last executing test programs:

8m35.272309186s ago: executing program 1 (id=1655):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000040000025030000000000ff02000000000000000000000000000100000e22"], 0x0)

8m35.0848843s ago: executing program 1 (id=1656):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0xcc)
lseek(r0, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
getdents64(r0, 0x0, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_setup(0x2e34, &(0x7f0000000180))
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

8m34.081231566s ago: executing program 1 (id=1661):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xf7f0, 0x10000, 0x5, 0x3f4}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$kcm(0x2, 0x0, 0x84)
sendmsg$inet(r5, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f00000004c0)="5f74a874eec639d0a431865ae40232b2c254da19197c3cca19e638475b", 0x1d}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r6 = socket$kcm(0x2, 0x3, 0x2)
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8916, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"})
ioctl$SIOCSIFHWADDR(r6, 0x8916, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"})
exit(0x7)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x4, {0x4, 0x1}, 0x8}, 0x1)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000071000040000000000180"])
writev(r8, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
connect$unix(r13, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r13, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r12, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

8m32.655576613s ago: executing program 1 (id=1666):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r3 = socket$kcm(0x29, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070023000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r5, r4})
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r2, r1})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000680)={r0})

8m31.141076653s ago: executing program 1 (id=1670):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xd80e, 0x3010}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_usb_connect$cdc_ecm(0x4, 0x0, 0x0, 0x0) (async, rerun: 32)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (rerun: 32)
r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x80a00, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000004c0)=0x3) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async, rerun: 64)
r4 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) (rerun: 64)
write$binfmt_misc(r4, &(0x7f00000003c0)="b15590f20a6a0f31bc2d99b075b46a0ee431a3cc889e1ba3667be1bc058a005a9871c9bb9841dacd0e05f9eac6152870ee02fbb5eed3f6ee0630dad4eb69aaac7778a2222842fb3f72f1a65e61330693e636ba8605fab26736fec812ed9c67896f4d1b940cb0aeebe3e86ae3cb1dc322bcb43a9ef37f5599003a13aa80393c0ee5eacf245c85e1d0fd43a54a3d2a187bfc0cd563bde3bfe85600005d45ab855d1bca7da909ee6f6a77246f4544adde84e98bbd6881e37c5e59626c5a518949b1655386641a240e2731907c8827dbe713e0926bd63de8934855adbeb6cf1af4dba4bb0d56824f7dcc98eed6f01b0515a6a6e616471e", 0xf5) (async)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) (async)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0xeb, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000000280)={0x3, 0x2, "8d826f0d0394d989114f34f70d10db5a5865f459821129ffdd340e348079828e8347e84e3425d24f896eae7ae18a6484afc6d5e36661e6fd12effe3ab4136782d1800fb16ee8d8534fedc4a2734ed60ac31c40a0ec29b8c8098cb652f3b4333ac0517ee210090f7cee7639017e6387a710e714c813d153f3c0a7cc6a4b0e5d1de260ee6fbe21538ff7d9c2659a793d375d0e022040c168490b58dec86cdfefcdb03353470d479549b8cb0a4b58359cc5b3e187267629d1768a5bd3f9a512bb8ce7f33006e08cc875f5fb69c47f449ecae52305b532ad572b7ecbc94c11bc062054c9dac910104a3f12735f51ccb111a7fc8e98180b5389f555998cdee65422fa"}) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) (rerun: 64)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd) (async)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080)={0x40000000})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

8m30.721071288s ago: executing program 1 (id=1674):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x88003, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @private=0xa010102}}, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet(0x2, 0x3, 0xa)
ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000000)={{0x2, 0x3, @local}, {0x1, @local}, 0x2, {0x2, 0xfffc, @remote}, 'syz_tun\x00'})

8m15.420963213s ago: executing program 32 (id=1674):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x88003, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @private=0xa010102}}, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet(0x2, 0x3, 0xa)
ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000000)={{0x2, 0x3, @local}, {0x1, @local}, 0x2, {0x2, 0xfffc, @remote}, 'syz_tun\x00'})

6m31.621980961s ago: executing program 5 (id=2208):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getdents64(0xffffffffffffffff, &(0x7f00000001c0)=""/23, 0x17)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x3f8, 0x2, 0x4070bd28}, 0x384}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x2, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0x1}, 0x4000000)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x8000020c}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000080)={0x8, 0x1, 0x0, "9adf66552fb8af2b9f10f35681de96a590d25f2744e043cc1e70c317fd815cee", 0x3131354f})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r9, 0x4601, &(0x7f0000000040)={0x191, 0x140, 0xa0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x0, 0xa})

6m27.88588996s ago: executing program 5 (id=2222):
socket$inet6_sctp(0xa, 0x801, 0x84) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff00000065"], 0x78) (async)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0) (async)
r4 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3201000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000004080001400000001408000240000000120c0005800800010088634d580c000480080001006eee7e000900010073797a3000000000140000001100010000000000000000000700000a"], 0x118}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async)
removexattr(&(0x7f0000000040)='./file0\x00', 0x0) (async)
ioctl$FS_IOC_RESVSP(r4, 0x80086601, 0x0)
fsopen(&(0x7f0000000000)='ufs\x00', 0x1) (async)
r7 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async)
r8 = fsmount(r7, 0x0, 0x0)
r9 = openat$cgroup_pressure(r8, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r9, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
fchdir(r1) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/resume', 0x145880, 0x0)

6m26.896952152s ago: executing program 5 (id=2225):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc01000000ffffffea25030000000000ff02000000000000000000000000000100000e22"], 0x0)

6m26.700182728s ago: executing program 5 (id=2228):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000240))
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000080)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x924924924924c31, 0x3ec0)
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000140)={@remote}, 0x14)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(r5, &(0x7f0000000640)='\x00', 0x89901)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x7, 0x9})
preadv(r1, &(0x7f00000026c0)=[{&(0x7f0000002240)=""/13, 0xd}], 0x1, 0x3c, 0x3)

6m26.552790497s ago: executing program 5 (id=2229):
socket$key(0xf, 0x3, 0x2)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x21a, 0x40000032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in=@local, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x11}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x9}, {}, 0x1, 0x0, 0x1}, {{@in=@multicast2, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3506, 0x0, 0x2, 0xb7, 0x2}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c)
unshare(0x22020600)
r5 = fsopen(&(0x7f00000000c0)='ubifs\x00', 0x0)
fchdir(r5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$KVM_GET_API_VERSION(r7, 0xae00, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
sendmsg$nl_route(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0xd03, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

6m26.258011273s ago: executing program 5 (id=2232):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000020025030000000000ff02000000000000000000000000000100000e22"], 0x0)

6m25.412170151s ago: executing program 33 (id=2232):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000020025030000000000ff02000000000000000000000000000100000e22"], 0x0)

14.566377866s ago: executing program 0 (id=3600):
setrlimit(0x3, &(0x7f0000000080)={0x8, 0x6})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000500), 0x5c, 0x2800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x1000}, @NFTA_SET_EXPRESSIONS={0x4}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x94}, 0x1, 0x0, 0x0, 0x10}, 0x20050800)
ioctl$VIDIOC_STREAMOFF(r1, 0x40045613, &(0x7f0000000100)=0x80000001)
ioctl$VIDIOC_DQEVENT(r1, 0x80885659, 0x0)
pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @empty}, 0x384a}, {0xa, 0x4e21, 0x4, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x8}, 0xffffffffffffffff, 0x5}}, 0x48)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
prlimit64(r4, 0x1, &(0x7f0000000280)={0x4, 0x2}, &(0x7f00000002c0))
bind$rds(r3, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10)
ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f0000000000)={0x7fe, "37a72e07ee998017795eaae7cb5944f1aeea1c42e038b39c3f9644dbed651d85", 0x120, 0xa, 0x1, 0x4, 0x5})

14.274870851s ago: executing program 0 (id=3603):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x38011, r1, 0x9988000)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r2, 0x0, 0x8, 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
fadvise64(r0, 0x18, 0x0, 0x4)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect(0x0, 0x4ac, &(0x7f0000000600)=ANY=[@ANYBLOB="12010003a5ad4f201e043d40da050102030109029a04040500c0010904d70a00192de40f0724060000050f05240001000d240f010d0000000d9e01000809046f030158e155400921080002012288030905080c00000009060904020805e0778e020a24010104080201020c240701050003c72a0b78f90924030306030303310b240701060008ea5f0dd40c240202ff01020bb6ae08010924060305010a0002092106004001227f040905b210200009060209050a01ff030904400905000020000780050725018004a566090504102000ac030709050a0c000409088207250183f80400072501020100100904240806bfbac600180bfb16894bb16d4147c7d57821a314f0e210ad0e361fe809050a0cff030909088a041421f1331e08f740f95c7ba63b8937245bfba33a916c712f106e690283a5ac061978d62a66df12a76161b3b3563f7af645c122251e415397a222fccdb4b74f880c967d52917c7ac3fc5d0f3d00b57c24d11ad9ba86fb9f61f4bfe2da4c3d916f651cc33321fe88cfb1e751e5eb52d5db61d644312036197fa52f97b8d8a69259a08d14439817c3b20905000c1000000905ad03b6374943c207881bfd8bc518525a25241f5b9408c90d42caf18187e4ab7d5c06c50abcdaca1585799f496383b86f107c8f0f5fc7d3a6850f02fdb6bb224fd13adf39b0cb0d5c631f3ae24f24c1e34b228a6419f3f983c555489bd0607e1dece73fc065fc3a702fcb3ae6f5e0a146f709904cbd76c38bc355d7f5b8e14c192bec034ab30b8111e1094ce22029d34d26f51c4eb05ec42a02f10dfa232fed90defae2262979ad1aaeabca4e3f000fc399f8e9800a1716156fc0b3914663c875cfc92c0ba044f5f9f47e9e54718ad761f294ea45993a0177a34e1babdacaf7ac2010f31a31bfae5f258e8bc5cdab7925165698d294c5e74c3ede557bace8920cfa3fcc7f2718c73f2381a433952e172adce1fff3753dd2eb97e44fabde0eedcd86bbdb2ca29d18a276d93801dfd264e52b9b057bf93eafba20f7210a1b263c14205850919a1ab7e65e9422ebd6c8e1b821cc3dad6576e7939997e594ace622b1399899ffa14317ef4f6881be43d1751fad93875fc3b1bfae729baa9404a6d6092831cd0a1dac6dda8461090efdb158e92a69e3b99a6848b5340bebda5db8738c492efc7fa462ba2033094b3bb3090503104000bb2b0409058000ff030500081b30c561d85f7b26c83d01f1a2084fc22bbab625ccd2bca4af9ea20905800108000a06029304a5a62c4d34cd2fb25c3b8e9dea28400e8210ffc96dc2389a8fa2fb00448f83c51401022449d8221f0ba3bfa9e73b392a8f39edbebc05f040eeecbe7c628a812828c36dab6f47c9ffab3f34330d27a82635771d83173aa4636da9afad41d007d4688f2a559be948ad7d66458e891e9bea8c0998802d753f77ab6d100e83451a74c2383d1ff08afb1958587f03b936509177ffc63722c178080394e7076ad3c8352d56c04ddcd97ec3154442ed6d86c9ad93663202b5ba231cdaad894ab774df83d9777674e00f832aca65e87b0adceafb48b2ee54af0f4cddd3bbc50e6386ccc41a38e19a368542717fda3ecf79fe767bfdbcdd729000744f1556c32452267ad89a48bac6b599467ff409050d1000047f050807250100090000000000000000006228e505a90e2589316411a1bfde335c703806ec76bb728cbb633e7c64ca54374d08ee"], 0x0)

11.840711938s ago: executing program 4 (id=3615):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000004000000000000000000000000000003000200000200000089000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000004401050000000000000000000000000000000000000000003200000000000000ac090000000000000000000000000000000000000000ff000000000000000000fdfffffffc0200000000000000000000000000000000000032"], 0x1fc}}, 0x0)

11.78949845s ago: executing program 4 (id=3616):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4800000010003b1500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000150010020001280080001006774700014000280050005000000000008000300008000", @ANYRES32], 0x48}}, 0x2400c080)

11.78144935s ago: executing program 4 (id=3617):
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000000))
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0xf37a, 0x1, 0x0, 0x8}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x1646, 0x3c00, 0xffffffff, 0x1b9}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f6, 0x0, 0x49, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x0, @local}], 0x20)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
r9 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r10=>0x0, &(0x7f0000000340)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x338, 0x220, 0x2f0, 0xfeffffff, 0x2f0, 0x220, 0x3a8, 0x3a8, 0xffffffff, 0x3a8, 0x3a8, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'caif0\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @icmp_id}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev, @port, @gre_key}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
io_uring_enter(r9, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r9, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r12 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x100010, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x10c, &(0x7f0000000040)=0x6, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

10.861537998s ago: executing program 0 (id=3621):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000000, 0x7, &(0x7f0000006680))
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x556, 0x650, 0x400, 0x30, 0x7, 0x4, 0xf, 0x1, {0xd, 0x101}, {0x8, 0x4, 0x1}, {0x1b66, 0x8, 0x1}, {0x10000, 0xff, 0x1}, 0x1, 0x1, 0x8, 0xffffffff, 0x1, 0xa, 0x7ff, 0x81, 0x7, 0xcaf, 0x9, 0x9, 0xc, 0x2, 0x1, 0x5})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_cpu(r3, 0xaece)
read$FUSE(r4, &(0x7f0000008fc0)={0x2020}, 0x2020)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readlinkat(0xffffffffffffffff, &(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)=""/57, 0x39)

9.521615176s ago: executing program 0 (id=3632):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000200b060100000000000009090224000100000000090400010103000000092100d551c0700d000001223bc5afb6dc540200090581030000000000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x1, "95"}]}}, 0x0}, 0x0)

9.458158486s ago: executing program 4 (id=3634):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff)
connect$unix(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e21, 0xb744, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffd}, 0x1c)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
sysinfo(&(0x7f0000000480)=""/133)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800)
syz_usb_disconnect(r2)
r3 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
close_range(r3, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) (async)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58) (async)
syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58)

7.117304426s ago: executing program 3 (id=3644):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000180)})
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x8001, 0x0, 0xb49, 0x200000000002, 0x6, 0x8, 0x3}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x4001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, 0x0)
prlimit64(0x0, 0x6, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x4}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x7ffe, 0x4)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB='\x00'/14], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844)

6.42943187s ago: executing program 0 (id=3647):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
close_range(r3, 0xffffffffffffffff, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
socket$inet_smc(0x2b, 0x1, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

6.315341179s ago: executing program 4 (id=3648):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r0, &(0x7f0000003240)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x3}}, @sndrcv={0x30, 0x84, 0x1, {0x0, 0x2c67, 0x8000, 0x1, 0xc7, 0xb, 0x7, 0xfff}}], 0x48, 0x80}], 0x1, 0x2000c051)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRES16], 0x0)

5.648280903s ago: executing program 2 (id=3650):
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0xd, 0x0, 0x3631564e, 0x5, 0x0, 0x0, 0x7}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r6, &(0x7f0000002f80)=[{{&(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10, 0x0}}, {{&(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x86, 0x2}]}}}], 0x18}}], 0x2, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000100000000000000022000", @ANYRES32=r7, @ANYBLOB="0000000000000001b702000014000020b70300000010000085000000d4000000bf09000000ffffffe5090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0xa, 0xfed, &(0x7f0000001e40)=""/4077, 0x40f00, 0x0, '\x00', 0x0, 0x0, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r7, 0xc0984124, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
flock(r8, 0x5)
r9 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0)
r11 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r12=>0x0, &(0x7f0000000040)=<r13=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r12, r13, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r10, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r11, 0x627, 0x4c1, 0x43, 0x0, 0x30)
r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r14, 0x0)
flock(r9, 0x2)

5.352246899s ago: executing program 6 (id=3653):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r1, @ANYBLOB="800202000a000200577f0000aabb000020000e80050001008f000000050001000100000004000200050001"], 0x48}}, 0xf0)

4.61024825s ago: executing program 6 (id=3654):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0xfeffff7f}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9})

4.529209403s ago: executing program 2 (id=3655):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xaece, 0x2)
preadv(r4, &(0x7f00000000c0)=[{&(0x7f00000031c0)=""/166, 0xa6}], 0x1, 0x43a, 0x0)
socket(0x10, 0x80002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
sendmsg$inet6(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="05", 0x1}], 0x1}, 0x4040845)
r6 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000, 0x2})

4.339058951s ago: executing program 3 (id=3656):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) (async)
io_setup(0x30, &(0x7f0000000600)=<r3=>0x0) (async)
pipe2$9p(&(0x7f00000000c0), 0x4000)
r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r3, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f00000000c0)="01", 0x24}])
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000000c0)) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) (async)
syz_open_dev$sndmidi(0x0, 0x5, 0x141101) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="020100090a000000060000000000000003000600eeb641e10200"], 0x50}}, 0x200c405a)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r5, 0x2)
close(r5) (async)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921"], 0x0) (async)
mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

4.231321458s ago: executing program 6 (id=3657):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x8000001}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/4081, 0xff1}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/52, 0x34}, {&(0x7f0000000500)=""/108, 0x6c}, {&(0x7f0000000440)=""/188, 0xbc}], 0x7}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)

