last executing test programs:

6.100379165s ago: executing program 2 (id=2750):
socket$packet(0x11, 0x3, 0x300)
rename(0x0, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)

5.753441793s ago: executing program 2 (id=2751):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
close(0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
getsockopt$netlink(r1, 0x10e, 0xb, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8831, r2, 0x9dfa8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace(0x10, 0x1)
landlock_create_ruleset(&(0x7f0000000080)={0x800, 0x2}, 0x18, 0x1)
socket$kcm(0xa, 0x2, 0x3a)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

5.753061474s ago: executing program 3 (id=2752):
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r0, &(0x7f0000001d40)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x1, @mcast2, 0xf5ff}, 0x1c, 0x0}}, {{&(0x7f0000000240)={0xa, 0x4e23, 0x2, @private1, 0x1}, 0x1c, 0x0}}], 0x2, 0x0)

5.368001418s ago: executing program 3 (id=2754):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x524, 0x25dfdbfd, {0x2, 0x1f, 0x8b, 0xc8, r4}, [@IFA_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3c}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0xffffff1f, 0xffffffff, 0x0, {0x0, 0x6, 0x0, r4, 0xffffe7b7}}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_GETMODE(r6, 0x5601, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r7=>0x0})
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x0, 0x0, r7, 0xeb2}, 0xc)
write(r0, &(0x7f0000000000)="2400000011005f0414f9f40700030400810000000d0000000000000008000f0001000000", 0x24)

4.795756366s ago: executing program 1 (id=2757):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r1 = socket$inet(0x2, 0x3, 0x4)
r2 = socket$kcm(0x11, 0x20000000000000a, 0x300)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x87f}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x40020)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001300)=@newtfilter={0x894, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r6, {0x0, 0xfffc}, {}, {0x4, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x860, 0x2, [@TCA_BPF_POLICE={0x850, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0xe, 0x7, 0x4, 0xc, 0x9, {0xd, 0x2, 0x4, 0x4, 0x5, 0x401}, {0x4, 0x1, 0x5, 0x10, 0xfff7, 0x4b2}, 0x6, 0x14ff, 0x3fe}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x3}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x38, 0x1, 0x1, 0x8, 0x7f, 0x6, 0x40, 0x6, 0x1, 0x86, 0x9, 0x6, 0x5, 0x9, 0x5f, 0x0, 0x0, 0x13f, 0xfffffffe, 0x0, 0xd31, 0xf54, 0x9, 0x4, 0x4, 0x6, 0x9, 0x7fffffff, 0xfffffffd, 0x7fffffff, 0x8, 0x0, 0xfffffffe, 0x5, 0x5dbd0fd8, 0x8, 0x1887, 0x2, 0x95c, 0x7, 0x6, 0xa, 0x7f, 0xfffffffe, 0x8, 0x2, 0x6, 0x4, 0x6, 0x402f, 0xd, 0x5, 0x6f9d, 0x0, 0x800, 0x3ff, 0x8, 0xa, 0x9, 0x4, 0xd, 0x3, 0xb8f, 0x6, 0x0, 0xffffffff, 0x8000, 0xffffffff, 0x8, 0xfffffffc, 0xee, 0x4, 0x9, 0x2, 0x54eef174, 0xc, 0x9, 0x5, 0xe2, 0x20004, 0x1, 0xffff, 0x5, 0x5, 0x7, 0x5, 0x2, 0x4, 0x4, 0x7, 0x100, 0x8, 0x2, 0x9, 0x0, 0x0, 0xe32, 0x6, 0x8, 0x6, 0x66, 0x7, 0x7, 0x8, 0x5b, 0x7625, 0x51, 0x6, 0xfffffffe, 0x0, 0xa4d, 0x2, 0x10001, 0x7, 0x8, 0x3, 0x5, 0x3, 0x6, 0x6, 0xffffffff, 0x3, 0x0, 0x400000, 0x6, 0x8000, 0xf943, 0x4, 0x3000000, 0x3, 0x10000, 0xd, 0xffffffff, 0x9, 0xd3, 0xfffffffb, 0x4, 0x9, 0x401, 0x82baa23, 0xd, 0x0, 0x4, 0x21a, 0xe, 0x1, 0x1430, 0x8, 0x4, 0x7, 0xe, 0x7dab, 0x4, 0x5, 0x4, 0x3, 0xfffffffe, 0x7, 0x6, 0x8ef6, 0x7239, 0x80000001, 0x0, 0xd41, 0x6, 0x2, 0x4, 0x200, 0x8, 0x3, 0xc14, 0x7324, 0x4, 0x50f6, 0x5, 0x4, 0x3, 0x2, 0x7, 0x4, 0x6, 0x5, 0x3, 0x7767, 0x8, 0xe0ba, 0x4f, 0x3, 0x4, 0x7, 0x7fffffff, 0x3, 0x3, 0x5, 0x8, 0x4, 0x80, 0x401, 0x7, 0x1, 0x0, 0x8, 0x7c4, 0x3, 0x6, 0x6, 0xe8, 0x0, 0x6, 0x6, 0x3, 0x8a4, 0x1, 0x9, 0x9, 0x9, 0x200, 0x7, 0xd235, 0x9, 0x7fffffff, 0xf7d, 0x8001, 0x2, 0x7fff, 0x9f7c, 0x7, 0x4, 0xf, 0x1, 0x2, 0x6, 0x400, 0x80000001, 0x7, 0x400, 0x5, 0xc, 0xff, 0xffff7002, 0x9, 0x9, 0x1ff, 0xfff, 0x8, 0x8c, 0x40, 0x8, 0xed6, 0xf6, 0x0, 0x3, 0x9, 0x10, 0x9, 0x6]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x6, 0x8, 0x8000, 0x8, 0x2, 0x9, 0x5, 0xfff, 0x3, 0x101, 0xbf7, 0x8, 0xff, 0x6, 0x113, 0xffff, 0x1, 0x8, 0x7fffffff, 0x6, 0x9, 0x8000033, 0x5, 0x2f7, 0x100, 0x21, 0x4, 0x7, 0xff, 0xa, 0xfffffffe, 0x7, 0x8, 0x1, 0x8, 0xf33c, 0x3, 0x1, 0x80000000, 0x62e, 0x3, 0xdb2, 0x0, 0xe00, 0x4, 0x2, 0x3, 0x2, 0xfffffff6, 0x5, 0x3, 0x7, 0x9, 0x1, 0x7f, 0x4, 0x6, 0x4, 0x3, 0x0, 0x803, 0x1, 0x5, 0x0, 0x8000, 0xfffffffa, 0xb7, 0xc8b6f5a2, 0x6, 0x2f, 0x7ff, 0x9, 0x8, 0x6, 0x0, 0x8, 0x9, 0x0, 0x5, 0x8b34, 0x2, 0x0, 0x4, 0x4, 0xfeffffff, 0x1, 0xa, 0xfffffffb, 0x3, 0xffffffff, 0x0, 0x4, 0xd6, 0x7, 0x4, 0x80003, 0x4, 0x9, 0x8, 0x2de0, 0x5191, 0x6, 0x401, 0x7, 0x9, 0x5, 0x3, 0x6, 0x1, 0xfffffffb, 0x1, 0xfffffffa, 0x4, 0x768, 0x7, 0x7f, 0x6, 0x7, 0x4, 0x8b, 0x4, 0x0, 0x5, 0xf0, 0x42490, 0xd, 0x3, 0x5c, 0x80, 0x2, 0x800, 0x8, 0x6, 0xff, 0xffff0000, 0x3, 0x10000, 0x80000001, 0x5, 0xffffffff, 0x4be24694, 0x2, 0x2, 0x100, 0x5, 0x1, 0x7, 0x4, 0xffffff95, 0x5, 0x2, 0xc, 0x6, 0x1000, 0xa, 0x7, 0x4, 0x340, 0x0, 0x0, 0x7, 0x101, 0x2, 0x7ce2352, 0x7fffffff, 0x5e, 0x8e5b, 0x3, 0x8, 0x8, 0x1, 0x80000000, 0x10000007, 0x301, 0x91, 0x3, 0x80000001, 0x9, 0x1, 0x3e79, 0xffffffff, 0x8, 0x80525, 0x7, 0x6, 0x2470a614, 0xe, 0x8, 0x5, 0x7, 0x0, 0x5, 0x4, 0x1, 0x1, 0xfffffc1f, 0x6, 0x2, 0x1, 0x9, 0x7fff, 0xffffffff, 0x4, 0xffff2b7d, 0x4, 0xcdff, 0x9, 0x0, 0x49, 0x6, 0x0, 0x5, 0x9, 0x7, 0x8, 0x7, 0xea, 0x7, 0x7, 0x2, 0x5, 0xff, 0x6, 0xffff, 0x4cd, 0x7, 0x3, 0x3, 0x10001, 0x0, 0x6, 0x7, 0xffffffff, 0xe000000, 0x3, 0x4, 0x7, 0x8, 0xb, 0x7, 0x0, 0xcb65, 0x6, 0xe, 0x240000, 0x9, 0x8, 0x8, 0xfffffff8, 0x9, 0xf, 0x8, 0x5, 0x9, 0x100]}]}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x10}}]}, 0x894}, 0x1, 0x0, 0x0, 0xc004884}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x28, 0x0, 0x0)
recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010103}, 0x10)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = syz_open_dev$usbmon(0x0, 0x2, 0x800)
ioctl$MON_IOCX_GET(r8, 0x400c9206, &(0x7f00000001c0)={0x0, 0x0})
ptrace(0x10, r7)
ptrace(0x8, r7)
syz_pidfd_open(r7, 0x0)
r9 = syz_io_uring_setup(0xd2, &(0x7f0000000440)={0x0, 0x4000, 0x800, 0x3}, &(0x7f0000000040)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r9, 0x47ba, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}}], 0x1, 0x2000c000)
socket$nl_generic(0x10, 0x3, 0x10)

4.524566053s ago: executing program 3 (id=2760):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe000000008500000057000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
open_tree(r2, &(0x7f0000006180)='./mnt\x00', 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x24000840)
add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc3036bb66682c", 0x7, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000140)={0x4000000})
clock_getres(0xfffffffffffffffd, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000100001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48)

4.087644518s ago: executing program 2 (id=2761):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5543, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000b0000000b00d0e4c3a66cb0162a38"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000060c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x14, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x8}, @TCA_FW_CLASSID={0x8, 0x1, {0x7}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

3.76290919s ago: executing program 1 (id=2764):
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r0, &(0x7f0000001d40)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x1, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000240)={0xa, 0x4e23, 0x2, @private1, 0x1}, 0x1c, 0x0}}], 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000000)={0x0, 'erspan0\x00', {0x2}, 0x6})

3.517202979s ago: executing program 1 (id=2766):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wg2\x00', <r1=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000007c0)={'sit0\x00', &(0x7f0000000740)={'syztnl1\x00', r1, 0x40, 0x40, 0x5, 0x7f, {{0x16, 0x4, 0x1, 0x3e, 0x58, 0x68, 0x0, 0x9, 0x4, 0x0, @loopback, @private=0xa010101, {[@cipso={0x86, 0x21, 0xfffffffffffffffc, [{0x2, 0xa, "ca37ba897a85c109"}, {0x2, 0x11, "23cbf56c4ff461164cb40a8c60ebea"}]}, @cipso={0x86, 0x21, 0xffffffffffffffff, [{0x0, 0xe, "132f8b31197640392ff657f8"}, {0x0, 0xd, "eabddd952aff279a45a806"}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'team0\x00', <r2=>0x0})
sendmsg$inet(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000280)="b4363bcabbc9a87231730ff02a22b5eb2b5604f6a7f40a6b14a8888f882ac9c466b16343e3be6673a11eeaf7b93a0d87ed944b6a644b1e6ecba390acc7d252d251affd3b0c4ecc9fe87854b2d3570f5d4a827f7aa9419bfe59fafc4678e772f6ac728dfb3521d9c205953cb9b59409ccec132aa46d7057954c809eeb354d1c03ea3382b00b97fc98df561b5e8fa19fb8bc80fe943b555e45e0bfe0cfdde0748d9bf10a12b8aeea73424a5d4512ea54f30fae6cde2ba564238de836979abf2861cb1dec59172ad40ddf4aa841cc946dc8100c3e153e8d9fd5313d85870a0896e0079238759be102d3283f6cd897fd40a946b6b53d59e4d4a8d215", 0xfa}, {&(0x7f0000000100)="528d94258c55f2fd03fc9663d4da8527b5b32947e4ac9982e24b14f4a2422ec3c5271c2ab0c84ffa57bb63294e5ab97bcddcfe819bd41b52954d76d62e91c3a16406e7d48f73b2a2e0cd3d7e4931864a3551d6b4c7486b5b557add75ffed9308dd4ba4a284c0a9d9bc3ed24d66892e02abc6c51ba275c599251ad0969b0259730f3642247f4f9111535718c19877f8977fe92fb2a58d9fb7915addcb8e6ed2d11692d05c1761fdd75148fae6596a7e8d745426de11402ebd07120271", 0xbc}, {&(0x7f0000000380)="40a74ef4622526e6c6264b4685", 0xd}, {&(0x7f00000003c0)="6e06ef11b65eb8545048c2880dce133aa18bece703e87084a096ee481a64bbfe65919f0c13d0b5d41780032a4fae8ed62532e11135744cd88c122ff2f5bb68c86e8443a7a23ec3dd9851a1967e33f533b4c0686e264b203a70", 0x59}, {&(0x7f0000000440)="ab813c026f3cb3e80de9235502d4802ab23275475e8882e72e132a1638890dc7114c44aae8f917dc6a220b4eaf08ea6515ed07c6b1ca30050cef91043404c7ab5185ef18b5bdc976faa67b679ee428527ad5f51259cb702d777ee65884ff98bbef8193bc93809623d770e9b4dc30c223bc51443ecbe9513adfafe19aee833142551f414129e174dc52db920b3f7350a1f4e39fe265ff6b00996b0c755096c91898ad4e16a249743b088dc993561ebc98c723b7d5a78b09da45390fc4ec4de0a2", 0xc0}, {&(0x7f0000000500)="a3db4043a867017cacdafedbce07fb3399ded91f3bfe1ee26e8202f44574acf4a1c07925f1bfa253777ef035bd", 0x2d}, {&(0x7f0000000540)="028897e50fc58e98da086d5e81e12675c1c82289787b65615ec70f9b16fe3009460a061cba7b455ebf3605a7a86a1e0b0d449e31c89de45183fb0d32dfdddf9700fc768d3d68bf150851ab9e4e39f0722f7c", 0x52}], 0x7, &(0x7f0000000680)=[@ip_tos_int={{0x10, 0x0, 0x1, 0x8}}, @ip_ttl={{0x10, 0x0, 0x2, 0x10000}}, @ip_tos_int={{0x10, 0x0, 0x1, 0xe}}, @ip_pktinfo={{0x18, 0x0, 0x8, {r1, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x2a}}}}, @ip_pktinfo={{0x18, 0x0, 0x8, {r2, @multicast1, @loopback}}}], 0x60}, 0x8008000)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r5=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x8, '\x00', r5, 0xffffffffffffffff, 0x3, 0x3}, 0x50)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x1bc, 0x1170, 0x1170, 0x0, 0x1170, 0x2a0, 0x1398, 0x1398, 0x2a0, 0x1398, 0x3, 0x0, {[{{@ipv6={@local, @empty, [0xff000000, 0xffffff00, 0x0, 0xffffff00], [0x0, 0xffffff00, 0xff000000, 0xff000000], 'syzkaller1\x00', 'lo\x00', {}, {0xff}, 0x2f, 0x0, 0x3, 0x8}, 0x0, 0x154, 0x1bc, 0x0, {}, [@common=@hbh={{0x48}, {0x3, 0x1, 0x0, [0x1, 0xa6cb, 0x0, 0x3, 0x1, 0x8, 0x9, 0x8, 0x3, 0x15da, 0x4, 0x9, 0x3, 0x7, 0x1, 0x6], 0x10}}, @common=@unspec=@rateest={{0x68}, {'veth0_to_bond\x00', 'sit0\x00', 0x4, 0x3, 0x401, 0x0, 0xf22, 0x7, {0x5}, {0x9}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1f, 0x81, 0x0, 0x100, 'snmp\x00', 'syz1\x00', {0x5}}}}, {{@ipv6={@private2, @local, [0xffffffff, 0x0, 0xffffffff, 0x80000080], [0xffffffff, 0x0, 0xff000000, 0xffffffff], 'batadv0\x00', 'wg1\x00', {0xff}, {}, 0xc, 0x31, 0x2, 0x20}, 0x0, 0xa4, 0xe4}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x7, 0x10, "1bf597664da45b36352433dc0e82ca1162fd4fd8b541919adcb79903047a"}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3c4)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r6, 0x0, 0x0, 0x0, {}, 0x1})
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x40010, 0xffffffffffffffff, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r10, &(0x7f0000000980)=@IORING_OP_POLL_REMOVE={0x7, 0x4, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r11}})
getsockopt(r0, 0x7fffffff, 0x4, &(0x7f0000000840)=""/245, &(0x7f0000000940)=0xf5)
r12 = socket$netlink(0x10, 0x3, 0x400000000000004)
r13 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r13, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4)
r14 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x80010, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r14, 0x10c, &(0x7f0000000800)=0xb6, 0x0, 0x4)
writev(r12, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
setsockopt$XDP_TX_RING(r13, 0x11b, 0x3, &(0x7f0000000040), 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, &(0x7f0000000240)})

3.516852141s ago: executing program 0 (id=2767):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00ffff"], 0x6c}}, 0x840)
r2 = socket$kcm(0x10, 0x2, 0x0)
socket$rds(0x15, 0x5, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
sendmsg$kcm(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)

