/0xb0
[  672.213383][T14845]  simple_read_from_buffer+0xe1/0x170
[  672.213405][T14845]  proc_fail_nth_read+0x1df/0x250
[  672.213427][T14845]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.213448][T14845]  ? rw_verify_area+0x258/0x650
[  672.213472][T14845]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.213494][T14845]  vfs_read+0x1fd/0x980
[  672.213518][T14845]  ? __pfx___mutex_lock+0x10/0x10
[  672.213532][T14845]  ? __pfx_vfs_read+0x10/0x10
[  672.213546][T14845]  ? __fget_files+0x2a/0x420
[  672.213559][T14845]  ? __fget_files+0x3a0/0x420
[  672.213568][T14845]  ? __fget_files+0x2a/0x420
[  672.213582][T14845]  ksys_read+0x145/0x250
[  672.213597][T14845]  ? __pfx_ksys_read+0x10/0x10
[  672.213609][T14845]  ? rcu_is_watching+0x15/0xb0
[  672.213625][T14845]  ? do_syscall_64+0xbe/0x3b0
[  672.213636][T14845]  do_syscall_64+0xfa/0x3b0
[  672.213643][T14845]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.213656][T14845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.213665][T14845]  ? clear_bhb_loop+0x60/0xb0
[  672.213677][T14845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.213686][T14845] RIP: 0033:0x7fc2bb98d33c
[  672.213696][T14845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  672.213704][T14845] RSP: 002b:00007fc2b97f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  672.213715][T14845] RAX: ffffffffffffffda RBX: 00007fc2bbbb5fa0 RCX: 00007fc2bb98d33c
[  672.213723][T14845] RDX: 000000000000000f RSI: 00007fc2b97f60a0 RDI: 0000000000000004
[  672.213729][T14845] RBP: 00007fc2b97f6090 R08: 0000000000000000 R09: 0000000000000000
[  672.213735][T14845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  672.213741][T14845] R13: 0000000000000000 R14: 00007fc2bbbb5fa0 R15: 00007fc2bbcdfa28
[  672.213755][T14845]  </TASK>
[  672.695326][T14843] hsr_slave_1 (unregistering): left promiscuous mode
[  672.808400][T14854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  672.832866][    T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  672.851086][T14854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.876567][T14856] FAULT_INJECTION: forcing a failure.
[  672.876567][T14856] name failslab, interval 1, probability 0, space 0, times 0
[  672.911841][T14856] CPU: 1 UID: 0 PID: 14856 Comm: syz.1.2381 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  672.911863][T14856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  672.911874][T14856] Call Trace:
[  672.911881][T14856]  <TASK>
[  672.911890][T14856]  dump_stack_lvl+0x189/0x250
[  672.911918][T14856]  ? __pfx____ratelimit+0x10/0x10
[  672.911942][T14856]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.911965][T14856]  ? __pfx__printk+0x10/0x10
[  672.911988][T14856]  ? __pfx___might_resched+0x10/0x10
[  672.912012][T14856]  ? fs_reclaim_acquire+0x7d/0x100
[  672.912036][T14856]  should_fail_ex+0x414/0x560
[  672.912060][T14856]  should_failslab+0xa8/0x100
[  672.912079][T14856]  __kmalloc_node_noprof+0xd1/0x4e0
[  672.912094][T14856]  ? qdisc_alloc+0x97/0xaa0
[  672.912117][T14856]  qdisc_alloc+0x97/0xaa0
[  672.912133][T14856]  ? taprio_init+0x2cf/0xbd0
[  672.912158][T14856]  qdisc_create_dflt+0x8e/0x4e0
[  672.912180][T14856]  taprio_init+0x3e5/0xbd0
[  672.912211][T14856]  ? __pfx_taprio_init+0x10/0x10
[  672.912228][T14856]  ? qdisc_alloc+0x7a1/0xaa0
[  672.912251][T14856]  ? __pfx_taprio_init+0x10/0x10
[  672.912269][T14856]  qdisc_create+0x7ac/0xea0
[  672.912302][T14856]  tc_modify_qdisc+0x1426/0x2010
[  672.912338][T14856]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  672.912390][T14856]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  672.912413][T14856]  rtnetlink_rcv_msg+0x779/0xb70
[  672.912435][T14856]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  672.912450][T14856]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  672.912464][T14856]  ? ref_tracker_free+0x63a/0x7d0
[  672.912482][T14856]  ? __copy_skb_header+0xa7/0x550
[  672.912504][T14856]  ? __pfx_ref_tracker_free+0x10/0x10
[  672.912535][T14856]  netlink_rcv_skb+0x208/0x470
[  672.912554][T14856]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  672.912572][T14856]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  672.912603][T14856]  ? netlink_deliver_tap+0x2e/0x1b0
[  672.912624][T14856]  ? netlink_deliver_tap+0x2e/0x1b0
[  672.912646][T14856]  netlink_unicast+0x75b/0x8d0
[  672.912674][T14856]  netlink_sendmsg+0x805/0xb30
[  672.912703][T14856]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.912726][T14856]  ? aa_sock_msg_perm+0x94/0x160
[  672.912748][T14856]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  672.912768][T14856]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.912787][T14856]  __sock_sendmsg+0x21c/0x270
[  672.912823][T14856]  ____sys_sendmsg+0x505/0x830
[  672.912848][T14856]  ? __pfx_____sys_sendmsg+0x10/0x10
[  672.912877][T14856]  ? import_iovec+0x74/0xa0
[  672.912898][T14856]  ___sys_sendmsg+0x21f/0x2a0
[  672.912921][T14856]  ? __pfx____sys_sendmsg+0x10/0x10
[  672.912979][T14856]  ? __fget_files+0x2a/0x420
[  672.912996][T14856]  ? __fget_files+0x3a0/0x420
[  672.913026][T14856]  __x64_sys_sendmsg+0x19b/0x260
[  672.913047][T14856]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  672.913078][T14856]  ? __pfx_ksys_write+0x10/0x10
[  672.913092][T14856]  ? rcu_is_watching+0x15/0xb0
[  672.913122][T14856]  ? do_syscall_64+0xbe/0x3b0
[  672.913142][T14856]  do_syscall_64+0xfa/0x3b0
[  672.913157][T14856]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.913179][T14856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.913197][T14856]  ? clear_bhb_loop+0x60/0xb0
[  672.913218][T14856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.913235][T14856] RIP: 0033:0x7fde2e78e929
[  672.913251][T14856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.913266][T14856] RSP: 002b:00007fde2f65b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  672.913284][T14856] RAX: ffffffffffffffda RBX: 00007fde2e9b5fa0 RCX: 00007fde2e78e929
[  672.913298][T14856] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  672.913309][T14856] RBP: 00007fde2f65b090 R08: 0000000000000000 R09: 0000000000000000
[  672.913320][T14856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  672.913331][T14856] R13: 0000000000000000 R14: 00007fde2e9b5fa0 R15: 00007fde2eadfa28
[  672.913360][T14856]  </TASK>
[  673.345078][    T9] usb 4-1: Using ep0 maxpacket: 8
[  673.401644][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  673.457950][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  673.519920][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  673.546867][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  673.558952][    T9] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  673.572387][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.594871][    T9] hub 4-1:1.0: bad descriptor, ignoring hub
[  673.618126][    T9] hub 4-1:1.0: probe with driver hub failed with error -5
[  673.632963][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  673.638259][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  673.753082][ T5829] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  673.765303][    T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  673.779597][    T9] cdc_wdm 4-1:1.0: Unknown control protocol
[  673.943209][ T5829] usb 3-1: Using ep0 maxpacket: 32
[  673.952449][ T5829] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  673.961234][ T5829] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  673.981714][ T5829] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  673.993560][    T9] usb 4-1: USB disconnect, device number 36
[  674.013039][ T5829] usb 3-1: config 1 has no interface number 0
[  674.138783][ T5829] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  674.186526][ T5829] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  674.201166][ T5829] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  674.242715][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.277606][ T5829] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  674.476431][ T5829] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  674.483304][    T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  674.674804][    T9] usb 4-1: Using ep0 maxpacket: 8
[  674.685982][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  674.697933][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  674.707238][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  674.749043][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  674.768869][    T9] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  674.781350][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.806581][    T9] hub 4-1:1.0: bad descriptor, ignoring hub
[  674.827763][    T9] hub 4-1:1.0: probe with driver hub failed with error -5
[  674.840897][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  674.847797][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  674.862429][    T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  674.871369][    T9] cdc_wdm 4-1:1.0: Unknown control protocol
[  674.899186][T12391] usb 3-1: USB disconnect, device number 22
[  674.907075][T12391] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  675.026102][T14877] syz.4.2388 (14877): drop_caches: 1
[  675.066446][T14878] syz.4.2388 (14878): drop_caches: 1
[  675.143178][    T9] usb 4-1: USB disconnect, device number 37
[  675.208761][T14877] syz.4.2388 (14877): drop_caches: 1
[  675.496044][T14882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2389'.
[  675.845981][T14894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.863198][T14894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.033153][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  676.132892][   T92] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  676.206242][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.217273][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.227181][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  676.241891][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  676.251547][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.263527][    T9] usb 4-1: config 0 descriptor??
[  676.294970][   T92] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  676.305933][   T92] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.317269][   T92] usb 3-1: config 0 has no interface number 0
[  676.326076][   T92] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  676.336230][   T92] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  676.354415][   T92] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  676.363959][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.371963][   T92] usb 3-1: Product: syz
[  676.376302][   T92] usb 3-1: Manufacturer: syz
[  676.380908][   T92] usb 3-1: SerialNumber: syz
[  676.389012][   T92] usb 3-1: config 0 descriptor??
[  676.454752][T14900] vlan3: entered allmulticast mode
[  676.459910][T14900] bond0: entered allmulticast mode
[  676.469335][T14900] bond_slave_0: entered allmulticast mode
[  676.476245][T14900] bond_slave_1: entered allmulticast mode
[  676.482241][T14900] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  676.494335][T14900] bridge0: port 3(vlan3) entered blocking state
[  676.500802][T14900] bridge0: port 3(vlan3) entered disabled state
[  676.511996][T14900] vlan3: entered promiscuous mode
[  676.518846][T14900] bond0: entered promiscuous mode
[  676.525719][T14900] bond_slave_0: entered promiscuous mode
[  676.533352][T14900] bond_slave_1: entered promiscuous mode
[  676.539852][T14900] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  676.599806][   T92] usbtouchscreen 3-1:0.117: probe with driver usbtouchscreen failed with error -71
[  676.661155][   T92] usb 3-1: USB disconnect, device number 23
[  676.697048][    T9] plantronics 0003:047F:FFFF.003B: reserved main item tag 0xe
[  676.716956][    T9] plantronics 0003:047F:FFFF.003B: unknown main item tag 0x0
[  676.736857][    T9] plantronics 0003:047F:FFFF.003B: No inputs registered, leaving
[  676.773484][    T9] plantronics 0003:047F:FFFF.003B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  677.029773][   T92] usb 4-1: USB disconnect, device number 38
[  677.086618][T14905] fido_id[14905]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  677.100972][T14908] syz.1.2398 (14908): drop_caches: 1
[  677.119019][T14912] syz.1.2398 (14912): drop_caches: 1
[  677.319363][T14908] syz.1.2398 (14908): drop_caches: 1
[  678.492220][T14928] netlink: 'syz.1.2401': attribute type 1 has an invalid length.
[  678.605113][T14927] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  678.675372][T14927] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2401'.