3.978977355s ago: executing program 6 (id=3658):
r0 = socket$kcm(0x10, 0x2, 0x10)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc044560f, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
msgctl$IPC_INFO(0x0, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x3, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x24})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x6f, &(0x7f0000000080)={@broadcast, @multicast, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x35, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @local, @local, [], "fafb17c133"}}}}}}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000140)={0x0, 0x80000, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GET_UNIQUE(r6, 0xc0106401, &(0x7f0000000180)={0x87, &(0x7f0000000380)=""/135})
r7 = msgget(0x2, 0x79a)
msgctl$MSG_INFO(r7, 0xc, &(0x7f00000004c0)=""/194)

3.505407582s ago: executing program 3 (id=3659):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000009c00000000000100000e22"], 0x0)

1.865917848s ago: executing program 4 (id=3660):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x4e24, @broadcast}, {0x2, 0x4e20, @empty}, 0x261, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4007, 0x0, 0xfffc})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r1, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x11c7, &(0x7f0000000a40)={{0x12, 0x1, 0x0, 0xd0, 0xa, 0x2b, 0x10, 0x2c4e, 0x100, 0x6a7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11b5, 0x4, 0x81, 0x5, 0xa0, 0x8, [{{0x9, 0x4, 0x9e, 0x50, 0x10, 0xff, 0xff, 0xff, 0x7, [@hid_hid={0x9, 0x21, 0x9, 0xc2, 0x1, {0x22, 0x8f9}}], [{{0x9, 0x5, 0x80, 0x2, 0x228, 0xb, 0x5, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x81, 0x3}]}}, {{0x9, 0x5, 0x9, 0x2, 0x8, 0x4, 0xd, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x6, 0xc, 0xfffb}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x67, 0x6}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0xd, 0xe6, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x10, 0x6}]}}, {{0x9, 0x5, 0x9, 0x2, 0x0, 0xb, 0x3, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x9}]}}, {{0x9, 0x5, 0x80, 0x10, 0x400, 0x3, 0xd, 0x8f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x98}, @generic={0xf, 0x1, "01512f1ce847dbf9839eb2376b"}]}}, {{0x9, 0x5, 0xf, 0x4, 0x40, 0x5, 0x3, 0x4, [@generic={0x60, 0x4, "74f2b486594a5eaf8c472f4412e759dfb15cf137b75d14fc6be5c0ba9f14f1add430150cd652f772e29bf6e846fb46491170fb16e182e0219f3e747503be8ead991e36326a9c1c577c0a5be448fed7bfe1e6307dae56a2f26efb5a0f4212"}]}}, {{0x9, 0x5, 0x3, 0xe4b359d91f34eb45, 0x200, 0x7, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x81, 0x3ff}]}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0x80, 0xc, 0xf, [@generic={0xc9, 0x0, "9777e5b73bb8b9fd3d676195db8f4a8b49a7423d6eb4bcfe82cf47c6d153dcd614c4fb42ed4413649884988a364a1e7b80bb05e62409efe49b07bd055a075f3d04108eaea5bc57ce781b091a58da5be89ddbd270ce6e22e60e7e1a111b2a2fa9bd85e83c8e1857625632c8eb184895ec84cf5cc27142edc64e391e1990ee30563f598f1d05ea7e773dba1581f9bcc9e644cc4cba8519592ced97c1068415baa59a296373dff91f89547e1d6758aa4b07bdb80d6d85daac14a42e5b15ce9bfd57ce8ad64e3240b4"}]}}, {{0x9, 0x5, 0x7, 0x4, 0x400, 0x86, 0xff, 0x40, [@generic={0x2d, 0xb, "a0db1f6baff7d86d2ecbe1052c6ceff4b568f20ef011397b9472c85dc01b31d55a09111a6cb62a14341091"}]}}, {{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3, 0x3, 0x0, [@generic={0xd3, 0x3, "340fa28f8ad0163f9f5931e9df40c5f492bef510b32bf6f713576f8f235c85f0d8c8ee5c808f7cdce1f8baa893c4146dc29f4d62ce3e01c61d9af181ac9d284ae71ba0b8a49e6bc68b7886a5b07c273702bc51488038b474115cb9bacb63f24274e258a988ecb4d59faec58f8f7a77c941ffe58813002729639c3bd8fc18b59c83be1acd09d96a9b66b3b81f09eafeb0092e21824830cd369d9060b040f757591d83529bc2d2d01bb09d1da4411971dd1ebdaedcbb8b8cc3f01d765cd533bec9834f31c25e1df3327d71ddb84516d69ccd"}, @generic={0x4b, 0x2, "4330f3c9caa07d2459018acbf61ecf1c77dddbe19e796fdf359f85a9fb9a66fc1f3ee1953dab1ca4927fd1c3fc28624822c45bec2ce7bf7cf174d71a416a262daa2ee28c0aa4ac4b6b"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x10, 0x5, 0x34, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xd, 0x7}, @generic={0xe5, 0xe, "ffb8db653b124bffed3d8f82ec2d65d413a5bedae04fb4c878f70e9ae41ec8d6aabaaa2087c6e721172b578a7f966526f044aea121531bdc3f4cc731e9a0d1d1b0f81a54f062be3e8733ae457457a6e2a9fcc13d9deacf0c21dc2cfc08485f242957d41777482022bcb5aa15176f3adeb4807ec5863b5c9f4738ca07d6abcdf386e0142d6b58631ca0c95d8a21392248cd254ad2c2856cd30fca949be9e18b9e22c3622feda10387f1474274fd2f11ec3d9425debcb4a95a147cffae9da50255ce38177ac4de3ad8d0b56c094ae39f2a425f7f88ec9d24106276801903c6702ad8a189"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x0, 0x4, 0x7, 0x0, [@generic={0x98, 0xc, "b36d32ab58f2ed2ca9937d15ccc5ad6d243022fe2ae434a2d95cbc8930989697a3cfac3458f4d3f0939ec65b9bbe276dbfd428b56019f17524701711c4198f95bcc20bc07baa1252aa6f45824dd82f1c1141ab3e763ba8c0a12e1171459c3f3620f69357f9d5b1cbabced8ee9fa12115165cd13423e3de0db1534836f76a1d0284a0096578b2d331ba8fcad7dd84911d5b8cdaac4c6d"}, @generic={0x3f, 0x23, "7f685614212ea5dfe545390786ccb894a081ed9c7dbf127d0a3391738be71ffb5da82dee76077807ae7c207b5d476ba5d5e407924cc38111723b33acc9"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x20, 0x40, 0x3, 0x8, [@generic={0x57, 0x34, "28bc8e141c9b2daf9cccca086e14b9abc0faa73a78c8dc6e6a0ed7691d9261283bd7aacf18aefb776aa56f32a1d31f3f423ca9a9f45a6478c9b27e511657ecd00880bd5a38de4ae86e08fa74e6e0fb443a293d6a2f"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x3ff, 0x6, 0xe, 0x1e, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xf7, 0x9}]}}, {{0x9, 0x5, 0x0, 0x10, 0x10, 0x21, 0x3, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xb4, 0x4903}, @generic={0xa8, 0x4, "8dbe40420e8527ed6ee32880d2403d6aaeec8cdf9c947455f4978cb94514cebf602a13ff00ea2e9ac0b75004e56a0ca16d261850404f39a50febddb664abb45b4fa08a31617baf685daca23f3652f35774fe6509d515eb0d3efb0a3f8394d79dd93fe4ea27da2f8dbc3ac9c5d617950a862743ca3df87aee44674cacb0f2185efa98850f1b5fcb385de303317071c76a89a2db5c35a40763f6c809e797619b525b6b7db0a998"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x100, 0x6, 0xbd, 0x3, [@generic={0xfa, 0x2b, "87bb53a36333a92f9f388313e77d1a18bc9d87bc6687cb5145a2c2749a42e21e52ca4475eb0249aa84a04684eeef05711373c814f2c54b68ba9d2ecd1716fa5a8ddab7165eb933bc0b219b29efee0609f94439f1b467784cf185d3068a6080a42283d2c2c58d2fe73a5f92992b62c8a739ad82f70cb0c95177243de53f1af60fd74409c1b574ac6e5c88d622f3e643a3e43737fcc41a5ef0463074fdcadb95f394d4d11c2837d5ed3bab62e7a56c2c4c641a8167a8a2869f92458d0df51a266ea664a3b8c00eb6c3b1220f2978c1c679541ac62a53d2cb0a677cb4c7eaa974bd6f559ad754f0117cea7aabdce27d7d9280a206eaba8c31be"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0x5}]}}]}}, {{0x9, 0x4, 0xce, 0xd3, 0x10, 0x4d, 0x9a, 0x88, 0x2, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "3015"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x7, 0xa47, 0x7, 0x3}, {0x6, 0x24, 0x1a, 0x4, 0x23}, [@acm={0x4}]}, @uac_as={[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x9, 0x5, 0x2, "a7"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x5, 0x4, 0x2, 0x6, "d6b1", "f1f3e5"}]}], [{{0x9, 0x5, 0x0, 0x0, 0x3ff, 0x6c, 0x8, 0x2e, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0xf, 0x5}]}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x5, 0x40, 0x2, [@generic={0xab, 0xe, "0597a3704385f1f40e53ead846f649bfaef062eaf3ef1b8c8838caa22a01cc946b8375d384f34d1f7e2a832d78882a7ec35646f92c64d7e3fd5b6224c194582c014aa1da177eb161a590ac2421b86da23c5c3f654bb6756ca43a59e8b6d0a7ba7ee923a7e327077bb912a15eb0786eefa2330b2d5ab67f7ed3c835b15894e7528479bf8e8734af63821818e9090b874e9b46848927f487ddc01a3935c95ce7a9b7c777ec95156907a6"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x4, 0x2, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x40, 0x1}, @generic={0x26, 0x30, "e3c2557ddc99e3058113cc84f9bff1aa79698fc5387603c767a72f4717e0ce3d22a7bc90"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x20, 0x7, 0x7, 0x6c, [@generic={0x90, 0x6, "a76244b563dc29dc1e157b78704d01f2650596530938b6b4ec8aec9e250e9f15fa1b9c505226b6aafc52fe9d73060f7623739b5abc4b18f6d1c7782cfa0f4f0b88d409fc6706248afec8be257b726dc5046fd776d6a8381f4c663b64d5a46bac72b087c4d24836caf499d1059a1df3b6849437dcdcfd0a311f2834fc10e5797d610ddc5bafde7fc43ac166378a7d"}]}}, {{0x9, 0x5, 0x80, 0x2, 0x40, 0x73, 0x7f, 0x0, [@generic={0xae, 0x8, "daa75494ff6be9ce8cc93a652143af0dd47efd60c94dfc7e6c617647701a0d6b25941407e0a013147885a086df8b43bb0312fb5d4c2c1f36fe1b8bc7e90b05f0c248c32d85bbd6aa8615a2ca143e7f99669a4bf20e8247c9057f13e4049251d646171c0d187d55fbc44030afdb2cb7171bdb6b450434177752fb1567a9aea7235fed1a87261d5df942faa361913432a84e8bca5d29a9f145f1b9518e56a05ad6b0a777e5ffbb1c9e97114a93"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x8, 0x7, 0xc0, [@generic={0xe9, 0xd, "3595e17ce520ae256f74314713a248198971989510640dd4cf7a8a21c1aad5ed1f08bf1bf8c57cec2bdafe134546c61b5b31922c821d3875338210dc1a68e31e54368ffe4cc7e3d563a232410cf4480a0a236be2e0546efc6b9b6da61f47b49c11e07e28d2599f8b17cef9ef02e5b1e7e6789218c639c06691880363f4f77a4a6ea50b18aa6254bab008286e4e0dfd7143e004dbb846f84a916d26432c1b731f1368bed89d3976ab578fcf0afbdb16d4cb332eeb61828c8161ea9bcd860bd45e060d60170fbfb734a1a53f58c46e5e0fc7640643ce77abe3aaf64fa5988e560fc33b94150b0d5b"}, @generic={0x14, 0x21, "df694b5deb39da5fb21a7dcf90b228857ff3"}]}}, {{0x9, 0x5, 0x1, 0x8, 0x3df, 0x4, 0x8e, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x568dd6aa5872369, 0x7f, 0x9}, @generic={0xbf, 0x7, "71c012daef4351f83a84668f3d6796b6d6405f6b8bf9e7a858159dc689c95430ff30fcc3e8c7cd4133b0919ce388c933080e894f475b0e2874db54cae530fe45dac691279d3437d7f1c35f68cdb2454fef90e2510edd8254f2c33a0b849331e083ea6d49b1fe1bd1f04040ce28b4c565ab07b5975d398798b328709f78b04dee30f816af953f9619e7c6907b1781b88a9cecb284d98cfb97a6ca3ae6d3e56a3e49437053964407c5aa125715c51540b063bddb5338e9649d26df48ac93"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x1, 0xd3, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x7ff}]}}, {{0x9, 0x5, 0x3, 0x1, 0x200, 0x7, 0x3a, 0x2, [@generic={0x30, 0x22, "c367a7b6ef4679647de3c74ed8e88cb35ae9acbae00194c01c3d399282e737efc3a43178106630e156b2cb45a101"}]}}, {{0x9, 0x5, 0xa, 0x6, 0x20, 0xd, 0xa, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x100, 0xba, 0x3}, @generic={0xf9, 0xe, "df12d59979325042f9183c65bd2ae7199447277d9279df56b5d8e74913a050a67c53d66a3db1e3e54927a01a4671b1be6194b54ba5aeed0f5cbe5fd21d8a01086fab087805e5b7e6e60a0c60b042d35e64de728f25e9c0f3e3acd2b29d49fd6b8413b752f2cc258a498e561b9095cfbf3d6524f66d24d329f45bcd46767c2106319e8956c6a4f3e1b913b9ec1a782cfa334608df265c1bb88773a4284137386818ccf857714580145890e886f3277e9d67bb27861a90408ad975ab19a3f1d996cd419947465fc8b057d0aaa319b0e22454dbbd2be60af8ad6349958eea32b3c91ac05c8a1770132d491cbbfdb8316cf8f6a09a54ec2847"}]}}, {{0x9, 0x5, 0xa, 0x2, 0x200, 0x3, 0x2, 0x5, [@generic={0xcf, 0x3, "162b4f52854dcc1e1840f2e2ac09fa28d7daf6f15e84ffa7c82d77bc68787a082405b4bb63bd7c66a68ce57c16c421230bd9d3215e41f643bca17585309734f83d58c6f1699efbf85955b664d8749b376f9f50ced6f77faa5d1d2cb3f86fb3cca05f00e96603452ace09c439993f340c300451d059ef963baf360f518742c2342bb57d02f497f738c4b4b7be3a09d925525826b077c264b16465eccf5737d37b3efdeef686b296c44616760df07476f4d9951193221060cca9251d0b8137aa3875352d37524dcab6bc5b65b70c"}]}}, {{0x9, 0x5, 0xd, 0x1, 0x20, 0x8, 0x7, 0x9, [@generic={0xf0, 0x23, "3d9a3d90df462262ed081b28f9f70586784d70d66412781a6b7d6b1a8d998f217def0526c0e99e5f289c31d368b23072fad747f3ab5180d5324aeffe8fd0e20f8bda322dfa5dc6a25b01ae069fae7652252587a701711790bceef1b87e48d399b66740df85b0c5788ad2350d19b05ce54a0ff0f64a29ceeae70f0012fc200fce131211bf4afbb990d07df7d396589f072aba065a3f04f80e4195edf537914f22e46d89dc66d20a865eae74aaa1e6dc8cc39b5692358a79b7a3318b7618e58eef0bd3cdad33ecd78d316beaa0014c41bd6b55b717c5c099b7934d19fec595f09752ee62276b9856aadc19761e3f7f"}]}}, {{0x9, 0x5, 0x3, 0x4, 0x3ff, 0x6, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x1}]}}, {{0x9, 0x5, 0xc, 0x2, 0x20, 0x2e, 0x1, 0x8, [@generic={0xbb, 0x1, "7798af5e1d846e2d2b2b4340e94bebd5c25b923a4eb6684bd40b54476e06980378e2fab5af8c793092b08f7cd7eeac61048aeb282a76a6eac505bac52d51cfdeb97cb4e21614d834c041014e7b49d197175fcc688b762933d3c7cd757cc6615f1cb5fa0e97b77baae0fddc659c3648b4afb71a1e8c6b8a8c7baa5ff27a61ca63dc14134c1f3d1d4b2b136a2c8ab535d7d4d0e584e6cbb22e4e0bbd33b17817a597f5a583df365872c2bc2610075bfc49eda39ea14187c91b4d"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x200, 0x2, 0x5c, 0x4, [@generic={0x47, 0x23, "c3aec30fedfb544e76bf7efb9907ee9fc296e4beed8890c65953022a0217dfcd6082e2f5f68cff662e82b8eee42c55add19c11c0bf867adee1aa1819fc13d69f3db1cda009"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x53, 0x8, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x10, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x1ff}]}}]}}, {{0x9, 0x4, 0x94, 0x1, 0x2, 0xe5, 0x63, 0xf3, 0x1, [@hid_hid={0x9, 0x21, 0x6, 0x1, 0x1, {0x22, 0x5e9}}], [{{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x1, 0x2, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7b, 0x6}]}}, {{0x9, 0x5, 0x6, 0x1, 0x20, 0x81, 0xa9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xa}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0xc, 0x9}]}}]}}, {{0x9, 0x4, 0xf7, 0x2, 0x8, 0xb6, 0x7a, 0x30, 0xc, [@hid_hid={0x9, 0x21, 0xc, 0x4, 0x1, {0x22, 0xc4c}}], [{{0x9, 0x5, 0x3, 0x2, 0xae2452d8a5663dae, 0x9, 0x9f, 0xc, [@generic={0x45, 0x6, "42ac11a1b95ac0634d63ce6c45e29f5b816b25353e9c515fe57bcc8215cb8e8fca990f0d4bca46ae82b636731e93d2eaf43841d6b1e4a95c6a85fe28efb77cb33c6d58"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x0, 0x9, 0x1, 0x5, [@generic={0x41, 0x21, "1c2658e8c927b9f42cc444dc1f5eb7b550d07b9c7491d0a71c2aeab64df838c26fb21d7181b86fb24034140bc2cfae63317ac183b7bee254c66225744b06a6"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x0, 0x3, 0xfa, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0xff}]}}, {{0x9, 0x5, 0x6, 0x1, 0x200, 0x9, 0x9, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x64, 0x7f}, @generic={0x67, 0x6, "97dbf538f25176aa502d203827bc9fd75374cbd69af53a33088c54a730259572293181e86b997d2207897fc8a9bdecdd080a811e2cd0beda0e75dbde83387482d6a98a374e2bf259b6596ffcf9fa8624e70467636258bc6592618547fd10e3e1cd6d679349"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x400, 0x66, 0xd1, 0xb}}, {{0x9, 0x5, 0x3, 0xc, 0x200, 0x7, 0x1, 0x7, [@generic={0x14, 0x22, "3444019e0e8fea3f81a5f3cb64853c621929"}]}}, {{0x9, 0x5, 0xc, 0x3, 0x20, 0x10, 0x3, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x82e8}]}}, {{0x9, 0x5, 0x2, 0x10, 0x697, 0x4, 0x2, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x84, 0x9a, 0x5}]}}]}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0xd, 0x1, 0x80, 0x30, 0x9}, 0x1bc, &(0x7f0000000180)={0x5, 0xf, 0x1bc, 0x4, [@ptm_cap={0x3}, @generic={0xaf, 0x10, 0x0, "eee6a1e6c6ab0887ec76803ba78a987da0065614485bcf39ccfe2a02fc6f197eb1a9eed40739e57c83c13252fce7c21c597c634b026a495ab73c1e04f602c9c99c62e7fc9d1b19e92c098681dd8f23ce33bc1a72c7b4c3ae806d29442c74b6ba52048a163aefbee47d1809b8905365af1b0309b8c65ad31cfa0bfb5780338328141f65bb037a5204c8990d3f3ed2b488ee722309bb7b726204ab7cd4d573cbe14735693545f5e423b0580978"}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x62, 0x0, 0x87, 0x5}, @generic={0xfa, 0x10, 0x9, "d82bdb334a51afa1ee627316b77d92e746824f592b64295c13dc6b95a267e763b924e0ae2820135c19afab291678a73b29ffc5075b79df968d1ee183a3a2bd421ea62f8d326c594d3e4907665baed0815e9fb4f500c79dab7316acafe46212fecbe06cce82c29c40006ca8b6606c75c9a8b7265538cfe21b2fb93ed9a9849df3ea72b31a7ecc346b53906016741c11e8435908b92eae0e24fa091aabd51ffb6894d5e8735a0235afc2d5840f62274360c104946e00c2ac7e2306279989d135a57a70f24f316133b1036f8fc813690246980ca9ebbf01a87f0ad3549e8ec789a69287022aa16ac3c8ab1af7652dc4a88e194bfc55a00154"}]}, 0x5, [{0x4a, &(0x7f0000000340)=@string={0x4a, 0x3, "11052a32169d4c6448bb58874b8ec3ff0a3fda72e7cd4328d8a1868072f98e11911a24d622941cd827034f0cb4f8405e2a897ad447709f10a51f41f829417ffc91e35fc5a128f99a"}}, {0xf6, &(0x7f00000003c0)=@string={0xf6, 0x3, "c2f9689eb01feb4ec2b549c763c77a18dc3b92ead12bacb092ebe60bd4a2d8948de3c49a968648d9a9d368584503fd43ca98e949bdb681be2577f1f35362d2de8b4938f0839758a42dd0ef36dbb11e315316adb992d76813538cb4c0f64db20426c4d3b70ebd1b9884aebf157ce083133fe6a4b8cb7d990b1585b214db2907d9f3d9c17a9d14e87094395470683b1ac404681eaacc1d22c9a06b29a3f7bb5929b38dfb68bdf3838c21e58ccbc3afa9029a5fa2e6d750cd640a8bae01011cd52aeb0d2a71347b3b6f27fbc0fcbc523476f3019b24b0fafd5684fdd11f1407520f34db37a0e27b6713d2a0a8515a6b93dd07daf1c6"}}, {0x72, &(0x7f00000004c0)=@string={0x72, 0x3, "a026d8cd2eb9259319748f43ad329a16c4c692b00a99df9005a3b9987de104c4799de893181369697b4f524a686312f233e244116ffeffec71f87967017ee902fd89819078585f16f376c2ffc265f2aabdea7f4d6c32f95ffc6cccdb9240d9774b5d5d21a234fe5d7a5a7c08676258c6"}}, {0x81, &(0x7f0000000540)=@string={0x81, 0x3, "8793f8261bd273b81921bbe679f07d42d71921837fe89d0524414642c23cdaeae4bd45369231b36afe3b07d2e34753d33c9ca66d55647e93c7dd056522a925585205df5432cd38d188b95c17620a58e6cdf95f6cd81f6f050d1bb18f689ef9aec4ae9bf93112a6b3426a20b6e0194af25ef00337e582caae8eb34095622ee8"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x860}}]})
syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000700)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xbb, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xff, 0x0, 0x68, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x1, 0x3, 0xe, {0x9, 0x21, 0x8, 0x8, 0x1, {0x22, 0x321}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x70, 0xc}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x0, 0x3, 0x7}}]}}}]}}]}}, &(0x7f0000001f40)={0xa, &(0x7f0000000780)={0xa, 0x6, 0x250, 0x4, 0x7a, 0x75, 0xff, 0x5}, 0xfe, &(0x7f00000007c0)={0x5, 0xf, 0xfe, 0x5, [@ssp_cap={0x14, 0x10, 0xa, 0x6d, 0x2, 0x3ff, 0xf, 0x360, [0x0, 0xff000f]}, @generic={0xc3, 0x10, 0x3, "d677049bdba4f3584a6ac8e1d44e6afee7b621867d38ee5a65678f8f32aacb5f12fe885fff42083915293dd45286c82aeb57adb2460746cdf6ab8254574d987f83476e882863f8ef3b72c11aa4eb5162de68f4bfad50bd5639019c604715993c4ca6b477dbcf2b9200f3216482b84853000b8674c3f6a460748cf1af9e2a24d88bbe9e674a8accd04263f7eee8d58c86f082fc7dc9e9e902ef0697921d031ac0865d8b7fcffdbdfd4308c64fd4e60a6c1e97f473d2169f8a27e425e52bcf1908"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x80, 0xa1, 0x5, 0x1, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0xc8, "e79511cef5015a21df1891d4c2394b13"}]}, 0x5, [{0x77, &(0x7f0000000900)=@string={0x77, 0x3, "fff9eb2eedff8440d3f2985dc99502d6d7e0b2ebd4c5ffd65edc672fe9d28ccfbc3bec7b8e968862c0415f0a314ad62738ebdb5ad5948963227b6b2e44c4d6324b16e9412374db3054b626036eff48caa2330577fbc1b7c1dd3eb15d5155994f3e9a87aea83e73cae452d72434044596fd0061af45"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x401}}, {0xe3, &(0x7f0000001e00)=@string={0xe3, 0x3, "b84a3da27c34a49d321c544e2fed83e4e2bc5fe35f05a08f7c728d211dcd6a0c8b300124652b0876f4438929ef31e71f8d673f1d43f6c97d6d0dd5bf94f72575c64a239a5ae8fd3fe25ea831b3bf71d1bc5f8221ecf32a5f2fa995e48d3976c3c28c342e84e06d9cdab23f797e89cc7042691affa8c6a764812e73c453da8630f7e7655a15b16f3a315257ddf930b032621aa5844277db620d6c6d73ccc38a82835694ad8e8bd537a1db9ee58a2fe6847cd02f88dcf850bd389d3a68de729908c2dbc31390cfb220ff5244f7cad62c2c7af7b8c84fd89b88db6bc08760f16280fe"}}, {0xc, &(0x7f0000000a00)=@string={0xc, 0x3, "0db110eaf4952fc57a88"}}, {0x4, &(0x7f0000001f00)=@lang_id={0x4, 0x3, 0x3c01}}]})
setpgid(0xffffffffffffffff, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r3, &(0x7f0000002d00)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x741, @loopback, 0x401}, 0x1c, 0x0, 0x0, &(0x7f00000008c0)=[@hoplimit_2292={{0x18, 0x29, 0x8, 0x6}}], 0x18}}], 0x1, 0x8004)
r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x2133, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0xffd, 0x3, 0x1, {0x22, 0x4}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xd, 0x1, 0xfc}}}}}]}}]}}, 0x0)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x8)
fchdir(r6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x4d)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')
syz_usb_control_io$hid(r4, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0xa, "13a29094"}]}}, 0x0}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)