3.226394672s ago: executing program 4 (id=2768):
sendto$rxrpc(0xffffffffffffffff, &(0x7f0000000040)="6a1297aa9aa00050ecca54e47d3a9bf266a37518d7d450b1878cdf23f50641e7bf2a675a387aa2b9a0bf2ca822a0dff13d79457364deabfc439f8d8f98b34051de413ab12a79077302addfb79aa6e59ebbcf17c34615fccea1d24c4fbbf12c6daf996246fdd5fcc8461f9f79dc235e487747c5f31001ec734a0d03c9f45bb6c804d7a5dbf0be1ad8730bd0fccee0e3cbfc7cca01313962571257ffa967311d2f064be536a9d2a9c9e19c56107532592d075c47edec8df66cc98f85ab00f767efeee6268d9ccd9b55ee8837c477234bf8791da68d76c356e41ca97b42ee99cb13bc4b1d5b63787cd508c6a4e4b3f1e919572d2d9d8f8966e9bacf8a4914f63f5b4a44ce379d471c837becffe80e4752ca502182d95605bbdafdd6fc75910c467bedeb0d3f54705422564ded9c5aa3277f056926cae7e40362e9997ed62b2c7ce48ce1fac07cb10a4cd3f2", 0x14a, 0x1090, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x20, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000"])
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$BTRFS_IOC_SEND(r2, 0x40449426, &(0x7f0000000200)={{r1}, 0x2, &(0x7f00000001c0)=[0x9, 0x455], 0x100, 0x8})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0xeeef0000, 0x0, 0x20003, 0x10020f5f, 0x0, [{}, {}, {}, {0x0, 0x35}, {0x20, 0x0, 0xfe}, {}, {0x0, 0x2}, {0x1, 0x6}, {0x0, 0x1}, {0xf, 0x1, 0x2}, {0x0, 0x0, 0xfe}, {}, {0xfe}, {0x0, 0x0, 0x2}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0x0, 0x0, '\x00', 0x8}, {0x0, 0x0, 0x8, '\x00', 0xfe}, {0x3, 0x0, 0xfa}, {0x0, 0x2}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}, {}, {0xa}]}})
ioctl$KVM_RUN(r2, 0x8004ae98, 0x20e10000)

2.757274606s ago: executing program 4 (id=2769):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000001a80)=0x5, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0x200000000000000, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c)

2.675540846s ago: executing program 3 (id=2770):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1c4, 0x0, 0x5}]})
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
pread64(r3, &(0x7f0000000000)=""/12, 0xc, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)

2.429540851s ago: executing program 4 (id=2771):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000006c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@dstaddrv4={0x10, 0x84, 0x7, @empty}, @sndrcv={0x2c, 0x84, 0x1, {0xc, 0xc000, 0x8004, 0x3, 0x9, 0xec, 0x4, 0xfffffff8}}], 0x3c, 0x44810}], 0x1, 0x20000000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/67, 0x43}], 0x1}, 0x0)

2.36703935s ago: executing program 3 (id=2772):
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff58056ac", 0xffd7, 0x1)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
syz_usb_connect(0x3, 0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004d4d1f20861a2d75cb190102030109024000012a0640f80904c70f0164b6ed6b0a240101802202010205240401ff09050d01000400060f170f57f7bc255286157949147c178e3c6b83e2cedecfc95a77192ad20010994c5ca70724aa5dbddb95b43548f027fa1157f2dbeee96ba21c8d0bfc9627cacfbf5454e2dedc9bb72c56a57c966e890aaedc5f41f7e9622dc68083b47a966eeaa1cdb24a4893aaf1e3326076ace1aedfa8ac110ae986640b5d23b6a5b92eeb238e274d63e4a0b9efedbbbee685687d81d67a3023a516bee2003564335c4a13447f696cd6587ad488b177ea6a201df20e91c0a8f2c127d589615477d9a32f7aacd2457eea76fdfb4f0fafa588d6440383be5ff272ab8b"], 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x51, 0xa, 0xdf7b7a5625e873df, "d9c2955351f9acb1ee54ecc4b00f11f11867b5302c11500e8b8152682b7afe20", 0x48524742})
io_uring_enter(0xffffffffffffffff, 0x64a0, 0xcfb7, 0xc0, &(0x7f00000000c0)={[0x9, 0x4]}, 0x8)

2.244135107s ago: executing program 4 (id=2773):
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
close(r0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r0, 0x5, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "001ea89d9bb7000000fc0080b8785d960001000000000000f8ff0000000000000000000000000000000000000000de000000000000000c00", "2809e8dbe1085d8948224ad54afac11d875397bdb22d0000ca20a1a9245240f45f819e01177d3d458dd4992803000000000000edffffffffffffff00", "90be8b1c551265406c7f306003d8a0f4bd0000000000000800", [0x0, 0x10000]}})
read$FUSE(r0, &(0x7f0000002780)={0x2020}, 0x2020)
ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000000))

2.17382439s ago: executing program 0 (id=2774):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001a80)={0x1, 0x3, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000100)=r3, 0x4)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix={0x0, 0x0, 0x35315258, 0x300, 0x0, 0x0, 0x7, 0x400}})

2.057567453s ago: executing program 1 (id=2775):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002340)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x201, 0xf5ffffff, 0x0, {0x5, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0xe3f6f2f04df8503d}]}], {0x14}}, 0x50}, 0x1, 0x0, 0x0, 0x20004844}, 0x0)

2.012211066s ago: executing program 0 (id=2776):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x65, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffef}, {0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

1.936086324s ago: executing program 1 (id=2777):
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000000)={0x11, @private, 0x0, 0x0, 'lc\x00', 0x600}, 0x2c)

1.765440552s ago: executing program 1 (id=2778):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
listen(r0, 0x5)
syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000000009040000024f6996000905c6d6000000000009050202"], 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000009c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x2, 0x3, 0x4c, 0x66, 0x0, 0x1, 0x6, 0x0, @remote, @remote, {[@timestamp_addr={0x44, 0x24, 0x1a, 0x1, 0x2, [{@rand_addr=0x64010101, 0x800}, {@dev={0xac, 0x14, 0x14, 0x38}, 0xdc}, {@local, 0x40}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}]}]}}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x6071, 0x0, 0x4}}}}}}, 0x0)

1.704142579s ago: executing program 0 (id=2779):
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000000)=0x5b, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x8)
syz_emit_ethernet(0x4a, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x6c36, 0xb8f, 0x24, &(0x7f0000000180)={[0x4]}, 0x8)
syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo\x00')
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x3, &(0x7f0000000040)=[{0x1, 0x0, 0x80, 0x3}, {0x5, 0x81, 0x9, 0x7}, {0xfffd, 0xd, 0xe, 0x1}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c00078008000840006200db0500050002000000050001000600000005000100070000"], 0x58}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_COMMENT={0x9, 0x1a, 'syz1\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xfffffffc, 0x71, 0x10, 0x5b}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x72, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94)
sendto$inet6(r0, 0x0, 0x0, 0x2004c835, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00'}, 0x1c)

1.563343816s ago: executing program 0 (id=2780):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe000000008500000057000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
open_tree(r2, &(0x7f0000006180)='./mnt\x00', 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x24000840)
add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc3036bb66682c", 0x7, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000140)={0x4000000})
clock_getres(0xfffffffffffffffd, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000100001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48)

1.549182675s ago: executing program 2 (id=2781):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0x1, 0x3)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x446000, 0x0)
ppoll(&(0x7f0000000000)=[{r0, 0x2020}, {r0, 0x30fa}], 0x2, 0x0, 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000200)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0)
r2 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, 0x0)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'macvtap0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@bridge_newneigh={0x30, 0x1c, 0x1, 0x70bd28, 0x25dfdbfc, {0x7, 0x0, 0x0, r5, 0x2, 0x26, 0xa}, [@NDA_LLADDR={0xa, 0x2, @multicast}, @NDA_VLAN={0x6, 0x5, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
close(r3)
read$FUSE(r3, &(0x7f000000c400)={0x2020}, 0x2020)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x5)
mmap$dsp(&(0x7f0000137000/0x4000)=nil, 0x4000, 0x100000b, 0x8010, r0, 0x0)
mbind(&(0x7f0000472000/0x4000)=nil, 0x4000, 0x3, 0x0, 0x9, 0x3)
ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
r6 = io_uring_setup(0x1b60, &(0x7f0000000340)={0x0, 0x462b, 0x2, 0x2, 0x26c, 0x0, r4})
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000300)=0x2)
ioctl$PPPIOCSACTIVE(r7, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(r7, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x3)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

1.2094678s ago: executing program 4 (id=2782):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000019c0)=ANY=[@ANYBLOB="1c00000e"], 0x73)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
r4 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r5}]}}}]}, 0x40}, 0x1, 0xba01, 0x0, 0x4000044}, 0x10)

477.631373ms ago: executing program 3 (id=2783):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007"], 0x6c}}, 0x840)
r2 = socket$kcm(0x10, 0x2, 0x0)
socket$rds(0x15, 0x5, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
sendmsg$kcm(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)

410.756791ms ago: executing program 4 (id=2784):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_LINK_CREATE(0x8, 0x0, 0x0)
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[])
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000340)=[0x2a, 0x7])

285.316418ms ago: executing program 2 (id=2785):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x5, &(0x7f0000000100)=[{0x7, 0xa4, 0x0, 0x5}, {0xfffb, 0x3, 0xc, 0x4}, {0x8de3, 0x1, 0x6, 0x5}, {0x1017, 0x2, 0x5, 0x519}, {0x185, 0x9, 0x6, 0x1}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r6, 0x300000b, 0x11, r4, 0x0)
ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="0420216056b52c438a00000000feffff050000000489d4dd70800000dac700000900000000000000000000400800000072470000080000000400000000000000000000000a000000ff030000000000c00500000000000000000000800600dbc0030000000900000024fdd2e699756d843c47e68f1361e6de4e618b44eb2a6eafc31d74f083fdf2c28a596b301420084390d37646207eb35cb9185bcb2766a8ec1a7405c6baf08f5fc6a6818129b166c8780f098d5ccbef8404776db8bf258837e46ad00449def5bb5ccb91135849aed655b5ec25e8221d66db5ebd1a4960a7f54eefef58233d75826fcdd85d86944ab0018b96219f224fe3be3de1f6a9da9b9b1c9a737bcd96a2ed363e436d"])
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'syztnl1\x00', 0x0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000440)='cpuset.memory_pressure\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000200)=0x8, 0x12)
socket$nl_route(0x10, 0x3, 0x0)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r7, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x14, r10, 0x331, 0x0, 0x25dfdbfb, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x9, 0x4, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r13=>0x0})
ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000000000000b000000d503000006000000715f0000020000000000000000000080ffffffff040000000002000009000000000000002488163c3e872dc595a682ec7b84cd3e76041770f7b5c53669fd8c4cc284fe41e78bde9d91180cde95f9ea1baff4e8091df300eb5f8b86bd1aeff778e5d48e490edc09bcd9221ad903a1ecec7a7ba2ea495b5b468aadcee06ebf0dae3d5f0b7b467db6757d11e4667403a825caab90370bc1fd405d76b5ebbf107cf3dfc8c6aa624cb425ce42d9076dfd47ac04eddefed8398c681c27866c3ce294fffa69a87d1702c638cdeccb89b832e10b77645e3825ef9a62b044af69ce4de0b315c68be8e6a09514bd99cbb15d489e379fd5711641cc3a62429fc0300c58024a2a41af8271aca95fbed1c23705b586ab94ce82e9fd0fb0f97d55ac6de0f2e7b376192fea61b2ffe3a41defd041ab1c60ed3f12c3e734c9d2d039c2af341fdfb30c135038b137942e3af9c242af523af577ee2a276697c93777d85a2e31646bf3e3"])
sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r13}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x3c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000004)

71.293163ms ago: executing program 0 (id=2786):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000340)={0x10000000000004, 0x0, 0x8, r2, 0x6})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r2], 0x48)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x20008, r3, 0x0, 0x406}, 0x38)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r5=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000380)={'syztnl1\x00', <r6=>0x0, 0xd6, 0x7800, 0x7, 0x9, {{0x6, 0x4, 0x0, 0x7, 0x18, 0x67, 0x0, 0x45, 0x2f, 0x0, @multicast1, @multicast2, {[@ra={0x94, 0x4, 0x1}]}}}}})
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmmsg(r7, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'team0\x00', <r10=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f0000000440)={'syztnl2\x00', <r11=>0x0, 0x7800, 0x80, 0x3, 0xff, {{0x37, 0x4, 0x3, 0x7, 0xdc, 0x64, 0x0, 0x6, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x37}, @empty, {[@rr={0x7, 0x7, 0x13, [@private=0xa010102]}, @ssrr={0x89, 0x1b, 0xc2, [@rand_addr=0x64010100, @loopback, @remote, @multicast2, @remote, @dev={0xac, 0x14, 0x14, 0x2f}]}, @timestamp_addr={0x44, 0xc, 0x1f, 0x1, 0xf, [{@private=0xa010100, 0x7}]}, @ra={0x94, 0x4}, @cipso={0x86, 0x55, 0x0, [{0x6, 0xf, "2b1e108afab0c2fd001849d8ef"}, {0x5, 0xd, "500597bc9cd665aec7627b"}, {0x6, 0xc, "ed9f907326587f00a01c"}, {0x0, 0x11, "7f7fecea4671c7ece30268ed3636e6"}, {0x7, 0x9, "c87096d82fddef"}, {0x1, 0x3, "a7"}, {0x7, 0xa, "b6618f389fe42780"}]}, @ssrr={0x89, 0x13, 0x1f, [@empty, @loopback, @dev={0xac, 0x14, 0x14, 0x34}, @broadcast]}, @lsrr={0x83, 0x7, 0x75, [@empty]}, @rr={0x7, 0x1b, 0x74, [@rand_addr=0x64010102, @multicast2, @local, @rand_addr=0x64010100, @remote, @loopback]}, @timestamp_prespec={0x44, 0xc, 0x41, 0x3, 0x5, [{@local, 0x5}]}]}}}}})
r12 = socket(0x400000000010, 0x3, 0x0)
r13 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r14, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtfilter={0xffffffffffffffd1, 0x2c, 0xd27, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r14, {0xe, 0xe}, {}, {0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0xfffffffffffffd11, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x0, 0x1, {0x80}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40c0}, 0x2400d8c0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'team0\x00', <r15=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000680)={'syztnl1\x00', &(0x7f00000005c0)={'gretap0\x00', <r16=>0x0, 0x700, 0x8, 0x5, 0x7f, {{0x1c, 0x4, 0x0, 0x1b, 0x70, 0x68, 0x0, 0x6, 0x29, 0x0, @broadcast, @remote, {[@ssrr={0x89, 0x1f, 0x32, [@initdev={0xac, 0x1e, 0x0, 0x0}, @local, @remote, @rand_addr=0x64010101, @rand_addr=0x64010101, @rand_addr=0x64010101, @private=0xa010102]}, @lsrr={0x83, 0xf, 0x76, [@empty, @remote, @private=0xa010101]}, @ssrr={0x89, 0xf, 0xba, [@loopback, @broadcast, @empty]}, @noop, @generic={0x51afaf772123f093, 0x11, "103cdea264be4eeaafb3323c40d21c"}, @timestamp_addr={0x44, 0xc, 0x61, 0x1, 0x0, [{@broadcast, 0x8}]}, @end]}}}}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={r3, 0x58, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r17=>0x0}}, 0x10)
r18 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r19=>0xffffffffffffffff})
getpeername$packet(r19, &(0x7f0000000000)={0x11, 0x0, <r20=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r18, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001300)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000300000100c28000080005000300000008000500", @ANYRES32=r20, @ANYBLOB="689d01267d11dff01aeeca9b288b5201ef44bafa808812d2f0a91e6f8b6df35155ef665909bcbfa708421fd11dcd6d6ee7edaecb9bd35bccab0618e6fde345d9ff690b337fcebe9dd24c63ef28d4d03fd573935db5d7c26b0f8b4aec8bd7c8d88debd58a830b26f36785273209aaca35d671f44a7df12566cbffa852e60d5ed862b69c856b346c71dfd5a3ff65b5465aeca5c57be98ff91b07eb4c733d858e9c9a033aea36ba2d9dafbb52573966077c87fe962a1a04fabdd874c1a3c5a741ccca669ff08045785f090cd1acb4ec20dfbac29b525f4b17e9a3fe5e701cfc6ba5884484be7b172e4b7193283eb4bd807eb889cd37dc62aca95e3d5690bbc66d331de46777cc4fe20276fdd69d3fbbc88100c56f44d6082467ba7162b5a1cfc222df836120e45c8bfa7f5a85330b135d0abdb273fcdd9bd406"], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000840)={r3, 0x58, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r21=>0x0}}, 0x10)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001180)={&(0x7f0000000880)={0x8f8, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [{{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x7f, 0x7, 0x3, 0x5}, {0x3ff, 0x80, 0x2, 0x2}, {0x10, 0x7f, 0x9, 0x1}, {0xd, 0x7f, 0x1, 0x8}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffbff}}}]}}, {{0x8, 0x1, r4}, {0xb0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff7}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xb}}}]}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r9}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3d}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}]}}, {{0x8}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x24}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x5, 0xe5, 0x4, 0x3}]}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}]}}, {{0x8, 0x1, r14}, {0x80, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7bed}}, {0x8}}}]}}, {{0x8, 0x1, r15}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8, 0x6, r16}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r20}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r21}}}]}}]}, 0x8f8}, 0x1, 0x0, 0x0, 0x4000040}, 0x40814)

0s ago: executing program 2 (id=2787):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x3c, 0xa, 0x3, "0506ddff09000affea9c2206ff57b9d2a100000000000000000000613dbda500", 0x34343452})
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r0, @ANYRES16=r0, @ANYRES8], 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_UNREGISTER(r2, 0xc020aa04, &(0x7f0000000040)={&(0x7f0000fff000/0x1000)=nil, 0x1000000000000})
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0x20, 0x3}, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