[  678.903201][T14927] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  678.936208][T14927] bond2 (unregistering): Released all slaves
[  680.137952][T14938] syz.0.2403 (14938): drop_caches: 1
[  680.232440][T14939] syz.0.2403 (14939): drop_caches: 1
[  680.389462][T14938] syz.0.2403 (14938): drop_caches: 1
[  680.513692][T12391] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  680.782500][T12391] usb 3-1: Using ep0 maxpacket: 8
[  680.790230][T12391] usb 3-1: config 5 has an invalid interface number: 35 but max is 1
[  680.798779][T12391] usb 3-1: config 5 has an invalid interface number: 4 but max is 1
[  680.807027][T12391] usb 3-1: config 5 has an invalid interface number: 4 but max is 1
[  680.815644][T12391] usb 3-1: config 5 has no interface number 0
[  680.821808][T12391] usb 3-1: config 5 has no interface number 1
[  680.828517][T12391] usb 3-1: config 5 interface 35 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  680.890718][T12391] usb 3-1: config 5 interface 4 altsetting 9 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  680.936828][T12391] usb 3-1: config 5 interface 4 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  681.163636][T12391] usb 3-1: config 5 interface 35 has no altsetting 0
[  681.179908][T12391] usb 3-1: config 5 interface 4 has no altsetting 0
[  681.187523][T12391] usb 3-1: config 5 interface 4 has no altsetting 1
[  681.198326][T12391] usb 3-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  681.208281][T12391] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.216763][T12391] usb 3-1: Product: syz
[  681.221084][T12391] usb 3-1: Manufacturer: syz
[  681.249394][T12391] usb 3-1: SerialNumber: syz
[  681.493000][   T24] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  681.497817][T14969] usb usb8: usbfs: process 14969 (syz.0.2411) did not claim interface 0 before use
[  681.538742][T14971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2412'.
[  681.575840][T14971] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2412'.
[  681.666362][   T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  681.684019][   T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  681.710577][   T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  681.730763][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.947353][T14965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.961405][T14965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.009133][   T24] usb 4-1: usb_control_msg returned -71
[  682.034246][   T24] usbtmc 4-1:16.0: can't read capabilities
[  682.034848][T14984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2414'.
[  682.144200][T14984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2414'.
[  682.205517][   T24] usb 4-1: USB disconnect, device number 39
[  682.996196][T12391] ttusbir 3-1:5.35: cannot find expected altsetting
[  683.021270][T12391] ttusbir 3-1:5.4: cannot find expected altsetting
[  683.068888][T12391] usb 3-1: USB disconnect, device number 24
[  684.112719][   T92] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  684.272744][   T92] usb 1-1: Using ep0 maxpacket: 8
[  684.315365][   T92] usb 1-1: config 0 has an invalid interface number: 246 but max is 0
[  684.355789][   T92] usb 1-1: config 0 has no interface number 0
[  684.462230][   T92] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  684.475962][   T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.513999][   T92] usb 1-1: Product: syz
[  684.518192][   T92] usb 1-1: Manufacturer: syz
[  684.523977][   T92] usb 1-1: SerialNumber: syz
[  684.532118][   T92] usb 1-1: config 0 descriptor??
[  684.732579][T15019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.753557][   T92] msi2500 1-1:0.246: Registered as swradio24
[  684.758572][T15001] netlink: 'syz.0.2420': attribute type 10 has an invalid length.
[  684.760006][   T92] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  684.767387][T15001] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2420'.
[  684.821255][T15019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.842841][    T9] usb 1-1: USB disconnect, device number 18
[  685.591482][T15034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2425'.
[  685.635484][T15036] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2426'.
[  685.853316][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  685.859649][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  685.865627][T15034] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2425'.
[  685.885551][T15036] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2426'.
[  685.940849][T15036] FAULT_INJECTION: forcing a failure.
[  685.940849][T15036] name failslab, interval 1, probability 0, space 0, times 0
[  685.970329][T15036] CPU: 0 UID: 0 PID: 15036 Comm: syz.0.2426 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  685.970351][T15036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  685.970362][T15036] Call Trace:
[  685.970369][T15036]  <TASK>
[  685.970377][T15036]  dump_stack_lvl+0x189/0x250
[  685.970406][T15036]  ? __pfx____ratelimit+0x10/0x10
[  685.970432][T15036]  ? __pfx_dump_stack_lvl+0x10/0x10
[  685.970455][T15036]  ? __pfx__printk+0x10/0x10
[  685.970479][T15036]  ? __pfx___might_resched+0x10/0x10
[  685.970503][T15036]  ? fs_reclaim_acquire+0x7d/0x100
[  685.970528][T15036]  should_fail_ex+0x414/0x560
[  685.970554][T15036]  should_failslab+0xa8/0x100
[  685.970574][T15036]  __kmalloc_cache_noprof+0x70/0x3d0
[  685.970591][T15036]  ? hsr_create_self_node+0x5a/0x350
[  685.970615][T15036]  hsr_create_self_node+0x5a/0x350
[  685.970636][T15036]  hsr_dev_finalize+0x276/0xaa0
[  685.970667][T15036]  hsr_newlink+0x7d7/0x940
[  685.970687][T15036]  ? validate_linkmsg+0x765/0x950
[  685.970712][T15036]  ? __pfx_hsr_newlink+0x10/0x10
[  685.970739][T15036]  ? __pfx_hsr_newlink+0x10/0x10
[  685.970762][T15036]  rtnl_newlink_create+0x30d/0xb00
[  685.970796][T15036]  ? __pfx_aa_get_newest_label+0x10/0x10
[  685.970821][T15036]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  685.970839][T15036]  ? rtnl_newlink+0x8db/0x1c70
[  685.970858][T15036]  ? __pfx___mutex_lock+0x10/0x10
[  685.970894][T15036]  ? ns_capable+0x8a/0xf0
[  685.970921][T15036]  rtnl_newlink+0x16d6/0x1c70
[  685.970940][T15036]  ? netlink_sendmsg+0x805/0xb30
[  685.970971][T15036]  ? __pfx_rtnl_newlink+0x10/0x10
[  685.971013][T15036]  ? kasan_quarantine_put+0xdd/0x220
[  685.971035][T15036]  ? lockdep_hardirqs_on+0x9c/0x150
[  685.971065][T15036]  ? nlmon_xmit+0xb0/0x100
[  685.971086][T15036]  ? kmem_cache_free+0x18f/0x400
[  685.971110][T15036]  ? __local_bh_enable_ip+0x12d/0x1c0
[  685.971133][T15036]  ? lockdep_hardirqs_on+0x9c/0x150
[  685.971156][T15036]  ? __local_bh_enable_ip+0x12d/0x1c0
[  685.971179][T15036]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  685.971207][T15036]  ? __dev_queue_xmit+0x27e/0x3a70
[  685.971238][T15036]  ? __lock_acquire+0xab9/0xd20
[  685.971284][T15036]  ? __pfx_rtnl_newlink+0x10/0x10
[  685.971300][T15036]  rtnetlink_rcv_msg+0x7cc/0xb70
[  685.971321][T15036]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  685.971338][T15036]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  685.971357][T15036]  ? ref_tracker_free+0x63a/0x7d0
[  685.971376][T15036]  ? __copy_skb_header+0xa7/0x550
[  685.971396][T15036]  ? __pfx_ref_tracker_free+0x10/0x10
[  685.971427][T15036]  netlink_rcv_skb+0x208/0x470
[  685.971447][T15036]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  685.971466][T15036]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  685.971500][T15036]  ? netlink_deliver_tap+0x2e/0x1b0
[  685.971518][T15036]  ? netlink_deliver_tap+0x2e/0x1b0
[  685.971543][T15036]  netlink_unicast+0x75b/0x8d0
[  685.971572][T15036]  netlink_sendmsg+0x805/0xb30
[  685.971604][T15036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.971627][T15036]  ? aa_sock_msg_perm+0x94/0x160
[  685.971648][T15036]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  685.971669][T15036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.971689][T15036]  __sock_sendmsg+0x21c/0x270
[  685.971715][T15036]  ____sys_sendmsg+0x505/0x830
[  685.971741][T15036]  ? __pfx_____sys_sendmsg+0x10/0x10
[  685.971768][T15036]  ? import_iovec+0x74/0xa0
[  685.971793][T15036]  ___sys_sendmsg+0x21f/0x2a0
[  685.971817][T15036]  ? __pfx____sys_sendmsg+0x10/0x10
[  685.971872][T15036]  ? __fget_files+0x2a/0x420
[  685.971889][T15036]  ? __fget_files+0x3a0/0x420
[  685.971915][T15036]  __x64_sys_sendmsg+0x19b/0x260
[  685.971939][T15036]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  685.971968][T15036]  ? __pfx_ksys_write+0x10/0x10
[  685.971981][T15036]  ? rcu_is_watching+0x15/0xb0
[  685.972010][T15036]  ? do_syscall_64+0xbe/0x3b0
[  685.972029][T15036]  do_syscall_64+0xfa/0x3b0
[  685.972041][T15036]  ? lockdep_hardirqs_on+0x9c/0x150
[  685.972063][T15036]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.972080][T15036]  ? clear_bhb_loop+0x60/0xb0
[  685.972100][T15036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.972115][T15036] RIP: 0033:0x7fc84dd8e929
[  685.972130][T15036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.972144][T15036] RSP: 002b:00007fc84ec05038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  685.972161][T15036] RAX: ffffffffffffffda RBX: 00007fc84dfb5fa0 RCX: 00007fc84dd8e929
[  685.972174][T15036] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000013
[  685.972184][T15036] RBP: 00007fc84ec05090 R08: 0000000000000000 R09: 0000000000000000
[  685.972195][T15036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  685.972205][T15036] R13: 0000000000000000 R14: 00007fc84dfb5fa0 R15: 00007fc84e0dfa28
[  685.972232][T15036]  </TASK>
[  686.429548][    C0] vkms_vblank_simulate: vblank timer overrun
[  686.994854][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  686.994871][   T30] audit: type=1326 audit(1750713670.723:4490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d3398e929 code=0x7ffc0000
[  687.103607][   T30] audit: type=1326 audit(1750713670.723:4491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d3392ab19 code=0x7ffc0000
[  687.162368][T15052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2430'.
[  687.175973][T15052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2430'.
[  687.242675][   T30] audit: type=1326 audit(1750713670.723:4492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1d3398e929 code=0x7ffc0000
[  687.300125][   T30] audit: type=1326 audit(1750713670.723:4493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d3398e929 code=0x7ffc0000
[  687.322514][    C0] vkms_vblank_simulate: vblank timer overrun
[  687.335424][   T30] audit: type=1326 audit(1750713670.723:4494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d3392ab19 code=0x7ffc0000
[  687.379250][   T30] audit: type=1326 audit(1750713670.723:4495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d3392ab19 code=0x7ffc0000
[  687.401624][    C0] vkms_vblank_simulate: vblank timer overrun
[  687.459551][   T30] audit: type=1326 audit(1750713670.723:4496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f1d3398e929 code=0x7ffc0000
[  687.492592][   T30] audit: type=1326 audit(1750713670.723:4497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d3398e929 code=0x7ffc0000
[  687.552122][   T30] audit: type=1326 audit(1750713670.723:4498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d3392ab19 code=0x7ffc0000
[  687.614640][   T30] audit: type=1326 audit(1750713670.723:4499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.3.2428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d3392ab19 code=0x7ffc0000
[  687.636989][    C0] vkms_vblank_simulate: vblank timer overrun
[  689.136511][T15078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.264620][T15078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.748656][T15089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2438'.
[  689.855371][T15085] binder: BINDER_SET_CONTEXT_MGR already set
[  689.863046][T15085] binder: 15084:15085 ioctl 4018620d 200000000040 returned -16
[  690.024196][T15089] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2438'.
[  690.203230][T15093] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2439'.
[  690.219302][T15097] kAFS: unable to lookup cell ''
[  690.483200][ T5919] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  690.526013][T15108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2441'.