1.697647568s ago: executing program 3 (id=3661):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5, 0x9, 0x1}]}}}]}, 0x44}, 0x1, 0x3000000}, 0x0)

1.621428718s ago: executing program 3 (id=3662):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x140f, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xa, 0x45, 'ipoib\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x24}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r2, @ANYBLOB="bf4400000000000000000c0000008000058014000280080001000000000008000100090000002c0002800800020001000000080004005fbe0000080001001b00000008000200000000000800020009000000070001006962000034000280080003006400000008000400090000000800030051bd000008000300fc00000008000300a9"], 0x2ac}}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x140f, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xa, 0x45, 'ipoib\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x24}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r2, @ANYBLOB="bf4400000000000000000c0000008000058014000280080001000000000008000100090000002c0002800800020001000000080004005fbe0000080001001b00000008000200000000000800020009000000070001006962000034000280080003006400000008000400090000000800030051bd000008000300fc00000008000300a9"], 0x2ac}}, 0x0) (async)

1.239438404s ago: executing program 0 (id=3663):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, &(0x7f0000000140), 0x0, 0xd, 0x0)
sendmsg$inet6(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="eee632714b55dd89f8efc26ccb7339566fcf9173261c354d03fdd8bcad2a8182729bc92e37c9fe6498bae727abe8e858", 0x30}, {&(0x7f0000000380)="0ab5e2c04bad0509936e27ebf664ef5b657d15e153b46ecafdb6c7e3763f2c53afd67ec0557468696d6899a8c82d15cdae761a504e79fd3a032b0f3c492c24cfafcb4e6fcb8faffcee571a1b730318d43a50469244705545039141a780c239543fb05f48bd1f732014e4", 0x6a}, {&(0x7f0000000540)="7de8404f7816b9569c70ba977f52fd7ee43242652a88ca5d60b4271329290fb50483903f8b81a7f5c01808ae15aabf8d0fa9a1", 0x33}], 0x3, &(0x7f0000000640)=[@dstopts_2292={{0x58, 0x29, 0x4, {0x2b, 0x8, '\x00', [@padn, @ra={0x5, 0x2, 0xb}, @generic={0xf1, 0x25, "b66f049f49f0544303ea464899b4e65a88cbacd461f225ac18c7aea9f3a903c822a33bdbf8"}, @enc_lim={0x4, 0x1, 0x5}, @jumbo={0xc2, 0x4, 0xe4b1}, @generic={0x8b, 0x8, "9fcc3e9467148c4c"}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x67}}], 0x70}, 0x4085)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000000)="52b52723e06c987242dafb8696010550e155755ac81ec64496", &(0x7f0000000140)="a381e5b2fb565285333e274ccb90099533bf64c89a49d9e289ba3100000000", 0x800, r5}, 0x38)
r6 = syz_open_procfs(0x0, 0x0)
writev(r6, &(0x7f00000002c0), 0x0)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000040)={&(0x7f0000000200)="90f5a774858314b628c4b6ed58a93ce2b01fd50b73726661178c548fa7a510d83a24d1af2d73afe2b9eb9899e55988483518d4ae5221196418cdf9213dbe5dd1643c", 0x0, 0x0, &(0x7f0000000440)="4e02a5407dd8ab733c7852c1d08feb235e5715ce5a6e8001aebaef247fd5f66dc231021792ad09de8d3f8ecfef6f94220934a566e0dc1dcf17cd2efca82cbfad5f40ab51dfe91d60f4b49fec7dc26784c2aa40be0aa8ae3f98bc3d396c4a067011991fbbc6423700f5c5a01ed2b277c71a1d8815130b84d57aca0071a342b6a546730aa4f5224fe172ebde0e3a1e43622c679d475743d8e957405be56cacdca432df5c638c21455d39151ccf25acae9d56eedd75c01cf9990050ff66e809cef4056824af1c1538", 0x9, r4, 0x4}, 0x38)
socket(0x10, 0x2, 0x0)

1.097353655s ago: executing program 3 (id=3664):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000400), 0x40, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xc}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000380)={r3, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000440)=@sack_info={r3, 0x6, 0x3}, 0xc)
ioctl$HIDIOCGRAWPHYS(r0, 0x80404805, &(0x7f0000000040))
socket$kcm(0x2, 0x1, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES8=r4], 0x0)

971.478618ms ago: executing program 6 (id=3665):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r3 = socket$kcm(0x29, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000400000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r5, r4})
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r2, r1})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000680)={r0})

569.502177ms ago: executing program 2 (id=3666):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"0bd13af7e222d7b82977a894bcf2d741b99f8f02da617b9ad94014424a83db0314f34fdfe9a260e953f1aaf3610eec4c839a08a42b569d1e59b5520d8ad988ecacf773bc8c1855c13291a20986512ff73d4967f734679cb88ac4c1013a6d38828f96b71019283ce07d08bbb370738322ffae7a0afc79279598c1166ec564d5be5344fc87a5f00ca1354bced1fccde226dcd6e864d8262199e37fda0824cafccbe5f8cd0518aa106eb5f8a0986aca2d05a5eaa0177c72d3caeb3579fd729cfe1e7c8e2bb7a9dcfc32e31c7dd4cb48b11128a933481391a63c788de6306217984ef3aa5c402cf680385d96c065818632f2eb3b976ae7997d793ee5a91e26017c70319748f5b8505ce26e2fc2a50296523adc134596ff6ce79f6b58e5ca0612085af940096fb90cb23a7eac4d0e1f0933ef17dd5b760ed2864d8cc3dca7174f7d10bc4ccde5463f72f0265c673a73a1d7d41a581d8491c8f37615278b543c2c3310ae461a924409d0b5a1a75085d800e69f7351d6f2e058d6323d3ae70c7a1b7961a017dcbd827381d2133be3eda141656239ee6859843e51305726cc2444f1360e65e2993842d09428843f2c50c989084ed7722d34e930873d420e9c9fffda5fedf8370000000000000000885e2e653d083ccc91792e12e3082139763d44f68d1115d8e545444accee3bb38a9fa3b9ff7172868cfaf0a8f22a6939248404db646f2aa405a21b953498132fe3167e4783623451da9253e12187b4086f56bdd827e75a5523e04683335992552fa2cce95d2b23833d57bf2872f9e428b374d049a35636113207f68e34d7f1392c05add0d78b9d999c7a5d47dcbb803bcab54544dbceb73f41d5ac0970883308fecd0edcbb3eea10c1b56c851d13ff248353994d4fc68815b1bf45d202c9944b5cecc4d09a99b422ef51442a8c16e1dbb6a955c4618d592d43cd7e52c206929662f178afe060401868ffaf0db2f1eb3aaeb591be9eae546ae97266315e87487dd399ea4ec20423904c3953376a3ab41853f00b720b270b6ae8fd3cbd6c66e4af6d15bbae6aa085e56a3f8ca4a40117a72209d18e4e31e06389650b8115ef5f1fcd8c2d56b37d66fff06008836e501304a332dd3a9e6eea4f8f8d9e3671edc0abe7788692ba653850e980c36a4d3f60d090a58e34fa033b8e92ce7c19a1730872bd9b58530729400823e68ebb0ab9294bebfcd5404194a9dce119d204e01736b57ef37f7bc11ebf9bbf4d33a35ccebc67a3e38bc092cc208e8d70f33d830d26e16b5adcfb3a8928ececc4273771716dce7a0cd4d6f37f8cf70242fe91f09d9d07745e60c35b93bc343eb27751afc6ffb4693ef290668824287595c20cda170ff582c630e2a5df595cb8b7868b8f28665c7fb592d8763b6a0c3e20154f6400"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @ioapic={0x0, 0xfffffffd, 0xa, 0x0, 0x0, [{0x1, 0xf7, 0x5, '\x00', 0xfa}, {0x1, 0xf, 0x5, '\x00', 0x8}, {0x7, 0xe, 0xbd, '\x00', 0x8}, {0x8, 0xfb, 0x1, '\x00', 0x1}, {0x9d, 0x9, 0xaa, '\x00', 0x40}, {0x2, 0x3, 0xea, '\x00', 0x7}, {0x0, 0xad, 0x4, '\x00', 0x3}, {0x0, 0xd, 0x6f, '\x00', 0x7}, {0x80, 0x0, 0x6, '\x00', 0x29}, {0x0, 0x7, 0xe, '\x00', 0xc0}, {0x0, 0x5}, {0x2, 0xfa, 0x7, '\x00', 0xb}, {0x0, 0x9, 0x8}, {0x88, 0x4, 0x4, '\x00', 0x5}, {0x1, 0x5, 0x5, '\x00', 0x8}, {0xfe, 0x81, 0x8, '\x00', 0x1}, {0x2, 0x2, 0x6, '\x00', 0x64}, {0x2, 0x2, 0x4, '\x00', 0x6}, {0x10, 0x7, 0x4, '\x00', 0x5}, {0x48, 0xad, 0x33, '\x00', 0x1a}, {0x66, 0xc, 0xc1, '\x00', 0x6}, {0x3, 0xff, 0xc, '\x00', 0x4}, {0xb, 0x3, 0x8e, '\x00', 0x6}, {0x3, 0xfc, 0xd5, '\x00', 0xfe}]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