[  536.303994][T16795]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  536.304020][T16795]  ? __pfx_flow_change+0x10/0x10
[  536.304064][T16795]  tc_new_tfilter+0xdca/0x15b0
[  536.304110][T16795]  ? __pfx_tc_new_tfilter+0x10/0x10
[  536.304161][T16795]  ? __pfx_tc_new_tfilter+0x10/0x10
[  536.304177][T16795]  rtnetlink_rcv_msg+0x7cf/0xb70
[  536.304201][T16795]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  536.304220][T16795]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  536.304238][T16795]  ? ref_tracker_free+0x63a/0x7d0
[  536.304255][T16795]  ? __copy_skb_header+0xa7/0x550
[  536.304281][T16795]  ? __pfx_ref_tracker_free+0x10/0x10
[  536.304299][T16795]  ? __skb_clone+0x63/0x7a0
[  536.304324][T16795]  netlink_rcv_skb+0x208/0x470
[  536.304347][T16795]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  536.304369][T16795]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  536.304403][T16795]  ? netlink_deliver_tap+0x2e/0x1b0
[  536.304424][T16795]  ? netlink_deliver_tap+0x2e/0x1b0
[  536.304452][T16795]  netlink_unicast+0x759/0x8e0
[  536.304483][T16795]  netlink_sendmsg+0x805/0xb30
[  536.304514][T16795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.304538][T16795]  ? __import_iovec+0x5d4/0x7f0
[  536.304557][T16795]  ? aa_sock_msg_perm+0x94/0x160
[  536.304577][T16795]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  536.304595][T16795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.304618][T16795]  __sock_sendmsg+0x21c/0x270
[  536.304641][T16795]  ____sys_sendmsg+0x505/0x830
[  536.304670][T16795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  536.304709][T16795]  ___sys_sendmsg+0x21f/0x2a0
[  536.304734][T16795]  ? __pfx____sys_sendmsg+0x10/0x10
[  536.304795][T16795]  ? __fget_files+0x2a/0x420
[  536.304810][T16795]  ? __fget_files+0x3a0/0x420
[  536.304837][T16795]  __sys_sendmsg+0x164/0x220
[  536.304861][T16795]  ? __pfx___sys_sendmsg+0x10/0x10
[  536.304899][T16795]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  536.304919][T16795]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.304939][T16795]  __do_fast_syscall_32+0xb6/0x2b0
[  536.304959][T16795]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.304981][T16795]  do_fast_syscall_32+0x34/0x80
[  536.305000][T16795]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  536.305019][T16795] RIP: 0023:0xf7f58539
[  536.305035][T16795] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  536.305049][T16795] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  536.305068][T16795] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  536.305080][T16795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  536.305091][T16795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  536.305101][T16795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  536.305112][T16795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  536.305139][T16795]  </TASK>
[  536.518695][ T5932] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  536.521066][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.712328][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.718326][    C1] hrtimer: interrupt took 409929049 ns
[  536.770261][ T5932] usb 2-1: device descriptor read/8, error -71
[  536.818369][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.871172][T16793] fuse: Bad value for 'rootmode'
[  536.952024][T16793] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2282'.
[  536.952069][T16793] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2282'.
[  537.013482][ T5932] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  537.045073][ T5932] usb 2-1: device descriptor read/8, error -71
[  537.053070][T16804] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2286'.
[  537.053093][T16804] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2286'.
[  537.148876][ T5932] usb usb2-port1: unable to enumerate USB device
[  537.363745][T16810] FAULT_INJECTION: forcing a failure.
[  537.363745][T16810] name failslab, interval 1, probability 0, space 0, times 0
[  537.438194][T16810] CPU: 1 UID: 0 PID: 16810 Comm: syz.2.2289 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  537.438219][T16810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  537.438230][T16810] Call Trace:
[  537.438238][T16810]  <TASK>
[  537.438246][T16810]  dump_stack_lvl+0x189/0x250
[  537.438272][T16810]  ? __pfx____ratelimit+0x10/0x10
[  537.438292][T16810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  537.438310][T16810]  ? __pfx__printk+0x10/0x10
[  537.438347][T16810]  should_fail_ex+0x414/0x560
[  537.438375][T16810]  should_failslab+0xa8/0x100
[  537.438398][T16810]  __kmalloc_cache_noprof+0x70/0x3d0
[  537.438419][T16810]  ? sctp_add_bind_addr+0x8c/0x370
[  537.438445][T16810]  sctp_add_bind_addr+0x8c/0x370
[  537.438479][T16810]  sctp_copy_local_addr_list+0x30b/0x4e0
[  537.438504][T16810]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  537.438524][T16810]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  537.438546][T16810]  ? sctp_v6_is_any+0x64/0x80
[  537.438568][T16810]  ? sctp_copy_one_addr+0x93/0x360
[  537.438591][T16810]  sctp_bind_addr_copy+0xb3/0x3c0
[  537.438613][T16810]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  537.438635][T16810]  sctp_connect_new_asoc+0x2e0/0x690
[  537.438660][T16810]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  537.438680][T16810]  ? __local_bh_enable_ip+0x12d/0x1c0
[  537.438708][T16810]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  537.438727][T16810]  ? security_sctp_bind_connect+0x7e/0x2e0
[  537.438753][T16810]  sctp_sendmsg+0x155c/0x2810
[  537.438787][T16810]  ? __pfx_sctp_sendmsg+0x10/0x10
[  537.438814][T16810]  ? aa_sk_perm+0x81e/0x950
[  537.438837][T16810]  ? __pfx_aa_sk_perm+0x10/0x10
[  537.438857][T16810]  ? sock_rps_record_flow+0x19/0x410
[  537.438877][T16810]  ? inet_sendmsg+0x2f4/0x370
[  537.438897][T16810]  __sock_sendmsg+0x19c/0x270
[  537.438919][T16810]  ____sys_sendmsg+0x52d/0x830
[  537.438944][T16810]  ? __pfx_____sys_sendmsg+0x10/0x10
[  537.438982][T16810]  ___sys_sendmsg+0x21f/0x2a0
[  537.439006][T16810]  ? __pfx____sys_sendmsg+0x10/0x10
[  537.439065][T16810]  ? __fget_files+0x2a/0x420
[  537.439080][T16810]  ? __fget_files+0x3a0/0x420
[  537.439107][T16810]  __sys_sendmmsg+0x28e/0x430
[  537.439129][T16810]  ? __pfx___sys_sendmmsg+0x10/0x10
[  537.439156][T16810]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  537.439191][T16810]  ? ksys_write+0x22a/0x250
[  537.439223][T16810]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  537.439250][T16810]  __do_fast_syscall_32+0xb6/0x2b0
[  537.439270][T16810]  ? lockdep_hardirqs_on+0x9c/0x150
[  537.439292][T16810]  do_fast_syscall_32+0x34/0x80
[  537.439311][T16810]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  537.439330][T16810] RIP: 0023:0xf7f34539
[  537.439346][T16810] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  537.439360][T16810] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  537.439379][T16810] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002ec0
[  537.439392][T16810] RDX: 0000000000000001 RSI: 0000000004010040 RDI: 0000000000000000
[  537.439403][T16810] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  537.439413][T16810] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  537.439424][T16810] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  537.439461][T16810]  </TASK>
[  537.767749][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.182474][T16818] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2291'.
[  538.215498][T16818] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2291'.
[  538.548514][ T5934] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  538.668780][T16822] netlink: 'syz.4.2293': attribute type 5 has an invalid length.
[  538.708604][ T5934] usb 4-1: Using ep0 maxpacket: 8
[  538.718764][ T5934] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  538.736752][ T5934] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  538.745025][ T5934] usb 4-1: Product: syz
[  538.749244][ T5934] usb 4-1: Manufacturer: syz
[  538.753851][ T5934] usb 4-1: SerialNumber: syz
[  538.760927][ T5934] usb 4-1: config 0 descriptor??
[  538.768277][ T5934] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  539.063539][T16832] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2296'.
[  539.363051][T16836] team0: left allmulticast mode
[  539.368238][T16836] bridge0: port 1(team0) entered disabled state
[  539.471697][T16836] .: (slave netdevsim0): Releasing backup interface
[  539.543976][T16836] bond1: (slave bridge16): Releasing active interface
[  539.763674][ T5932] usb 1-1: new full-speed USB device number 58 using dummy_hcd
[  539.800962][ T5934] gspca_zc3xx: reg_w_i err -71
[  539.814803][ T5934] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  539.846594][ T5934] usb 4-1: USB disconnect, device number 50
[  539.930448][ T5932] usb 1-1: config 0 has an invalid interface number: 65 but max is 0
[  539.981817][ T5932] usb 1-1: config 0 has no interface number 0
[  540.000575][ T5932] usb 1-1: config 0 interface 65 has no altsetting 0
[  540.014120][ T5932] usb 1-1: New USB device found, idVendor=057b, idProduct=0000, bcdDevice= 1.31
[  540.025778][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.041878][ T5932] usb 1-1: config 0 descriptor??
[  540.202032][T16847] "syz.2.2301" (16847) uses obsolete ecb(arc4) skcipher
[  540.250222][   T30] audit: type=1326 audit(1753238514.398:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.264706][T16841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  540.289873][T16841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  540.304739][T16855] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2303'.
[  540.334660][ T5932] usb 1-1: string descriptor 0 read error: -71
[  540.346380][T16855] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2303'.
[  540.365793][   T30] audit: type=1326 audit(1753238514.398:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.365842][ T5932] usb-storage 1-1:0.65: USB Mass Storage device detected
[  540.391254][T16855] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2303'.
[  540.442916][   T30] audit: type=1326 audit(1753238514.398:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.444276][ T5932] usb-storage 1-1:0.65: Quirks match for vid 057b pid 0000: 1
[  540.465421][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.467950][   T30] audit: type=1326 audit(1753238514.398:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.501626][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.507966][   T30] audit: type=1326 audit(1753238514.398:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=228 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.532202][   T30] audit: type=1326 audit(1753238514.398:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.554454][   T30] audit: type=1326 audit(1753238514.398:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.578808][   T30] audit: type=1326 audit(1753238514.398:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.600983][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.628223][   T30] audit: type=1326 audit(1753238514.398:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.650350][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.708906][ T5932] usb 1-1: USB disconnect, device number 58
[  540.775577][   T30] audit: type=1326 audit(1753238514.398:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16840 comm="syz.0.2299" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f58539 code=0x7ffc0000
[  540.798031][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.006783][T16869] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2307'.
[  541.019116][T16869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2307'.
[  541.579667][T16877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2311'.
[  542.046726][T16885] netlink: 'syz.1.2312': attribute type 8 has an invalid length.
[  542.500612][T16896] netlink: 'syz.4.2316': attribute type 10 has an invalid length.
[  542.514833][T16896] bridge0: port 1(team0) entered blocking state
[  542.597942][T16896] bridge0: port 1(team0) entered disabled state
[  542.630433][T16896] team0: entered allmulticast mode
[  543.680908][ T5852] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[  543.840776][T16923] netlink: 'syz.3.2325': attribute type 8 has an invalid length.
[  543.860701][ T5852] usb 2-1: device descriptor read/64, error -71
[  544.109893][T16931] bridge_slave_0: left allmulticast mode
[  544.120699][T16931] bridge_slave_0: left promiscuous mode
[  544.126646][T16931] bridge0: port 1(bridge_slave_0) entered disabled state
[  544.201358][T16931] bridge_slave_1: left allmulticast mode
[  544.207153][T16931] bridge_slave_1: left promiscuous mode
[  544.213058][ T5852] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  544.246310][T16931] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.277485][T16931] team0: Port device team_slave_0 removed
[  544.334913][T16931] team0: Port device team_slave_1 removed
[  544.345494][T16931] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  544.353468][T16935] ptrace attach of "./syz-executor exec"[10017] was attempted by "./syz-executor exec"[16935]
[  544.371719][T16931] batman_adv: batadv0: Removing interface: batadv_slave_0
[  544.396502][T16931] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  544.407314][T16931] batman_adv: batadv0: Removing interface: batadv_slave_1
[  544.418486][ T5852] usb 2-1: device descriptor read/64, error -71
[  544.551342][ T5852] usb usb2-port1: attempt power cycle
[  544.595803][T16939] netlink: 'syz.0.2324': attribute type 21 has an invalid length.
[  544.604610][T16939] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2324'.
[  544.641160][T16939] netlink: 'syz.0.2324': attribute type 4 has an invalid length.
[  544.655721][T16939] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2324'.
[  544.920704][ T5852] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  544.990211][T16944] netlink: 'syz.3.2329': attribute type 13 has an invalid length.
[  545.069712][ T5852] usb 2-1: device descriptor read/8, error -71
[  545.323907][T16944] 8021q: adding VLAN 0 to HW filter on device bond0
[  545.334080][ T5852] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[  545.363830][T16944] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  545.539306][ T5852] usb 2-1: device descriptor read/8, error -71
[  545.659996][ T5852] usb usb2-port1: unable to enumerate USB device
[  546.930697][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  546.930734][   T30] audit: type=1326 audit(1753238521.078:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  546.972106][   T30] audit: type=1326 audit(1753238521.078:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  546.996858][   T30] audit: type=1326 audit(1753238521.108:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.046683][   T30] audit: type=1326 audit(1753238521.108:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.069552][   T30] audit: type=1326 audit(1753238521.108:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.095159][   T30] audit: type=1326 audit(1753238521.108:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.117301][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.140198][T16960] IPVS: set_ctl: invalid protocol: 255 172.20.20.49:20004
[  547.204905][   T30] audit: type=1326 audit(1753238521.108:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.208817][T16965] netlink: 'syz.1.2337': attribute type 10 has an invalid length.
[  547.228684][   T30] audit: type=1326 audit(1753238521.108:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.274137][   T30] audit: type=1326 audit(1753238521.108:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.307527][   T30] audit: type=1326 audit(1753238521.108:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16957 comm="syz.1.2334" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f82539 code=0x7ffc0000
[  547.396321][T16968] netlink: 'syz.0.2338': attribute type 8 has an invalid length.
[  548.017084][T16986] netlink: 'syz.1.2343': attribute type 8 has an invalid length.
[  548.050583][ T5932] usb 4-1: new full-speed USB device number 51 using dummy_hcd
[  548.209271][ T5932] usb 4-1: device descriptor read/64, error -71
[  548.338233][T16995] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2346'.
[  548.472462][ T5932] usb 4-1: new full-speed USB device number 52 using dummy_hcd
[  548.618959][ T5932] usb 4-1: device descriptor read/64, error -71
[  548.660726][ T5934] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0
[  548.669451][ T5934] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0
[  548.677239][ T5934] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0
[  548.700599][ T5934] hid-generic 0003:0004:0000.001A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  548.739648][ T5932] usb usb4-port1: attempt power cycle
[  548.776764][T17005] netlink: 'syz.0.2350': attribute type 8 has an invalid length.
[  548.842467][T17004] fido_id[17004]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  549.048842][ T5934] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  549.098475][ T5932] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[  549.157219][ T5932] usb 4-1: device descriptor read/8, error -71
[  549.326252][ T5934] usb 3-1: Using ep0 maxpacket: 32
[  549.462494][T17021] netlink: 'syz.4.2352': attribute type 13 has an invalid length.
[  549.473851][T17023] trusted_key: encrypted_key: insufficient parameters specified
[  549.523605][ T5934] usb 3-1: config 0 interface 0 has no altsetting 0
[  549.537455][ T5934] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e
[  549.550359][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.757624][ T5932] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[  549.817587][ T5932] usb 4-1: device descriptor read/8, error -71
[  549.826836][ T5934] usb 3-1: config 0 descriptor??
[  549.901516][ T5934] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state
[  550.153983][ T5932] usb usb4-port1: unable to enumerate USB device
[  550.259714][ T5934] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  550.290045][T17021] 8021q: adding VLAN 0 to HW filter on device .
[  550.321757][T17021] 8021q: adding VLAN 0 to HW filter on device team0
[  550.329309][ T5934] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+)
[  550.400616][T17021] tipc: Resetting bearer <eth:team0>
[  550.424912][ T5934] usb 3-1: media controller created
[  550.444140][ T5934] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  550.527339][ T5934] set interface failed
[  550.527779][ T5934] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  550.545518][T17021] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  550.592748][ T5934] error writing reg: 0xff, val: 0x00
[  550.710536][ T5934] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22
[  550.753092][ T5934] usb 3-1: USB disconnect, device number 65
[  550.787618][T17034] loop6: detected capacity change from 0 to 63
[  550.817277][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  550.869169][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  550.900798][T17034] Buffer I/O error on dev loop6, logical block 1, async page read
[  550.911714][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  550.920207][T17034] Buffer I/O error on dev loop6, logical block 1, async page read
[  550.930724][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  550.953511][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  551.421450][T17055] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  551.441588][T17054] netlink: 'syz.2.2362': attribute type 8 has an invalid length.
[  551.461458][T17048] syzkaller0: entered promiscuous mode
[  551.468749][T17048] syzkaller0: entered allmulticast mode
[  551.624657][T17052] tipc: Resetting bearer <eth:syzkaller0>
[  551.650560][T17047] tipc: Resetting bearer <eth:syzkaller0>
[  551.697048][T17047] tipc: Disabling bearer <eth:syzkaller0>
[  551.908259][T17069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2367'.
[  551.994527][T17064] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2365'.
[  552.005196][T17069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2367'.
[  552.046166][T17064] usb usb8: usbfs: process 17064 (syz.2.2365) did not claim interface 0 before use
[  552.114538][T17076] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2368'.
[  552.164939][T17076] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2368'.
[  552.388517][ T5917] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  552.560172][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.578781][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.589038][ T5917] usb 2-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00
[  552.598190][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.608447][ T5917] usb 2-1: config 0 descriptor??
[  552.650586][T17081] loop6: detected capacity change from 0 to 63
[  552.665103][T17081] Buffer I/O error on dev loop6, logical block 0, async page read
[  552.673880][T17081] Buffer I/O error on dev loop6, logical block 1, async page read
[  552.694597][T17081] Buffer I/O error on dev loop6, logical block 2, async page read