[  690.658159][T15108] cgroup: fork rejected by pids controller in /syz4
[  691.266662][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  691.278272][ T5919] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  691.376598][T12391] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  691.404849][ T5919] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  691.420040][T15698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2444'.
[  691.442514][T15698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2444'.
[  691.483175][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  691.503157][ T5919] usb 2-1: SerialNumber: syz
[  691.555941][T12391] usb 3-1: config 0 has an invalid interface number: 11 but max is 0
[  691.564474][T12391] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  691.579096][T12391] usb 3-1: config 0 has no interface number 0
[  691.915274][T12391] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[  691.957444][T12391] usb 3-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  692.020723][T12391] usb 3-1: config 0 interface 11 has no altsetting 0
[  692.030051][T12391] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  692.052251][T12391] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.088279][T12391] usb 3-1: config 0 descriptor??
[  692.089317][ T5919] usb 2-1: 0:2 : does not exist
[  692.097170][T12391] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected
[  692.107028][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 7
[  692.143507][ T5919] usb 2-1: USB disconnect, device number 27
[  692.206815][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81
[  692.248469][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82
[  692.275842][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  692.281527][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1
[  692.327779][T15105] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2443'.
[  692.382738][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2
[  692.403119][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85
[  692.431039][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5
[  692.453538][ T5918] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  692.470520][T12391] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  692.481580][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83
[  692.500256][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84
[  692.511262][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3
[  692.520398][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4
[  692.530897][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86
[  692.540273][T12391] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6
[  692.560377][T12391] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  692.606651][T16198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  692.615393][T12391] usb 3-1: USB disconnect, device number 25
[  692.618999][T12391] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  692.641451][ T5918] usb 4-1: Using ep0 maxpacket: 8
[  692.667032][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  692.705251][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  692.746725][T12391] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  692.762728][ T5918] usb 4-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[  692.776047][T16198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  692.804744][T12391] keyspan 3-1:0.11: device disconnected
[  692.810362][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.836348][ T5918] usb 4-1: config 0 descriptor??
[  693.136831][ T5918] usbhid 4-1:0.0: can't add hid device: -71
[  693.149969][ T5918] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  693.166370][ T5918] usb 4-1: USB disconnect, device number 40
[  693.276700][T16206] netlink: 'syz.2.2448': attribute type 1 has an invalid length.
[  693.332810][ T5919] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  693.502981][ T5919] usb 2-1: Using ep0 maxpacket: 32
[  693.603039][T12391] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  693.610721][    T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  693.787699][T12391] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  693.806388][    T9] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  693.822785][T12391] usb 3-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  693.832417][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.840842][T12391] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.861672][    T9] usb 1-1: Product: syz
[  693.865941][T12391] usb 3-1: Product: syz
[  693.877401][    T9] usb 1-1: Manufacturer: syz
[  693.883285][T12391] usb 3-1: Manufacturer: syz
[  693.914909][    T9] usb 1-1: SerialNumber: syz
[  693.920504][T12391] usb 3-1: SerialNumber: syz
[  693.954138][    T9] usb 1-1: config 0 descriptor??
[  694.158985][T16217] usb usb8: usbfs: process 16217 (syz.3.2451) did not claim interface 0 before use
[  694.188872][T12391] usb 3-1: selecting invalid altsetting 1
[  694.202456][    T9] hso 1-1:0.0: Failed to find BULK IN ep
[  694.214783][T12391] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  694.216805][T12391] dvb_usb_lmedm04 3-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  694.237404][    T9] usb-storage 1-1:0.0: USB Mass Storage device detected
[  694.250892][T12391] usb 3-1: USB disconnect, device number 26
[  694.316919][T16218] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2451'.
[  694.508063][ T5897] usb 1-1: USB disconnect, device number 19
[  694.538240][T16222] FAULT_INJECTION: forcing a failure.
[  694.538240][T16222] name failslab, interval 1, probability 0, space 0, times 0
[  694.551988][T16222] CPU: 1 UID: 0 PID: 16222 Comm: syz.3.2452 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  694.552011][T16222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  694.552024][T16222] Call Trace:
[  694.552033][T16222]  <TASK>
[  694.552041][T16222]  dump_stack_lvl+0x189/0x250
[  694.552073][T16222]  ? __pfx____ratelimit+0x10/0x10
[  694.552101][T16222]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.552128][T16222]  ? __pfx__printk+0x10/0x10
[  694.552152][T16222]  ? __pfx___might_resched+0x10/0x10
[  694.552176][T16222]  ? fs_reclaim_acquire+0x7d/0x100
[  694.552204][T16222]  should_fail_ex+0x414/0x560
[  694.552231][T16222]  should_failslab+0xa8/0x100
[  694.552253][T16222]  kmem_cache_alloc_noprof+0x73/0x3c0
[  694.552279][T16222]  ? ptlock_alloc+0x20/0x70
[  694.552301][T16222]  ptlock_alloc+0x20/0x70
[  694.552317][T16222]  pte_alloc_one+0x7d/0x170
[  694.552345][T16222]  __handle_mm_fault+0x294d/0x5620
[  694.552397][T16222]  ? __pfx___handle_mm_fault+0x10/0x10
[  694.552442][T16222]  ? __pfx___might_resched+0x10/0x10
[  694.552472][T16222]  handle_mm_fault+0x40a/0x8e0
[  694.552507][T16222]  __get_user_pages+0x1af4/0x30b0
[  694.552545][T16222]  ? mt_find+0x15c/0x5f0
[  694.552589][T16222]  ? __pfx___get_user_pages+0x10/0x10
[  694.552623][T16222]  populate_vma_page_range+0x26b/0x340
[  694.552647][T16222]  ? __pfx_populate_vma_page_range+0x10/0x10
[  694.552667][T16222]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  694.552695][T16222]  ? down_read+0x1ad/0x2e0
[  694.552714][T16222]  __mm_populate+0x24c/0x380
[  694.552739][T16222]  ? __pfx___mm_populate+0x10/0x10
[  694.552764][T16222]  ? up_write+0x1c4/0x420
[  694.552786][T16222]  vm_mmap_pgoff+0x3f0/0x4c0
[  694.552813][T16222]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  694.552837][T16222]  ? __fget_files+0x2a/0x420
[  694.552860][T16222]  ? __fget_files+0x3a0/0x420
[  694.552877][T16222]  ? __fget_files+0x2a/0x420
[  694.552900][T16222]  ksys_mmap_pgoff+0x51f/0x760
[  694.552923][T16222]  do_syscall_64+0xfa/0x3b0
[  694.552941][T16222]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.552957][T16222]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  694.552974][T16222]  ? clear_bhb_loop+0x60/0xb0
[  694.552994][T16222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.553010][T16222] RIP: 0033:0x7f1d3398e929
[  694.553026][T16222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.553041][T16222] RSP: 002b:00007f1d34785038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  694.553058][T16222] RAX: ffffffffffffffda RBX: 00007f1d33bb5fa0 RCX: 00007f1d3398e929
[  694.553070][T16222] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000200000000000
[  694.553081][T16222] RBP: 00007f1d34785090 R08: 0000000000000005 R09: 000000002f126000
[  694.553091][T16222] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001
[  694.553101][T16222] R13: 0000000000000000 R14: 00007f1d33bb5fa0 R15: 00007f1d33cdfa28
[  694.553128][T16222]  </TASK>
[  694.980636][ T5919] usb 2-1: unable to get BOS descriptor or descriptor too short
[  694.991054][ T5919] usb 2-1: no configurations
[  694.996038][ T5919] usb 2-1: can't read configurations, error -22
[  695.068486][T16226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2453'.
[  695.262724][   T92] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  695.422726][   T92] usb 3-1: Using ep0 maxpacket: 16
[  695.429382][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.441183][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  695.451411][   T92] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  695.464803][   T92] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  695.474230][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.886224][   T92] usb 3-1: config 0 descriptor??
[  696.356368][   T92] sony 0003:054C:0268.003C: unknown main item tag 0x0
[  696.374944][   T92] sony 0003:054C:0268.003C: unknown main item tag 0x0
[  696.485657][T16250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2458'.
[  696.495217][   T92] sony 0003:054C:0268.003C: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[  696.568452][   T92] sony 0003:054C:0268.003C: failed to claim input
[  696.632442][   T92] usb 3-1: USB disconnect, device number 27
[  696.687294][T16247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2458'.
[  696.753468][T16253] fido_id[16253]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  697.327659][T16241] SET target dimension over the limit!
[  698.083387][T16268] FAULT_INJECTION: forcing a failure.
[  698.083387][T16268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  698.103344][T16268] CPU: 0 UID: 0 PID: 16268 Comm: syz.4.2464 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  698.103367][T16268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.103378][T16268] Call Trace:
[  698.103386][T16268]  <TASK>
[  698.103394][T16268]  dump_stack_lvl+0x189/0x250
[  698.103422][T16268]  ? __pfx____ratelimit+0x10/0x10
[  698.103446][T16268]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.103469][T16268]  ? __pfx__printk+0x10/0x10
[  698.103497][T16268]  should_fail_ex+0x414/0x560
[  698.103522][T16268]  _copy_to_user+0x31/0xb0
[  698.103541][T16268]  simple_read_from_buffer+0xe1/0x170
[  698.103564][T16268]  proc_fail_nth_read+0x1df/0x250
[  698.103586][T16268]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  698.103610][T16268]  ? rw_verify_area+0x258/0x650
[  698.103633][T16268]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  698.103655][T16268]  vfs_read+0x1fd/0x980
[  698.103684][T16268]  ? __pfx___mutex_lock+0x10/0x10
[  698.103709][T16268]  ? __pfx_vfs_read+0x10/0x10
[  698.103735][T16268]  ? __fget_files+0x2a/0x420
[  698.103757][T16268]  ? __fget_files+0x3a0/0x420
[  698.103774][T16268]  ? __fget_files+0x2a/0x420
[  698.103801][T16268]  ksys_read+0x145/0x250
[  698.103827][T16268]  ? __pfx_ksys_read+0x10/0x10
[  698.103848][T16268]  ? rcu_is_watching+0x15/0xb0
[  698.103878][T16268]  ? do_syscall_64+0xbe/0x3b0
[  698.103897][T16268]  do_syscall_64+0xfa/0x3b0
[  698.103911][T16268]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.103934][T16268]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.103951][T16268]  ? clear_bhb_loop+0x60/0xb0
[  698.103971][T16268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.103985][T16268] RIP: 0033:0x7fc2bb98d33c
[  698.103999][T16268] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  698.104013][T16268] RSP: 002b:00007fc2b97f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  698.104032][T16268] RAX: ffffffffffffffda RBX: 00007fc2bbbb5fa0 RCX: 00007fc2bb98d33c
[  698.104043][T16268] RDX: 000000000000000f RSI: 00007fc2b97f60a0 RDI: 0000000000000004
[  698.104054][T16268] RBP: 00007fc2b97f6090 R08: 0000000000000000 R09: 0000000000000000
[  698.104065][T16268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  698.104076][T16268] R13: 0000000000000000 R14: 00007fc2bbbb5fa0 R15: 00007fc2bbcdfa28
[  698.104103][T16268]  </TASK>
[  698.340989][    C0] vkms_vblank_simulate: vblank timer overrun
[  698.512815][    T9] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  698.565720][T16274] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 0, id = 0
[  698.622952][T12391] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  698.662693][    T9] usb 4-1: Using ep0 maxpacket: 16
[  698.671949][    T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  698.691762][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.712002][    T9] usb 4-1: Product: syz
[  698.719308][T16276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.738387][    T9] usb 4-1: Manufacturer: syz
[  698.738500][T16276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.761555][    T9] usb 4-1: SerialNumber: syz
[  698.773078][T12391] usb 1-1: Using ep0 maxpacket: 8
[  698.781975][T12391] usb 1-1: config 0 has an invalid interface number: 246 but max is 0
[  698.790431][    T9] r8152-cfgselector 4-1: Unknown version 0x0000
[  698.798454][    T9] r8152-cfgselector 4-1: config 0 descriptor??