335.934142ms ago: executing program 2 (id=3667):
syz_emit_ethernet(0xc2, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x26, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}, {0x1, 0xe, "9606053d0006ff00800000b6"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x3f, 0x0, [{0x5, 0x7, "4b6cefc500"}, {0x1, 0x12, "8c9300"/16}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0x11, "ffd11634eea26b0faffa0dea2e9035"}, {0x0, 0x5, "02a209"}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}]}}, "a815a23d"}}}}}, 0x0)

183.603445ms ago: executing program 2 (id=3668):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x8000001}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/4081, 0xff1}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/52, 0x34}, {&(0x7f0000000500)=""/108, 0x6c}, {&(0x7f0000000440)=""/188, 0xbc}], 0x7}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)

49.3478ms ago: executing program 6 (id=3669):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) (async)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x1, 'queue0\x00'})
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xc018480b, &(0x7f0000000080)={0x3, 0xffffffff, 0x2, 0x5, 0x400, 0x560}) (async)
ioctl$HIDIOCGUSAGE(r2, 0xc018480b, &(0x7f0000000080)={0x3, 0xffffffff, 0x2, 0x5, 0x400, 0x560})
sendmsg(0xffffffffffffffff, 0x0, 0x0)
unshare(0x8000000)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$xdp(0x2c, 0x3, 0x0)
socket$tipc(0x1e, 0x2, 0x0) (async)
r7 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000400)={'dummy0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r8=>0x0})
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f00000000c0)=0x4, 0x4)
bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r8, 0xa, r6}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000030000000060a010400000000000000000100000008000b40000000000900010073797a3000000000050007400800000014000000110001000400000000000000ffffffff"], 0xa4}, 0x1, 0x0, 0x0, 0x2004c899}, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

0s ago: executing program 2 (id=3670):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000200000200000089000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000044010500000000000000000000000000e500000000000000003200000000000000ac090000000000000000000000000000000000def9"], 0x1fc}}, 0x0)

kernel console output (not intermixed with test programs):