[  552.831284][T17078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.856501][T17078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.893414][T17078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.910951][T17078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.941899][T17083] tipc: Cannot configure node identity twice
[  553.067702][ T5917] usbhid 2-1:0.0: can't add hid device: -71
[  553.100256][ T5917] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  553.152157][ T5917] usb 2-1: USB disconnect, device number 62
[  553.271161][T17097] netlink: 'syz.3.2376': attribute type 8 has an invalid length.
[  553.778577][T17114] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2380'.
[  553.790028][T17116] loop6: detected capacity change from 0 to 63
[  553.955068][T17121] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2383'.
[  554.004389][T17121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2383'.
[  554.798977][ T5845] Bluetooth: hci2: command 0x0406 tx timeout
[  555.275662][T17146] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2401'.
[  555.291619][T17146] tc_dump_action: action bad kind
[  555.371118][T17146] No such timeout policy "syz0"
[  555.382138][T17150] netlink: 'syz.3.2392': attribute type 10 has an invalid length.
[  555.409098][T17151] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2401'.
[  555.489233][ T5904] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  555.648551][ T5904] usb 3-1: Using ep0 maxpacket: 32
[  555.655893][ T5904] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  555.680923][ T5904] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  555.698186][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  555.717741][ T5904] usb 3-1: Product: syz
[  555.727908][ T5904] usb 3-1: Manufacturer: syz
[  555.733190][ T5904] usb 3-1: SerialNumber: syz
[  555.751469][ T5904] usb 3-1: config 0 descriptor??
[  555.766083][T17144] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  555.978714][ T5917] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  556.023258][T17160] loop6: detected capacity change from 0 to 63
[  556.039333][T17160] buffer_io_error: 38 callbacks suppressed
[  556.039350][T17160] Buffer I/O error on dev loop6, logical block 0, async page read
[  556.058744][T17160] Buffer I/O error on dev loop6, logical block 1, async page read
[  556.070793][T17160] Buffer I/O error on dev loop6, logical block 2, async page read
[  556.080526][T17160] Buffer I/O error on dev loop6, logical block 3, async page read
[  556.090572][T17160] Buffer I/O error on dev loop6, logical block 0, async page read
[  556.100482][T17160] Buffer I/O error on dev loop6, logical block 1, async page read
[  556.112082][T17160] Buffer I/O error on dev loop6, logical block 2, async page read
[  556.120721][T17160] Buffer I/O error on dev loop6, logical block 3, async page read
[  556.129332][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  556.137481][ T5897] Buffer I/O error on dev loop6, logical block 1, async page read
[  556.156432][ T5904] usb 3-1: USB disconnect, device number 66
[  556.186061][ T5917] usb 1-1: config 0 has no interfaces?
[  556.221962][ T5917] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  556.246594][ T5917] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  556.257629][ T5917] usb 1-1: Manufacturer: syz
[  556.280637][ T5917] usb 1-1: config 0 descriptor??
[  556.343591][    T9] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0
[  556.376166][    T9] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0
[  556.405311][T17168] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  556.413761][    T9] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0
[  556.427150][T17168] syzkaller0: entered promiscuous mode
[  556.433412][T17170] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2398'.
[  556.445869][T17168] syzkaller0: entered allmulticast mode
[  556.459494][    T9] hid-generic 0003:0004:0000.001B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  556.515974][T17168] tipc: Resetting bearer <eth:syzkaller0>
[  556.522379][T17154] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2393'.
[  556.548710][T17167] tipc: Resetting bearer <eth:syzkaller0>
[  556.610360][T17171] fido_id[17171]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  556.641117][T17167] tipc: Disabling bearer <eth:syzkaller0>
[  556.793632][T17172] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  556.800353][T17172] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  556.806661][T17172] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  556.821685][T17172] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  556.842468][T17172] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  556.874795][T17172] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  556.935613][T17172] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  556.963613][T17172] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  557.053057][T17172] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  557.122690][  T889] usb 1-1: USB disconnect, device number 59
[  558.588606][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  558.588626][   T30] audit: type=1800 audit(1753238532.588:621): pid=17208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2408" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  558.811694][T15008] Bluetooth: hci3: command 0x0c1a tx timeout
[  558.885372][T15008] Bluetooth: hci2: command 0x0406 tx timeout
[  558.896232][T15008] Bluetooth: hci1: command 0x206a tx timeout
[  558.902831][T15008] Bluetooth: hci4: command 0x0c1a tx timeout
[  558.969525][T17214] Bluetooth: hci0: command 0x0c1a tx timeout
[  558.996580][T17215] ptrace attach of "./syz-executor exec"[15009] was attempted by "./syz-executor exec"[17215]
[  559.027032][T17196] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2406'.
[  559.103557][T17197] usb usb8: usbfs: process 17197 (syz.3.2406) did not claim interface 0 before use
[  559.251612][T17217] xt_CT: You must specify a L4 protocol and not use inversions on it
[  559.501137][  T889] hid-generic 0003:0004:0000.001C: unknown main item tag 0x0
[  559.512209][  T889] hid-generic 0003:0004:0000.001C: unknown main item tag 0x0
[  559.535390][  T889] hid-generic 0003:0004:0000.001C: unknown main item tag 0x0
[  559.563650][  T889] hid-generic 0003:0004:0000.001C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  559.593652][T17224] ptrace attach of "./syz-executor exec"[5864] was attempted by "./syz-executor exec"[17224]
[  559.611692][T17224] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2409'.
[  559.948552][T17223] fido_id[17223]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  560.233786][T17240] netlink: 'syz.0.2417': attribute type 8 has an invalid length.
[  560.578575][ T5917] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  560.757134][ T5917] usb 4-1: Using ep0 maxpacket: 16
[  560.827694][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.859096][ T5917] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  560.959599][T17214] Bluetooth: hci1: command 0x206a tx timeout
[  560.965848][ T5855] Bluetooth: hci2: command 0x0406 tx timeout
[  561.041280][ T5855] Bluetooth: hci0: command 0x0c1a tx timeout
[  561.041331][ T5917] usb 4-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[  561.101942][T17258] loop6: detected capacity change from 0 to 63
[  561.114248][ T5946] buffer_io_error: 18 callbacks suppressed
[  561.114261][ T5946] Buffer I/O error on dev loop6, logical block 0, async page read
[  561.141543][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.142032][T17258] Buffer I/O error on dev loop6, logical block 1, async page read
[  561.171773][ T5946] Buffer I/O error on dev loop6, logical block 0, async page read
[  561.190410][T17258] Buffer I/O error on dev loop6, logical block 1, async page read
[  561.211841][ T5946] Buffer I/O error on dev loop6, logical block 0, async page read
[  561.249666][ T5917] usb 4-1: config 0 descriptor??
[  561.281356][ T5946] Buffer I/O error on dev loop6, logical block 0, async page read
[  561.398843][ T5946] Buffer I/O error on dev loop6, logical block 0, async page read
[  561.761659][ T5852] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0
[  561.770373][ T5852] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0
[  561.778005][ T5852] hid-generic 0003:0004:0000.001D: unknown main item tag 0x0
[  561.803767][ T5852] hid-generic 0003:0004:0000.001D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  561.878081][T17269] fido_id[17269]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  562.305392][ T5917] nintendo 0003:057E:2019.001E: unknown main item tag 0x2
[  562.312892][ T5917] nintendo 0003:057E:2019.001E: item fetching failed at offset 3/5
[  562.330145][ T5917] nintendo 0003:057E:2019.001E: HID parse failed
[  562.339063][ T5917] nintendo 0003:057E:2019.001E: probe - fail = -22
[  562.347433][ T5917] nintendo 0003:057E:2019.001E: probe with driver nintendo failed with error -22
[  562.392755][ T5917] usb 4-1: USB disconnect, device number 55
[  562.942136][T17281] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  562.949831][T17281] syzkaller0: entered promiscuous mode
[  562.955907][T17281] syzkaller0: entered allmulticast mode
[  562.979052][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  562.985363][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  563.008156][T17281] tipc: Resetting bearer <eth:syzkaller0>
[  563.028760][T17280] tipc: Resetting bearer <eth:syzkaller0>
[  563.069861][T17280] tipc: Disabling bearer <eth:syzkaller0>
[  563.127007][ T5855] Bluetooth: hci0: command 0x0c1a tx timeout
[  563.355354][T17286] netlink: 'syz.0.2430': attribute type 8 has an invalid length.
[  563.407837][T17290] gretap0: entered promiscuous mode
[  563.418056][T17289] gretap0: left promiscuous mode
[  563.727500][T17294] Cannot find add_set index 0 as target
[  564.272393][    T9] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  564.458588][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  564.480962][ T5932] IPVS: starting estimator thread 0...
[  564.486662][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  564.550940][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  564.646571][T17316] IPVS: using max 32 ests per chain, 76800 per kthread
[  564.684209][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  564.730166][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  564.740956][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.806914][    T9] usb 2-1: config 0 descriptor??
[  564.914685][T17329] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  564.922992][T17329] syzkaller0: entered promiscuous mode
[  564.928978][T17329] syzkaller0: entered allmulticast mode
[  564.982876][T17328] tipc: Resetting bearer <eth:syzkaller0>
[  565.121024][    T9] plantronics 0003:047F:FFFF.001F: ignoring exceeding usage max
[  565.130404][T17328] tipc: Disabling bearer <eth:syzkaller0>
[  565.160098][    T9] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  565.195387][ T5217] Dev loop7: unable to read RDB block 6
[  565.201298][ T5217]  loop7: unable to read partition table
[  565.236774][ T5217] loop7: partition table beyond EOD, truncated
[  565.558741][T17346] netlink: 'syz.0.2448': attribute type 10 has an invalid length.
[  565.708495][  T889] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  565.799673][T17350] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2449'.
[  565.810028][T17350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2449'.
[  565.860677][  T889] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  565.883332][  T889] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  565.911849][  T889] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  565.935327][  T889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.958549][T17343] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  566.020284][  T889] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  566.168643][T17343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.204631][T17344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.301435][T17343] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.409638][T17344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.488661][    T9] usb 2-1: reset high-speed USB device number 63 using dummy_hcd
[  566.488707][  T889] usb 3-1: USB disconnect, device number 67
[  566.713651][T17359] sctp: [Deprecated]: syz.0.2451 (pid 17359) Use of struct sctp_assoc_value in delayed_ack socket option.
[  566.713651][T17359] Use struct sctp_sack_info instead
[  566.925659][T17373] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2454'.
[  566.935190][T17373] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2454'.
[  567.008094][T17375] loop6: detected capacity change from 0 to 63
[  567.201947][T17377] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  567.219733][T17377] syzkaller0: entered promiscuous mode
[  567.225343][T17377] syzkaller0: entered allmulticast mode
[  567.247767][T17376] tipc: Resetting bearer <eth:syzkaller0>
[  567.276768][T17376] tipc: Disabling bearer <eth:syzkaller0>
[  567.295679][ T5932] usb 2-1: USB disconnect, device number 63
[  567.585821][T17384] netlink: 'syz.0.2461': attribute type 8 has an invalid length.
[  567.818820][ T5852] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  568.021336][ T5852] usb 4-1: unable to get BOS descriptor or descriptor too short
[  568.089767][ T5852] usb 4-1: unable to read config index 0 descriptor/start: -71
[  568.163514][ T5852] usb 4-1: can't read configurations, error -71
[  568.379620][T17398] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2464'.
[  568.395985][T17398] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2464'.
[  568.812175][T17401] tipc: Can't bind to reserved service type 2
[  568.854727][T17401] netlink: 'syz.3.2465': attribute type 1 has an invalid length.
[  568.954575][T17406] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2466'.
[  569.021946][T17409] loop6: detected capacity change from 0 to 63
[  569.075391][T17412] Buffer I/O error on dev loop6, logical block 0, async page read
[  569.084482][T17412] Buffer I/O error on dev loop6, logical block 1, async page read
[  569.106683][T17412] Buffer I/O error on dev loop6, logical block 2, async page read
[  569.124883][T17412] Buffer I/O error on dev loop6, logical block 3, async page read
[  569.145039][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  569.155763][ T5897] Buffer I/O error on dev loop6, logical block 1, async page read
[  569.585780][ T5897] Buffer I/O error on dev loop6, logical block 2, async page read
[  569.604954][T17414] netlink: 'syz.3.2469': attribute type 1 has an invalid length.
[  569.636343][ T5897] Buffer I/O error on dev loop6, logical block 3, async page read
[  569.645936][T17412] Buffer I/O error on dev loop6, logical block 0, async page read
[  569.657171][T17412] Buffer I/O error on dev loop6, logical block 1, async page read
[  569.895239][T17417] fuse: Unknown parameter 'r'
[  570.103781][T17420] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  570.112141][T17420] syzkaller0: entered promiscuous mode
[  570.125923][T17420] syzkaller0: entered allmulticast mode
[  570.132751][T17422] loop6: detected capacity change from 0 to 63
[  570.202919][T17419] tipc: Resetting bearer <eth:syzkaller0>
[  570.292037][T17419] tipc: Disabling bearer <eth:syzkaller0>
[  570.809641][T17438] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2477'.
[  570.910545][T17438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2477'.
[  571.761476][T17439] delete_channel: no stack
[  571.849243][T17451] loop6: detected capacity change from 0 to 63
[  572.179848][T17458] FAULT_INJECTION: forcing a failure.
[  572.179848][T17458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.283954][T17458] CPU: 0 UID: 0 PID: 17458 Comm: syz.3.2484 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  572.283980][T17458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  572.283991][T17458] Call Trace:
[  572.284001][T17458]  <TASK>
[  572.284010][T17458]  dump_stack_lvl+0x189/0x250
[  572.284034][T17458]  ? __pfx____ratelimit+0x10/0x10
[  572.284053][T17458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  572.284072][T17458]  ? __pfx__printk+0x10/0x10
[  572.284093][T17458]  ? __might_fault+0xb0/0x130
[  572.284125][T17458]  should_fail_ex+0x414/0x560
[  572.284148][T17458]  _copy_from_user+0x2d/0xb0
[  572.284171][T17458]  xsk_setsockopt+0x2e8/0x710
[  572.284191][T17458]  ? __pfx_xsk_setsockopt+0x10/0x10
[  572.284208][T17458]  ? __pfx_aa_sk_perm+0x10/0x10
[  572.284227][T17458]  ? aa_sock_opt_perm+0x74/0x110
[  572.284247][T17458]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  572.284264][T17458]  ? __pfx_xsk_setsockopt+0x10/0x10
[  572.284282][T17458]  do_sock_setsockopt+0x179/0x1b0
[  572.284309][T17458]  __ia32_sys_setsockopt+0x13f/0x1b0
[  572.284336][T17458]  __do_fast_syscall_32+0xb6/0x2b0
[  572.284356][T17458]  ? lockdep_hardirqs_on+0x9c/0x150
[  572.284378][T17458]  do_fast_syscall_32+0x34/0x80
[  572.284396][T17458]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  572.284415][T17458] RIP: 0023:0xf7f48539
[  572.284431][T17458] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  572.284445][T17458] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  572.284463][T17458] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b
[  572.284476][T17458] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004
[  572.284486][T17458] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  572.284496][T17458] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  572.284506][T17458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  572.284532][T17458]  </TASK>
[  572.487606][    C0] vkms_vblank_simulate: vblank timer overrun
[  572.819021][T17463] warn_alloc: 2 callbacks suppressed
[  572.819039][T17463] syz.4.2485: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  572.879320][T17463] CPU: 0 UID: 0 PID: 17463 Comm: syz.4.2485 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  572.879344][T17463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  572.879355][T17463] Call Trace:
[  572.879363][T17463]  <TASK>
[  572.879371][T17463]  dump_stack_lvl+0x189/0x250
[  572.879401][T17463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  572.879421][T17463]  ? __pfx__printk+0x10/0x10
[  572.879442][T17463]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  572.879464][T17463]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  572.879487][T17463]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  572.879512][T17463]  warn_alloc+0x214/0x310
[  572.879530][T17463]  ? stack_depot_save_flags+0x40/0x900
[  572.879554][T17463]  ? __pfx_warn_alloc+0x10/0x10
[  572.879573][T17463]  ? kasan_save_track+0x4f/0x80
[  572.879596][T17463]  ? xskq_create+0x56/0x170
[  572.879612][T17463]  ? xsk_init_queue+0xb0/0x110
[  572.879627][T17463]  ? xsk_setsockopt+0x43f/0x710
[  572.879642][T17463]  ? do_sock_setsockopt+0x179/0x1b0
[  572.879665][T17463]  ? __ia32_sys_setsockopt+0x13f/0x1b0
[  572.879688][T17463]  ? __do_fast_syscall_32+0xb6/0x2b0
[  572.879707][T17463]  ? do_fast_syscall_32+0x34/0x80
[  572.879734][T17463]  __vmalloc_node_range_noprof+0x125/0x12f0
[  572.879789][T17463]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  572.879815][T17463]  ? xskq_create+0x56/0x170
[  572.879835][T17463]  ? __kasan_kmalloc+0x93/0xb0
[  572.879876][T17463]  vmalloc_user_noprof+0xad/0xf0
[  572.879901][T17463]  ? xskq_create+0xbf/0x170
[  572.879921][T17463]  xskq_create+0xbf/0x170
[  572.879943][T17463]  xsk_init_queue+0xb0/0x110
[  572.879964][T17463]  xsk_setsockopt+0x43f/0x710
[  572.879985][T17463]  ? __pfx_xsk_setsockopt+0x10/0x10
[  572.880003][T17463]  ? __pfx_aa_sk_perm+0x10/0x10
[  572.880025][T17463]  ? aa_sock_opt_perm+0x74/0x110
[  572.880046][T17463]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  572.880063][T17463]  ? __pfx_xsk_setsockopt+0x10/0x10
[  572.880082][T17463]  do_sock_setsockopt+0x179/0x1b0
[  572.880110][T17463]  __ia32_sys_setsockopt+0x13f/0x1b0
[  572.880140][T17463]  __do_fast_syscall_32+0xb6/0x2b0
[  572.880161][T17463]  ? lockdep_hardirqs_on+0x9c/0x150
[  572.880184][T17463]  do_fast_syscall_32+0x34/0x80
[  572.880205][T17463]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  572.880225][T17463] RIP: 0023:0xf7f65539
[  572.880242][T17463] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  572.880256][T17463] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  572.880276][T17463] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b
[  572.880288][T17463] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004
[  572.880299][T17463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  572.880310][T17463] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  572.880321][T17463] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  572.880349][T17463]  </TASK>
[  572.880358][T17463] Mem-Info:
[  573.191718][T17463] active_anon:5874 inactive_anon:0 isolated_anon:0
[  573.191718][T17463]  active_file:12744 inactive_file:40118 isolated_file:0
[  573.191718][T17463]  unevictable:775 dirty:10 writeback:0