[  698.804976][T12391] usb 1-1: config 0 has no interface number 0
[  698.831246][T12391] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  698.842115][T12391] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.850387][T12391] usb 1-1: Product: syz
[  698.854640][T12391] usb 1-1: Manufacturer: syz
[  698.859269][T12391] usb 1-1: SerialNumber: syz
[  698.913463][T12391] usb 1-1: config 0 descriptor??
[  699.089992][T12391] msi2500 1-1:0.246: Registered as swradio24
[  699.135956][T12391] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  699.221339][T12391] usb 1-1: USB disconnect, device number 20
[  699.251659][ T5918] r8152-cfgselector 4-1: USB disconnect, device number 41
[  699.340748][T16286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2468'.
[  699.527578][ T5919] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  699.615741][T16291] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  699.702993][ T5919] usb 2-1: Using ep0 maxpacket: 16
[  699.709786][ T5919] usb 2-1: config 0 has an invalid interface number: 17 but max is 0
[  699.718263][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  699.730072][ T5919] usb 2-1: config 0 has no interface number 0
[  699.739443][ T5919] usb 2-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice=dd.cd
[  699.751611][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.760021][ T5919] usb 2-1: Product: syz
[  699.768870][ T5919] usb 2-1: Manufacturer: syz
[  699.778623][ T5919] usb 2-1: SerialNumber: syz
[  699.789103][T16294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2471'.
[  699.794404][ T5919] usb 2-1: config 0 descriptor??
[  700.009703][ T5919] usb 2-1: Found UVC 0.00 device syz (0408:4034)
[  700.020178][ T5919] usb 2-1: No valid video chain found.
[  700.065633][T16301] FAULT_INJECTION: forcing a failure.
[  700.065633][T16301] name failslab, interval 1, probability 0, space 0, times 0
[  700.080080][T16301] CPU: 1 UID: 0 PID: 16301 Comm: syz.4.2472 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  700.080102][T16301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.080113][T16301] Call Trace:
[  700.080121][T16301]  <TASK>
[  700.080128][T16301]  dump_stack_lvl+0x189/0x250
[  700.080156][T16301]  ? __pfx____ratelimit+0x10/0x10
[  700.080178][T16301]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.080202][T16301]  ? __pfx__printk+0x10/0x10
[  700.080227][T16301]  ? __pfx___might_resched+0x10/0x10
[  700.080250][T16301]  ? fs_reclaim_acquire+0x7d/0x100
[  700.080271][T16301]  should_fail_ex+0x414/0x560
[  700.080295][T16301]  ? page_pool_create_percpu+0x32a/0xbe0
[  700.080315][T16301]  should_failslab+0xa8/0x100
[  700.080334][T16301]  __kvmalloc_node_noprof+0x161/0x5f0
[  700.080351][T16301]  ? page_pool_create_percpu+0x32a/0xbe0
[  700.080377][T16301]  page_pool_create_percpu+0x32a/0xbe0
[  700.080408][T16301]  __veth_napi_enable_range+0x16c/0x6f0
[  700.080439][T16301]  ? __pfx___veth_napi_enable_range+0x10/0x10
[  700.080473][T16301]  ? netif_napi_set_irq_locked+0x20b/0x720
[  700.080500][T16301]  veth_napi_enable_range+0xff/0x200
[  700.080527][T16301]  veth_set_features+0x1c8/0x2a0
[  700.080549][T16301]  __netdev_update_features+0xa43/0x1a20
[  700.080587][T16301]  ? __pfx___netdev_update_features+0x10/0x10
[  700.080609][T16301]  ? __lock_acquire+0xab9/0xd20
[  700.080639][T16301]  ? __might_fault+0xb0/0x130
[  700.080676][T16301]  ethtool_set_one_feature+0x2b4/0x300
[  700.080701][T16301]  ? __pfx_ethtool_set_one_feature+0x10/0x10
[  700.080723][T16301]  ? bpf_lsm_capable+0x9/0x20
[  700.080738][T16301]  ? security_capable+0x7e/0x2e0
[  700.080765][T16301]  dev_ethtool+0x1077/0x1990
[  700.080797][T16301]  ? __pfx_dev_ethtool+0x10/0x10
[  700.080834][T16301]  ? dev_load+0x21/0x1f0
[  700.080852][T16301]  dev_ioctl+0x392/0x1150
[  700.080871][T16301]  sock_do_ioctl+0x22c/0x300
[  700.080895][T16301]  ? __pfx_sock_do_ioctl+0x10/0x10
[  700.080916][T16301]  ? __lock_acquire+0xab9/0xd20
[  700.080950][T16301]  sock_ioctl+0x576/0x790
[  700.080982][T16301]  ? __pfx_sock_ioctl+0x10/0x10
[  700.081004][T16301]  ? __fget_files+0x2a/0x420
[  700.081020][T16301]  ? __fget_files+0x3a0/0x420
[  700.081037][T16301]  ? __fget_files+0x2a/0x420
[  700.081057][T16301]  ? bpf_lsm_file_ioctl+0x9/0x20
[  700.081079][T16301]  ? __pfx_sock_ioctl+0x10/0x10
[  700.081100][T16301]  __se_sys_ioctl+0xfc/0x170
[  700.081126][T16301]  do_syscall_64+0xfa/0x3b0
[  700.081140][T16301]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.081161][T16301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.081176][T16301]  ? clear_bhb_loop+0x60/0xb0
[  700.081198][T16301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.081214][T16301] RIP: 0033:0x7fc2bb98e929
[  700.081230][T16301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.081244][T16301] RSP: 002b:00007fc2b97f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  700.081262][T16301] RAX: ffffffffffffffda RBX: 00007fc2bbbb5fa0 RCX: 00007fc2bb98e929
[  700.081273][T16301] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  700.081284][T16301] RBP: 00007fc2b97f6090 R08: 0000000000000000 R09: 0000000000000000
[  700.081294][T16301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  700.081303][T16301] R13: 0000000000000000 R14: 00007fc2bbbb5fa0 R15: 00007fc2bbcdfa28
[  700.081330][T16301]  </TASK>
[  700.081413][T16301] page_pool_create_percpu() gave up with errno -12
[  700.535033][T16301] veth0_to_team: set_features() failed (-12); wanted 0x0000612e4fdd49e9, left 0x0000612e4fdd09e9
[  700.663552][ T5904] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  700.836047][ T5904] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  700.892762][ T5838] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[  700.932870][ T5904] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  700.956410][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.979929][ T5904] usb 4-1: Product: syz
[  700.984221][ T5904] usb 4-1: Manufacturer: syz
[  700.988982][ T5904] usb 4-1: SerialNumber: syz
[  701.028199][T16315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.045597][T16315] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.046165][    T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  701.232990][    T9] usb 3-1: Using ep0 maxpacket: 16
[  701.247447][ T5904] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 42 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  701.261560][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.272282][    T9] usb 3-1: config 0 has no interfaces?
[  701.280545][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.295136][    T9] usb 3-1: config 0 has no interfaces?
[  701.311034][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.321561][    T9] usb 3-1: config 0 has no interfaces?
[  701.330356][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01
[  701.342151][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[  701.354996][    T9] usb 3-1: Product: syz
[  701.369444][    T9] usb 3-1: Manufacturer: syz
[  701.401552][    T9] usb 3-1: config 0 descriptor??
[  701.506456][T16298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2474'.
[  701.537051][T16298] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2474'.
[  701.588367][    T9] usb 4-1: USB disconnect, device number 42
[  701.605511][    T9] usblp0: removed
[  702.689671][ T5904] usb 2-1: USB disconnect, device number 30
[  702.903336][T16325] fuse: Bad value for 'group_id'
[  702.935110][T16325] fuse: Bad value for 'group_id'
[  703.132788][ T5904] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  703.269516][ T9159] raw-gadget.1 gadget.4: failed to queue disconnect event
[  703.320371][ T5904] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  703.330390][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.367212][ T5904] usb 2-1: Product: syz
[  703.379280][ T5904] usb 2-1: Manufacturer: syz
[  703.433766][ T5904] usb 2-1: SerialNumber: syz
[  703.441025][   T69] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.441128][ T5904] usb 2-1: config 0 descriptor??
[  703.526487][   T69] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.628878][   T69] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.699995][   T69] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.851800][   T69] vlan3: left promiscuous mode
[  703.857379][   T69] bond0: left promiscuous mode
[  703.862585][   T69] bond_slave_0: left promiscuous mode
[  703.868476][   T69] bond_slave_1: left promiscuous mode
[  703.874481][   T69] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  703.883393][   T69] bridge0: port 3(vlan3) entered disabled state
[  703.894316][   T69] bridge_slave_1: left allmulticast mode
[  703.899974][   T69] bridge_slave_1: left promiscuous mode
[  703.913608][   T69] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.922364][   T69] bridge_slave_0: left allmulticast mode
[  703.928404][   T69] bridge_slave_0: left promiscuous mode
[  703.934628][   T69] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.239179][   T69] team0: Port device geneve0 removed
[  704.607112][ T5904] usb 3-1: USB disconnect, device number 28
[  704.816418][   T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.825649][   T69] bond_slave_0: left allmulticast mode
[  704.837125][   T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.846160][   T69] bond_slave_1: left allmulticast mode
[  704.859877][   T69] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  704.882415][   T69] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  704.898522][   T69] bond0 (unregistering): Released all slaves
[  704.913303][   T69] bond1 (unregistering): Released all slaves
[  704.930076][T16349] fuse: Bad value for 'fd'
[  705.051356][T16326] Bluetooth: hci4: command 0x0405 tx timeout
[  705.283145][T16326] Bluetooth: hci1: command 0x0c1a tx timeout
[  705.283275][T16325] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  705.711988][T16325] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  705.730176][T16323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  705.746634][T16323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.767081][T16326] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  705.797892][T16326] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  705.811307][T16326] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  705.820470][    T9] usb 2-1: USB disconnect, device number 31
[  705.828000][T16326] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  705.853799][T16326] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  705.963672][ T5904] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  706.028175][T16371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2485'.
[  706.133604][ T5918] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  706.152079][T16373] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  706.158621][T16373] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  706.201262][ T5904] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  706.230277][T16373] vhci_hcd vhci_hcd.0: Device attached
[  706.250798][ T5904] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  706.280033][T16377] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[  706.286572][T16377] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  706.295810][ T5904] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  706.296641][ T5918] usb 4-1: Using ep0 maxpacket: 32
[  706.305165][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  706.326368][ T5904] usb 1-1: SerialNumber: syz
[  706.341486][ T5918] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  706.351622][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.362192][ T5918] usb 4-1: Product: syz
[  706.367083][ T5918] usb 4-1: Manufacturer: syz
[  706.375345][ T5918] usb 4-1: SerialNumber: syz
[  706.381410][T16377] vhci_hcd vhci_hcd.0: Device attached
[  706.396522][ T5918] usb 4-1: config 0 descriptor??
[  706.412735][   T24] vhci_hcd: vhci_device speed not set
[  706.423462][T16373] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  706.509113][T16373] sg_write: data in/out 37998/14 bytes for SCSI command 0x0-- guessing data in;
[  706.509113][T16373]    program syz.1.2485 not setting count and/or reply_len properly
[  706.512829][   T24] usb 35-1: new full-speed USB device number 3 using vhci_hcd
[  706.542917][T16377] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(13)
[  706.549529][T16377] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  706.560466][ T5904] usb 1-1: 0:2 : does not exist
[  706.680104][ T5904] usb 1-1: USB disconnect, device number 21
[  706.739940][T16377] vhci_hcd vhci_hcd.0: Device attached
[  706.884094][T16389] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2486'.