adapter converter now disconnected from ttyUSB0
[  727.948638][  T850] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  727.975295][  T850] keyspan 1-1:0.0: device disconnected
[  727.986610][T16296] bridge0: port 1(bridge_slave_0) entered blocking state
[  728.003041][T16296] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.031479][T16296] bridge_slave_0: entered allmulticast mode
[  728.040346][T16296] bridge_slave_0: entered promiscuous mode
[  728.061300][T16296] bridge0: port 2(bridge_slave_1) entered blocking state
[  728.072672][T16296] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.080368][T16296] bridge_slave_1: entered allmulticast mode
[  728.094148][T16296] bridge_slave_1: entered promiscuous mode
[  728.181537][T16296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  728.198318][T16296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  728.289092][T12021] hsr_slave_0: left promiscuous mode
[  728.298249][T12021] hsr_slave_1: left promiscuous mode
[  728.304851][T12021] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  728.312777][T12021] batman_adv: batadv0: Removing interface: batadv_slave_0
[  728.326208][T12021] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  728.333817][T12021] batman_adv: batadv0: Removing interface: batadv_slave_1
[  728.364356][T12021] veth1_macvtap: left promiscuous mode
[  728.370899][T12021] veth0_macvtap: left promiscuous mode
[  728.376538][T12021] veth1_vlan: left promiscuous mode
[  728.382466][T12021] veth0_vlan: left promiscuous mode
[  728.790870][T12021] team0 (unregistering): Port device team_slave_1 removed
[  728.833845][T12021] team0 (unregistering): Port device team_slave_0 removed
[  729.199869][T16296] team0: Port device team_slave_0 added
[  729.207974][ T5847] Bluetooth: hci3: command tx timeout
[  729.239574][T16296] team0: Port device team_slave_1 added
[  729.291209][T16296] batman_adv: batadv0: Adding interface: batadv_slave_0
[  729.298688][T16296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  729.324593][    C1] vkms_vblank_simulate: vblank timer overrun
[  729.331814][T16296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  729.349426][T16296] batman_adv: batadv0: Adding interface: batadv_slave_1
[  729.356416][T16296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  729.398975][T16296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  729.507497][T16296] hsr_slave_0: entered promiscuous mode
[  729.525227][T16296] hsr_slave_1: entered promiscuous mode
[  729.635569][T12021] IPVS: stop unused estimator thread 0...
[  730.146462][T16296] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  730.165176][T16296] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  730.184300][T16296] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  730.199537][T16296] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  730.305574][T16296] 8021q: adding VLAN 0 to HW filter on device bond0
[  730.330215][T16296] 8021q: adding VLAN 0 to HW filter on device team0
[  730.342759][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  730.349922][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  730.368155][T12021] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.375328][T12021] bridge0: port 2(bridge_slave_1) entered forwarding state
[  730.430459][T16296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  730.479870][T16296] 8021q: adding VLAN 0 to HW filter on device batadv0
[  730.534490][T16296] veth0_vlan: entered promiscuous mode
[  730.555302][T16296] veth1_vlan: entered promiscuous mode
[  730.613350][T16296] veth0_macvtap: entered promiscuous mode
[  730.625459][T16296] veth1_macvtap: entered promiscuous mode
[  730.660246][T16296] batman_adv: batadv0: Interface activated: batadv_slave_0
[  730.676470][T16296] batman_adv: batadv0: Interface activated: batadv_slave_1
[  730.694134][ T3494] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  730.704034][ T3494] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  730.719370][ T3494] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  730.744420][ T3494] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  730.827428][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  730.842257][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  730.882645][T12021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  730.891925][T12021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.287821][ T5847] Bluetooth: hci3: command tx timeout
[  733.378004][ T5847] Bluetooth: hci3: command tx timeout
[  747.373150][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.379993][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  779.428789][ T5213] udevd[5213]: worker [6100] /devices/platform/dummy_hcd.2/usb3/3-1 is taking a long time
[  783.215271][ T5842] usb 3-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  783.235353][ T5842] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -110
[  783.274434][ T5842] usb 3-1: USB disconnect, device number 80
[  800.100190][T16442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  800.109640][ T5842] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  800.277672][ T5842] usb 7-1: Using ep0 maxpacket: 32
[  800.298636][ T5842] usb 7-1: config 7 has no interfaces?
[  800.309623][ T5842] usb 7-1: New USB device found, idVendor=06e1, idProduct=a333, bcdDevice=3e.de
[  800.522443][ T5842] usb 7-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[  800.537777][ T5842] usb 7-1: Product: syz
[  800.542791][ T5842] usb 7-1: Manufacturer: syz
[  800.547939][ T5842] usb 7-1: SerialNumber: syz
[  801.171160][T16477] FAULT_INJECTION: forcing a failure.
[  801.171160][T16477] name failslab, interval 1, probability 0, space 0, times 0
[  801.214546][T16477] CPU: 1 UID: 0 PID: 16477 Comm: syz.4.2894 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  801.214571][T16477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  801.214583][T16477] Call Trace:
[  801.214590][T16477]  <TASK>
[  801.214600][T16477]  dump_stack_lvl+0x189/0x250
[  801.214622][T16477]  ? __pfx____ratelimit+0x10/0x10
[  801.214648][T16477]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.214667][T16477]  ? __pfx__printk+0x10/0x10
[  801.214694][T16477]  ? __pfx___might_resched+0x10/0x10
[  801.214721][T16477]  should_fail_ex+0x414/0x560
[  801.214747][T16477]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  801.214766][T16477]  should_failslab+0xa8/0x100
[  801.214787][T16477]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  801.214804][T16477]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  801.214823][T16477]  ? alloc_inode+0x67/0x1b0
[  801.214841][T16477]  ? __pfx_simple_start_creating+0x10/0x10
[  801.214866][T16477]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  801.214883][T16477]  alloc_inode+0x67/0x1b0
[  801.214905][T16477]  new_inode+0x22/0x170
[  801.214929][T16477]  __debugfs_create_file+0x14d/0x4f0
[  801.214953][T16477]  debugfs_create_file_full+0x3f/0x60
[  801.214976][T16477]  ref_tracker_dir_debugfs+0x14e/0x270
[  801.215000][T16477]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  801.215055][T16477]  ? rcu_is_watching+0x15/0xb0
[  801.215079][T16477]  ? alloc_netdev_mqs+0xa3/0x1170
[  801.215104][T16477]  ? __raw_spin_lock_init+0x45/0x100
[  801.215125][T16477]  alloc_netdev_mqs+0x26f/0x1170
[  801.215146][T16477]  ? __pfx_geneve_setup+0x10/0x10
[  801.215172][T16477]  rtnl_create_link+0x31f/0xd10
[  801.215199][T16477]  rtnl_newlink_create+0x25c/0xb00
[  801.215222][T16477]  ? __pfx_aa_get_newest_label+0x10/0x10
[  801.215242][T16477]  ? __pfx_aa_get_newest_label+0x10/0x10
[  801.215263][T16477]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  801.215284][T16477]  ? __pfx___mutex_lock+0x10/0x10
[  801.215312][T16477]  ? ns_capable+0x8a/0xf0
[  801.215344][T16477]  rtnl_newlink+0x16d6/0x1c70
[  801.215363][T16477]  ? netlink_sendmsg+0x805/0xb30
[  801.215393][T16477]  ? __pfx_rtnl_newlink+0x10/0x10
[  801.215435][T16477]  ? kasan_quarantine_put+0xdd/0x220
[  801.215453][T16477]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.215482][T16477]  ? nlmon_xmit+0xb0/0x100
[  801.215498][T16477]  ? kmem_cache_free+0x18f/0x400
[  801.215523][T16477]  ? __local_bh_enable_ip+0x12d/0x1c0
[  801.215547][T16477]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.215572][T16477]  ? __local_bh_enable_ip+0x12d/0x1c0
[  801.215593][T16477]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  801.215617][T16477]  ? __dev_queue_xmit+0x27b/0x3b50
[  801.215646][T16477]  ? __lock_acquire+0xab9/0xd20
[  801.215688][T16477]  ? __pfx_rtnl_newlink+0x10/0x10
[  801.215705][T16477]  rtnetlink_rcv_msg+0x7cc/0xb70
[  801.215726][T16477]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  801.215742][T16477]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  801.215757][T16477]  ? ref_tracker_free+0x63a/0x7d0
[  801.215781][T16477]  ? __asan_memcpy+0x40/0x70
[  801.215798][T16477]  ? __pfx_ref_tracker_free+0x10/0x10
[  801.215832][T16477]  netlink_rcv_skb+0x205/0x470
[  801.215850][T16477]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  801.215869][T16477]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  801.215898][T16477]  ? netlink_deliver_tap+0x2e/0x1b0
[  801.215923][T16477]  netlink_unicast+0x82c/0x9e0
[  801.215955][T16477]  ? __pfx_netlink_unicast+0x10/0x10
[  801.215978][T16477]  ? netlink_sendmsg+0x642/0xb30
[  801.215993][T16477]  ? skb_put+0x11b/0x210
[  801.216020][T16477]  netlink_sendmsg+0x805/0xb30
[  801.216047][T16477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  801.216068][T16477]  ? aa_sock_msg_perm+0x94/0x160
[  801.216089][T16477]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  801.216106][T16477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  801.216125][T16477]  __sock_sendmsg+0x21c/0x270
[  801.216151][T16477]  ____sys_sendmsg+0x505/0x830
[  801.216175][T16477]  ? __pfx_____sys_sendmsg+0x10/0x10
[  801.216204][T16477]  ? import_iovec+0x74/0xa0
[  801.216229][T16477]  ___sys_sendmsg+0x21f/0x2a0
[  801.216249][T16477]  ? __pfx____sys_sendmsg+0x10/0x10
[  801.216305][T16477]  ? __fget_files+0x2a/0x420
[  801.216325][T16477]  ? __fget_files+0x3a0/0x420
[  801.216358][T16477]  __x64_sys_sendmsg+0x19b/0x260
[  801.216381][T16477]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  801.216409][T16477]  ? __pfx_ksys_write+0x10/0x10
[  801.216426][T16477]  ? rcu_is_watching+0x15/0xb0
[  801.216455][T16477]  ? do_syscall_64+0xbe/0x3b0
[  801.216478][T16477]  do_syscall_64+0xfa/0x3b0
[  801.216494][T16477]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.216517][T16477]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.216533][T16477]  ? clear_bhb_loop+0x60/0xb0
[  801.216553][T16477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.216568][T16477] RIP: 0033:0x7f37edb8eb69
[  801.216584][T16477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  801.216598][T16477] RSP: 002b:00007f37eea60038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  801.216617][T16477] RAX: ffffffffffffffda RBX: 00007f37eddb5fa0 RCX: 00007f37edb8eb69
[  801.216630][T16477] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  801.216640][T16477] RBP: 00007f37eea60090 R08: 0000000000000000 R09: 0000000000000000
[  801.216650][T16477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  801.216660][T16477] R13: 0000000000000000 R14: 00007f37eddb5fa0 R15: 00007f37ededfa28
[  801.216686][T16477]  </TASK>
[  801.267718][T16477] debugfs: out of free dentries, can not create file 'netdev@ffff888051e1a610'
[  801.717648][ T5923] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  801.724475][ T5842] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  801.942106][ T5842] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  801.961286][T16486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.969718][ T5842] usb 4-1: config 0 has no interface number 0
[  801.980136][ T5842] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  801.993379][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.008383][ T5923] usb 3-1: Using ep0 maxpacket: 8
[  802.008419][T16486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  802.021526][ T5842] usb 4-1: Product: syz
[  802.027711][ T5842] usb 4-1: Manufacturer: syz
[  802.032320][ T5842] usb 4-1: SerialNumber: syz
[  802.057357][ T5842] usb 4-1: config 0 descriptor??
[  802.068088][ T5923] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  802.082736][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.167779][ T5923] usb 3-1: Product: syz
[  802.171981][ T5923] usb 3-1: Manufacturer: syz
[  802.176911][ T5923] usb 3-1: SerialNumber: syz
[  802.212227][ T5923] usb 3-1: config 0 descriptor??
[  802.305611][ T5842] usb 4-1: Found UVC 0.08 device syz (046d:0823)
[  802.333893][ T5842] usb 4-1: No valid video chain found.
[  802.347368][ T5842] usb 4-1: USB disconnect, device number 123
[  802.420572][ T5923] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  803.013211][T16503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.022358][T16503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.277794][ T5923] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  803.304614][ T5923] usb 3-1: USB disconnect, device number 81
[  803.677930][ T5932] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  803.847645][ T5932] usb 5-1: Using ep0 maxpacket: 16
[  803.859972][ T5932] usb 5-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024
[  803.907766][ T5932] usb 5-1: config 1 interface 0 has no altsetting 0
[  804.109338][ T5932] usb 5-1: string descriptor 0 read error: -22
[  804.115662][ T5932] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  804.135334][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.148275][T16509] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  805.058154][ T5842] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  805.208098][ T5842] usb 3-1: device descriptor read/64, error -71
[  805.324355][T16525] netlink: 'syz.3.2905': attribute type 4 has an invalid length.
[  805.357715][ T5923] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  805.486333][T16526] netlink: 'syz.3.2905': attribute type 4 has an invalid length.
[  805.507711][ T5923] usb 1-1: Using ep0 maxpacket: 32
[  805.514450][ T5923] usb 1-1: config 7 has no interfaces?
[  805.524397][ T5923] usb 1-1: New USB device found, idVendor=06e1, idProduct=a333, bcdDevice=3e.de
[  805.534890][ T5923] usb 1-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[  805.544865][ T5923] usb 1-1: Product: syz
[  805.554976][ T5923] usb 1-1: Manufacturer: syz
[  805.560131][ T5842] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  805.575548][ T5923] usb 1-1: SerialNumber: syz
[  805.747744][ T5842] usb 3-1: device descriptor read/64, error -71
[  805.868018][ T5842] usb usb3-port1: attempt power cycle
[  806.208666][ T5842] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  806.240377][ T5842] usb 3-1: device descriptor read/8, error -71
[  806.488512][T16533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  806.629708][ T5842] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  806.651478][T16533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  806.668262][ T5842] usb 3-1: device descriptor read/8, error -71
[  806.754798][ T5932] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 104 if 0 alt 9 proto 1 vid 0x0525 pid 0xA4A8
[  806.830563][ T5842] usb usb3-port1: unable to enumerate USB device
[  806.842952][ T5932] usb 5-1: USB disconnect, device number 104
[  806.867223][ T5932] usblp0: removed
[  807.290063][T16544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  807.308485][T16544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  807.587743][ T5923] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[  807.973601][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  808.141844][ T5923] usb 4-1: unable to get BOS descriptor or descriptor too short
[  808.156405][ T5923] usb 4-1: config 244 has an invalid interface number: 68 but max is 0
[  808.168964][ T5923] usb 4-1: config 244 has no interface number 0
[  808.180286][ T5923] usb 4-1: config 244 interface 68 altsetting 3 has an endpoint descriptor with address 0xF8, changing to 0x88
[  808.212995][ T5923] usb 4-1: config 244 interface 68 altsetting 3 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  808.236668][ T5923] usb 4-1: config 244 interface 68 altsetting 3 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  808.286951][ T5923] usb 4-1: config 244 interface 68 altsetting 3 endpoint 0xA has invalid wMaxPacketSize 0
[  808.322044][ T5923] usb 4-1: config 244 interface 68 has no altsetting 0
[  808.353614][ T5923] usb 4-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f
[  808.366262][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.383305][ T5923] usb 4-1: Product: syz
[  808.387847][T16557] netlink: 'syz.6.2916': attribute type 10 has an invalid length.
[  808.392080][ T5923] usb 4-1: Manufacturer: syz
[  808.464484][ T5923] usb 4-1: SerialNumber: syz
[  808.795178][ T5923] comedi comedi5: Endpoint has wrong direction
[  808.812331][ T5923] dt9812 4-1:244.68: driver 'dt9812' failed to auto-configure device.
[  808.814514][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  808.827153][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  808.889200][ T5923] usb 4-1: USB disconnect, device number 124
[  808.940762][T13540] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  808.977753][T16363] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  809.137710][T13540] usb 3-1: Using ep0 maxpacket: 32
[  809.156290][T13540] usb 3-1: config 7 has no interfaces?
[  809.162826][T16363] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  809.177649][T16363] usb 5-1: config 0 has no interface number 0
[  809.187287][T13540] usb 3-1: New USB device found, idVendor=06e1, idProduct=a333, bcdDevice=3e.de
[  809.206718][T13540] usb 3-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[  809.229336][T13540] usb 3-1: Product: syz
[  809.233537][T13540] usb 3-1: Manufacturer: syz
[  809.235392][T16363] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  809.260831][T16363] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.269213][T16363] usb 5-1: Product: syz
[  809.273506][T16363] usb 5-1: Manufacturer: syz
[  809.283409][T16363] usb 5-1: SerialNumber: syz
[  809.306034][T16363] usb 5-1: config 0 descriptor??
[  809.497629][T13540] usb 3-1: SerialNumber: syz
[  809.542713][T16363] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  809.592277][T16363] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  809.604819][T16363] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  809.615151][T16363] usb 5-1: media controller created
[  809.652302][T16363] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  809.678078][   T10] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[  809.729127][T16580] netlink: 'syz.0.2923': attribute type 4 has an invalid length.
[  809.737667][T16580] netlink: 'syz.0.2923': attribute type 4 has an invalid length.
[  809.827704][   T10] usb 4-1: device descriptor read/64, error -71
[  810.077751][   T10] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  810.237815][   T10] usb 4-1: device descriptor read/64, error -71
[  810.359014][   T10] usb usb4-port1: attempt power cycle
[  810.591274][T16599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  810.602832][T16599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  810.717918][   T10] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  810.748666][   T10] usb 4-1: device descriptor read/8, error -71
[  810.809003][T16363] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  811.131555][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  811.227991][   T10] usb 4-1: device descriptor read/8, error -71
[  811.338184][   T10] usb usb4-port1: unable to enumerate USB device
[  812.413243][T16631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  812.432372][T16631] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  813.123221][T16643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  813.134579][T16643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  814.353052][T16659] tipc: Started in network mode
[  814.359108][T16659] tipc: Node identity a28603f4ab84, cluster identity 4711
[  814.366335][T16659] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  814.407995][T16659] syzkaller0: entered promiscuous mode
[  814.447824][T16659] syzkaller0: entered allmulticast mode
[  814.456498][T16657] tipc: Resetting bearer <eth:syzkaller0>
[  814.474790][T16657] tipc: Disabling bearer <eth:syzkaller0>
[  816.151702][T16679] fuse: Bad value for 'fd'
[  816.617362][T16702] vti0: entered promiscuous mode
[  816.628610][T16702] vti0: entered allmulticast mode
[  816.728742][T16703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  816.738812][T16703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  817.205287][T16714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  817.226639][T16714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  818.430344][T16736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  818.457383][T16736] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  818.838364][T16740] netlink: 208 bytes leftover after parsing attributes in process `syz.3.2977'.
[  819.270988][T16746] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2980'.
[  819.507690][ T5932] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  819.767922][ T5932] usb 4-1: Using ep0 maxpacket: 16
[  819.851261][T16750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.861254][T16750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.931831][T16757] netlink: 'syz.0.2982': attribute type 10 has an invalid length.
[  819.963122][T16757] dummy0: entered allmulticast mode
[  819.971545][T16757] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  821.081194][   T30] audit: type=1326 audit(1754040280.352:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.6.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a58f8eb69 code=0x7ffc0000
[  821.103552][    C1] vkms_vblank_simulate: vblank timer overrun
[  821.335036][   T30] audit: type=1326 audit(1754040280.352:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.6.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a58f8eb69 code=0x7ffc0000
[  821.527668][   T30] audit: type=1326 audit(1754040280.352:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.6.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0a58f8eb69 code=0x7ffc0000
[  821.597302][   T30] audit: type=1326 audit(1754040280.352:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.6.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a58f8eb69 code=0x7ffc0000
[  821.667898][   T30] audit: type=1326 audit(1754040280.352:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16767 comm="syz.6.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a58f8eb69 code=0x7ffc0000