[  573.191718][T17463]  slab_reclaimable:9441 slab_unreclaimable:137116
[  573.191718][T17463]  mapped:30704 shmem:1367 pagetables:1337
[  573.191718][T17463]  sec_pagetables:0 bounce:0
[  573.191718][T17463]  kernel_misc_reclaimable:0
[  573.191718][T17463]  free:1273187 free_pcp:16402 free_cma:0
[  573.237078][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.250103][T17463] Node 0 active_anon:23496kB inactive_anon:0kB active_file:50900kB inactive_file:160272kB unevictable:1560kB isolated(anon):0kB isolated(file):0kB mapped:122760kB dirty:40kB writeback:0kB shmem:3928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12712kB pagetables:5204kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  573.283418][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.290269][T17463] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:200kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  573.321906][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.378621][T17463] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  573.407710][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.419157][ T5852] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  573.451137][T17463] lowmem_reserve[]: 0 2498 2500 2500 2500
[  573.457264][T17463] Node 0 DMA32 free:1185744kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23352kB inactive_anon:0kB active_file:50900kB inactive_file:158692kB unevictable:1560kB writepending:40kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:38808kB local_pcp:17728kB free_cma:0kB
[  573.489528][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.609513][ T5852] usb 4-1: Using ep0 maxpacket: 8
[  573.626618][ T5852] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  573.645279][ T5852] usb 4-1: config 0 has no interface number 0
[  573.650270][T17463] lowmem_reserve[]: 0 0 1 1 1
[  573.670466][T17463] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  573.699639][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.708497][ T5852] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  573.728492][ T5852] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  573.748444][ T5852] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  573.758643][T17463] lowmem_reserve[]: 0 0 0 0 0
[  573.764307][T17463] Node 1 Normal free:3891824kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:200kB unevictable:1540kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:27248kB local_pcp:13184kB free_cma:0kB
[  573.795740][    C0] vkms_vblank_simulate: vblank timer overrun
[  573.795817][ T5852] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  573.795864][ T5852] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  573.795887][ T5852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.799682][ T5852] usb 4-1: config 0 descriptor??
[  573.813260][T17485] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2492'.
[  573.869541][ T5852] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  573.920709][T17481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2492'.
[  573.929611][T17463] lowmem_reserve[]: 0 0 0 0 0
[  573.929657][T17463] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  573.983290][T17463] Node 0 DMA32: 784*4kB (UM) 474*8kB (UME) 490*16kB (UME) 289*32kB (UME) 250*64kB (ME) 58*128kB (UME) 26*256kB (ME) 8*512kB (UME) 5*1024kB (UME) 6*2048kB (UME) 271*4096kB (UM) = 1185616kB
[  574.091363][T17463] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  574.135557][T17463] Node 1 Normal: 204*4kB (UME) 58*8kB (UME) 9*16kB (UM) 173*32kB (UME) 47*64kB (UME) 17*128kB (UM) 7*256kB (UME) 2*512kB (M) 2*1024kB (M) 2*2048kB (UE) 945*4096kB (UM) = 3891824kB
[  574.172268][T17463] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  574.185882][T17463] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=2 hugepages_size=2048kB
[  574.197367][T17463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  574.255200][T17491] PKCS7: Unknown OID: [4] 0.37.1212292.2040252(bad)
[  574.262874][T17491] PKCS7: Only support pkcs7_signedData type
[  574.382180][T17463] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  574.475361][T17463] 55452 total pagecache pages
[  574.573917][T17463] 0 pages in swap cache
[  574.578170][T17463] Free swap  = 124996kB
[  574.647088][T17463] Total swap = 124996kB
[  574.669830][T17463] 2097051 pages RAM
[  574.687148][T17463] 0 pages HighMem/MovableOnly
[  574.707501][T17463] 425385 pages reserved
[  574.727698][T17463] 0 pages cma reserved
[  576.136222][    C1] ldusb 4-1:0.55: usb_submit_urb failed (-19)
[  576.143047][  T889] usb 4-1: USB disconnect, device number 58
[  576.157263][  T889] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  576.761463][T17503] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  576.782904][T17503] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  576.802061][T17503] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  576.823082][T17503] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  577.030453][T17503] vlan2: left promiscuous mode
[  577.035410][T17503] bridge0: left promiscuous mode
[  577.319100][  T889] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  577.341637][T17526] netlink: 'syz.0.2507': attribute type 8 has an invalid length.
[  577.408623][ T5917] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  577.418878][T17530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'.
[  577.428115][T17530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'.
[  577.476608][T17535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'.
[  577.490660][  T889] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  577.491440][T17535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'.
[  577.509056][  T889] usb 4-1: config 0 has no interface number 0
[  577.517489][  T889] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.529660][  T889] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.539996][  T889] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  577.553286][  T889] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  577.562850][  T889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.609846][  T889] usb 4-1: config 0 descriptor??
[  577.617996][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  577.653470][ T5917] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  577.676696][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  577.721378][ T5917] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  577.732352][T17538] loop2: detected capacity change from 0 to 7
[  577.738658][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.738705][ T5917] usb 2-1: Product: syz
[  577.738719][ T5917] usb 2-1: Manufacturer: syz
[  577.738733][ T5917] usb 2-1: SerialNumber: syz
[  577.748164][ T5917] usb 2-1: config 0 descriptor??
[  577.786997][T17538] Dev loop2: unable to read RDB block 7
[  577.792807][T17521] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  577.792919][T17521] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  577.794961][ T5917] usb 2-1: ucan: probing device on interface #0
[  577.833370][T17538]  loop2: AHDI p1 p2 p3
[  577.837608][T17538] loop2: partition table partially beyond EOD, truncated
[  577.902317][T17538] loop2: p1 start 1601398130 is beyond EOD, truncated
[  577.912147][T17538] loop2: p2 start 1702059890 is beyond EOD, truncated
[  578.198969][ T5917] usb 2-1: ucan: device reported invalid tx-fifo size
[  578.205971][ T5917] usb 2-1: ucan: probe failed; try to update the device firmware
[  578.270753][  T889] input: HID 28bd:0042 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0042.0020/input/input48
[  578.295592][T17554] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2514'.
[  578.405011][  T889] uclogic 0003:28BD:0042.0020: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.3-1/input1
[  578.435452][T17519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.447930][ T5917] usb 2-1: USB disconnect, device number 64
[  578.479004][T17519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.531692][  T889] usb 4-1: USB disconnect, device number 59
[  578.689707][T17556] fido_id[17556]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  579.180145][T17565] FAULT_INJECTION: forcing a failure.
[  579.180145][T17565] name failslab, interval 1, probability 0, space 0, times 0
[  579.252392][T17565] CPU: 0 UID: 0 PID: 17565 Comm: syz.4.2516 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  579.252427][T17565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  579.252438][T17565] Call Trace:
[  579.252446][T17565]  <TASK>
[  579.252456][T17565]  dump_stack_lvl+0x189/0x250
[  579.252481][T17565]  ? __pfx____ratelimit+0x10/0x10
[  579.252501][T17565]  ? __pfx_dump_stack_lvl+0x10/0x10
[  579.252522][T17565]  ? __pfx__printk+0x10/0x10
[  579.252549][T17565]  ? __pfx___might_resched+0x10/0x10
[  579.252568][T17565]  ? fs_reclaim_acquire+0x7d/0x100
[  579.252590][T17565]  should_fail_ex+0x414/0x560
[  579.252615][T17565]  should_failslab+0xa8/0x100
[  579.252639][T17565]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  579.252662][T17565]  ? __d_alloc+0x31/0x6f0
[  579.252686][T17565]  __d_alloc+0x31/0x6f0
[  579.252705][T17565]  ? inode_set_ctime_current+0x277/0xb40
[  579.252728][T17565]  d_alloc_pseudo+0x1f/0xb0
[  579.252747][T17565]  alloc_file_pseudo+0xcc/0x210
[  579.252770][T17565]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  579.252796][T17565]  ? alloc_anon_inode+0x1c1/0x360
[  579.252823][T17565]  aio_setup_ring+0x1e7/0xd80
[  579.252855][T17565]  ? pcpu_alloc_noprof+0xfdd/0x16b0
[  579.252881][T17565]  ? __pfx_aio_setup_ring+0x10/0x10
[  579.252913][T17565]  ioctx_alloc+0x32f/0x7a0
[  579.252943][T17565]  __ia32_compat_sys_io_setup+0xc0/0x1e0
[  579.252966][T17565]  __do_fast_syscall_32+0xb6/0x2b0
[  579.252986][T17565]  ? lockdep_hardirqs_on+0x9c/0x150
[  579.253009][T17565]  do_fast_syscall_32+0x34/0x80
[  579.253028][T17565]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  579.253048][T17565] RIP: 0023:0xf7f65539
[  579.253064][T17565] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  579.253079][T17565] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 00000000000000f5
[  579.253099][T17565] RAX: ffffffffffffffda RBX: 0000000000002004 RCX: 0000000080000680
[  579.253112][T17565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  579.253123][T17565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  579.253133][T17565] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  579.253144][T17565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  579.253170][T17565]  </TASK>
[  579.486197][    C0] vkms_vblank_simulate: vblank timer overrun
[  580.719964][T17587] kAFS: unable to lookup cell '
[  580.719964][T17587] $)-.ÌײfÍY¹Ç�²a×ïÅ2sˆ
[  580.719964][T17587] '
[  581.215970][T17591] netlink: 'syz.1.2524': attribute type 8 has an invalid length.
[  581.972092][T17607] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2527'.
[  582.076198][T17611] xt_CT: You must specify a L4 protocol and not use inversions on it
[  583.504808][T17622] IPv6: NLM_F_CREATE should be specified when creating new route
[  583.582995][ T5917] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  583.649012][T17622] IPv6: Can't replace route, no match found
[  583.838920][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  583.867012][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  583.928063][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  583.948274][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  583.983849][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  584.043218][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  584.145458][ T5917] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  584.198425][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.224156][ T5917] usb 1-1: Product: syz
[  584.238533][ T5917] usb 1-1: Manufacturer: syz
[  584.244135][ T5917] usb 1-1: SerialNumber: syz
[  584.289888][ T5917] usb 1-1: config 0 descriptor??
[  584.332159][ T5917] iguanair 1-1:0.0: probe with driver iguanair failed with error -12
[  584.546948][T17633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.556077][T17633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.568406][T17633] random: crng reseeded on system resumption
[  584.705322][T17649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2541'.
[  584.725629][T17649] FAULT_INJECTION: forcing a failure.
[  584.725629][T17649] name failslab, interval 1, probability 0, space 0, times 0
[  584.753318][T17649] CPU: 0 UID: 0 PID: 17649 Comm: syz.1.2541 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  584.753345][T17649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  584.753356][T17649] Call Trace:
[  584.753364][T17649]  <TASK>
[  584.753373][T17649]  dump_stack_lvl+0x189/0x250
[  584.753399][T17649]  ? __pfx____ratelimit+0x10/0x10
[  584.753419][T17649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.753438][T17649]  ? __pfx__printk+0x10/0x10
[  584.753466][T17649]  ? do_raw_spin_lock+0x121/0x290
[  584.753492][T17649]  should_fail_ex+0x414/0x560
[  584.753515][T17649]  should_failslab+0xa8/0x100
[  584.753540][T17649]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  584.753563][T17649]  ? __alloc_skb+0x112/0x2d0
[  584.753589][T17649]  __alloc_skb+0x112/0x2d0
[  584.753614][T17649]  xfrm_send_policy_notify+0x29d/0x1bb0
[  584.753640][T17649]  ? __lock_acquire+0xab9/0xd20
[  584.753662][T17649]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  584.753687][T17649]  ? km_policy_notify+0x28/0x200
[  584.753714][T17649]  ? km_policy_notify+0x28/0x200
[  584.753742][T17649]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  584.753763][T17649]  km_policy_notify+0x121/0x200
[  584.753783][T17649]  ? km_policy_notify+0x28/0x200
[  584.753806][T17649]  xfrm_add_policy+0x4c7/0x800
[  584.753834][T17649]  ? __pfx_xfrm_add_policy+0x10/0x10
[  584.753862][T17649]  ? __nla_parse+0x40/0x60
[  584.753886][T17649]  xfrm_user_rcv_msg+0x7a3/0xab0
[  584.753914][T17649]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  584.753968][T17649]  ? __mutex_trylock_common+0x153/0x260
[  584.753991][T17649]  ? __pfx___mutex_trylock_common+0x10/0x10
[  584.754017][T17649]  ? rcu_is_watching+0x15/0xb0
[  584.754037][T17649]  ? trace_contention_end+0x39/0x120
[  584.754063][T17649]  netlink_rcv_skb+0x208/0x470
[  584.754086][T17649]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  584.754109][T17649]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  584.754147][T17649]  ? netlink_deliver_tap+0x2e/0x1b0
[  584.754168][T17649]  ? netlink_deliver_tap+0x2e/0x1b0
[  584.754192][T17649]  xfrm_netlink_rcv+0x79/0x90
[  584.754214][T17649]  netlink_unicast+0x759/0x8e0
[  584.754245][T17649]  netlink_sendmsg+0x805/0xb30
[  584.754275][T17649]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.754299][T17649]  ? __import_iovec+0x5d4/0x7f0
[  584.754317][T17649]  ? aa_sock_msg_perm+0x94/0x160
[  584.754337][T17649]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  584.754355][T17649]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.754378][T17649]  __sock_sendmsg+0x21c/0x270
[  584.754400][T17649]  ____sys_sendmsg+0x505/0x830
[  584.754429][T17649]  ? __pfx_____sys_sendmsg+0x10/0x10
[  584.754466][T17649]  ___sys_sendmsg+0x21f/0x2a0
[  584.754490][T17649]  ? __pfx____sys_sendmsg+0x10/0x10
[  584.754545][T17649]  ? __fget_files+0x2a/0x420
[  584.754561][T17649]  ? __fget_files+0x3a0/0x420
[  584.754588][T17649]  __sys_sendmsg+0x164/0x220
[  584.754613][T17649]  ? __pfx___sys_sendmsg+0x10/0x10
[  584.754652][T17649]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  584.754672][T17649]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.754692][T17649]  __do_fast_syscall_32+0xb6/0x2b0
[  584.754712][T17649]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.754741][T17649]  do_fast_syscall_32+0x34/0x80
[  584.754760][T17649]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  584.754781][T17649] RIP: 0023:0xf7f82539
[  584.754797][T17649] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  584.754811][T17649] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  584.754830][T17649] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580
[  584.754842][T17649] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  584.754853][T17649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  584.754863][T17649] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  584.754873][T17649] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  584.754901][T17649]  </TASK>
[  585.140397][    C0] vkms_vblank_simulate: vblank timer overrun
[  585.414508][T17658] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2544'.
[  585.473761][T17658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2544'.
[  585.675236][T17663] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2546'.
[  585.689391][T17663] netlink: 'syz.1.2546': attribute type 10 has an invalid length.
[  586.208793][ T5917] usb 1-1: USB disconnect, device number 61
[  586.897388][T17676] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004
[  587.121160][T17687] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2553'.
[  587.283384][T17694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2554'.
[  587.313288][   T30] audit: type=1326 audit(1753238561.448:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.416410][   T30] audit: type=1326 audit(1753238561.448:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.454091][   T30] audit: type=1326 audit(1753238561.448:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.508147][   T30] audit: type=1326 audit(1753238561.528:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.586110][   T30] audit: type=1326 audit(1753238561.528:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.657257][   T30] audit: type=1326 audit(1753238561.528:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.718266][   T30] audit: type=1326 audit(1753238561.528:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.754261][   T30] audit: type=1326 audit(1753238561.528:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.784461][   T30] audit: type=1326 audit(1753238561.528:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.823677][T17704] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2557'.
[  587.826652][   T30] audit: type=1326 audit(1753238561.528:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.3.2555" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x50000
[  587.897609][T17704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2557'.
[  588.010883][ T5917] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  588.198727][ T5917] usb 3-1: Using ep0 maxpacket: 8
[  588.211953][ T5917] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[  588.228964][ T5917] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[  588.259141][ T5917] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[  588.270039][T17709] netlink: 'syz.4.2559': attribute type 8 has an invalid length.
[  588.286016][ T5917] usb 3-1: config 250 has no interface number 0
[  588.306293][ T5917] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  588.348030][ T5917] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  588.377333][ T5917] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  588.406105][ T5917] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  588.434555][ T5917] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  588.474763][ T5917] usb 3-1: config 250 interface 228 has no altsetting 0
[  588.497460][ T5917] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  588.507073][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  588.528860][ T5917] usb 3-1: Product: syz
[  588.540385][ T5917] usb 3-1: SerialNumber: syz
[  588.576720][ T5917] hub 3-1:250.228: bad descriptor, ignoring hub
[  588.588139][ T5917] hub 3-1:250.228: probe with driver hub failed with error -5
[  588.789985][ T5917] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 68 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  588.807389][T17713] netlink: 'syz.4.2561': attribute type 1 has an invalid length.
[  588.816610][T17713] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2561'.
[  588.834393][ T5917] usb 3-1: USB disconnect, device number 68
[  588.863333][ T5917] usblp0: removed
[  589.032991][T17717] fuse: Unknown parameter 'r'
[  589.338439][ T5917] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  589.385203][T17719] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2562'.
[  589.488481][ T5917] usb 3-1: Using ep0 maxpacket: 8
[  589.502006][ T5917] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[  589.540167][ T5917] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[  589.576966][ T5917] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[  589.622369][ T5917] usb 3-1: config 250 has no interface number 0
[  589.646479][ T5917] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  589.687913][ T5917] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  589.778526][ T5917] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  589.825484][ T5917] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  589.875840][ T5917] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  589.944301][ T5917] usb 3-1: config 250 interface 228 has no altsetting 0