[  706.955712][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  707.023908][T16382] vhci_hcd: connection closed
[  707.024181][T16379] vhci_hcd: connection closed
[  707.029065][T16374] vhci_hcd: connection reset by peer
[  707.039556][T10141] vhci_hcd: stop threads
[  707.048603][T10141] vhci_hcd: release socket
[  707.086622][T10141] vhci_hcd: disconnect device
[  707.139886][T16371] hsr_slave_0 (unregistering): left promiscuous mode
[  707.231036][T10141] vhci_hcd: stop threads
[  707.251078][T10141] vhci_hcd: release socket
[  707.277173][T10141] vhci_hcd: disconnect device
[  707.282253][T10141] vhci_hcd: stop threads
[  707.292742][T10141] vhci_hcd: release socket
[  707.313476][T10141] vhci_hcd: disconnect device
[  707.363255][T16326] Bluetooth: hci4: command 0x0405 tx timeout
[  707.582848][ T5918] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  707.606237][ T5918] peak_usb 4-1:0.0 can0: sending command failure: -22
[  707.637017][ T5918] peak_usb 4-1:0.0 can0: sending command failure: -22
[  707.787675][   T69] IPVS: stopping backup sync thread 16274 ...
[  707.844867][ T5918] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22
[  707.886212][ T5918] usb 4-1: USB disconnect, device number 43
[  707.912719][ T5904] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  707.922735][T16326] Bluetooth: hci2: command tx timeout
[  708.018508][T16368] chnl_net:caif_netlink_parms(): no params data found
[  708.064658][ T5904] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  708.086112][ T5904] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  708.106788][ T5904] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  708.117004][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.125206][ T5904] usb 2-1: Product: syz
[  708.150099][ T5904] usb 2-1: Manufacturer: syz
[  708.157849][ T5904] usb 2-1: SerialNumber: syz
[  708.649829][T16420] libceph: resolve '.
[  708.649829][T16420] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  708.649829][T16420] ' (ret=-3): failed
[  708.870411][T16368] bridge0: port 1(bridge_slave_0) entered blocking state
[  709.099317][T16368] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.126006][T16368] bridge_slave_0: entered allmulticast mode
[  709.154671][T16368] bridge_slave_0: entered promiscuous mode
[  709.193999][T16368] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.216962][T16368] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.464633][ T5919] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  709.702950][ T5919] usb 3-1: Using ep0 maxpacket: 16
[  709.737808][T16368] bridge_slave_1: entered allmulticast mode
[  709.763945][ T5919] usb 3-1: config 0 has an invalid interface number: 17 but max is 0
[  709.806689][ T5919] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  709.821897][T16368] bridge_slave_1: entered promiscuous mode
[  709.828299][ T5919] usb 3-1: config 0 has no interface number 0
[  709.838781][ T5919] usb 3-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice=dd.cd
[  709.855892][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.878445][   T69] hsr_slave_0: left promiscuous mode
[  709.894149][   T69] hsr_slave_1: left promiscuous mode
[  709.900285][   T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  709.911316][ T5919] usb 3-1: Product: syz
[  709.913530][   T69] batman_adv: batadv0: Removing interface: batadv_slave_0
[  709.948878][ T5919] usb 3-1: Manufacturer: syz
[  709.967606][   T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  709.986980][   T69] batman_adv: batadv0: Removing interface: batadv_slave_1
[  710.002784][T16326] Bluetooth: hci2: command tx timeout
[  710.032593][ T5919] usb 3-1: SerialNumber: syz
[  710.050015][   T69] veth1_vlan: left promiscuous mode
[  710.064965][   T69] veth0_vlan: left promiscuous mode
[  710.112029][ T5919] usb 3-1: config 0 descriptor??
[  710.357866][ T5919] usb 3-1: Found UVC 0.00 device syz (0408:4034)
[  710.365844][ T5919] usb 3-1: No valid video chain found.
[  710.788708][ T5904] usb 2-1: 0:2 : does not exist
[  710.820194][ T5904] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  710.908897][ T5904] usb 2-1: USB disconnect, device number 32
[  711.082467][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  711.802975][ T5904] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  711.832814][   T24] vhci_hcd: vhci_device speed not set
[  711.956039][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  711.967564][ T5904] usb 1-1: config 0 has no interfaces?
[  711.984506][ T5904] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  712.036423][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.086202][T16326] Bluetooth: hci2: command tx timeout
[  712.112315][ T5904] usb 1-1: config 0 descriptor??
[  712.419621][T16458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2493'.
[  713.222910][T12391] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  713.382742][T12391] usb 4-1: Using ep0 maxpacket: 16
[  713.389583][T12391] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  713.401638][T12391] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  713.414821][T12391] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  713.425786][T12391] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.435071][T12391] usb 4-1: Product: syz
[  713.439253][T12391] usb 4-1: Manufacturer: syz
[  713.445740][T12391] usb 4-1: SerialNumber: syz
[  713.453604][T12391] usb 4-1: config 0 descriptor??
[  713.467811][T12391] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  713.477627][T12391] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  714.069403][T12391] em28xx 4-1:0.0: chip ID is em28178
[  714.172996][T16326] Bluetooth: hci2: command tx timeout
[  714.273797][ T5904] usb 4-1: USB disconnect, device number 44
[  714.280493][ T5904] em28xx 4-1:0.0: Disconnecting em28xx
[  714.291567][ T5904] em28xx 4-1:0.0: Freeing device
[  715.295194][T16474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2497'.
[  724.366484][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  724.376710][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  724.390270][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  724.399468][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  724.408889][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  726.398276][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  726.407445][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  726.416975][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  726.427996][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  726.436676][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  726.496057][T16326] Bluetooth: hci5: command tx timeout
[  727.416615][ T5838] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  727.426302][ T5838] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  727.436306][ T5838] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  727.446062][ T5838] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  727.455655][ T5838] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  728.492825][ T5838] Bluetooth: hci6: command tx timeout
[  728.573010][ T5838] Bluetooth: hci5: command tx timeout
[  729.522982][ T5838] Bluetooth: hci7: command tx timeout
[  730.410817][T16326] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  730.419486][T16326] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  730.428511][T16326] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  730.438844][T16326] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  730.447633][T16326] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  730.562888][T16326] Bluetooth: hci6: command tx timeout
[  730.642752][T16326] Bluetooth: hci5: command tx timeout
[  731.612950][T16326] Bluetooth: hci7: command tx timeout
[  732.492928][T16326] Bluetooth: hci8: command tx timeout
[  732.653384][T16326] Bluetooth: hci6: command tx timeout
[  732.722723][T16326] Bluetooth: hci5: command tx timeout
[  733.682737][T16326] Bluetooth: hci7: command tx timeout
[  734.562786][T16326] Bluetooth: hci8: command tx timeout
[  734.722860][T16326] Bluetooth: hci6: command tx timeout
[  735.762844][T16326] Bluetooth: hci7: command tx timeout
[  736.643793][T16326] Bluetooth: hci8: command tx timeout
[  738.723495][T16326] Bluetooth: hci8: command tx timeout
[  747.126363][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.135143][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  762.866568][ T5838] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  762.878280][ T5838] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  762.887286][ T5838] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  762.895852][ T5838] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  762.906233][ T5838] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  764.963614][ T5838] Bluetooth: hci9: command tx timeout
[  767.043222][ T5838] Bluetooth: hci9: command tx timeout
[  769.123212][ T5838] Bluetooth: hci9: command tx timeout
[  771.202822][ T5838] Bluetooth: hci9: command tx timeout
[  784.385596][T16326] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  784.395284][T16326] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  784.404370][T16326] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  784.414757][T16326] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  784.422738][T16326] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  786.390197][T16326] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  786.401160][T16326] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  786.409992][T16326] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  786.420400][T16326] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  786.428860][T16326] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  786.483004][ T5838] Bluetooth: hci10: command tx timeout
[  787.386335][T16326] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  787.396730][T16326] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  787.405338][T16326] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  787.417592][T16326] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  787.426510][T16326] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  788.494529][ T5838] Bluetooth: hci11: command tx timeout
[  788.563320][ T5838] Bluetooth: hci10: command tx timeout
[  789.523129][ T5838] Bluetooth: hci12: command tx timeout
[  790.572718][ T5838] Bluetooth: hci11: command tx timeout
[  790.643151][ T5838] Bluetooth: hci10: command tx timeout
[  790.903814][T16326] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  790.917414][T16326] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  790.926435][T16326] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  790.939615][T16326] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  790.948400][T16326] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  791.602895][ T5838] Bluetooth: hci12: command tx timeout
[  792.642863][ T5838] Bluetooth: hci11: command tx timeout
[  792.723361][ T5838] Bluetooth: hci10: command tx timeout
[  792.965758][ T5838] Bluetooth: hci13: command tx timeout
[  793.683091][ T5838] Bluetooth: hci12: command tx timeout
[  794.723092][ T5838] Bluetooth: hci11: command tx timeout
[  795.043096][ T5838] Bluetooth: hci13: command tx timeout
[  795.763049][ T5838] Bluetooth: hci12: command tx timeout
[  797.122722][ T5838] Bluetooth: hci13: command tx timeout
[  799.202878][ T5838] Bluetooth: hci13: command tx timeout
[  808.566507][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.572967][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  822.936262][T16326] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  822.945903][T16326] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  822.955103][T16326] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  822.966167][T16326] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  822.974592][T16326] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  825.043042][ T5838] Bluetooth: hci14: command tx timeout
[  827.122990][ T5838] Bluetooth: hci14: command tx timeout
[  829.212659][ T5838] Bluetooth: hci14: command tx timeout
[  831.122966][ T5838] Bluetooth: hci2: command 0x0406 tx timeout
[  831.282730][T16326] Bluetooth: hci14: command tx timeout
[  844.951927][ T5838] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  844.963238][ T5838] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  844.973452][ T5838] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  844.981594][ T5838] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  844.994502][ T5838] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  846.957398][ T5838] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  846.968569][ T5838] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  846.978182][ T5838] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  846.987537][ T5838] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  846.996832][ T5838] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  847.042927][T16326] Bluetooth: hci15: command tx timeout
[  847.482220][ T5838] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  847.491657][ T5838] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  847.500051][ T5838] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  847.508819][ T5838] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  847.518206][ T5838] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  849.042923][T16326] Bluetooth: hci16: command tx timeout
[  849.123006][T16326] Bluetooth: hci15: command tx timeout
[  849.602672][T16527] Bluetooth: hci17: command tx timeout
[  850.989773][T16526] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  850.998592][T16526] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  851.007474][T16526] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  851.017100][T16526] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  851.026341][T16526] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  851.132759][T16527] Bluetooth: hci16: command tx timeout
[  851.202998][T16527] Bluetooth: hci15: command tx timeout
[  851.603146][T16527] Bluetooth: hci5: command 0x0406 tx timeout
[  851.603162][T16526] Bluetooth: hci6: command 0x0406 tx timeout
[  851.609221][T16527] Bluetooth: hci7: command 0x0406 tx timeout
[  851.682748][T16326] Bluetooth: hci17: command tx timeout
[  853.122674][T16326] Bluetooth: hci18: command tx timeout
[  853.202626][T16326] Bluetooth: hci16: command tx timeout
[  853.282662][T16326] Bluetooth: hci15: command tx timeout
[  853.762764][T16326] Bluetooth: hci17: command tx timeout
[  855.203055][   T51] Bluetooth: hci18: command tx timeout
[  855.283869][   T51] Bluetooth: hci16: command tx timeout
[  855.842900][   T51] Bluetooth: hci17: command tx timeout
[  856.722742][   T51] Bluetooth: hci8: command 0x0406 tx timeout
[  857.282809][T16326] Bluetooth: hci18: command tx timeout
[  859.363029][T16326] Bluetooth: hci18: command tx timeout
[  862.963612][   T31] INFO: task kworker/1:2:92 blocked for more than 143 seconds.