[  822.419798][T16790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  822.439958][T16790] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  822.815801][ T5932] usb 4-1: unable to get BOS descriptor or descriptor too short
[  822.828010][ T5932] usb 4-1: unable to read config index 0 descriptor/start: -71
[  822.836761][ T5932] usb 4-1: can't read configurations, error -71
[  823.517656][ T5932] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  823.730338][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.741684][ T5932] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.771683][ T5932] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  823.792518][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.803306][ T5932] usb 4-1: config 0 descriptor??
[  824.217325][ T5932] usbhid 4-1:0.0: can't add hid device: -71
[  824.241393][ T5932] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  824.268564][ T5932] usb 4-1: USB disconnect, device number 4
[  824.516851][T16811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  824.528786][T16811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  824.587966][T16813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  824.600655][T16813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  825.342305][T16826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  825.580666][T16834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  825.589618][T16834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  825.679196][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  825.692359][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  825.702827][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  825.713585][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  825.722840][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  826.041138][ T3494] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.060696][ T3494] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  826.144769][T16846] fuse: Bad value for 'fd'
[  826.223255][ T3494] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.233961][ T3494] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  826.251128][ T5843] Bluetooth: hci2: command 0x0406 tx timeout
[  826.388160][ T3494] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.403465][ T3494] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  826.551820][ T3494] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.592105][ T3494] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  827.014354][T16843] chnl_net:caif_netlink_parms(): no params data found
[  827.392947][ T3494] bridge_slave_1: left allmulticast mode
[  827.402018][ T3494] bridge_slave_1: left promiscuous mode
[  827.426687][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state
[  827.745457][ T3494] bridge_slave_0: left allmulticast mode
[  827.847874][T12872] Bluetooth: hci4: command tx timeout
[  827.857371][ T3494] bridge_slave_0: left promiscuous mode
[  827.884613][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.764335][ T3494] batman_adv: batadv0: Interface deactivated: macvlan2
[  828.801073][ T3494] batman_adv: batadv0: Removing interface: macvlan2
[  829.106320][ T3494] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  829.126700][ T3494] bond_slave_0: left promiscuous mode
[  829.134843][ T3494] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  829.144007][ T3494] bond_slave_1: left promiscuous mode
[  829.159850][ T3494] $Hÿ (unregistering): (slave dummy0): Releasing backup interface
[  829.170978][ T3494] dummy0: left promiscuous mode
[  829.176688][ T3494] $Hÿ (unregistering): Released all slaves
[  829.514178][ T3494] tipc: Left network mode
[  829.569515][T16843] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.576886][T16843] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.584560][T16843] bridge_slave_0: entered allmulticast mode
[  829.596424][T16843] bridge_slave_0: entered promiscuous mode
[  829.636561][T16843] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.652620][T16843] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.676253][T16843] bridge_slave_1: entered allmulticast mode
[  829.689087][T16843] bridge_slave_1: entered promiscuous mode
[  829.829148][T16906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.858011][T16906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.930186][T12872] Bluetooth: hci4: command tx timeout
[  830.114423][ T3494] hsr_slave_0: left promiscuous mode
[  830.121998][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0
[  830.222900][ T3494] veth1_macvtap: left promiscuous mode
[  830.358098][ T3494] veth0_macvtap: left promiscuous mode
[  830.364268][ T3494] veth1_vlan: left promiscuous mode
[  830.370050][ T3494] veth0_vlan: left promiscuous mode
[  831.292229][T16931] libceph: resolve '40' (ret=-3): failed
[  831.774623][T16943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  831.906862][T16943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  832.015938][T12872] Bluetooth: hci4: command tx timeout
[  832.325379][ T3494] team0 (unregistering): Port device team_slave_1 removed
[  832.373361][ T3494] team0 (unregistering): Port device team_slave_0 removed
[  832.504879][T16953] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3026'.
[  832.519066][T16953] netlink: 660 bytes leftover after parsing attributes in process `syz.4.3026'.
[  832.590867][T16955] fuse: Bad value for 'fd'
[  832.936056][T16843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  833.068527][T16843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  833.152887][T16843] team0: Port device team_slave_0 added
[  833.162848][T16843] team0: Port device team_slave_1 added
[  833.231436][T16843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.259450][T16843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.286929][T16843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.330440][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  833.355565][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.102117][T12872] Bluetooth: hci4: command tx timeout
[  834.253742][T16843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  834.347212][T16843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  834.388478][T16843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  834.404102][T16975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.428963][T16975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.457345][ T3494] IPVS: stop unused estimator thread 0...
[  834.551898][T16843] hsr_slave_0: entered promiscuous mode
[  834.570084][T16843] hsr_slave_1: entered promiscuous mode
[  834.607807][T16843] debugfs: 'hsr0' already exists in 'hsr'
[  834.623570][T16843] Cannot create hsr debugfs directory
[  836.179616][T17007] FAULT_INJECTION: forcing a failure.
[  836.179616][T17007] name failslab, interval 1, probability 0, space 0, times 0
[  836.366770][T17007] CPU: 0 UID: 0 PID: 17007 Comm: syz.4.3036 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  836.366789][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  836.366796][T17007] Call Trace:
[  836.366801][T17007]  <TASK>
[  836.366806][T17007]  dump_stack_lvl+0x189/0x250
[  836.366822][T17007]  ? __pfx____ratelimit+0x10/0x10
[  836.366839][T17007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  836.366849][T17007]  ? __pfx__printk+0x10/0x10
[  836.366865][T17007]  ? __pfx___might_resched+0x10/0x10
[  836.366879][T17007]  ? fs_reclaim_acquire+0x7d/0x100
[  836.366896][T17007]  should_fail_ex+0x414/0x560
[  836.366913][T17007]  should_failslab+0xa8/0x100
[  836.366928][T17007]  kmem_cache_alloc_noprof+0x73/0x3c0
[  836.366945][T17007]  ? skb_clone+0x212/0x3a0
[  836.366960][T17007]  skb_clone+0x212/0x3a0
[  836.366974][T17007]  pfkey_sendmsg+0x44b/0x1090
[  836.366990][T17007]  ? __lock_acquire+0xab9/0xd20
[  836.367006][T17007]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  836.367030][T17007]  ? aa_sock_msg_perm+0x94/0x160
[  836.367043][T17007]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  836.367052][T17007]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  836.367063][T17007]  __sock_sendmsg+0x21c/0x270
[  836.367079][T17007]  ____sys_sendmsg+0x505/0x830
[  836.367094][T17007]  ? __pfx_____sys_sendmsg+0x10/0x10
[  836.367111][T17007]  ? import_iovec+0x74/0xa0
[  836.367125][T17007]  ___sys_sendmsg+0x21f/0x2a0
[  836.367137][T17007]  ? __pfx____sys_sendmsg+0x10/0x10
[  836.367167][T17007]  ? __fget_files+0x2a/0x420
[  836.367180][T17007]  ? __fget_files+0x3a0/0x420
[  836.367198][T17007]  __x64_sys_sendmsg+0x19b/0x260
[  836.367211][T17007]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  836.367228][T17007]  ? __pfx_ksys_write+0x10/0x10
[  836.367238][T17007]  ? rcu_is_watching+0x15/0xb0
[  836.367257][T17007]  ? do_syscall_64+0xbe/0x3b0
[  836.367270][T17007]  do_syscall_64+0xfa/0x3b0
[  836.367279][T17007]  ? lockdep_hardirqs_on+0x9c/0x150
[  836.367294][T17007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  836.367303][T17007]  ? clear_bhb_loop+0x60/0xb0
[  836.367315][T17007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  836.367324][T17007] RIP: 0033:0x7f37edb8eb69
[  836.367334][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  836.367342][T17007] RSP: 002b:00007f37eea60038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  836.367354][T17007] RAX: ffffffffffffffda RBX: 00007f37eddb5fa0 RCX: 00007f37edb8eb69
[  836.367361][T17007] RDX: 0000000000040010 RSI: 0000200000000580 RDI: 0000000000000004
[  836.367368][T17007] RBP: 00007f37eea60090 R08: 0000000000000000 R09: 0000000000000000
[  836.367377][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  836.367383][T17007] R13: 0000000000000000 R14: 00007f37eddb5fa0 R15: 00007f37ededfa28
[  836.367398][T17007]  </TASK>
[  836.641978][    C0] vkms_vblank_simulate: vblank timer overrun
[  836.923851][T17011] fuse: Bad value for 'fd'
[  837.341899][T17025] FAULT_INJECTION: forcing a failure.
[  837.341899][T17025] name failslab, interval 1, probability 0, space 0, times 0
[  837.358013][T17025] CPU: 0 UID: 0 PID: 17025 Comm: syz.4.3040 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  837.358036][T17025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  837.358046][T17025] Call Trace:
[  837.358054][T17025]  <TASK>
[  837.358062][T17025]  dump_stack_lvl+0x189/0x250
[  837.358085][T17025]  ? __pfx____ratelimit+0x10/0x10
[  837.358111][T17025]  ? __pfx_dump_stack_lvl+0x10/0x10
[  837.358129][T17025]  ? __pfx__printk+0x10/0x10
[  837.358156][T17025]  ? __pfx___might_resched+0x10/0x10
[  837.358178][T17025]  ? fs_reclaim_acquire+0x7d/0x100
[  837.358205][T17025]  should_fail_ex+0x414/0x560
[  837.358234][T17025]  should_failslab+0xa8/0x100
[  837.358257][T17025]  kmem_cache_alloc_noprof+0x73/0x3c0
[  837.358276][T17025]  ? flock_lock_inode+0x21f/0x1420
[  837.358300][T17025]  flock_lock_inode+0x21f/0x1420
[  837.358327][T17025]  ? __pfx___might_resched+0x10/0x10
[  837.358347][T17025]  ? aa_file_perm+0x40c/0xe70
[  837.358370][T17025]  ? __pfx_flock_lock_inode+0x10/0x10
[  837.358400][T17025]  locks_lock_inode_wait+0x107/0x410
[  837.358421][T17025]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  837.358442][T17025]  ? __fget_files+0x2a/0x420
[  837.358466][T17025]  ? end_current_label_crit_section+0x152/0x180
[  837.358488][T17025]  ? common_file_perm+0x199/0x200
[  837.358512][T17025]  __se_sys_flock+0x467/0x5b0
[  837.358532][T17025]  ? __pfx___se_sys_flock+0x10/0x10
[  837.358573][T17025]  ? __pfx_ksys_write+0x10/0x10
[  837.358590][T17025]  ? rcu_is_watching+0x15/0xb0
[  837.358618][T17025]  ? do_syscall_64+0xbe/0x3b0
[  837.358639][T17025]  do_syscall_64+0xfa/0x3b0
[  837.358655][T17025]  ? lockdep_hardirqs_on+0x9c/0x150
[  837.358678][T17025]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.358695][T17025]  ? clear_bhb_loop+0x60/0xb0
[  837.358724][T17025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.358741][T17025] RIP: 0033:0x7f37edb8eb69
[  837.358757][T17025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  837.358772][T17025] RSP: 002b:00007f37eea3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  837.358790][T17025] RAX: ffffffffffffffda RBX: 00007f37eddb6080 RCX: 00007f37edb8eb69
[  837.358803][T17025] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000009
[  837.358814][T17025] RBP: 00007f37eea3f090 R08: 0000000000000000 R09: 0000000000000000
[  837.358824][T17025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  837.358835][T17025] R13: 0000000000000000 R14: 00007f37eddb6080 R15: 00007f37ededfa28
[  837.358862][T17025]  </TASK>
[  837.951073][T16843] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  838.010753][T16843] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  838.023326][T16843] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  838.047490][T16843] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  838.363670][T17040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3043'.
[  838.805680][T16843] 8021q: adding VLAN 0 to HW filter on device bond0
[  838.852381][T16843] 8021q: adding VLAN 0 to HW filter on device team0
[  838.925786][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.932934][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.942537][T17057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.951847][T17057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.095057][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state
[  839.102187][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state
[  840.183988][T16843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  840.356912][T16843] veth0_vlan: entered promiscuous mode
[  840.369011][T16843] veth1_vlan: entered promiscuous mode
[  840.620822][T16843] veth0_macvtap: entered promiscuous mode
[  840.653777][T16843] veth1_macvtap: entered promiscuous mode
[  840.741022][T16843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  840.809926][T16843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  840.902921][ T1166] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  840.973613][ T1166] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  841.080940][ T1166] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.169769][T17085] fuse: Bad value for 'fd'
[  841.219669][ T1166] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  841.980857][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  841.999733][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.421997][T17109] syzkaller0: entered promiscuous mode
[  842.445310][T17109] syzkaller0: entered allmulticast mode
[  842.522513][T17104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  842.537047][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  842.547684][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.617761][T17113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  842.617941][T17104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  842.680408][T17113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  843.062859][T17126] netlink: 'syz.3.3056': attribute type 12 has an invalid length.
[  843.097696][T17126] netlink: 'syz.3.3056': attribute type 29 has an invalid length.
[  843.105538][T17126] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3056'.
[  843.801440][T17148] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3062'.
[  843.833867][T17153] usb usb8: usbfs: process 17153 (syz.2.3061) did not claim interface 0 before use
[  843.968361][T17142] netlink: 'syz.0.3058': attribute type 5 has an invalid length.
[  844.328846][T17157] fuse: Bad value for 'fd'
[  845.021734][T17167] netlink: 'syz.6.3057': attribute type 27 has an invalid length.
[  845.931049][T17167] bridge0: port 2(bridge_slave_1) entered disabled state
[  845.938307][T17167] bridge0: port 1(bridge_slave_0) entered disabled state
[  845.951019][T17181] netlink: 'syz.4.3065': attribute type 4 has an invalid length.
[  846.016619][T17182] netlink: 'syz.4.3065': attribute type 4 has an invalid length.
[  846.037736][ T5923] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  846.205089][ T5923] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  846.213331][ T5923] usb 4-1: config 0 has no interface number 0
[  846.223644][ T5923] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  846.253085][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.302145][ T5923] usb 4-1: Product: syz
[  846.326720][ T5923] usb 4-1: Manufacturer: syz
[  846.349372][ T5923] usb 4-1: SerialNumber: syz
[  846.372849][ T5923] usb 4-1: config 0 descriptor??
[  846.576375][ T5923] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  846.601050][ T5923] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  846.637514][ T5923] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  846.671281][T17167] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  846.692515][T17167] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  846.720658][ T5923] usb 4-1: media controller created
[  846.883062][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  847.371558][T17167] geneve2: left promiscuous mode
[  847.401188][ T5923] i2c i2c-2: ec100: i2c rd failed=-71 reg=33
[  847.426776][   T13] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  847.446254][   T13] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  847.496383][ T5923] usb 4-1: USB disconnect, device number 5
[  847.782193][   T13] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  847.803417][T17209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  847.812437][T17209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  847.846982][   T13] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  848.133105][T17220] FAULT_INJECTION: forcing a failure.
[  848.133105][T17220] name failslab, interval 1, probability 0, space 0, times 0
[  848.211558][T17220] CPU: 1 UID: 0 PID: 17220 Comm: syz.6.3076 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  848.211582][T17220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  848.211592][T17220] Call Trace:
[  848.211600][T17220]  <TASK>
[  848.211608][T17220]  dump_stack_lvl+0x189/0x250
[  848.211631][T17220]  ? __pfx____ratelimit+0x10/0x10
[  848.211654][T17220]  ? __pfx_dump_stack_lvl+0x10/0x10
[  848.211670][T17220]  ? __pfx__printk+0x10/0x10
[  848.211692][T17220]  ? __pfx___might_resched+0x10/0x10
[  848.211715][T17220]  ? fs_reclaim_acquire+0x7d/0x100
[  848.211742][T17220]  should_fail_ex+0x414/0x560
[  848.211768][T17220]  should_failslab+0xa8/0x100
[  848.211790][T17220]  kmem_cache_alloc_noprof+0x73/0x3c0
[  848.211815][T17220]  ? flock_lock_inode+0x21f/0x1420
[  848.211839][T17220]  flock_lock_inode+0x21f/0x1420
[  848.211865][T17220]  ? __pfx___might_resched+0x10/0x10
[  848.211886][T17220]  ? aa_file_perm+0x40c/0xe70
[  848.211910][T17220]  ? __pfx_flock_lock_inode+0x10/0x10
[  848.211939][T17220]  locks_lock_inode_wait+0x107/0x410
[  848.211961][T17220]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  848.211983][T17220]  ? __fget_files+0x2a/0x420
[  848.212007][T17220]  ? end_current_label_crit_section+0x152/0x180
[  848.212030][T17220]  ? common_file_perm+0x199/0x200
[  848.212054][T17220]  __se_sys_flock+0x467/0x5b0
[  848.212074][T17220]  ? __pfx___se_sys_flock+0x10/0x10
[  848.212121][T17220]  ? do_syscall_64+0xbe/0x3b0
[  848.212140][T17220]  do_syscall_64+0xfa/0x3b0
[  848.212155][T17220]  ? lockdep_hardirqs_on+0x9c/0x150
[  848.212179][T17220]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.212195][T17220]  ? clear_bhb_loop+0x60/0xb0
[  848.212213][T17220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.212227][T17220] RIP: 0033:0x7f0a58f8eb69
[  848.212242][T17220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  848.212256][T17220] RSP: 002b:00007f0a59e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  848.212273][T17220] RAX: ffffffffffffffda RBX: 00007f0a591b6080 RCX: 00007f0a58f8eb69
[  848.212285][T17220] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000009
[  848.212295][T17220] RBP: 00007f0a59e5d090 R08: 0000000000000000 R09: 0000000000000000
[  848.212305][T17220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.212314][T17220] R13: 0000000000000000 R14: 00007f0a591b6080 R15: 00007f0a592dfa28
[  848.212338][T17220]  </TASK>
[  848.739886][T17237] 8021q: adding VLAN 0 to HW filter on device batadv1
[  848.752394][T17237] team0: Port device batadv1 added
[  848.945874][T17245] hub 9-0:1.0: USB hub found
[  849.004340][T17245] hub 9-0:1.0: 1 port detected
[  849.752796][T17257] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3087'.
[  850.258022][   T30] audit: type=1326 audit(1754040309.522:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17264 comm="syz.0.3089" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe69798eb69 code=0x0
[  850.279810][    C0] vkms_vblank_simulate: vblank timer overrun
[  850.735371][T17281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  850.798393][T17281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  851.661825][T17304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  851.735349][T17304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  851.847732][ T5843] Bluetooth: hci3: command 0x0406 tx timeout
[  852.226066][T17317] FAULT_INJECTION: forcing a failure.
[  852.226066][T17317] name failslab, interval 1, probability 0, space 0, times 0
[  852.244608][T17317] CPU: 0 UID: 0 PID: 17317 Comm: syz.3.3102 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  852.244633][T17317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  852.244644][T17317] Call Trace:
[  852.244652][T17317]  <TASK>
[  852.244660][T17317]  dump_stack_lvl+0x189/0x250
[  852.244683][T17317]  ? __pfx____ratelimit+0x10/0x10
[  852.244707][T17317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  852.244724][T17317]  ? __pfx__printk+0x10/0x10
[  852.244751][T17317]  ? __pfx___might_resched+0x10/0x10
[  852.244779][T17317]  should_fail_ex+0x414/0x560
[  852.244807][T17317]  should_failslab+0xa8/0x100
[  852.244831][T17317]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  852.244852][T17317]  ? __alloc_skb+0x112/0x2d0
[  852.244874][T17317]  __alloc_skb+0x112/0x2d0
[  852.244896][T17317]  netlink_sendmsg+0x5c6/0xb30
[  852.244923][T17317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.244944][T17317]  ? aa_sock_msg_perm+0x94/0x160
[  852.244965][T17317]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  852.244982][T17317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.245000][T17317]  __sock_sendmsg+0x21c/0x270
[  852.245026][T17317]  ____sys_sendmsg+0x505/0x830
[  852.245051][T17317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  852.245080][T17317]  ? import_iovec+0x74/0xa0
[  852.245104][T17317]  ___sys_sendmsg+0x21f/0x2a0
[  852.245127][T17317]  ? __pfx____sys_sendmsg+0x10/0x10
[  852.245190][T17317]  ? __fget_files+0x2a/0x420
[  852.245211][T17317]  ? __fget_files+0x3a0/0x420
[  852.245242][T17317]  __x64_sys_sendmsg+0x19b/0x260
[  852.245265][T17317]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  852.245295][T17317]  ? __pfx_ksys_write+0x10/0x10
[  852.245312][T17317]  ? rcu_is_watching+0x15/0xb0
[  852.245340][T17317]  ? do_syscall_64+0xbe/0x3b0