[  589.964566][ T5917] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  589.983080][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  590.002881][ T5917] usb 3-1: Product: syz
[  590.008553][ T5917] usb 3-1: SerialNumber: syz
[  590.039018][ T5917] hub 3-1:250.228: bad descriptor, ignoring hub
[  590.053946][ T5917] hub 3-1:250.228: probe with driver hub failed with error -5
[  590.241018][ T5917] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 69 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  590.540985][T17742] __nla_validate_parse: 2 callbacks suppressed
[  590.540996][T17742] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2570'.
[  590.559732][T17742] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2570'.
[  590.742691][T17747] usb usb8: usbfs: process 17747 (syz.4.2572) did not claim interface 3 before use
[  590.759365][T17747] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2572'.
[  590.989357][ T5932] usb 3-1: USB disconnect, device number 69
[  591.025714][T17753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2574'.
[  591.034736][T17753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2574'.
[  591.492117][T17753] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  591.500953][T17753] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  591.509922][T17753] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  591.518740][T17753] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  591.575173][ T5932] usblp0: removed
[  592.251943][T17779] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2579'.
[  592.302260][T17779] netlink: 'syz.2.2579': attribute type 10 has an invalid length.
[  592.310392][T17779] bridge0: port 1(team0) entered blocking state
[  592.316872][T17779] bridge0: port 1(team0) entered disabled state
[  592.326651][T17779] team0: entered allmulticast mode
[  592.334567][T17781] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2578'.
[  592.350720][T17779] team0: entered promiscuous mode
[  592.501629][T17757] vivid-000: =================  START STATUS  =================
[  592.516338][T17757] vivid-000: Test Pattern: 75% Colorbar
[  592.524627][T17757] vivid-000: Fill Percentage of Frame: 0
[  592.538580][T17757] vivid-000: Horizontal Movement: No Movement
[  592.551598][T17757] vivid-000: Vertical Movement: Move Up Slow
[  592.559732][T17766] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2575'.
[  592.589983][T17757] vivid-000: OSD Text Mode: All
[  592.595071][T17757] vivid-000: Show Border: false
[  592.602958][T17757] vivid-000: Show Square: false
[  592.610768][T17757] vivid-000: Sensor Flipped Horizontally: false
[  592.620708][T17757] vivid-000: Sensor Flipped Vertically: false
[  592.632900][T17757] vivid-000: Insert SAV Code in Image: false
[  592.645894][T17757] vivid-000: Insert EAV Code in Image: false
[  592.657364][T17757] vivid-000: Insert Video Guard Band: false
[  592.677706][T17757] vivid-000: Reduced Framerate: false
[  592.687727][T17757] vivid-000: HDMI 000-0 Is Connected To: Output HDMI 015-0
[  592.700099][T17757] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  592.712179][T17757] vivid-000: Enable Capture Cropping: true grabbed
[  592.905496][T17757] vivid-000: Enable Capture Composing: false grabbed
[  592.913023][T17757] vivid-000: Enable Capture Scaler: true grabbed
[  592.920750][T17757] vivid-000: Timestamp Source: End of Frame
[  592.996099][T17757] vivid-000: Colorspace: SMPTE 170M
[  593.001874][T17757] vivid-000: Transfer Function: Default
[  593.013914][T17757] vivid-000: Y'CbCr Encoding: Default
[  593.025721][T17757] vivid-000: HSV Encoding: Hue 0-179
[  593.042577][T17757] vivid-000: Quantization: Default
[  593.496041][T17757] vivid-000: Apply Alpha To Red Only: false
[  593.588649][T17757] vivid-000: Standard Aspect Ratio: 4x3
[  593.610210][T17757] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  593.628538][T17757] vivid-000: DV Timings: 640x480p59 inactive
[  593.635510][T17757] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  593.668537][T17757] vivid-000: Maximum EDID Blocks: 2
[  593.684036][T17757] vivid-000: Limited RGB Range (16-235): false
[  593.697838][T17757] vivid-000: Rx RGB Quantization Range: Automatic
[  593.712447][T17757] vivid-000: Power Present: 0x00000001
[  593.718065][T17757] tpg source WxH: 720x576 (R'G'B)
[  593.726384][T17757] tpg field: 2
[  593.732048][T17757] tpg crop: (0,0)/720x64
[  593.736636][T17757] tpg compose: (0,0)/2880x8
[  593.743438][T17757] tpg colorspace: 2
[  593.752352][T17757] tpg transfer function: 7/7
[  593.758480][T17757] tpg quantization: 0/1
[  593.764240][T17757] tpg RGB range: 0/2
[  593.771462][T17757] vivid-000: ==================  END STATUS  ==================
[  593.936147][T17800] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2583'.
[  593.946617][T17800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2583'.
[  594.378482][  T889] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[  594.466445][T17808] netlink: 'syz.0.2587': attribute type 8 has an invalid length.
[  594.560105][  T889] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  594.568539][  T889] usb 3-1: config 0 has no interface number 0
[  594.620632][  T889] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  594.635692][  T889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.644483][  T889] usb 3-1: Product: syz
[  594.649903][  T889] usb 3-1: Manufacturer: syz
[  594.654857][  T889] usb 3-1: SerialNumber: syz
[  594.674853][  T889] usb 3-1: config 0 descriptor??
[  595.187243][T17803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.230821][T17803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.969766][  T889] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[  595.990822][  T889] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[  596.031417][  T889] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[  596.108620][  T889] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[  596.140187][  T889] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  596.205827][  T889] usb 3-1: USB disconnect, device number 70
[  596.225458][  T889] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  596.249708][  T889] keyspan 3-1:0.133: device disconnected
[  596.288498][ T5932] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  596.439762][ T5932] usb 1-1: Using ep0 maxpacket: 16
[  596.453396][ T5932] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  596.476699][ T5932] usb 1-1: config 0 has no interface number 0
[  596.501116][ T5932] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  596.532922][ T5932] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  596.568266][ T5932] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  596.593001][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  596.618493][ T5932] usb 1-1: Product: syz
[  596.620158][T17841] netlink: 'syz.4.2599': attribute type 8 has an invalid length.
[  596.626101][ T5932] usb 1-1: SerialNumber: syz
[  596.651884][ T5932] usb 1-1: config 0 descriptor??
[  596.671977][ T5932] cm109 1-1:0.8: invalid payload size 0, expected 4
[  596.682172][ T5932] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input50
[  596.765799][T17845] __nla_validate_parse: 2 callbacks suppressed
[  596.765812][T17845] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2600'.
[  596.818774][T17845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2600'.
[  596.893337][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  597.399765][    C0] cm109_urb_ctl_callback: 31 callbacks suppressed
[  597.399787][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.418703][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.425968][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.433356][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.450517][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.457738][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.458492][ T5917] usb 1-1: USB disconnect, device number 62
[  597.465202][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  597.465227][    C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  597.532041][ T5917] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  597.647900][T17854] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2603'.
[  597.692728][T17857] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2605'.
[  597.698503][  T889] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[  597.876501][  T889] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  597.972451][  T889] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.030563][  T889] usb 3-1: config 0 interface 0 has no altsetting 0
[  598.037530][  T889] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  598.055645][  T889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.079608][  T889] usb 3-1: config 0 descriptor??
[  598.199017][T17865] netlink: 'syz.0.2607': attribute type 29 has an invalid length.
[  598.214115][T17865] netlink: 'syz.0.2607': attribute type 29 has an invalid length.
[  598.284066][T17868] netlink: 600 bytes leftover after parsing attributes in process `syz.0.2607'.
[  598.361928][T17869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.401790][T17868] unsupported nla_type 58
[  598.442312][T17869] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.652633][  T889] hid-steam 0003:28DE:1102.0021: unknown main item tag 0x0
[  598.670479][  T889] hid-steam 0003:28DE:1102.0021: unknown main item tag 0x0
[  598.677752][  T889] hid-steam 0003:28DE:1102.0021: unknown main item tag 0x0
[  598.699961][  T889] hid-steam 0003:28DE:1102.0021: unknown main item tag 0x0
[  598.746170][  T889] hid-steam 0003:28DE:1102.0021: unknown main item tag 0x0
[  598.766902][  T889] hid-steam 0003:28DE:1102.0021: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0
[  598.791394][T17881] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2611'.
[  598.887464][ T5932] usb 3-1: USB disconnect, device number 71
[  598.945772][T17883] fido_id[17883]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  599.038867][T17888] netlink: 'syz.1.2612': attribute type 8 has an invalid length.
[  599.317380][T17894] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2615'.
[  599.332135][T17894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2615'.
[  599.607127][T17901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2616'.
[  600.030791][T17911] FAULT_INJECTION: forcing a failure.
[  600.030791][T17911] name failslab, interval 1, probability 0, space 0, times 0
[  600.061999][T17911] CPU: 1 UID: 0 PID: 17911 Comm: syz.2.2618 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  600.062016][T17911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  600.062023][T17911] Call Trace:
[  600.062029][T17911]  <TASK>
[  600.062034][T17911]  dump_stack_lvl+0x189/0x250
[  600.062052][T17911]  ? __pfx____ratelimit+0x10/0x10
[  600.062064][T17911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.062076][T17911]  ? __pfx__printk+0x10/0x10
[  600.062092][T17911]  ? __pfx___might_resched+0x10/0x10
[  600.062103][T17911]  ? fs_reclaim_acquire+0x7d/0x100
[  600.062116][T17911]  should_fail_ex+0x414/0x560
[  600.062130][T17911]  should_failslab+0xa8/0x100
[  600.062146][T17911]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  600.062160][T17911]  ? __alloc_skb+0x112/0x2d0
[  600.062177][T17911]  __alloc_skb+0x112/0x2d0
[  600.062192][T17911]  netlink_ack+0x146/0xa50
[  600.062205][T17911]  ? __pfx_genl_rcv_msg+0x10/0x10
[  600.062214][T17911]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  600.062224][T17911]  ? __pfx_nl80211_post_doit+0x10/0x10
[  600.062240][T17911]  netlink_rcv_skb+0x28c/0x470
[  600.062254][T17911]  ? __pfx_genl_rcv_msg+0x10/0x10
[  600.062266][T17911]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  600.062288][T17911]  ? down_read+0x1ad/0x2e0
[  600.062301][T17911]  genl_rcv+0x28/0x40
[  600.062311][T17911]  netlink_unicast+0x759/0x8e0
[  600.062328][T17911]  netlink_sendmsg+0x805/0xb30
[  600.062348][T17911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  600.062363][T17911]  ? __import_iovec+0x5d4/0x7f0
[  600.062375][T17911]  ? aa_sock_msg_perm+0x94/0x160
[  600.062387][T17911]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  600.062398][T17911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  600.062411][T17911]  __sock_sendmsg+0x21c/0x270
[  600.062425][T17911]  ____sys_sendmsg+0x505/0x830
[  600.062443][T17911]  ? __pfx_____sys_sendmsg+0x10/0x10
[  600.062466][T17911]  ___sys_sendmsg+0x21f/0x2a0
[  600.062482][T17911]  ? __pfx____sys_sendmsg+0x10/0x10
[  600.062515][T17911]  ? __fget_files+0x2a/0x420
[  600.062524][T17911]  ? __fget_files+0x3a0/0x420
[  600.062538][T17911]  __sys_sendmsg+0x164/0x220
[  600.062553][T17911]  ? __pfx___sys_sendmsg+0x10/0x10
[  600.062575][T17911]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  600.062586][T17911]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.062604][T17911]  __do_fast_syscall_32+0xb6/0x2b0
[  600.062617][T17911]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.062628][T17911]  do_fast_syscall_32+0x34/0x80
[  600.062640][T17911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  600.062652][T17911] RIP: 0023:0xf7f34539
[  600.062662][T17911] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  600.062670][T17911] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  600.062682][T17911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  600.062689][T17911] RDX: 0000000000000804 RSI: 0000000000000000 RDI: 0000000000000000
[  600.062695][T17911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  600.062700][T17911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  600.062706][T17911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  600.062720][T17911]  </TASK>
[  600.419673][T17912] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2619'.
[  601.305412][    T9] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[  601.518299][    T9] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  601.530050][    T9] usb 1-1: config 0 has no interface number 0
[  601.562340][    T9] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  601.611732][    T9] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  601.638824][    T9] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  601.647412][T17933] FAULT_INJECTION: forcing a failure.
[  601.647412][T17933] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.660506][    T9] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[  601.684283][T17933] CPU: 1 UID: 0 PID: 17933 Comm: syz.2.2624 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  601.684309][T17933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  601.684319][T17933] Call Trace:
[  601.684328][T17933]  <TASK>
[  601.684336][T17933]  dump_stack_lvl+0x189/0x250
[  601.684375][T17933]  ? __pfx____ratelimit+0x10/0x10
[  601.684394][T17933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.684413][T17933]  ? __pfx__printk+0x10/0x10
[  601.684434][T17933]  ? __might_fault+0xb0/0x130
[  601.684466][T17933]  should_fail_ex+0x414/0x560
[  601.684487][T17933]  _copy_from_iter+0x1db/0x16f0
[  601.684512][T17933]  ? rcu_is_watching+0x15/0xb0
[  601.684533][T17933]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  601.684557][T17933]  ? __pfx__copy_from_iter+0x10/0x10
[  601.684579][T17933]  ? __build_skb_around+0x257/0x3e0
[  601.684604][T17933]  ? netlink_sendmsg+0x642/0xb30
[  601.684623][T17933]  ? skb_put+0x11b/0x210
[  601.684652][T17933]  netlink_sendmsg+0x6b2/0xb30
[  601.684683][T17933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  601.684707][T17933]  ? __import_iovec+0x5d4/0x7f0
[  601.684725][T17933]  ? aa_sock_msg_perm+0x94/0x160
[  601.684751][T17933]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  601.684769][T17933]  ? __pfx_netlink_sendmsg+0x10/0x10
[  601.684790][T17933]  __sock_sendmsg+0x21c/0x270
[  601.684807][T17933]  ____sys_sendmsg+0x505/0x830
[  601.684830][T17933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  601.684862][T17933]  ___sys_sendmsg+0x21f/0x2a0
[  601.684885][T17933]  ? __pfx____sys_sendmsg+0x10/0x10
[  601.684937][T17933]  ? __fget_files+0x2a/0x420
[  601.684952][T17933]  ? __fget_files+0x3a0/0x420
[  601.684978][T17933]  __sys_sendmsg+0x164/0x220
[  601.685002][T17933]  ? __pfx___sys_sendmsg+0x10/0x10
[  601.685038][T17933]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  601.685057][T17933]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.685077][T17933]  __do_fast_syscall_32+0xb6/0x2b0
[  601.685096][T17933]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.685118][T17933]  do_fast_syscall_32+0x34/0x80
[  601.685137][T17933]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  601.685155][T17933] RIP: 0023:0xf7f34539
[  601.685171][T17933] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  601.685185][T17933] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  601.685204][T17933] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800012c0
[  601.685216][T17933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  601.685226][T17933] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  601.685236][T17933] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  601.685247][T17933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  601.685274][T17933]  </TASK>
[  602.005524][    T9] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  602.283891][    T9] usb 1-1: Product: syz
[  602.288268][    T9] usb 1-1: SerialNumber: syz
[  602.311551][    T9] usb 1-1: config 0 descriptor??
[  602.324132][    T9] cm109 1-1:0.8: invalid payload size 0, expected 4
[  602.333150][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input51
[  602.364355][T17937] netlink: 'syz.3.2625': attribute type 8 has an invalid length.
[  602.519674][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.526897][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.534120][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.541376][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.548562][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.555726][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.563075][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.570257][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.577438][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.585116][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  602.595388][    T9] usb 1-1: USB disconnect, device number 63
[  602.601548][    C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  602.759068][    T9] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  603.156829][   T30] kauditd_printk_skb: 5211 callbacks suppressed
[  603.156847][   T30] audit: type=1326 audit(1753238577.298:5843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.287500][   T30] audit: type=1326 audit(1753238577.308:5844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.361612][   T30] audit: type=1326 audit(1753238577.308:5845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.432731][T17957] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2632'.
[  603.472865][   T30] audit: type=1326 audit(1753238577.308:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.476004][T17959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2631'.
[  603.608420][   T30] audit: type=1326 audit(1753238577.308:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.643882][T17961] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2633'.
[  603.683420][   T30] audit: type=1326 audit(1753238577.308:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.794141][   T30] audit: type=1326 audit(1753238577.308:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.867654][   T30] audit: type=1326 audit(1753238577.308:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  603.909373][T17952] capability: warning: `syz.2.2630' uses 32-bit capabilities (legacy support in use)
[  603.972590][   T30] audit: type=1326 audit(1753238577.308:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  604.098121][T17972] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2635'.
[  604.173237][   T30] audit: type=1326 audit(1753238577.308:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17953 comm="syz.4.2629" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65539 code=0x7ffc0000
[  604.764557][T17977] netlink: 'syz.4.2638': attribute type 8 has an invalid length.
[  604.838651][T17980] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2639'.
[  604.953183][T17980] netlink: 'syz.1.2639': attribute type 10 has an invalid length.
[  605.002343][T17984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2640'.
[  605.016807][T17984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2640'.
[  605.410837][T17993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2642'.
[  605.883218][T17997] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2643'.
[  605.981271][    T9] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  606.015779][    T9] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  606.047488][T18001] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2644'.
[  606.664551][T18017] kvm: Disabled LAPIC found during irq injection
[  606.727698][T18020] netlink: 'syz.4.2652': attribute type 8 has an invalid length.