[  862.971205][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  862.977333][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  862.986092][   T31] task:kworker/1:2     state:D stack:19784 pid:92    tgid:92    ppid:2      task_flags:0x4208060 flags:0x00004000
[  862.998359][   T31] Workqueue: events switchdev_deferred_process_work
[  863.005003][   T31] Call Trace:
[  863.008288][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  863.011219][   T31]  __schedule+0x16f5/0x4d00
[  863.015925][   T31]  ? schedule+0x165/0x360
[  863.020588][   T31]  ? __pfx___schedule+0x10/0x10
[  863.025794][   T31]  ? schedule+0x91/0x360
[  863.030066][   T31]  schedule+0x165/0x360
[  863.034335][   T31]  schedule_preempt_disabled+0x13/0x30
[  863.039812][   T31]  __mutex_lock+0x724/0xe80
[  863.044652][   T31]  ? __mutex_lock+0x51b/0xe80
[  863.049503][   T31]  ? switchdev_deferred_process_work+0xe/0x20
[  863.055845][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  863.060906][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  863.067936][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  863.076360][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  863.082115][   T31]  switchdev_deferred_process_work+0xe/0x20
[  863.088987][   T31]  process_scheduled_works+0xae1/0x17b0
[  863.097362][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  863.104213][   T31]  worker_thread+0x8a0/0xda0
[  863.108849][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  863.118205][   T31]  ? __kthread_parkme+0x7b/0x200
[  863.124216][   T31]  kthread+0x70e/0x8a0
[  863.128323][   T31]  ? __pfx_worker_thread+0x10/0x10
[  863.133891][   T31]  ? __pfx_kthread+0x10/0x10
[  863.138508][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  863.144389][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  863.149613][   T31]  ? __pfx_kthread+0x10/0x10
[  863.154570][   T31]  ret_from_fork+0x3fc/0x770
[  863.159190][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  863.165722][   T31]  ? __switch_to_asm+0x39/0x70
[  863.170510][   T31]  ? __switch_to_asm+0x33/0x70
[  863.177469][   T31]  ? __pfx_kthread+0x10/0x10
[  863.182090][   T31]  ret_from_fork_asm+0x1a/0x30
[  863.188024][   T31]  </TASK>
[  863.191180][   T31] INFO: task dhcpcd:5496 blocked for more than 143 seconds.
[  863.198916][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  863.205311][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  863.214245][   T31] task:dhcpcd          state:D stack:21384 pid:5496  tgid:5496  ppid:5495   task_flags:0x400140 flags:0x00004002
[  863.226468][   T31] Call Trace:
[  863.229764][   T31]  <TASK>
[  863.233347][   T31]  __schedule+0x16f5/0x4d00
[  863.237948][   T31]  ? schedule+0x165/0x360
[  863.242345][   T31]  ? __pfx___schedule+0x10/0x10
[  863.247563][   T31]  ? schedule+0x91/0x360
[  863.252238][   T31]  schedule+0x165/0x360
[  863.256689][   T31]  schedule_preempt_disabled+0x13/0x30
[  863.301107][   T31]  __mutex_lock+0x724/0xe80
[  863.308800][   T31]  ? __mutex_lock+0x51b/0xe80
[  863.323057][   T31]  ? devinet_ioctl+0x323/0x1b50
[  863.329643][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  863.335239][   T31]  ? bpf_lsm_capable+0x9/0x20
[  863.340045][   T31]  ? security_capable+0x7e/0x2e0
[  863.345718][   T31]  devinet_ioctl+0x323/0x1b50
[  863.350414][   T31]  ? __pfx_devinet_ioctl+0x10/0x10
[  863.355624][   T31]  ? get_user_ifreq+0x12c/0x180
[  863.360495][   T31]  inet_ioctl+0x3c0/0x4c0
[  863.365068][   T31]  ? __pfx_inet_ioctl+0x10/0x10
[  863.369958][   T31]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  863.376051][   T31]  sock_do_ioctl+0xdc/0x300
[  863.380589][   T31]  ? __pfx_sock_do_ioctl+0x10/0x10
[  863.385828][   T31]  ? __lock_acquire+0xab9/0xd20
[  863.390721][   T31]  sock_ioctl+0x576/0x790
[  863.395379][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  863.400286][   T31]  ? fd_install+0x30d/0x540
[  863.404841][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  863.409795][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  863.416316][   T31]  __se_sys_ioctl+0xfc/0x170
[  863.420926][   T31]  do_syscall_64+0xfa/0x3b0
[  863.426284][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.432362][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  863.440066][   T31]  ? clear_bhb_loop+0x60/0xb0
[  863.445814][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.451715][   T31] RIP: 0033:0x7f23961b3378
[  863.458344][   T31] RSP: 002b:00007ffea33a8b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  863.467447][   T31] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00007f23961b3378
[  863.477517][   T31] RDX: 00007ffea33b8d30 RSI: 0000000000008914 RDI: 0000000000000016
[  863.486418][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  863.497513][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea33c8ed0
[  863.507054][   T31] R13: 00007f23960b36c8 R14: 0000000000000028 R15: 0000000000008914
[  863.517226][   T31]  </TASK>
[  863.520359][   T31] INFO: task kworker/u8:5:10136 blocked for more than 143 seconds.
[  863.528369][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  863.534442][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  863.546944][   T31] task:kworker/u8:5    state:D stack:21160 pid:10136 tgid:10136 ppid:2      task_flags:0x4208060 flags:0x00004000
[  863.559036][   T31] Workqueue: events_unbound linkwatch_event
[  863.564969][   T31] Call Trace:
[  863.568260][   T31]  <TASK>
[  863.571206][   T31]  __schedule+0x16f5/0x4d00
[  863.576060][   T31]  ? schedule+0x165/0x360
[  863.580425][   T31]  ? __pfx___schedule+0x10/0x10
[  863.585409][   T31]  ? schedule+0x91/0x360
[  863.589668][   T31]  schedule+0x165/0x360
[  863.593908][   T31]  schedule_preempt_disabled+0x13/0x30
[  863.599380][   T31]  __mutex_lock+0x724/0xe80
[  863.604228][   T31]  ? __mutex_lock+0x51b/0xe80
[  863.608941][   T31]  ? linkwatch_event+0xe/0x60
[  863.613748][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  863.618812][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  863.624104][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  863.629856][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  863.635856][   T31]  linkwatch_event+0xe/0x60
[  863.640377][   T31]  process_scheduled_works+0xae1/0x17b0
[  863.645988][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  863.652012][   T31]  worker_thread+0x8a0/0xda0
[  863.656746][   T31]  kthread+0x70e/0x8a0
[  863.660836][   T31]  ? __pfx_worker_thread+0x10/0x10
[  863.666285][   T31]  ? __pfx_kthread+0x10/0x10
[  863.670897][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  863.676191][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  863.681424][   T31]  ? __pfx_kthread+0x10/0x10
[  863.686076][   T31]  ret_from_fork+0x3fc/0x770
[  863.690681][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  863.696080][   T31]  ? __switch_to_asm+0x39/0x70
[  863.700859][   T31]  ? __switch_to_asm+0x33/0x70
[  863.705765][   T31]  ? __pfx_kthread+0x10/0x10
[  863.710383][   T31]  ret_from_fork_asm+0x1a/0x30
[  863.715297][   T31]  </TASK>
[  863.718351][   T31] INFO: task syz-executor:16368 blocked for more than 144 seconds.
[  863.726538][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  863.732442][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  863.741158][   T31] task:syz-executor    state:D stack:21720 pid:16368 tgid:16368 ppid:1      task_flags:0x400140 flags:0x00004004
[  863.753467][   T31] Call Trace:
[  863.756772][   T31]  <TASK>
[  863.759720][   T31]  __schedule+0x16f5/0x4d00
[  863.764743][   T31]  ? __lock_acquire+0xa90/0xd20
[  863.769612][   T31]  ? schedule+0x165/0x360
[  863.773989][   T31]  ? __pfx___schedule+0x10/0x10
[  863.778858][   T31]  ? schedule+0x91/0x360
[  863.783440][   T31]  schedule+0x165/0x360
[  863.787622][   T31]  schedule_preempt_disabled+0x13/0x30
[  863.793136][   T31]  __mutex_lock+0x724/0xe80
[  863.797658][   T31]  ? __mutex_lock+0x51b/0xe80
[  863.802363][   T31]  ? rtnl_newlink+0x8db/0x1c70
[  863.807176][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  863.812308][   T31]  ? ns_capable+0x8a/0xf0
[  863.816913][   T31]  ? rtnl_link_get_net_capable+0x16a/0x350
[  863.822833][   T31]  rtnl_newlink+0x8db/0x1c70
[  863.827454][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  863.832486][   T31]  ? __lock_acquire+0xab9/0xd20
[  863.837459][   T31]  ? __lock_acquire+0xab9/0xd20
[  863.842342][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  863.847620][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  863.852607][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  863.857727][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  863.863307][   T31]  netlink_rcv_skb+0x208/0x470
[  863.868102][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  863.873879][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  863.879198][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  863.884454][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  863.889665][   T31]  netlink_unicast+0x75b/0x8d0
[  863.894484][   T31]  netlink_sendmsg+0x805/0xb30
[  863.899275][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.904894][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  863.909857][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  863.915197][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.920499][   T31]  __sock_sendmsg+0x21c/0x270
[  863.925234][   T31]  __sys_sendto+0x3bd/0x520
[  863.929749][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  863.937228][   T31]  ? blkcg_maybe_throttle_current+0x1ab/0xb40
[  863.943461][   T31]  ? rcu_is_watching+0x15/0xb0
[  863.948245][   T31]  __x64_sys_sendto+0xde/0x100
[  863.956769][   T31]  do_syscall_64+0xfa/0x3b0
[  863.961277][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  863.966755][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.972979][   T31]  ? clear_bhb_loop+0x60/0xb0
[  863.977681][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.983666][   T31] RIP: 0033:0x7eff96f907bc
[  863.988087][   T31] RSP: 002b:00007eff972df650 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  863.996740][   T31] RAX: ffffffffffffffda RBX: 00007eff97ce4620 RCX: 00007eff96f907bc
[  864.004760][   T31] RDX: 0000000000000068 RSI: 00007eff97ce4670 RDI: 0000000000000003
[  864.012763][   T31] RBP: 0000000000000000 R08: 00007eff972df6a4 R09: 000000000000000c
[  864.020739][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  864.029053][   T31] R13: 0000000000000000 R14: 00007eff97ce4670 R15: 0000000000000000
[  864.039492][   T31]  </TASK>
[  864.042573][   T31] INFO: task syz.2.2490:16429 blocked for more than 144 seconds.