[  852.245361][T17317]  do_syscall_64+0xfa/0x3b0
[  852.245376][T17317]  ? lockdep_hardirqs_on+0x9c/0x150
[  852.245400][T17317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.245419][T17317]  ? clear_bhb_loop+0x60/0xb0
[  852.245446][T17317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.245462][T17317] RIP: 0033:0x7f7e9258eb69
[  852.245478][T17317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  852.245494][T17317] RSP: 002b:00007f7e93352038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  852.245514][T17317] RAX: ffffffffffffffda RBX: 00007f7e927b5fa0 RCX: 00007f7e9258eb69
[  852.245527][T17317] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  852.245538][T17317] RBP: 00007f7e93352090 R08: 0000000000000000 R09: 0000000000000000
[  852.245550][T17317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  852.245561][T17317] R13: 0000000000000000 R14: 00007f7e927b5fa0 R15: 00007f7e928dfa28
[  852.245589][T17317]  </TASK>
[  852.513692][    C0] vkms_vblank_simulate: vblank timer overrun
[  852.950734][T17330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  852.960826][T17330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  854.673008][T17354] FAULT_INJECTION: forcing a failure.
[  854.673008][T17354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  854.689382][T17354] CPU: 0 UID: 0 PID: 17354 Comm: syz.4.3115 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  854.689407][T17354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  854.689419][T17354] Call Trace:
[  854.689426][T17354]  <TASK>
[  854.689432][T17354]  dump_stack_lvl+0x189/0x250
[  854.689446][T17354]  ? __pfx____ratelimit+0x10/0x10
[  854.689462][T17354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  854.689473][T17354]  ? __pfx__printk+0x10/0x10
[  854.689485][T17354]  ? __might_fault+0xb0/0x130
[  854.689503][T17354]  should_fail_ex+0x414/0x560
[  854.689520][T17354]  _copy_from_user+0x2d/0xb0
[  854.689533][T17354]  do_sock_getsockopt+0x17d/0x450
[  854.689547][T17354]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  854.689558][T17354]  ? do_syscall_64+0x20/0x3b0
[  854.689567][T17354]  ? __fget_files+0x3a0/0x420
[  854.689580][T17354]  ? __fget_files+0x2a/0x420
[  854.689596][T17354]  __x64_sys_getsockopt+0x1a5/0x250
[  854.689606][T17354]  ? do_syscall_64+0x20/0x3b0
[  854.689616][T17354]  ? do_syscall_64+0x20/0x3b0
[  854.689628][T17354]  do_syscall_64+0xfa/0x3b0
[  854.689636][T17354]  ? lockdep_hardirqs_on+0x9c/0x150
[  854.689652][T17354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.689661][T17354]  ? clear_bhb_loop+0x60/0xb0
[  854.689673][T17354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.689682][T17354] RIP: 0033:0x7f37edb8eb69
[  854.689692][T17354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  854.689701][T17354] RSP: 002b:00007f37eea60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  854.689713][T17354] RAX: ffffffffffffffda RBX: 00007f37eddb5fa0 RCX: 00007f37edb8eb69
[  854.689720][T17354] RDX: 000000000000271b RSI: 0000200000000114 RDI: 0000000000000003
[  854.689727][T17354] RBP: 00007f37eea60090 R08: 0000200000000000 R09: 0000000000000000
[  854.689733][T17354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  854.689739][T17354] R13: 0000000000000000 R14: 00007f37eddb5fa0 R15: 00007f37ededfa28
[  854.689754][T17354]  </TASK>
[  854.899012][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.013725][T17358] netlink: 'syz.0.3118': attribute type 10 has an invalid length.
[  855.640023][T17370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  855.705862][T17370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  855.947673][ T5923] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  856.097657][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  856.109301][ T5923] usb 4-1: config 7 has no interfaces?
[  856.168078][ T5923] usb 4-1: New USB device found, idVendor=06e1, idProduct=a333, bcdDevice=3e.de
[  856.177156][ T5923] usb 4-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[  856.253812][ T5923] usb 4-1: Product: syz
[  856.301806][ T5923] usb 4-1: Manufacturer: syz
[  856.320221][ T5923] usb 4-1: SerialNumber: syz
[  856.560701][   T10] usb 4-1: USB disconnect, device number 6
[  856.882733][T17388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  856.912031][T17388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  857.296388][T17393] netlink: 'syz.6.3124': attribute type 4 has an invalid length.
[  857.320558][T17393] netlink: 'syz.6.3124': attribute type 4 has an invalid length.
[  857.427874][T13540] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  857.607735][T13540] usb 4-1: Using ep0 maxpacket: 32
[  857.620664][T13540] usb 4-1: config 120 has no interfaces?
[  857.638529][T13540] usb 4-1: New USB device found, idVendor=2040, idProduct=5510, bcdDevice=9e.35
[  857.840052][T17395] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3128'.
[  857.849127][T17395] netlink: 660 bytes leftover after parsing attributes in process `syz.2.3128'.
[  857.905718][T13540] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.931541][T13540] usb 4-1: Product: syz
[  857.944175][T13540] usb 4-1: Manufacturer: ã �
[  857.955678][T13540] usb 4-1: SerialNumber: syz
[  858.191523][T13540] usb 4-1: USB disconnect, device number 7
[  858.804033][T17409] FAULT_INJECTION: forcing a failure.
[  858.804033][T17409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  858.891986][T17409] CPU: 0 UID: 0 PID: 17409 Comm: syz.3.3134 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  858.892013][T17409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  858.892023][T17409] Call Trace:
[  858.892031][T17409]  <TASK>
[  858.892040][T17409]  dump_stack_lvl+0x189/0x250
[  858.892064][T17409]  ? __pfx____ratelimit+0x10/0x10
[  858.892090][T17409]  ? __pfx_dump_stack_lvl+0x10/0x10
[  858.892108][T17409]  ? __pfx__printk+0x10/0x10
[  858.892142][T17409]  should_fail_ex+0x414/0x560
[  858.892171][T17409]  _copy_to_user+0x31/0xb0
[  858.892194][T17409]  simple_read_from_buffer+0xe1/0x170
[  858.892221][T17409]  proc_fail_nth_read+0x1b3/0x220
[  858.892241][T17409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  858.892261][T17409]  ? rw_verify_area+0x2a6/0x4d0
[  858.892279][T17409]  ? __lock_acquire+0xab9/0xd20
[  858.892299][T17409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  858.892317][T17409]  vfs_read+0x200/0x980
[  858.892335][T17409]  ? fdget_pos+0x247/0x320
[  858.892361][T17409]  ? __pfx___mutex_lock+0x10/0x10
[  858.892379][T17409]  ? __pfx_vfs_read+0x10/0x10
[  858.892401][T17409]  ? __fget_files+0x2a/0x420
[  858.892427][T17409]  ? __fget_files+0x3a0/0x420
[  858.892448][T17409]  ? __fget_files+0x2a/0x420
[  858.892478][T17409]  ksys_read+0x145/0x250
[  858.892499][T17409]  ? __pfx_ksys_read+0x10/0x10
[  858.892515][T17409]  ? fput+0xa0/0xd0
[  858.892542][T17409]  ? do_syscall_64+0xbe/0x3b0
[  858.892563][T17409]  do_syscall_64+0xfa/0x3b0
[  858.892587][T17409]  ? lockdep_hardirqs_on+0x9c/0x150
[  858.892611][T17409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.892628][T17409]  ? clear_bhb_loop+0x60/0xb0
[  858.892649][T17409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.892665][T17409] RIP: 0033:0x7f7e9258d57c
[  858.892681][T17409] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  858.892696][T17409] RSP: 002b:00007f7e93352030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  858.892716][T17409] RAX: ffffffffffffffda RBX: 00007f7e927b5fa0 RCX: 00007f7e9258d57c
[  858.892730][T17409] RDX: 000000000000000f RSI: 00007f7e933520a0 RDI: 0000000000000004
[  858.892741][T17409] RBP: 00007f7e93352090 R08: 0000000000000000 R09: 0000000000000000
[  858.892753][T17409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  858.892763][T17409] R13: 0000000000000000 R14: 00007f7e927b5fa0 R15: 00007f7e928dfa28
[  858.892792][T17409]  </TASK>
[  859.635393][T17414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  859.655779][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  859.666116][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  859.675488][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  859.683539][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  859.692563][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  859.693375][T17414] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  859.707669][  T850] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  859.876809][  T850] usb 4-1: Using ep0 maxpacket: 32
[  859.906181][  T850] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x6 has invalid maxpacket 33280, setting to 1024
[  859.930781][   T30] audit: type=1326 audit(1754040319.202:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  859.957639][  T850] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 1024
[  860.006042][  T850] usb 4-1: config 0 interface 0 has no altsetting 0
[  860.031758][   T30] audit: type=1326 audit(1754040319.202:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.057835][   T30] audit: type=1326 audit(1754040319.202:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.080866][  T850] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  860.082609][   T30] audit: type=1326 audit(1754040319.202:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.137635][  T850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.144108][   T30] audit: type=1326 audit(1754040319.202:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.167955][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.177276][  T850] usb 4-1: Product: syz
[  860.188268][  T850] usb 4-1: Manufacturer: syz
[  860.193371][  T850] usb 4-1: SerialNumber: syz
[  860.209381][   T30] audit: type=1326 audit(1754040319.202:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.232748][   T30] audit: type=1326 audit(1754040319.202:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.265890][   T30] audit: type=1326 audit(1754040319.202:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.289487][  T850] usb 4-1: config 0 descriptor??
[  860.427005][   T30] audit: type=1326 audit(1754040319.202:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.556898][   T30] audit: type=1326 audit(1754040319.202:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17421 comm="syz.2.3140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0053b8eb69 code=0x7ffc0000
[  860.586355][T17440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3136'.
[  860.622332][   T43] usb 1-1: USB disconnect, device number 72
[  860.637419][T17440] netlink: ct family unspecified
[  860.707702][T17440] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  861.004221][  T850] gs_usb 4-1:0.0: Couldn't get device config: (err=-121)
[  861.012957][  T850] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -121
[  861.235164][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  861.264622][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  861.298444][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  861.389816][T17420] chnl_net:caif_netlink_parms(): no params data found
[  861.524794][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  861.563304][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  861.602340][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  861.713873][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  861.750050][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  861.768839][T12872] Bluetooth: hci5: command tx timeout
[  861.795510][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  861.981346][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  862.020710][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.043444][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  862.260375][T17420] bridge0: port 1(bridge_slave_0) entered blocking state
[  862.260437][T17420] bridge0: port 1(bridge_slave_0) entered disabled state
[  862.260562][T17420] bridge_slave_0: entered allmulticast mode
[  862.262595][T17420] bridge_slave_0: entered promiscuous mode
[  862.279759][T17420] bridge0: port 2(bridge_slave_1) entered blocking state
[  862.279883][T17420] bridge0: port 2(bridge_slave_1) entered disabled state
[  862.280034][T17420] bridge_slave_1: entered allmulticast mode
[  862.282654][T17420] bridge_slave_1: entered promiscuous mode
[  862.483187][T17420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  862.514204][T17420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  862.540208][T13540] usb 4-1: USB disconnect, device number 8
[  862.559381][T17470] bridge0: port 2(bridge_slave_1) entered disabled state
[  862.587633][T17470] bridge0: port 2(bridge_slave_1) entered disabled state
[  862.669361][T17481] =======================================================
[  862.669361][T17481] WARNING: The mand mount option has been deprecated and
[  862.669361][T17481]          and is ignored by this kernel. Remove the mand
[  862.669361][T17481]          option from the mount to silence this warning.
[  862.669361][T17481] =======================================================
[  862.704289][    C1] vkms_vblank_simulate: vblank timer overrun
[  862.714802][T17481] fuse: blksize only supported for fuseblk
[  862.881968][T17420] team0: Port device team_slave_0 added
[  862.904574][T17420] team0: Port device team_slave_1 added
[  863.092994][   T12] bridge_slave_1: left allmulticast mode
[  863.099043][   T12] bridge_slave_1: left promiscuous mode
[  863.104862][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.141858][   T12] bridge_slave_0: left allmulticast mode
[  863.153235][   T12] bridge_slave_0: left promiscuous mode
[  863.160652][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.416784][T17506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  863.437752][T17506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  863.646774][   T12] bond2 (unregistering): (slave geneve2): Releasing active interface
[  863.848072][T12872] Bluetooth: hci5: command tx timeout
[  864.264666][T17524] ptrace attach of "./syz-executor exec"[16296] was attempted by "./syz-executor exec"[17524]
[  864.338118][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  864.353968][   T12] bond_slave_0: left allmulticast mode
[  864.370148][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  864.385862][   T12] bond_slave_1: left allmulticast mode
[  864.395383][   T12] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  864.406154][   T12] dummy0: left allmulticast mode
[  864.413654][   T12] bond0 (unregistering): Released all slaves
[  864.574077][   T12] bond1 (unregistering): Released all slaves
[  864.589304][   T12] bond2 (unregistering): Released all slaves
[  864.605249][   T12] bond3 (unregistering): Released all slaves
[  864.624584][T17420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  864.632352][T17420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.659737][T17420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  864.679037][T17420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  864.687299][T17420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.713505][T17420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  864.953021][T17420] hsr_slave_0: entered promiscuous mode
[  864.961554][T17420] hsr_slave_1: entered promiscuous mode
[  864.968990][T17420] debugfs: 'hsr0' already exists in 'hsr'
[  864.974785][T17420] Cannot create hsr debugfs directory
[  864.991317][T17526] netlink: 'syz.3.3166': attribute type 10 has an invalid length.
[  865.072638][T17526] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  865.076415][T17529] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3167'.
[  865.090807][T17529] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  865.098810][T17529] IPv6: NLM_F_CREATE should be set when creating new route
[  865.180655][T17529] veth3: entered promiscuous mode
[  865.195555][   T12] hsr_slave_0: left promiscuous mode
[  865.214986][   T12] hsr_slave_1: left promiscuous mode
[  865.259176][   T12] veth1_macvtap: left promiscuous mode
[  865.279779][   T12] veth0_macvtap: left promiscuous mode
[  865.802362][   T12] team0 (unregistering): Port device team_slave_1 removed
[  865.871825][   T12] team0 (unregistering): Port device team_slave_0 removed
[  865.931839][T12872] Bluetooth: hci5: command tx timeout
[  866.382914][T17556] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3176'.
[  866.758991][T17563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  866.800034][T17563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  866.887215][T17563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  866.902549][T17563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  866.928710][T17563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  866.944216][T17563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  868.014348][T12872] Bluetooth: hci5: command tx timeout
[  868.737969][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  868.737983][   T30] audit: type=1800 audit(1754040327.912:556): pid=17599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3182" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  868.764445][    C1] vkms_vblank_simulate: vblank timer overrun
[  870.255954][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  870.262493][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  870.368149][T17420] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  870.412442][T17420] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  870.465774][T17420] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  870.498735][T17420] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  870.566361][T17622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  870.698414][T17622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  870.733762][T17622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  870.768715][T17622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  870.841804][T17622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  870.889437][T17622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  870.907991][T17420] 8021q: adding VLAN 0 to HW filter on device bond0
[  870.966964][T17420] 8021q: adding VLAN 0 to HW filter on device team0
[  871.013261][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state
[  871.020499][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state
[  871.089813][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state
[  871.096984][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state
[  871.411497][T17420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  871.573462][T17420] veth0_vlan: entered promiscuous mode
[  871.632598][T17420] veth1_vlan: entered promiscuous mode
[  871.726195][T17420] veth0_macvtap: entered promiscuous mode
[  871.756242][T17420] veth1_macvtap: entered promiscuous mode
[  871.781972][T17649] syz.2.3193: attempt to access beyond end of device
[  871.781972][T17649] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  871.846050][T17420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  871.942870][T17420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  872.042312][ T1166] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  872.066578][ T1166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  872.109053][T17657] netlink: 'syz.3.3196': attribute type 10 has an invalid length.
[  872.127133][ T1166] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  872.166496][ T1166] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  872.435873][T17663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3198'.
[  872.545653][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.557203][T17663] netlink: 660 bytes leftover after parsing attributes in process `syz.3.3198'.
[  872.572230][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.673599][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.695310][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.964489][T17677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  873.172854][T17677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  873.267760][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  873.723589][   T10] usb 4-1: no configurations
[  873.730321][   T10] usb 4-1: can't read configurations, error -22
[  873.868270][   T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  874.043894][T17697] FAULT_INJECTION: forcing a failure.
[  874.043894][T17697] name failslab, interval 1, probability 0, space 0, times 0
[  874.061889][T17697] CPU: 1 UID: 0 PID: 17697 Comm: syz.0.3205 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  874.061914][T17697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  874.061925][T17697] Call Trace:
[  874.061933][T17697]  <TASK>
[  874.061941][T17697]  dump_stack_lvl+0x189/0x250
[  874.061964][T17697]  ? __pfx____ratelimit+0x10/0x10
[  874.061988][T17697]  ? __pfx_dump_stack_lvl+0x10/0x10
[  874.062006][T17697]  ? __pfx__printk+0x10/0x10
[  874.062024][   T10] usb 4-1: no configurations
[  874.062030][T17697]  ? __pfx___might_resched+0x10/0x10
[  874.062051][T17697]  ? fs_reclaim_acquire+0x7d/0x100
[  874.062074][T17697]  should_fail_ex+0x414/0x560
[  874.062099][T17697]  ? alloc_netdev_mqs+0xa3/0x1170
[  874.062131][T17697]  should_failslab+0xa8/0x100
[  874.062154][T17697]  __kvmalloc_node_noprof+0x161/0x5f0
[  874.062175][T17697]  ? alloc_netdev_mqs+0xa3/0x1170
[  874.062193][T17697]  ? snprintf+0xda/0x120
[  874.062217][T17697]  alloc_netdev_mqs+0xa3/0x1170
[  874.062237][T17697]  ? __pfx_geneve_setup+0x10/0x10
[  874.062262][T17697]  rtnl_create_link+0x31f/0xd10
[  874.062291][T17697]  rtnl_newlink_create+0x25c/0xb00
[  874.062313][T17697]  ? __pfx_aa_get_newest_label+0x10/0x10
[  874.062332][T17697]  ? __pfx_aa_get_newest_label+0x10/0x10
[  874.062355][T17697]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  874.062381][T17697]  ? __pfx___mutex_lock+0x10/0x10
[  874.062408][T17697]  ? ns_capable+0x8a/0xf0
[  874.062434][T17697]  rtnl_newlink+0x16d6/0x1c70
[  874.062453][T17697]  ? netlink_sendmsg+0x805/0xb30
[  874.062486][T17697]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.062525][T17697]  ? kasan_quarantine_put+0xdd/0x220
[  874.062542][T17697]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.062569][T17697]  ? nlmon_xmit+0xb0/0x100
[  874.062584][T17697]  ? kmem_cache_free+0x18f/0x400
[  874.062610][T17697]  ? __local_bh_enable_ip+0x12d/0x1c0
[  874.062632][T17697]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.062657][T17697]  ? __local_bh_enable_ip+0x12d/0x1c0
[  874.062679][T17697]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  874.062705][T17697]  ? __dev_queue_xmit+0x27b/0x3b50
[  874.062737][T17697]  ? __lock_acquire+0xab9/0xd20
[  874.062783][T17697]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.062798][T17697]  rtnetlink_rcv_msg+0x7cc/0xb70
[  874.062819][T17697]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  874.062834][T17697]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.062849][T17697]  ? ref_tracker_free+0x63a/0x7d0
[  874.062872][T17697]  ? __asan_memcpy+0x40/0x70