[  607.429747][T18033] loop6: detected capacity change from 0 to 63
[  607.484530][ T5897] buffer_io_error: 38 callbacks suppressed
[  607.484542][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.550177][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.613092][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.638258][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.799302][ T5897] Buffer I/O error on dev loop6, logical block 0, async page read
[  608.928621][  T889] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  609.134104][  T889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  609.148505][  T889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  609.167665][  T889] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  609.186966][  T889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.225229][  T889] usb 3-1: config 0 descriptor??
[  610.335451][  T889] usbhid 3-1:0.0: can't add hid device: -71
[  610.378675][  T889] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  610.419037][T18088] FAULT_INJECTION: forcing a failure.
[  610.419037][T18088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.458828][  T889] usb 3-1: USB disconnect, device number 72
[  610.473316][T18088] CPU: 0 UID: 0 PID: 18088 Comm: syz.2.2671 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  610.473333][T18088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  610.473343][T18088] Call Trace:
[  610.473348][T18088]  <TASK>
[  610.473353][T18088]  dump_stack_lvl+0x189/0x250
[  610.473370][T18088]  ? __pfx____ratelimit+0x10/0x10
[  610.473382][T18088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.473393][T18088]  ? __pfx__printk+0x10/0x10
[  610.473406][T18088]  ? __might_fault+0xb0/0x130
[  610.473425][T18088]  should_fail_ex+0x414/0x560
[  610.473439][T18088]  _copy_from_user+0x2d/0xb0
[  610.473454][T18088]  get_compat_msghdr+0xad/0x4a0
[  610.473472][T18088]  ? __pfx_get_compat_msghdr+0x10/0x10
[  610.473493][T18088]  ___sys_sendmsg+0x193/0x2a0
[  610.473510][T18088]  ? __pfx____sys_sendmsg+0x10/0x10
[  610.473542][T18088]  ? __fget_files+0x2a/0x420
[  610.473551][T18088]  ? __fget_files+0x3a0/0x420
[  610.473565][T18088]  __sys_sendmsg+0x164/0x220
[  610.473580][T18088]  ? __pfx___sys_sendmsg+0x10/0x10
[  610.473602][T18088]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  610.473614][T18088]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.473626][T18088]  __do_fast_syscall_32+0xb6/0x2b0
[  610.473638][T18088]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.473650][T18088]  do_fast_syscall_32+0x34/0x80
[  610.473661][T18088]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  610.473674][T18088] RIP: 0023:0xf7f34539
[  610.473683][T18088] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  610.473692][T18088] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  610.473703][T18088] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  610.473710][T18088] RDX: 0000000004008040 RSI: 0000000000000000 RDI: 0000000000000000
[  610.473716][T18088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  610.473721][T18088] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  610.473727][T18088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  610.473741][T18088]  </TASK>
[  610.686276][    C0] vkms_vblank_simulate: vblank timer overrun
[  610.990596][T18097] __nla_validate_parse: 2 callbacks suppressed
[  610.990615][T18097] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2676'.
[  611.090132][T18100] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2676'.
[  611.233528][T18108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2679'.
[  611.559102][T18110] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2677'.
[  613.301243][T18156] netlink: 'syz.4.2695': attribute type 8 has an invalid length.
[  613.989403][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  613.989420][   T30] audit: type=1326 audit(1753238588.138:5882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18169 comm="syz.3.2698" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f48539 code=0x0
[  614.118517][T18182] FAULT_INJECTION: forcing a failure.
[  614.118517][T18182] name failslab, interval 1, probability 0, space 0, times 0
[  614.133894][T18181] FAULT_INJECTION: forcing a failure.
[  614.133894][T18181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  614.198897][T18182] CPU: 0 UID: 0 PID: 18182 Comm: syz.2.2702 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  614.198923][T18182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.198934][T18182] Call Trace:
[  614.198943][T18182]  <TASK>
[  614.198952][T18182]  dump_stack_lvl+0x189/0x250
[  614.198977][T18182]  ? __pfx____ratelimit+0x10/0x10
[  614.198997][T18182]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.199016][T18182]  ? __pfx__printk+0x10/0x10
[  614.199052][T18182]  should_fail_ex+0x414/0x560
[  614.199076][T18182]  should_failslab+0xa8/0x100
[  614.199101][T18182]  __kmalloc_cache_noprof+0x70/0x3d0
[  614.199123][T18182]  ? sctp_add_bind_addr+0x8c/0x370
[  614.199147][T18182]  sctp_add_bind_addr+0x8c/0x370
[  614.199171][T18182]  sctp_copy_local_addr_list+0x30b/0x4e0
[  614.199196][T18182]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  614.199216][T18182]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  614.199238][T18182]  ? sctp_v6_is_any+0x64/0x80
[  614.199261][T18182]  ? sctp_copy_one_addr+0x93/0x360
[  614.199285][T18182]  sctp_bind_addr_copy+0xb3/0x3c0
[  614.199306][T18182]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  614.199328][T18182]  sctp_connect_new_asoc+0x2e0/0x690
[  614.199353][T18182]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  614.199374][T18182]  ? __local_bh_enable_ip+0x12d/0x1c0
[  614.199401][T18182]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  614.199419][T18182]  ? security_sctp_bind_connect+0x7e/0x2e0
[  614.199447][T18182]  sctp_sendmsg+0x155c/0x2810
[  614.199481][T18182]  ? __pfx_sctp_sendmsg+0x10/0x10
[  614.199507][T18182]  ? aa_sk_perm+0x81e/0x950
[  614.199530][T18182]  ? __pfx_aa_sk_perm+0x10/0x10
[  614.199550][T18182]  ? sock_rps_record_flow+0x19/0x410
[  614.199573][T18182]  ? inet_sendmsg+0x2f4/0x370
[  614.199605][T18182]  __sock_sendmsg+0x19c/0x270
[  614.199629][T18182]  ____sys_sendmsg+0x52d/0x830
[  614.199659][T18182]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.199697][T18182]  ___sys_sendmsg+0x21f/0x2a0
[  614.199723][T18182]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.199782][T18182]  ? __fget_files+0x2a/0x420
[  614.199798][T18182]  ? __fget_files+0x3a0/0x420
[  614.199824][T18182]  __sys_sendmmsg+0x28e/0x430
[  614.199845][T18182]  ? __pfx___sys_sendmmsg+0x10/0x10
[  614.199871][T18182]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  614.199910][T18182]  ? ksys_write+0x22a/0x250
[  614.199946][T18182]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  614.199974][T18182]  __do_fast_syscall_32+0xb6/0x2b0
[  614.199995][T18182]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.200017][T18182]  do_fast_syscall_32+0x34/0x80
[  614.200037][T18182]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.200057][T18182] RIP: 0023:0xf7f34539
[  614.200072][T18182] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  614.200086][T18182] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  614.200105][T18182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001d80
[  614.200119][T18182] RDX: 0000000000000001 RSI: 00000000000005dc RDI: 0000000000000000
[  614.200130][T18182] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  614.200141][T18182] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  614.200153][T18182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.200177][T18182]  </TASK>
[  614.532872][    C0] vkms_vblank_simulate: vblank timer overrun
[  614.734472][T18187] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2699'.
[  614.888487][T18181] CPU: 0 UID: 0 PID: 18181 Comm: syz.4.2701 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  614.888513][T18181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.888523][T18181] Call Trace:
[  614.888531][T18181]  <TASK>
[  614.888547][T18181]  dump_stack_lvl+0x189/0x250
[  614.888573][T18181]  ? __pfx____ratelimit+0x10/0x10
[  614.888592][T18181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.888611][T18181]  ? __pfx__printk+0x10/0x10
[  614.888632][T18181]  ? __might_fault+0xb0/0x130
[  614.888664][T18181]  should_fail_ex+0x414/0x560
[  614.888685][T18181]  _copy_from_user+0x2d/0xb0
[  614.888707][T18181]  kstrtouint_from_user+0xc4/0x170
[  614.888729][T18181]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  614.888765][T18181]  proc_fail_nth_write+0x88/0x240
[  614.888783][T18181]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  614.888804][T18181]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  614.888823][T18181]  vfs_write+0x27e/0xa90
[  614.888854][T18181]  ? __pfx_vfs_write+0x10/0x10
[  614.888875][T18181]  ? __fget_files+0x2a/0x420
[  614.888896][T18181]  ? __fget_files+0x3a0/0x420
[  614.888909][T18181]  ? __fget_files+0x2a/0x420
[  614.888931][T18181]  ksys_write+0x145/0x250
[  614.888953][T18181]  ? __pfx_ksys_write+0x10/0x10
[  614.888972][T18181]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  614.888991][T18181]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.889011][T18181]  __do_fast_syscall_32+0xb6/0x2b0
[  614.889029][T18181]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.889048][T18181]  do_fast_syscall_32+0x34/0x80
[  614.889066][T18181]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.889086][T18181] RIP: 0023:0xf7f65539
[  614.889102][T18181] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  614.889115][T18181] RSP: 002b:00000000f5086590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  614.889134][T18181] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5086620
[  614.889147][T18181] RDX: 0000000000000001 RSI: 00000000f73f4ff4 RDI: 0000000000000000
[  614.889158][T18181] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  614.889168][T18181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  614.889178][T18181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.889205][T18181]  </TASK>
[  615.126045][    C0] vkms_vblank_simulate: vblank timer overrun
[  615.265554][T18194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2704'.
[  615.362766][T18197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2705'.
[  615.487263][T18199] netlink: 'syz.4.2713': attribute type 3 has an invalid length.
[  615.510872][T18199] netlink: 666 bytes leftover after parsing attributes in process `syz.4.2713'.
[  615.562996][T18204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2707'.
[  615.643175][T18211] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2709'.
[  615.665338][T18211] netlink: 'syz.1.2709': attribute type 10 has an invalid length.
[  616.626332][T18225] netlink: 'syz.0.2712': attribute type 8 has an invalid length.
[  616.698645][    T9] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  616.850393][    T9] usb 3-1: Using ep0 maxpacket: 16
[  616.881993][    T9] usb 3-1: too many configurations: 123, using maximum allowed: 8
[  616.892586][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.913285][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.935062][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.955735][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.974802][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.020002][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.042259][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.056209][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.068179][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  617.082652][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  617.194380][    T9] usb 3-1: SerialNumber: syz
[  617.216468][    T9] usb 3-1: config 0 descriptor??
[  617.242722][    T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input52
[  617.463910][ T5202] bcm5974 3-1:0.0: could not read from device
[  617.470370][    T9] usb 3-1: USB disconnect, device number 73
[  617.477773][T15936] bcm5974 3-1:0.0: could not read from device
[  617.542158][T18239] FAULT_INJECTION: forcing a failure.
[  617.542158][T18239] name failslab, interval 1, probability 0, space 0, times 0
[  617.654235][T18239] CPU: 0 UID: 0 PID: 18239 Comm: syz.1.2719 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  617.654274][T18239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  617.654284][T18239] Call Trace:
[  617.654292][T18239]  <TASK>
[  617.654300][T18239]  dump_stack_lvl+0x189/0x250
[  617.654326][T18239]  ? __pfx____ratelimit+0x10/0x10
[  617.654345][T18239]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.654364][T18239]  ? __pfx__printk+0x10/0x10
[  617.654387][T18239]  ? __pfx___might_resched+0x10/0x10
[  617.654407][T18239]  ? fs_reclaim_acquire+0x7d/0x100
[  617.654428][T18239]  should_fail_ex+0x414/0x560
[  617.654452][T18239]  should_failslab+0xa8/0x100
[  617.654478][T18239]  __kmalloc_noprof+0xcb/0x4f0
[  617.654498][T18239]  ? tomoyo_encode+0x28b/0x550
[  617.654523][T18239]  tomoyo_encode+0x28b/0x550
[  617.654548][T18239]  tomoyo_realpath_from_path+0x58d/0x5d0
[  617.654578][T18239]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  617.654596][T18239]  tomoyo_path_number_perm+0x1e8/0x5a0
[  617.654616][T18239]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  617.654653][T18239]  ? __lock_acquire+0xab9/0xd20
[  617.654697][T18239]  ? __fget_files+0x2a/0x420
[  617.654717][T18239]  ? __fget_files+0x3a0/0x420
[  617.654732][T18239]  ? __fget_files+0x2a/0x420
[  617.654749][T18239]  security_file_ioctl_compat+0xcb/0x2d0
[  617.654774][T18239]  __ia32_compat_sys_ioctl+0x128/0x840
[  617.654798][T18239]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  617.654820][T18239]  ? __fget_files+0x3a0/0x420
[  617.654850][T18239]  ? rcu_is_watching+0x15/0xb0
[  617.654873][T18239]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  617.654893][T18239]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.654913][T18239]  __do_fast_syscall_32+0xb6/0x2b0
[  617.654940][T18239]  do_fast_syscall_32+0x34/0x80
[  617.654958][T18239]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  617.654977][T18239] RIP: 0023:0xf7f82539
[  617.654992][T18239] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  617.655007][T18239] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  617.655026][T18239] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c1205531
[  617.655038][T18239] RDX: 00000000800010c0 RSI: 0000000000000000 RDI: 0000000000000000
[  617.655049][T18239] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  617.655059][T18239] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  617.655069][T18239] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  617.655096][T18239]  </TASK>
[  617.656302][T18239] ERROR: Out of memory at tomoyo_realpath_from_path.
[  618.918472][ T5852] usb 3-1: new full-speed USB device number 74 using dummy_hcd
[  619.102811][ T5852] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.118296][ T5852] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  619.153435][ T5852] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  619.183460][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.209116][T18255] netlink: 'syz.3.2726': attribute type 8 has an invalid length.
[  619.209378][ T5852] usb 3-1: config 0 descriptor??
[  619.243342][ T5852] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  619.267451][ T5852] dvb-usb: bulk message failed: -22 (3/0)
[  619.288784][ T5852] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  619.301374][T18258] __nla_validate_parse: 1 callbacks suppressed
[  619.301386][T18258] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2725'.
[  619.347080][ T5852] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  619.373084][ T5852] usb 3-1: media controller created
[  619.400133][ T5852] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  619.461166][ T5852] dvb-usb: bulk message failed: -22 (6/0)
[  619.494930][ T5852] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  619.523555][ T5852] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input53
[  619.564826][ T5852] dvb-usb: schedule remote query interval to 150 msecs.
[  619.635706][ T5852] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  619.790007][    T9] usb 3-1: USB disconnect, device number 74
[  619.800473][ T5852] dvb-usb: bulk message failed: -22 (1/0)
[  619.823164][ T5852] dvb-usb: error while querying for an remote control event.
[  619.907123][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  620.607543][T18279] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2733'.
[  620.637105][T18279] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2733'.
[  620.711079][T18279] netlink: 'syz.0.2733': attribute type 10 has an invalid length.
[  620.972192][  T889] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  621.430310][  T889] usb 4-1: Using ep0 maxpacket: 16
[  621.679317][  T889] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  621.693269][  T889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  621.712592][  T889] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0
[  621.724540][  T889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  621.738450][  T889] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  621.813151][  T889] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  621.826379][  T889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.840599][  T889] usb 4-1: Product: syz
[  621.844772][  T889] usb 4-1: Manufacturer: syz
[  621.850553][  T889] usb 4-1: SerialNumber: syz
[  621.861362][  T889] usb 4-1: config 0 descriptor??
[  621.872289][  T889] port100 4-1:0.0: NFC: Could not get supported command types
[  622.109646][  T889] usb 4-1: USB disconnect, device number 60
[  622.840686][T18314] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2741'.
[  623.125900][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2745'.
[  623.874504][T18330] kvm: kvm [18329]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x7
[  624.419022][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  624.425969][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  624.697293][T18342] ptrace attach of "./syz-executor exec"[16089] was attempted by "./syz-executor exec"[18342]
[  624.783891][T18349] bridge0: entered allmulticast mode
[  624.800082][T18349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2754'.
[  624.965753][T18349] bridge0 (unregistering): left allmulticast mode
[  625.187174][T18362] FAULT_INJECTION: forcing a failure.
[  625.187174][T18362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  625.228502][T18362] CPU: 0 UID: 0 PID: 18362 Comm: syz.4.2758 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  625.228529][T18362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  625.228539][T18362] Call Trace:
[  625.228547][T18362]  <TASK>
[  625.228555][T18362]  dump_stack_lvl+0x189/0x250
[  625.228579][T18362]  ? __pfx____ratelimit+0x10/0x10
[  625.228599][T18362]  ? __pfx_dump_stack_lvl+0x10/0x10
[  625.228616][T18362]  ? __pfx__printk+0x10/0x10
[  625.228636][T18362]  ? __might_fault+0xb0/0x130
[  625.228669][T18362]  should_fail_ex+0x414/0x560
[  625.228692][T18362]  _copy_from_user+0x2d/0xb0
[  625.228714][T18362]  memdup_user+0x5e/0xd0
[  625.228733][T18362]  kvm_arch_vcpu_ioctl+0x18ec/0x2a80
[  625.228754][T18362]  ? __lock_acquire+0xab9/0xd20
[  625.228789][T18362]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  625.228823][T18362]  ? __lock_acquire+0xab9/0xd20
[  625.228849][T18362]  ? __lock_acquire+0xab9/0xd20
[  625.228881][T18362]  ? is_bpf_text_address+0x26/0x2b0
[  625.228903][T18362]  ? is_bpf_text_address+0x292/0x2b0
[  625.228917][T18362]  ? is_bpf_text_address+0x26/0x2b0
[  625.228935][T18362]  ? kernel_text_address+0xa5/0xe0
[  625.228952][T18362]  ? __kernel_text_address+0xd/0x40
[  625.228967][T18362]  ? unwind_get_return_address+0x4d/0x90
[  625.228984][T18362]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  625.229005][T18362]  ? arch_stack_walk+0xfc/0x150
[  625.229041][T18362]  ? __lock_acquire+0xab9/0xd20
[  625.229064][T18362]  ? __mutex_trylock_common+0x153/0x260
[  625.229086][T18362]  ? __pfx___mutex_trylock_common+0x10/0x10
[  625.229102][T18362]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  625.229124][T18362]  ? rcu_is_watching+0x15/0xb0
[  625.229143][T18362]  ? trace_contention_end+0x39/0x120
[  625.229161][T18362]  ? __mutex_lock+0x330/0xe80
[  625.229187][T18362]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  625.229208][T18362]  ? __pfx___mutex_lock+0x10/0x10
[  625.229228][T18362]  ? kasan_quarantine_put+0xdd/0x220
[  625.229258][T18362]  kvm_vcpu_ioctl+0x74d/0xe90
[  625.229285][T18362]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  625.229303][T18362]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  625.229339][T18362]  ? __lock_acquire+0xab9/0xd20
[  625.229371][T18362]  kvm_vcpu_compat_ioctl+0x203/0x390
[  625.229391][T18362]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  625.229410][T18362]  ? __fget_files+0x3a0/0x420
[  625.229425][T18362]  ? __fget_files+0x2a/0x420