[  864.051287][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  864.057617][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  864.066439][   T31] task:syz.2.2490      state:D stack:27496 pid:16429 tgid:16428 ppid:5844   task_flags:0x400140 flags:0x00004004
[  864.078406][   T31] Call Trace:
[  864.081694][   T31]  <TASK>
[  864.085247][   T31]  __schedule+0x16f5/0x4d00
[  864.089989][   T31]  ? schedule+0x165/0x360
[  864.094393][   T31]  ? __pfx___schedule+0x10/0x10
[  864.099262][   T31]  ? schedule+0x91/0x360
[  864.103575][   T31]  schedule+0x165/0x360
[  864.107748][   T31]  schedule_preempt_disabled+0x13/0x30
[  864.113487][   T31]  __mutex_lock+0x724/0xe80
[  864.118013][   T31]  ? nlmon_xmit+0xb0/0x100
[  864.122439][   T31]  ? __mutex_lock+0x51b/0xe80
[  864.127154][   T31]  ? inet_rtm_newroute+0x109/0x210
[  864.132287][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  864.137349][   T31]  ? rtm_to_fib_config+0x1086/0x13c0
[  864.142959][   T31]  inet_rtm_newroute+0x109/0x210
[  864.147915][   T31]  ? __lock_acquire+0xab9/0xd20
[  864.152855][   T31]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  864.158377][   T31]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  864.163899][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  864.168857][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  864.177244][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  864.182949][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  864.188006][   T31]  ? __copy_skb_header+0xa7/0x550
[  864.195538][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  864.200998][   T31]  netlink_rcv_skb+0x208/0x470
[  864.206048][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  864.211538][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  864.219539][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  864.224885][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  864.230101][   T31]  netlink_unicast+0x75b/0x8d0
[  864.237662][   T31]  netlink_sendmsg+0x805/0xb30
[  864.242446][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.248381][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  864.253505][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  864.258817][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.264440][   T31]  __sock_sendmsg+0x21c/0x270
[  864.269140][   T31]  ____sys_sendmsg+0x505/0x830
[  864.273999][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.279313][   T31]  ? import_iovec+0x74/0xa0
[  864.284827][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  864.289545][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  864.295073][   T31]  ? __fget_files+0x2a/0x420
[  864.299673][   T31]  ? __fget_files+0x3a0/0x420
[  864.307233][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  864.312185][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  864.317687][   T31]  ? rcu_is_watching+0x15/0xb0
[  864.322472][   T31]  ? do_syscall_64+0xbe/0x3b0
[  864.327407][   T31]  do_syscall_64+0xfa/0x3b0
[  864.331926][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  864.337163][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.343322][   T31]  ? clear_bhb_loop+0x60/0xb0
[  864.348011][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.354192][   T31] RIP: 0033:0x7fd2bf38e929
[  864.358624][   T31] RSP: 002b:00007fd2c01cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  864.367306][   T31] RAX: ffffffffffffffda RBX: 00007fd2bf5b5fa0 RCX: 00007fd2bf38e929
[  864.375320][   T31] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  864.383556][   T31] RBP: 00007fd2bf410b39 R08: 0000000000000000 R09: 0000000000000000
[  864.391549][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  864.399605][   T31] R13: 0000000000000000 R14: 00007fd2bf5b5fa0 R15: 00007fd2bf6dfa28
[  864.407794][   T31]  </TASK>
[  864.410893][   T31] INFO: task syz.1.2492:16455 blocked for more than 144 seconds.
[  864.418851][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  864.424799][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  864.434557][   T31] task:syz.1.2492      state:D stack:28904 pid:16455 tgid:16446 ppid:5846   task_flags:0x400040 flags:0x00004004
[  864.446714][   T31] Call Trace:
[  864.449993][   T31]  <TASK>
[  864.452981][   T31]  __schedule+0x16f5/0x4d00
[  864.457528][   T31]  ? schedule+0x165/0x360
[  864.461861][   T31]  ? __pfx___schedule+0x10/0x10
[  864.466777][   T31]  ? schedule+0x91/0x360
[  864.471033][   T31]  schedule+0x165/0x360
[  864.475464][   T31]  schedule_preempt_disabled+0x13/0x30
[  864.481098][   T31]  __mutex_lock+0x724/0xe80
[  864.486165][   T31]  ? __mutex_lock+0x51b/0xe80
[  864.490858][   T31]  ? vlan_ioctl_handler+0xd0/0x650
[  864.496038][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  864.501108][   T31]  vlan_ioctl_handler+0xd0/0x650
[  864.506315][   T31]  ? __pfx_vlan_ioctl_handler+0x10/0x10
[  864.511884][   T31]  ? __lock_acquire+0xab9/0xd20
[  864.516816][   T31]  ? __pfx_vlan_ioctl_handler+0x10/0x10
[  864.522381][   T31]  sock_ioctl+0x60d/0x790
[  864.526997][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  864.531876][   T31]  ? __fget_files+0x2a/0x420
[  864.536721][   T31]  ? __fget_files+0x3a0/0x420
[  864.541417][   T31]  ? __fget_files+0x2a/0x420
[  864.546041][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  864.551006][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  864.555904][   T31]  __se_sys_ioctl+0xfc/0x170
[  864.560520][   T31]  do_syscall_64+0xfa/0x3b0
[  864.565276][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  864.570497][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.576598][   T31]  ? clear_bhb_loop+0x60/0xb0
[  864.581286][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.587212][   T31] RIP: 0033:0x7fde2e78e929
[  864.591635][   T31] RSP: 002b:00007fde2f5f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  864.600299][   T31] RAX: ffffffffffffffda RBX: 00007fde2e9b6240 RCX: 00007fde2e78e929
[  864.608327][   T31] RDX: 0000200000000140 RSI: 0000000000008982 RDI: 0000000000000003
[  864.616374][   T31] RBP: 00007fde2e810b39 R08: 0000000000000000 R09: 0000000000000000
[  864.624533][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  864.632497][   T31] R13: 0000000000000001 R14: 00007fde2e9b6240 R15: 00007fde2eadfa28
[  864.640541][   T31]  </TASK>
[  864.643650][   T31] INFO: task syz.1.2492:16457 blocked for more than 145 seconds.
[  864.651378][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  864.657891][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  864.666835][   T31] task:syz.1.2492      state:D stack:26136 pid:16457 tgid:16446 ppid:5846   task_flags:0x400140 flags:0x00004004
[  864.679097][   T31] Call Trace:
[  864.682395][   T31]  <TASK>
[  864.685610][   T31]  __schedule+0x16f5/0x4d00
[  864.690144][   T31]  ? schedule+0x165/0x360
[  864.694725][   T31]  ? __pfx___schedule+0x10/0x10
[  864.699588][   T31]  ? schedule+0x91/0x360
[  864.704162][   T31]  schedule+0x165/0x360
[  864.708365][   T31]  schedule_preempt_disabled+0x13/0x30
[  864.714409][   T31]  __mutex_lock+0x724/0xe80
[  864.718935][   T31]  ? __mutex_lock+0x51b/0xe80
[  864.724023][   T31]  ? sock_ioctl+0x5ee/0x790
[  864.728575][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  864.734785][   T31]  ? __lock_acquire+0xab9/0xd20
[  864.739657][   T31]  sock_ioctl+0x5ee/0x790
[  864.744551][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  864.749434][   T31]  ? __fget_files+0x2a/0x420
[  864.754387][   T31]  ? __fget_files+0x3a0/0x420
[  864.759086][   T31]  ? __fget_files+0x2a/0x420
[  864.763987][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  864.769404][   T31]  ? __pfx_sock_ioctl+0x10/0x10
[  864.774771][   T31]  __se_sys_ioctl+0xfc/0x170
[  864.779376][   T31]  do_syscall_64+0xfa/0x3b0
[  864.784047][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.790133][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  864.796766][   T31]  ? clear_bhb_loop+0x60/0xb0
[  864.801453][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.807711][   T31] RIP: 0033:0x7fde2e78e929
[  864.812137][   T31] RSP: 002b:00007fde2f5d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  864.820603][   T31] RAX: ffffffffffffffda RBX: 00007fde2e9b6320 RCX: 00007fde2e78e929
[  864.828612][   T31] RDX: 0000200000000540 RSI: 0000000000008983 RDI: 0000000000000008
[  864.836862][   T31] RBP: 00007fde2e810b39 R08: 0000000000000000 R09: 0000000000000000
[  864.844888][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  864.852903][   T31] R13: 0000000000000000 R14: 00007fde2e9b6320 R15: 00007fde2eadfa28
[  864.860894][   T31]  </TASK>
[  864.864256][   T31] INFO: task syz.0.2493:16458 blocked for more than 145 seconds.
[  864.871982][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  864.877907][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  864.886679][   T31] task:syz.0.2493      state:D stack:25544 pid:16458 tgid:16450 ppid:5848   task_flags:0x400140 flags:0x00004006
[  864.898864][   T31] Call Trace:
[  864.902156][   T31]  <TASK>
[  864.905159][   T31]  __schedule+0x16f5/0x4d00
[  864.909702][   T31]  ? schedule+0x165/0x360
[  864.914102][   T31]  ? __pfx___schedule+0x10/0x10
[  864.918988][   T31]  ? schedule+0x91/0x360
[  864.923745][   T31]  schedule+0x165/0x360
[  864.927922][   T31]  schedule_preempt_disabled+0x13/0x30
[  864.934514][   T31]  __mutex_lock+0x724/0xe80
[  864.939049][   T31]  ? __mutex_lock+0x51b/0xe80
[  864.944117][   T31]  ? rtnl_dellink+0x331/0x710
[  864.948820][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  864.954432][   T31]  ? dev_hard_start_xmit+0x2d7/0x830
[  864.959731][   T31]  ? netlink_deliver_tap+0x19c/0x1b0
[  864.965054][   T31]  ? netlink_unicast+0x72f/0x8d0
[  864.970010][   T31]  ? do_syscall_64+0xfa/0x3b0
[  864.974722][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.980810][   T31]  ? __nla_parse+0x40/0x60
[  864.985517][   T31]  rtnl_dellink+0x331/0x710
[  864.990037][   T31]  ? __pfx_rtnl_dellink+0x10/0x10
[  864.995109][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  865.000422][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  865.005740][   T31]  ? __pfx_rtnl_dellink+0x10/0x10
[  865.010783][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  865.015979][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  865.021111][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  865.026619][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  865.031659][   T31]  ? __copy_skb_header+0xa7/0x550
[  865.039635][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  865.046336][   T31]  netlink_rcv_skb+0x208/0x470
[  865.051109][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  865.058608][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  865.064040][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  865.069265][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  865.074801][   T31]  netlink_unicast+0x75b/0x8d0
[  865.079581][   T31]  netlink_sendmsg+0x805/0xb30
[  865.084391][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.089683][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  865.094666][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  865.099968][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.105520][   T31]  __sock_sendmsg+0x21c/0x270
[  865.110207][   T31]  ____sys_sendmsg+0x505/0x830
[  865.115030][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.120343][   T31]  ? import_iovec+0x74/0xa0
[  865.126530][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  865.131271][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.138122][   T31]  ? __fget_files+0x2a/0x420
[  865.144972][   T31]  ? __fget_files+0x3a0/0x420
[  865.149685][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  865.154739][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  865.160216][   T31]  ? rcu_is_watching+0x15/0xb0
[  865.166227][   T31]  ? do_syscall_64+0xbe/0x3b0
[  865.170922][   T31]  do_syscall_64+0xfa/0x3b0
[  865.177242][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.184423][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  865.190583][   T31]  ? clear_bhb_loop+0x60/0xb0
[  865.197025][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.204024][   T31] RIP: 0033:0x7fc84dd8e929
[  865.208460][   T31] RSP: 002b:00007fc84eba2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  865.218484][   T31] RAX: ffffffffffffffda RBX: 00007fc84dfb6240 RCX: 00007fc84dd8e929
[  865.227750][   T31] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000c
[  865.237486][   T31] RBP: 00007fc84de10b39 R08: 0000000000000000 R09: 0000000000000000
[  865.246566][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  865.257072][   T31] R13: 0000000000000000 R14: 00007fc84dfb6240 R15: 00007fc84e0dfa28
[  865.266263][   T31]  </TASK>
[  865.269303][   T31] INFO: task syz.3.2497:16474 blocked for more than 145 seconds.
[  865.279928][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  865.287201][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  865.297408][   T31] task:syz.3.2497      state:D stack:25032 pid:16474 tgid:16470 ppid:5847   task_flags:0x400140 flags:0x00004004
[  865.310425][   T31] Call Trace:
[  865.315385][   T31]  <TASK>
[  865.318341][   T31]  __schedule+0x16f5/0x4d00
[  865.324035][   T31]  ? schedule+0x165/0x360
[  865.328371][   T31]  ? __pfx___schedule+0x10/0x10
[  865.334887][   T31]  ? schedule+0x91/0x360
[  865.339146][   T31]  schedule+0x165/0x360
[  865.344612][   T31]  schedule_preempt_disabled+0x13/0x30
[  865.350078][   T31]  __mutex_lock+0x724/0xe80
[  865.356162][   T31]  ? __mutex_lock+0x51b/0xe80
[  865.360858][   T31]  ? rtnetlink_rcv_msg+0x71c/0xb70
[  865.373696][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  865.378743][   T31]  rtnetlink_rcv_msg+0x71c/0xb70
[  865.387057][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  865.392192][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  865.398773][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  865.405360][   T31]  ? __copy_skb_header+0xa7/0x550
[  865.410398][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  865.417082][   T31]  netlink_rcv_skb+0x208/0x470
[  865.421861][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  865.428899][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  865.435284][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  865.440496][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  865.447874][   T31]  netlink_unicast+0x75b/0x8d0
[  865.453757][   T31]  netlink_sendmsg+0x805/0xb30
[  865.458528][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.465409][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  865.470361][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  865.477783][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.483202][   T31]  __sock_sendmsg+0x21c/0x270
[  865.487896][   T31]  ____sys_sendmsg+0x505/0x830
[  865.492804][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.498676][   T31]  ? import_iovec+0x74/0xa0
[  865.504906][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  865.509611][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.516049][   T31]  ? __fget_files+0x2a/0x420
[  865.520642][   T31]  ? __fget_files+0x3a0/0x420
[  865.527274][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  865.532220][   T31]  ? schedule+0x165/0x360
[  865.537883][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  865.544986][   T31]  ? do_syscall_64+0xbe/0x3b0
[  865.549677][   T31]  do_syscall_64+0xfa/0x3b0
[  865.555337][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.561413][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  865.569323][   T31]  ? clear_bhb_loop+0x60/0xb0
[  865.575083][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.580986][   T31] RIP: 0033:0x7f1d3398e929
[  865.587255][   T31] RSP: 002b:00007f1d34722038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  865.595984][   T31] RAX: ffffffffffffffda RBX: 00007f1d33bb6240 RCX: 00007f1d3398e929
[  865.604034][   T31] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000009
[  865.612019][   T31] RBP: 00007f1d33a10b39 R08: 0000000000000000 R09: 0000000000000000
[  865.620049][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  865.628285][   T31] R13: 0000000000000000 R14: 00007f1d33bb6240 R15: 00007f1d33cdfa28
[  865.636537][   T31]  </TASK>
[  865.639645][   T31] 
[  865.639645][   T31] Showing all locks held in the system:
[  865.647401][   T31] 1 lock held by khungtaskd/31:
[  865.652390][   T31]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  865.662727][   T31] 5 locks held by kworker/u8:4/69:
[  865.667856][   T31]  #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  865.678855][   T31]  #1: ffffc9000211fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  865.689598][   T31]  #2: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  865.699159][   T31]  #3: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890
[  865.709267][   T31]  #4: ffff888079808d30 (&dev_instance_lock_key#14){+.+.}-{4:4}, at: napi_disable+0x4e/0x80
[  865.719420][   T31] 3 locks held by kworker/1:2/92:
[  865.724742][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  865.735762][   T31]  #1: ffffc9000215fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  865.746919][   T31]  #2: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  865.757612][   T31] 5 locks held by kworker/u8:9/3542:
[  865.765815][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  865.776822][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[  865.789913][   T31]  #2: ffff8880b8725958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  865.800030][   T31]  #3: ffffffff99d286b8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420
[  865.811316][   T31]  #4: ffffffff8dfea648 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30
[  865.822134][   T31] 1 lock held by dhcpcd/5496:
[  865.826907][   T31]  #0: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x323/0x1b50
[  865.836102][   T31] 2 locks held by getty/5595:
[  865.840762][   T31]  #0: ffff88814d5a00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  865.850825][   T31]  #1: ffffc9000362c2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  865.860987][   T31] 3 locks held by kworker/u8:5/10136:
[  865.866435][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  865.878403][   T31]  #1: ffffc9001bb0fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  865.889479][   T31]  #2: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  865.898503][   T31] 3 locks held by kworker/u8:10/10141:
[  865.904468][   T31]  #0: ffff88814c28e148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  865.917004][   T31]  #1: ffffc9001bb1fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  865.930903][   T31]  #2: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  865.940679][   T31] 2 locks held by syz-executor/16368:
[  865.946098][   T31]  #0: ffffffff8eca47c0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  865.955646][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  865.965811][   T31] 1 lock held by syz.2.2490/16429:
[  865.970934][   T31]  #0: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newroute+0x109/0x210
[  865.980412][   T31] 2 locks held by syz.1.2492/16455:
[  865.985660][   T31]  #0: ffffffff8f4f4788 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x5ee/0x790
[  865.995227][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xd0/0x650
[  866.004700][   T31] 1 lock held by syz.1.2492/16457:
[  866.009812][   T31]  #0: ffffffff8f4f4788 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x5ee/0x790
[  866.019209][   T31] 1 lock held by syz.0.2493/16458:
[  866.024580][   T31]  #0: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710
[  866.033828][   T31] 1 lock held by syz.3.2497/16474:
[  866.038950][   T31]  #0: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  866.048769][   T31] 2 locks held by syz-executor/16480:
[  866.055001][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.064816][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.075453][   T31] 2 locks held by syz-executor/16483:
[  866.080847][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.090502][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.101021][   T31] 2 locks held by syz-executor/16486:
[  866.106429][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.116099][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.126604][   T31] 2 locks held by syz-executor/16489:
[  866.131983][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.141413][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.152028][   T31] 2 locks held by syz-executor/16493:
[  866.157488][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.167491][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.178548][   T31] 2 locks held by syz-executor/16498:
[  866.184674][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.194389][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.205369][   T31] 2 locks held by syz-executor/16501:
[  866.210750][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.220225][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.230781][   T31] 2 locks held by syz-executor/16504:
[  866.236392][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.246264][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.256921][   T31] 2 locks held by syz-executor/16508:
[  866.262295][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.271990][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.282543][   T31] 2 locks held by syz-executor/16514:
[  866.287924][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.297591][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.308138][   T31] 2 locks held by syz-executor/16519:
[  866.313563][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.323541][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.334377][   T31] 2 locks held by syz-executor/16522:
[  866.339817][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.349453][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.360207][   T31] 2 locks held by syz-executor/16525:
[  866.366305][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.376409][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.387294][   T31] 2 locks held by syz-executor/16532:
[  866.392716][   T31]  #0: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  866.402142][   T31]  #1: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  866.412907][   T31] 
[  866.415246][   T31] =============================================
[  866.415246][   T31] 
[  866.423752][   T31] NMI backtrace for cpu 0
[  866.423767][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  866.423784][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.423795][   T31] Call Trace:
[  866.423803][   T31]  <TASK>
[  866.423810][   T31]  dump_stack_lvl+0x189/0x250
[  866.423835][   T31]  ? __wake_up_klogd+0xd9/0x110
[  866.423856][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.423879][   T31]  ? __pfx__printk+0x10/0x10
[  866.423923][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  866.423946][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  866.423963][   T31]  ? _printk+0xcf/0x120
[  866.423984][   T31]  ? __pfx__printk+0x10/0x10
[  866.424003][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  866.424034][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  866.424057][   T31]  watchdog+0xfee/0x1030
[  866.424080][   T31]  ? watchdog+0x1de/0x1030
[  866.424106][   T31]  kthread+0x70e/0x8a0
[  866.424127][   T31]  ? __pfx_watchdog+0x10/0x10
[  866.424146][   T31]  ? __pfx_kthread+0x10/0x10
[  866.424165][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  866.424185][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.424206][   T31]  ? __pfx_kthread+0x10/0x10
[  866.424226][   T31]  ret_from_fork+0x3fc/0x770
[  866.424253][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  866.424280][   T31]  ? __switch_to_asm+0x39/0x70
[  866.424297][   T31]  ? __switch_to_asm+0x33/0x70
[  866.424313][   T31]  ? __pfx_kthread+0x10/0x10
[  866.424332][   T31]  ret_from_fork_asm+0x1a/0x30
[  866.424362][   T31]  </TASK>
[  866.424369][   T31] Sending NMI from CPU 0 to CPUs 1:
[  866.581136][    C1] NMI backtrace for cpu 1
[  866.581151][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  866.581170][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.581181][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  866.581208][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 d6 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  866.581223][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  866.581238][    C1] RAX: 73c59c843445e400 RBX: ffffffff81974d58 RCX: 73c59c843445e400
[  866.581251][    C1] RDX: 0000000000000001 RSI: ffffffff8d981f99 RDI: ffffffff8be28bc0
[  866.581263][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  866.581279][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa10af0
[  866.581303][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039dfb40
[  866.581315][    C1] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  866.581328][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  866.581340][    C1] CR2: 00007ffc8b81cf4c CR3: 000000000df38000 CR4: 00000000003526f0
[  866.581355][    C1] Call Trace:
[  866.581362][    C1]  <TASK>
[  866.581368][    C1]  default_idle+0x13/0x20
[  866.581384][    C1]  default_idle_call+0x74/0xb0
[  866.581401][    C1]  do_idle+0x1e8/0x510
[  866.581419][    C1]  ? __pfx_do_idle+0x10/0x10
[  866.581441][    C1]  cpu_startup_entry+0x44/0x60
[  866.581455][    C1]  start_secondary+0x101/0x110
[  866.581475][    C1]  common_startup_64+0x13e/0x147
[  866.581499][    C1]  </TASK>
[  866.582249][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  866.748954][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  866.759022][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.769071][   T31] Call Trace:
[  866.772342][   T31]  <TASK>
[  866.775271][   T31]  dump_stack_lvl+0x99/0x250
[  866.779858][   T31]  ? __asan_memcpy+0x40/0x70
[  866.784446][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.789641][   T31]  ? __pfx__printk+0x10/0x10
[  866.794228][   T31]  panic+0x2db/0x790
[  866.798127][   T31]  ? __pfx_panic+0x10/0x10
[  866.802538][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  866.808355][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  866.813720][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  866.819888][   T31]  watchdog+0x102d/0x1030
[  866.824224][   T31]  ? watchdog+0x1de/0x1030
[  866.828645][   T31]  kthread+0x70e/0x8a0
[  866.832709][   T31]  ? __pfx_watchdog+0x10/0x10
[  866.837381][   T31]  ? __pfx_kthread+0x10/0x10
[  866.841964][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  866.847162][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.852356][   T31]  ? __pfx_kthread+0x10/0x10
[  866.856940][   T31]  ret_from_fork+0x3fc/0x770
[  866.861527][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  866.866640][   T31]  ? __switch_to_asm+0x39/0x70
[  866.871395][   T31]  ? __switch_to_asm+0x33/0x70
[  866.876147][   T31]  ? __pfx_kthread+0x10/0x10
[  866.880731][   T31]  ret_from_fork_asm+0x1a/0x30
[  866.885501][   T31]  </TASK>
[  866.888741][   T31] Kernel Offset: disabled
[  866.893067][   T31] Rebooting in 86400 seconds..