[  625.229443][T18362]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  625.229465][T18362]  __ia32_compat_sys_ioctl+0x540/0x840
[  625.229487][T18362]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  625.229507][T18362]  ? __fget_files+0x3a0/0x420
[  625.229528][T18362]  ? fput+0xa0/0xd0
[  625.229546][T18362]  ? ksys_write+0x22a/0x250
[  625.229571][T18362]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  625.229588][T18362]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.229605][T18362]  __do_fast_syscall_32+0xb6/0x2b0
[  625.229623][T18362]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.229643][T18362]  do_fast_syscall_32+0x34/0x80
[  625.229660][T18362]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  625.229678][T18362] RIP: 0023:0xf7f65539
[  625.229693][T18362] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  625.229707][T18362] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  625.229726][T18362] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004140aecd
[  625.229738][T18362] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  625.229748][T18362] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  625.229758][T18362] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  625.229776][T18362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  625.229801][T18362]  </TASK>
[  625.602594][    C0] vkms_vblank_simulate: vblank timer overrun
[  626.218601][  T889] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  626.398863][  T889] usb 3-1: Using ep0 maxpacket: 8
[  626.410728][  T889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.418017][T18388] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2767'.
[  626.421937][  T889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  626.447872][  T889] usb 3-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[  626.471229][T18388] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2767'.
[  626.482719][  T889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.501741][T18391] netlink: 'syz.0.2767': attribute type 10 has an invalid length.
[  626.616199][  T889] usb 3-1: config 0 descriptor??
[  627.134375][  T889] uclogic 0003:5543:0004.0023: hidraw0: USB HID v0.00 Device [HID 5543:0004] on usb-dummy_hcd.2-1/input0
[  627.449854][    T9] usb 3-1: USB disconnect, device number 75
[  627.715677][ T5917] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  627.998431][ T5917] usb 4-1: Using ep0 maxpacket: 32
[  628.007693][ T5917] usb 4-1: config 42 has an invalid interface number: 199 but max is 0
[  628.228422][ T5917] usb 4-1: config 42 has an invalid interface number: 1 but max is 0
[  628.236770][ T5917] usb 4-1: config 42 has 2 interfaces, different from the descriptor's value: 1
[  628.246660][ T5917] usb 4-1: config 42 has no interface number 0
[  628.253380][ T5917] usb 4-1: config 42 interface 199 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  628.272909][ T5917] usb 4-1: config 42 interface 1 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  628.288837][ T5904] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  628.303167][ T5917] usb 4-1: config 42 interface 199 has no altsetting 0
[  628.340968][ T5917] usb 4-1: config 42 interface 1 has no altsetting 0
[  628.364895][ T5917] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=19.cb
[  628.374574][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.393779][ T5917] usb 4-1: Product: syz
[  628.398065][ T5917] usb 4-1: Manufacturer: syz
[  628.403667][ T5917] usb 4-1: SerialNumber: syz
[  628.473839][ T5904] usb 2-1: Using ep0 maxpacket: 16
[  628.504848][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  628.537694][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  628.561634][ T5904] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0
[  628.587888][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  628.624080][T18433] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 101
[  628.638770][ T5904] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  628.654503][ T5917] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  628.680124][ T5904] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  628.703476][T18433] bridge0: entered promiscuous mode
[  628.715233][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.723785][T18433] team0: entered promiscuous mode
[  628.726903][ T5917] snd-usb-audio 4-1:42.1: probe with driver snd-usb-audio failed with error -2
[  628.729967][ T5904] usb 2-1: Product: syz
[  628.744804][T18433] syz_tun: entered promiscuous mode
[  628.751929][T18433] hsr2: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network
[  628.763568][ T5904] usb 2-1: Manufacturer: syz
[  628.767997][ T5917] usb 4-1: USB disconnect, device number 61
[  628.768259][ T5904] usb 2-1: SerialNumber: syz
[  628.783303][T18433] hsr2: entered allmulticast mode
[  628.788924][T18433] bridge0: entered allmulticast mode
[  628.796170][T18433] syz_tun: entered allmulticast mode
[  628.875977][ T5904] usb 2-1: config 0 descriptor??
[  628.960048][ T5904] port100 2-1:0.0: NFC: Could not get supported command types
[  628.979629][ T5897] udevd[5897]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:42.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  629.294779][    T9] usb 2-1: USB disconnect, device number 65
[  629.383218][T18437] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2783'.
[  629.418709][T18437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2783'.
[  629.530846][T18440] netlink: 'syz.3.2783': attribute type 10 has an invalid length.
[  629.747068][T18445] bridge0: entered promiscuous mode
[  629.752808][T18445] team0: entered promiscuous mode
[  629.757920][T18445] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:579
[  629.767283][T18445] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 18445, name: syz.0.2786
[  629.776536][T18445] preempt_count: 201, expected: 0
[  629.781605][T18445] RCU nest depth: 0, expected: 0
[  629.786562][T18445] 3 locks held by syz.0.2786/18445:
[  629.791949][T18445]  #0: ffffffff8fa219b8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  629.802027][T18445]  #1: ffffffff8f51c108 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  629.811246][T18445]  #2: ffff88805bd4c368 (&dev_addr_list_lock_key#6/1){+...}-{3:3}, at: dev_uc_add+0x67/0x120
[  629.821554][T18445] Preemption disabled at:
[  629.821568][T18445] [<ffffffff89591d46>] dev_uc_add+0x56/0x120
[  629.832053][T18445] CPU: 0 UID: 0 PID: 18445 Comm: syz.0.2786 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  629.832078][T18445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  629.832090][T18445] Call Trace:
[  629.832099][T18445]  <TASK>
[  629.832107][T18445]  dump_stack_lvl+0x189/0x250
[  629.832137][T18445]  ? __pfx_dump_stack_lvl+0x10/0x10
[  629.832158][T18445]  ? __pfx__printk+0x10/0x10
[  629.832185][T18445]  ? print_lock_name+0xde/0x100
[  629.832206][T18445]  ? dev_uc_add+0x56/0x120
[  629.832226][T18445]  __might_resched+0x495/0x610
[  629.832252][T18445]  ? dev_uc_add+0x56/0x120
[  629.832267][T18445]  ? __pfx___might_resched+0x10/0x10
[  629.832288][T18445]  ? __pfx___irq_work_queue_local+0x10/0x10
[  629.832305][T18445]  ? console_unlock+0x21b/0x270
[  629.832339][T18445]  __mutex_lock+0x106/0xe80
[  629.832363][T18445]  ? __pfx__printk+0x10/0x10
[  629.832386][T18445]  ? stack_depot_save_flags+0x429/0x900
[  629.832406][T18445]  ? team_change_rx_flags+0x38/0x220
[  629.832426][T18445]  ? __netdev_printk+0x365/0x4d0
[  629.832452][T18445]  ? __pfx___mutex_lock+0x10/0x10
[  629.832470][T18445]  ? netdev_info+0x10a/0x160
[  629.832497][T18445]  ? __pfx_netdev_info+0x10/0x10
[  629.832517][T18445]  ? _printk+0xcf/0x120
[  629.832535][T18445]  ? __sock_sendmsg+0x21c/0x270
[  629.832558][T18445]  team_change_rx_flags+0x38/0x220
[  629.832586][T18445]  ? __pfx_team_change_rx_flags+0x10/0x10
[  629.832607][T18445]  __dev_set_promiscuity+0x531/0x740
[  629.832634][T18445]  ? netdev_info+0x10a/0x160
[  629.832660][T18445]  netif_set_promiscuity+0x50/0xe0
[  629.832687][T18445]  dev_set_promiscuity+0x126/0x260
[  629.832714][T18445]  br_manage_promisc+0x180/0x560
[  629.832743][T18445]  ? __pfx_br_dev_change_rx_flags+0x10/0x10
[  629.832766][T18445]  __dev_set_promiscuity+0x531/0x740
[  629.832792][T18445]  ? __hw_addr_add_ex+0x3c5/0x770
[  629.832813][T18445]  __dev_set_rx_mode+0x17c/0x260
[  629.832839][T18445]  dev_uc_add+0xc8/0x120
[  629.832859][T18445]  macsec_dev_open+0xd9/0x530
[  629.832882][T18445]  ? ib_device_get_by_netdev+0x46b/0x4d0
[  629.832898][T18445]  ? __pfx_macsec_dev_open+0x10/0x10
[  629.832920][T18445]  ? ib_device_get_by_netdev+0x84/0x4d0
[  629.832938][T18445]  ? hsr_netdev_notify+0x29e/0xcf0
[  629.832960][T18445]  ? __pfx_ib_device_get_by_netdev+0x10/0x10
[  629.832981][T18445]  ? udp_tunnel_nic_netdevice_event+0x1b6/0x1500
[  629.833010][T18445]  ? ip6_route_dev_notify+0x9a/0x5b0
[  629.833034][T18445]  ? notifier_call_chain+0x3bf/0x3e0
[  629.833063][T18445]  __dev_open+0x46d/0x880
[  629.833090][T18445]  ? __pfx___dev_open+0x10/0x10
[  629.833121][T18445]  __dev_change_flags+0x1ea/0x6d0
[  629.833146][T18445]  ? validate_linkmsg+0x765/0x950
[  629.833167][T18445]  ? __pfx___dev_change_flags+0x10/0x10
[  629.833202][T18445]  rtnl_newlink_create+0x555/0xb00
[  629.833239][T18445]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  629.833258][T18445]  ? rtnl_newlink+0x8db/0x1c70
[  629.833281][T18445]  ? __pfx___mutex_lock+0x10/0x10
[  629.833312][T18445]  ? ns_capable+0x8a/0xf0
[  629.833335][T18445]  rtnl_newlink+0x16d6/0x1c70
[  629.833359][T18445]  ? netlink_sendmsg+0x805/0xb30
[  629.833395][T18445]  ? __pfx_rtnl_newlink+0x10/0x10
[  629.833441][T18445]  ? kasan_quarantine_put+0xdd/0x220
[  629.833471][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  629.833497][T18445]  ? nlmon_xmit+0xb0/0x100
[  629.833518][T18445]  ? kmem_cache_free+0x18f/0x400
[  629.833550][T18445]  ? __local_bh_enable_ip+0x12d/0x1c0
[  629.833569][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  629.833589][T18445]  ? __local_bh_enable_ip+0x12d/0x1c0
[  629.833608][T18445]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  629.833631][T18445]  ? __dev_queue_xmit+0x27e/0x3a70
[  629.833662][T18445]  ? __lock_acquire+0xab9/0xd20
[  629.833705][T18445]  ? __pfx_rtnl_newlink+0x10/0x10
[  629.833726][T18445]  rtnetlink_rcv_msg+0x7cf/0xb70
[  629.833752][T18445]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  629.833772][T18445]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  629.833791][T18445]  ? ref_tracker_free+0x63a/0x7d0
[  629.833809][T18445]  ? __copy_skb_header+0xa7/0x550
[  629.833829][T18445]  ? __pfx_ref_tracker_free+0x10/0x10
[  629.833847][T18445]  ? __skb_clone+0x63/0x7a0
[  629.833872][T18445]  netlink_rcv_skb+0x208/0x470
[  629.833896][T18445]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  629.833920][T18445]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  629.833956][T18445]  ? netlink_deliver_tap+0x2e/0x1b0
[  629.833978][T18445]  ? netlink_deliver_tap+0x2e/0x1b0
[  629.834007][T18445]  netlink_unicast+0x759/0x8e0
[  629.834040][T18445]  netlink_sendmsg+0x805/0xb30
[  629.834073][T18445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  629.834098][T18445]  ? __import_iovec+0x5d4/0x7f0
[  629.834119][T18445]  ? aa_sock_msg_perm+0x94/0x160
[  629.834140][T18445]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  629.834159][T18445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  629.834182][T18445]  __sock_sendmsg+0x21c/0x270
[  629.834206][T18445]  ____sys_sendmsg+0x505/0x830
[  629.834236][T18445]  ? __pfx_____sys_sendmsg+0x10/0x10
[  629.834268][T18445]  ? preempt_schedule_thunk+0x16/0x30
[  629.834300][T18445]  ___sys_sendmsg+0x21f/0x2a0
[  629.834327][T18445]  ? __pfx____sys_sendmsg+0x10/0x10
[  629.834389][T18445]  ? __fget_files+0x2a/0x420
[  629.834404][T18445]  ? __fget_files+0x3a0/0x420
[  629.834432][T18445]  __sys_sendmsg+0x164/0x220
[  629.834514][T18445]  ? __pfx___sys_sendmsg+0x10/0x10
[  629.834549][T18445]  ? rcu_is_watching+0x15/0xb0
[  629.834573][T18445]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  629.834593][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  629.834615][T18445]  __do_fast_syscall_32+0xb6/0x2b0
[  629.834643][T18445]  do_fast_syscall_32+0x34/0x80
[  629.834664][T18445]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  629.834685][T18445] RIP: 0023:0xf7f58539
[  629.834702][T18445] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  629.834719][T18445] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  629.834739][T18445] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000800000c0
[  629.834753][T18445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  629.834765][T18445] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  629.834776][T18445] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  629.834788][T18445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  629.834817][T18445]  </TASK>
[  629.834839][T18445] 
[  630.445523][T18445] =============================
[  630.450358][T18445] [ BUG: Invalid wait context ]
[  630.455189][T18445] 6.16.0-rc7-syzkaller #0 Tainted: G        W          
[  630.462149][T18445] -----------------------------
[  630.466990][T18445] syz.0.2786/18445 is trying to lock:
[  630.472343][T18445] ffff888053314e00 (team->team_lock_key#6){+.+.}-{4:4}, at: team_change_rx_flags+0x38/0x220
[  630.482448][T18445] other info that might help us debug this:
[  630.488322][T18445] context-{5:5}
[  630.491768][T18445] 3 locks held by syz.0.2786/18445:
[  630.496947][T18445]  #0: ffffffff8fa219b8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  630.506459][T18445]  #1: ffffffff8f51c108 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  630.515646][T18445]  #2: ffff88805bd4c368 (&dev_addr_list_lock_key#6/1){+...}-{3:3}, at: dev_uc_add+0x67/0x120
[  630.525858][T18445] stack backtrace:
[  630.529577][T18445] CPU: 0 UID: 0 PID: 18445 Comm: syz.0.2786 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  630.529598][T18445] Tainted: [W]=WARN
[  630.529603][T18445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  630.529612][T18445] Call Trace:
[  630.529621][T18445]  <TASK>
[  630.529629][T18445]  dump_stack_lvl+0x189/0x250
[  630.529650][T18445]  ? __pfx_dump_stack_lvl+0x10/0x10
[  630.529666][T18445]  ? __pfx__printk+0x10/0x10
[  630.529684][T18445]  ? print_lock_name+0xde/0x100
[  630.529702][T18445]  __lock_acquire+0xbcb/0xd20
[  630.529718][T18445]  ? team_change_rx_flags+0x38/0x220
[  630.529735][T18445]  lock_acquire+0x120/0x360
[  630.529748][T18445]  ? team_change_rx_flags+0x38/0x220
[  630.529769][T18445]  __mutex_lock+0x182/0xe80
[  630.529785][T18445]  ? team_change_rx_flags+0x38/0x220
[  630.529802][T18445]  ? __pfx__printk+0x10/0x10
[  630.529818][T18445]  ? stack_depot_save_flags+0x429/0x900
[  630.529833][T18445]  ? team_change_rx_flags+0x38/0x220
[  630.529849][T18445]  ? __netdev_printk+0x365/0x4d0
[  630.529864][T18445]  ? __pfx___mutex_lock+0x10/0x10
[  630.529879][T18445]  ? netdev_info+0x10a/0x160
[  630.529899][T18445]  ? __pfx_netdev_info+0x10/0x10
[  630.529915][T18445]  ? _printk+0xcf/0x120
[  630.529931][T18445]  ? __sock_sendmsg+0x21c/0x270
[  630.529947][T18445]  team_change_rx_flags+0x38/0x220
[  630.529966][T18445]  ? __pfx_team_change_rx_flags+0x10/0x10
[  630.529982][T18445]  __dev_set_promiscuity+0x531/0x740
[  630.530002][T18445]  ? netdev_info+0x10a/0x160
[  630.530019][T18445]  netif_set_promiscuity+0x50/0xe0
[  630.530038][T18445]  dev_set_promiscuity+0x126/0x260
[  630.530057][T18445]  br_manage_promisc+0x180/0x560
[  630.530075][T18445]  ? __pfx_br_dev_change_rx_flags+0x10/0x10
[  630.530093][T18445]  __dev_set_promiscuity+0x531/0x740
[  630.530111][T18445]  ? __hw_addr_add_ex+0x3c5/0x770
[  630.530124][T18445]  __dev_set_rx_mode+0x17c/0x260
[  630.530142][T18445]  dev_uc_add+0xc8/0x120
[  630.530155][T18445]  macsec_dev_open+0xd9/0x530
[  630.530172][T18445]  ? ib_device_get_by_netdev+0x46b/0x4d0
[  630.530188][T18445]  ? __pfx_macsec_dev_open+0x10/0x10
[  630.530204][T18445]  ? ib_device_get_by_netdev+0x84/0x4d0
[  630.530218][T18445]  ? hsr_netdev_notify+0x29e/0xcf0
[  630.530235][T18445]  ? __pfx_ib_device_get_by_netdev+0x10/0x10
[  630.530251][T18445]  ? udp_tunnel_nic_netdevice_event+0x1b6/0x1500
[  630.530270][T18445]  ? ip6_route_dev_notify+0x9a/0x5b0
[  630.530288][T18445]  ? notifier_call_chain+0x3bf/0x3e0
[  630.530307][T18445]  __dev_open+0x46d/0x880
[  630.530324][T18445]  ? __pfx___dev_open+0x10/0x10
[  630.530342][T18445]  __dev_change_flags+0x1ea/0x6d0
[  630.530360][T18445]  ? validate_linkmsg+0x765/0x950
[  630.530375][T18445]  ? __pfx___dev_change_flags+0x10/0x10
[  630.530400][T18445]  rtnl_newlink_create+0x555/0xb00
[  630.530424][T18445]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  630.530442][T18445]  ? rtnl_newlink+0x8db/0x1c70
[  630.530458][T18445]  ? __pfx___mutex_lock+0x10/0x10
[  630.530475][T18445]  ? ns_capable+0x8a/0xf0
[  630.530490][T18445]  rtnl_newlink+0x16d6/0x1c70
[  630.530507][T18445]  ? netlink_sendmsg+0x805/0xb30
[  630.530528][T18445]  ? __pfx_rtnl_newlink+0x10/0x10
[  630.530551][T18445]  ? kasan_quarantine_put+0xdd/0x220
[  630.530568][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.530584][T18445]  ? nlmon_xmit+0xb0/0x100
[  630.530599][T18445]  ? kmem_cache_free+0x18f/0x400
[  630.530620][T18445]  ? __local_bh_enable_ip+0x12d/0x1c0
[  630.530635][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.530649][T18445]  ? __local_bh_enable_ip+0x12d/0x1c0
[  630.530664][T18445]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  630.530679][T18445]  ? __dev_queue_xmit+0x27e/0x3a70
[  630.530697][T18445]  ? __lock_acquire+0xab9/0xd20
[  630.530717][T18445]  ? __pfx_rtnl_newlink+0x10/0x10
[  630.530734][T18445]  rtnetlink_rcv_msg+0x7cf/0xb70
[  630.530751][T18445]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  630.530766][T18445]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  630.530782][T18445]  ? ref_tracker_free+0x63a/0x7d0
[  630.530796][T18445]  ? __copy_skb_header+0xa7/0x550
[  630.530809][T18445]  ? __pfx_ref_tracker_free+0x10/0x10
[  630.530824][T18445]  ? __skb_clone+0x63/0x7a0
[  630.530838][T18445]  netlink_rcv_skb+0x208/0x470
[  630.530855][T18445]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  630.530872][T18445]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  630.530892][T18445]  ? netlink_deliver_tap+0x2e/0x1b0
[  630.530909][T18445]  ? netlink_deliver_tap+0x2e/0x1b0
[  630.530926][T18445]  netlink_unicast+0x759/0x8e0
[  630.530945][T18445]  netlink_sendmsg+0x805/0xb30
[  630.530966][T18445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  630.530984][T18445]  ? __import_iovec+0x5d4/0x7f0
[  630.531001][T18445]  ? aa_sock_msg_perm+0x94/0x160
[  630.531016][T18445]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  630.531031][T18445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  630.531048][T18445]  __sock_sendmsg+0x21c/0x270
[  630.531064][T18445]  ____sys_sendmsg+0x505/0x830
[  630.531084][T18445]  ? __pfx_____sys_sendmsg+0x10/0x10
[  630.531105][T18445]  ? preempt_schedule_thunk+0x16/0x30
[  630.531125][T18445]  ___sys_sendmsg+0x21f/0x2a0
[  630.531143][T18445]  ? __pfx____sys_sendmsg+0x10/0x10
[  630.531173][T18445]  ? __fget_files+0x2a/0x420
[  630.531184][T18445]  ? __fget_files+0x3a0/0x420
[  630.531199][T18445]  __sys_sendmsg+0x164/0x220
[  630.531218][T18445]  ? __pfx___sys_sendmsg+0x10/0x10
[  630.531239][T18445]  ? rcu_is_watching+0x15/0xb0
[  630.531256][T18445]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  630.531271][T18445]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.531285][T18445]  __do_fast_syscall_32+0xb6/0x2b0
[  630.531303][T18445]  do_fast_syscall_32+0x34/0x80
[  630.531317][T18445]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  630.531334][T18445] RIP: 0023:0xf7f58539
[  630.531348][T18445] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  630.531360][T18445] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  630.531376][T18445] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000800000c0
[  630.531386][T18445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  630.531403][T18445] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  630.531412][T18445] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  630.531420][T18445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  630.531434][T18445]  </TASK>
[  630.531456][    C0] vkms_vblank_simulate: vblank timer overrun
[  631.147894][    C0] vkms_vblank_simulate: vblank timer overrun
[  631.288496][ T5917] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  631.418530][ T5917] usb 3-1: device descriptor read/64, error -71
[  631.658557][ T5917] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  631.788512][ T5917] usb 3-1: device descriptor read/64, error -71
[  631.899143][ T5917] usb usb3-port1: attempt power cycle
[  632.238633][ T5917] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  632.259110][ T5917] usb 3-1: device descriptor read/8, error -71
[  632.499598][ T5917] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  632.519663][ T5917] usb 3-1: device descriptor read/8, error -71
[  632.640404][ T5917] usb usb3-port1: unable to enumerate USB device