[  874.062888][T17697]  ? __pfx_ref_tracker_free+0x10/0x10
[  874.062907][T17697]  ? __skb_clone+0x63/0x7a0
[  874.062936][T17697]  netlink_rcv_skb+0x205/0x470
[  874.062954][T17697]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.062972][T17697]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.063000][T17697]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.063024][T17697]  netlink_unicast+0x82c/0x9e0
[  874.063056][T17697]  ? __pfx_netlink_unicast+0x10/0x10
[  874.063080][T17697]  ? netlink_sendmsg+0x642/0xb30
[  874.063095][T17697]  ? skb_put+0x11b/0x210
[  874.063121][T17697]  netlink_sendmsg+0x805/0xb30
[  874.063147][T17697]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.063168][T17697]  ? aa_sock_msg_perm+0x94/0x160
[  874.063187][T17697]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  874.063203][T17697]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.063220][T17697]  __sock_sendmsg+0x21c/0x270
[  874.063246][T17697]  ____sys_sendmsg+0x505/0x830
[  874.063271][T17697]  ? __pfx_____sys_sendmsg+0x10/0x10
[  874.063299][T17697]  ? import_iovec+0x74/0xa0
[  874.063322][T17697]  ___sys_sendmsg+0x21f/0x2a0
[  874.063344][T17697]  ? __pfx____sys_sendmsg+0x10/0x10
[  874.063397][T17697]  ? __fget_files+0x2a/0x420
[  874.063416][T17697]  ? __fget_files+0x3a0/0x420
[  874.063447][T17697]  __x64_sys_sendmsg+0x19b/0x260
[  874.063474][T17697]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  874.063502][T17697]  ? __pfx_ksys_write+0x10/0x10
[  874.063518][T17697]  ? rcu_is_watching+0x15/0xb0
[  874.063547][T17697]  ? do_syscall_64+0xbe/0x3b0
[  874.063567][T17697]  do_syscall_64+0xfa/0x3b0
[  874.063588][T17697]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.063610][T17697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.063627][T17697]  ? clear_bhb_loop+0x60/0xb0
[  874.063647][T17697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.063663][T17697] RIP: 0033:0x7f8aedd8eb69
[  874.063677][T17697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.063691][T17697] RSP: 002b:00007f8aeeb94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  874.063710][T17697] RAX: ffffffffffffffda RBX: 00007f8aedfb5fa0 RCX: 00007f8aedd8eb69
[  874.063729][T17697] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  874.063740][T17697] RBP: 00007f8aeeb94090 R08: 0000000000000000 R09: 0000000000000000
[  874.063750][T17697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.063761][T17697] R13: 0000000000000000 R14: 00007f8aedfb5fa0 R15: 00007f8aee0dfa28
[  874.063788][T17697]  </TASK>
[  875.270998][   T10] usb 4-1: can't read configurations, error -22
[  875.283006][   T10] usb usb4-port1: attempt power cycle
[  875.350486][  T850] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  875.521570][  T850] usb 1-1: unable to read config index 0 descriptor/start: -61
[  875.529529][  T850] usb 1-1: can't read configurations, error -61
[  875.648006][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  875.657892][  T850] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  875.867652][  T850] usb 1-1: unable to read config index 0 descriptor/start: -61
[  875.875441][  T850] usb 1-1: can't read configurations, error -61
[  875.884755][  T850] usb usb1-port1: attempt power cycle
[  875.945363][T17717] netlink: 'syz.6.3210': attribute type 10 has an invalid length.
[  876.064910][   T10] usb 4-1: device descriptor read/8, error -71
[  876.257953][  T850] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  876.290924][  T850] usb 1-1: unable to read config index 0 descriptor/start: -61
[  876.299057][  T850] usb 1-1: can't read configurations, error -61
[  876.517653][  T850] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  876.611915][  T850] usb 1-1: unable to read config index 0 descriptor/start: -61
[  876.629428][  T850] usb 1-1: can't read configurations, error -61
[  876.652495][  T850] usb usb1-port1: unable to enumerate USB device
[  876.864858][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  876.891355][   T30] audit: type=1800 audit(1754040336.162:557): pid=17748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3217" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  876.936082][T17749] usb usb8: usbfs: process 17749 (syz.2.3216) did not claim interface 0 before use
[  877.024162][   T30] audit: type=1400 audit(1754040336.202:558): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=17739 comm="syz.2.3216"
[  877.921137][   T10] usb 4-1: Using ep0 maxpacket: 8
[  877.943068][   T10] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[  877.977799][   T10] usb 4-1: config 2 has no interface number 0
[  877.997662][   T10] usb 4-1: config 2 interface 31 has no altsetting 0
[  878.053382][   T10] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  878.095720][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.477677][   T10] usb 4-1: Product: syz
[  878.482023][   T10] usb 4-1: Manufacturer: syz
[  878.507627][   T10] usb 4-1: SerialNumber: syz
[  880.093630][   T10] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[  880.653458][T17802] tun0: tun_chr_ioctl cmd 1074025675
[  880.673885][T17802] tun0: persist enabled
[  880.686645][T17802] tun0: tun_chr_ioctl cmd 1074025675
[  880.752279][T17802] tun0: persist enabled
[  880.763144][T17806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  880.801200][T17806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  880.877697][   T43] usb 4-1: USB disconnect, device number 12
[  881.874064][T17806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  881.910039][T17806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  882.024864][T17805] delete_channel: no stack
[  882.311417][T17829] netlink: 'syz.3.3236': attribute type 4 has an invalid length.
[  882.341166][T17829] netlink: 'syz.3.3236': attribute type 4 has an invalid length.
[  883.406867][T17846] netlink: 148 bytes leftover after parsing attributes in process `syz.4.3244'.
[  883.887984][T17859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3248'.
[  883.897015][T17859] netlink: 660 bytes leftover after parsing attributes in process `syz.4.3248'.
[  884.163663][T17864] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  884.208781][T13540] IPVS: starting estimator thread 0...
[  884.307865][T17865] IPVS: using max 50 ests per chain, 120000 per kthread
[  884.432315][T17871] batman_adv: batadv0: Adding interface: dummy0
[  884.519249][T17871] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  884.634197][T17871] batman_adv: batadv0: Interface activated: dummy0
[  884.741309][T17871] batadv0: mtu less than device minimum
[  884.758336][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.761104][T17876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  884.770851][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.789061][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.800337][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.811478][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.823412][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.834549][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.845657][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  884.856765][T17871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  885.132526][T17876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  885.177313][T17871] program syz.0.3251 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  885.704369][T17882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3255'.
[  885.992227][T17889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3257'.
[  886.027842][T17889] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3257'.
[  886.040604][T17890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3256'.
[  886.111215][T17889] netlink: 'syz.4.3257': attribute type 6 has an invalid length.
[  888.320461][T17922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  888.426745][T17922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  888.453787][T17927] netlink: 'syz.4.3264': attribute type 4 has an invalid length.
[  888.479773][T17926] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3267'.
[  888.516929][T17929] netlink: 'syz.4.3264': attribute type 4 has an invalid length.
[  889.446067][   T30] audit: type=1800 audit(1754040348.712:559): pid=17945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3272" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  889.662822][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  889.919423][    T9] usb 4-1: Using ep0 maxpacket: 16
[  891.122396][T17972] fuse: Bad value for 'fd'
[  892.285158][T17994] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3283'.
[  892.558233][T17999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  892.612274][T17999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  893.004544][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  893.013229][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[  893.041502][    T9] usb 4-1: can't read configurations, error -71
[  893.113245][T18009] FAULT_INJECTION: forcing a failure.
[  893.113245][T18009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  893.231478][T18009] CPU: 1 UID: 0 PID: 18009 Comm: syz.0.3289 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  893.231502][T18009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  893.231512][T18009] Call Trace:
[  893.231519][T18009]  <TASK>
[  893.231527][T18009]  dump_stack_lvl+0x189/0x250
[  893.231558][T18009]  ? __pfx____ratelimit+0x10/0x10
[  893.231581][T18009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  893.231597][T18009]  ? __pfx__printk+0x10/0x10
[  893.231617][T18009]  ? __might_fault+0xb0/0x130
[  893.231645][T18009]  should_fail_ex+0x414/0x560
[  893.231670][T18009]  _copy_from_user+0x2d/0xb0
[  893.231691][T18009]  get_sg_io_hdr+0xe2/0x820
[  893.231709][T18009]  ? _raw_write_unlock_irqrestore+0x85/0x110
[  893.231734][T18009]  ? lockdep_hardirqs_on+0x9c/0x150
[  893.231759][T18009]  ? __pfx_get_sg_io_hdr+0x10/0x10
[  893.231785][T18009]  ? sg_add_request+0x62e/0x690
[  893.231806][T18009]  sg_new_write+0x139/0x7b0
[  893.231826][T18009]  ? __pfx___might_resched+0x10/0x10
[  893.231851][T18009]  ? __pfx_sg_new_write+0x10/0x10
[  893.231896][T18009]  ? __lock_acquire+0xab9/0xd20
[  893.231919][T18009]  sg_ioctl+0x11af/0x2230
[  893.231945][T18009]  ? __pfx_sg_ioctl+0x10/0x10
[  893.231963][T18009]  ? __fget_files+0x2a/0x420
[  893.231987][T18009]  ? __fget_files+0x2a/0x420
[  893.232004][T18009]  ? __fget_files+0x3a0/0x420
[  893.232022][T18009]  ? __fget_files+0x2a/0x420
[  893.232044][T18009]  ? bpf_lsm_file_ioctl+0x9/0x20
[  893.232062][T18009]  ? __pfx_sg_ioctl+0x10/0x10
[  893.232078][T18009]  __se_sys_ioctl+0xfc/0x170
[  893.232098][T18009]  do_syscall_64+0xfa/0x3b0
[  893.232114][T18009]  ? lockdep_hardirqs_on+0x9c/0x150
[  893.232138][T18009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.232156][T18009]  ? clear_bhb_loop+0x60/0xb0
[  893.232176][T18009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.232193][T18009] RIP: 0033:0x7f8aedd8eb69
[  893.232209][T18009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  893.232224][T18009] RSP: 002b:00007f8aeeb94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  893.232243][T18009] RAX: ffffffffffffffda RBX: 00007f8aedfb5fa0 RCX: 00007f8aedd8eb69
[  893.232256][T18009] RDX: 00002000000003c0 RSI: 0000000000002285 RDI: 0000000000000003
[  893.232268][T18009] RBP: 00007f8aeeb94090 R08: 0000000000000000 R09: 0000000000000000
[  893.232280][T18009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  893.232290][T18009] R13: 0000000000000000 R14: 00007f8aedfb5fa0 R15: 00007f8aee0dfa28
[  893.232315][T18009]  </TASK>
[  893.956994][T18026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3295'.
[  894.508497][T18037] netlink: 'syz.6.3293': attribute type 4 has an invalid length.
[  894.657438][T18031] binder: 18017:18031 ioctl c018620b 200000000000 returned -14
[  894.722872][T18040] netlink: 'syz.6.3293': attribute type 4 has an invalid length.
[  895.886714][T18060] ptrace attach of "./syz-executor exec"[16843] was attempted by "./syz-executor exec"[18060]
[  895.900564][T18060] dns_resolver: Unsupported server list version (0)
[  895.957249][T18061] syz.2.3304: attempt to access beyond end of device
[  895.957249][T18061] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  897.695952][T18092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  897.704785][T18092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  898.402399][T18110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  898.402862][T18110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  898.807131][T18118] FAULT_INJECTION: forcing a failure.
[  898.807131][T18118] name failslab, interval 1, probability 0, space 0, times 0
[  898.821112][T18118] CPU: 0 UID: 0 PID: 18118 Comm: syz.6.3321 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  898.821135][T18118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  898.821146][T18118] Call Trace:
[  898.821153][T18118]  <TASK>
[  898.821161][T18118]  dump_stack_lvl+0x189/0x250
[  898.821185][T18118]  ? __pfx____ratelimit+0x10/0x10
[  898.821210][T18118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  898.821227][T18118]  ? __pfx__printk+0x10/0x10
[  898.821252][T18118]  ? __pfx___might_resched+0x10/0x10
[  898.821275][T18118]  ? fs_reclaim_acquire+0x7d/0x100
[  898.821302][T18118]  should_fail_ex+0x414/0x560
[  898.821329][T18118]  should_failslab+0xa8/0x100
[  898.821352][T18118]  kmem_cache_alloc_noprof+0x73/0x3c0
[  898.821371][T18118]  ? flock_lock_inode+0x21f/0x1420
[  898.821395][T18118]  flock_lock_inode+0x21f/0x1420
[  898.821420][T18118]  ? __pfx___might_resched+0x10/0x10
[  898.821441][T18118]  ? aa_file_perm+0x40c/0xe70
[  898.821463][T18118]  ? __pfx_flock_lock_inode+0x10/0x10
[  898.821492][T18118]  locks_lock_inode_wait+0x107/0x410
[  898.821513][T18118]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  898.821534][T18118]  ? __fget_files+0x2a/0x420
[  898.821557][T18118]  ? end_current_label_crit_section+0x152/0x180
[  898.821578][T18118]  ? common_file_perm+0x199/0x200
[  898.821604][T18118]  __se_sys_flock+0x467/0x5b0
[  898.821624][T18118]  ? __pfx___se_sys_flock+0x10/0x10
[  898.821666][T18118]  ? rcu_is_watching+0x15/0xb0
[  898.821694][T18118]  ? do_syscall_64+0xbe/0x3b0
[  898.821714][T18118]  do_syscall_64+0xfa/0x3b0
[  898.821729][T18118]  ? lockdep_hardirqs_on+0x9c/0x150
[  898.821752][T18118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  898.821776][T18118]  ? clear_bhb_loop+0x60/0xb0
[  898.821796][T18118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  898.821813][T18118] RIP: 0033:0x7f0a58f8eb69
[  898.821828][T18118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  898.821842][T18118] RSP: 002b:00007f0a59e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  898.821860][T18118] RAX: ffffffffffffffda RBX: 00007f0a591b6080 RCX: 00007f0a58f8eb69
[  898.821872][T18118] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a
[  898.821882][T18118] RBP: 00007f0a59e5d090 R08: 0000000000000000 R09: 0000000000000000
[  898.821893][T18118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  898.821902][T18118] R13: 0000000000000000 R14: 00007f0a591b6080 R15: 00007f0a592dfa28
[  898.821929][T18118]  </TASK>
[  899.072814][    C0] vkms_vblank_simulate: vblank timer overrun
[  899.371017][T18122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3322'.
[  899.506227][T18130] FAULT_INJECTION: forcing a failure.
[  899.506227][T18130] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  899.619859][T18130] CPU: 1 UID: 0 PID: 18130 Comm: syz.6.3324 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  899.619883][T18130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  899.619894][T18130] Call Trace:
[  899.619900][T18130]  <TASK>
[  899.619908][T18130]  dump_stack_lvl+0x189/0x250
[  899.619931][T18130]  ? __pfx____ratelimit+0x10/0x10
[  899.619962][T18130]  ? __pfx_dump_stack_lvl+0x10/0x10
[  899.619981][T18130]  ? __pfx__printk+0x10/0x10
[  899.620013][T18130]  should_fail_ex+0x414/0x560
[  899.620040][T18130]  _copy_to_user+0x31/0xb0
[  899.620064][T18130]  simple_read_from_buffer+0xe1/0x170
[  899.620090][T18130]  proc_fail_nth_read+0x1b3/0x220
[  899.620110][T18130]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  899.620130][T18130]  ? rw_verify_area+0x2a6/0x4d0
[  899.620148][T18130]  ? __lock_acquire+0xab9/0xd20
[  899.620168][T18130]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  899.620183][T18130]  vfs_read+0x200/0x980
[  899.620200][T18130]  ? fdget_pos+0x247/0x320
[  899.620224][T18130]  ? __pfx___mutex_lock+0x10/0x10
[  899.620241][T18130]  ? __pfx_vfs_read+0x10/0x10
[  899.620260][T18130]  ? __fget_files+0x2a/0x420
[  899.620284][T18130]  ? __fget_files+0x3a0/0x420
[  899.620303][T18130]  ? __fget_files+0x2a/0x420
[  899.620331][T18130]  ksys_read+0x145/0x250
[  899.620352][T18130]  ? __pfx_ksys_read+0x10/0x10
[  899.620369][T18130]  ? fput+0xa0/0xd0
[  899.620393][T18130]  ? do_syscall_64+0xbe/0x3b0
[  899.620413][T18130]  do_syscall_64+0xfa/0x3b0
[  899.620427][T18130]  ? lockdep_hardirqs_on+0x9c/0x150
[  899.620449][T18130]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  899.620465][T18130]  ? clear_bhb_loop+0x60/0xb0
[  899.620485][T18130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  899.620500][T18130] RIP: 0033:0x7f0a58f8d57c
[  899.620516][T18130] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  899.620530][T18130] RSP: 002b:00007f0a59e7e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  899.620549][T18130] RAX: ffffffffffffffda RBX: 00007f0a591b5fa0 RCX: 00007f0a58f8d57c
[  899.620561][T18130] RDX: 000000000000000f RSI: 00007f0a59e7e0a0 RDI: 0000000000000004
[  899.620573][T18130] RBP: 00007f0a59e7e090 R08: 0000000000000000 R09: 0000000000000000
[  899.620583][T18130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  899.620594][T18130] R13: 0000000000000000 R14: 00007f0a591b5fa0 R15: 00007f0a592dfa28
[  899.620621][T18130]  </TASK>
[  900.671508][T18154] sctp: [Deprecated]: syz.6.3332 (pid 18154) Use of int in maxseg socket option.
[  900.671508][T18154] Use struct sctp_assoc_value instead
[  901.532392][T18163] bridge0: port 2(bridge_slave_1) entered disabled state
[  901.542230][T18163] bridge0: port 2(bridge_slave_1) entered disabled state
[  903.453927][T18176] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  903.593715][T18181] FAULT_INJECTION: forcing a failure.
[  903.593715][T18181] name failslab, interval 1, probability 0, space 0, times 0
[  903.643259][T18181] CPU: 0 UID: 0 PID: 18181 Comm: syz.0.3339 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  903.643276][T18181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  903.643283][T18181] Call Trace:
[  903.643291][T18181]  <TASK>
[  903.643296][T18181]  dump_stack_lvl+0x189/0x250
[  903.643310][T18181]  ? __pfx____ratelimit+0x10/0x10
[  903.643331][T18181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  903.643342][T18181]  ? __pfx__printk+0x10/0x10
[  903.643358][T18181]  ? __pfx___might_resched+0x10/0x10
[  903.643372][T18181]  ? fs_reclaim_acquire+0x7d/0x100
[  903.643389][T18181]  should_fail_ex+0x414/0x560
[  903.643406][T18181]  should_failslab+0xa8/0x100
[  903.643420][T18181]  kmem_cache_alloc_noprof+0x73/0x3c0
[  903.643431][T18181]  ? flock_lock_inode+0x21f/0x1420
[  903.643446][T18181]  flock_lock_inode+0x21f/0x1420
[  903.643461][T18181]  ? __pfx___might_resched+0x10/0x10
[  903.643474][T18181]  ? aa_file_perm+0x40c/0xe70
[  903.643487][T18181]  ? __pfx_flock_lock_inode+0x10/0x10
[  903.643504][T18181]  locks_lock_inode_wait+0x107/0x410
[  903.643517][T18181]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  903.643529][T18181]  ? __fget_files+0x2a/0x420
[  903.643543][T18181]  ? end_current_label_crit_section+0x152/0x180
[  903.643556][T18181]  ? common_file_perm+0x199/0x200
[  903.643570][T18181]  __se_sys_flock+0x467/0x5b0
[  903.643585][T18181]  ? __pfx___se_sys_flock+0x10/0x10
[  903.643612][T18181]  ? do_syscall_64+0xbe/0x3b0
[  903.643623][T18181]  do_syscall_64+0xfa/0x3b0
[  903.643632][T18181]  ? lockdep_hardirqs_on+0x9c/0x150
[  903.643647][T18181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  903.643656][T18181]  ? clear_bhb_loop+0x60/0xb0
[  903.643668][T18181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  903.643677][T18181] RIP: 0033:0x7f8aedd8eb69
[  903.643686][T18181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  903.643694][T18181] RSP: 002b:00007f8aeeb73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  903.643705][T18181] RAX: ffffffffffffffda RBX: 00007f8aedfb6080 RCX: 00007f8aedd8eb69
[  903.643712][T18181] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a
[  903.643718][T18181] RBP: 00007f8aeeb73090 R08: 0000000000000000 R09: 0000000000000000
[  903.643724][T18181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  903.643730][T18181] R13: 0000000000000000 R14: 00007f8aedfb6080 R15: 00007f8aee0dfa28
[  903.643745][T18181]  </TASK>
[  903.887727][    C0] vkms_vblank_simulate: vblank timer overrun
[  904.921302][T18207] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3349'.
[  905.398892][T18215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3350'.
[  905.413987][T18215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3350'.
[  905.660829][T18217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3351'.
[  905.737760][T18217] netlink: 660 bytes leftover after parsing attributes in process `syz.2.3351'.
[  906.634118][T18243] net_ratelimit: 10 callbacks suppressed
[  906.634136][T18243] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  906.646909][T18243] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  907.345004][T18246] hsr_slave_0: left promiscuous mode
[  907.415155][T18246] hsr_slave_1: left promiscuous mode
[  907.453246][T18251] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3363'.
[  908.056187][T18283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  908.065950][T18283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  908.080567][T18283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  908.095502][T18283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  908.106150][T18283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  908.115846][T18283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  908.969080][T18298] netlink: 148 bytes leftover after parsing attributes in process `syz.6.3380'.
[  909.566515][T18312] netlink: 'syz.3.3378': attribute type 4 has an invalid length.
[  909.580462][T18312] netlink: 'syz.3.3378': attribute type 4 has an invalid length.
[  910.720510][   T30] audit: type=1326 audit(1754040369.952:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18322 comm="syz.4.3386" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37edb8eb69 code=0x0
[  910.994397][T18328] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3387'.
[  911.030588][T18326] nvme_fabrics: missing parameter 'transport=%s'
[  911.039808][T18326] nvme_fabrics: missing parameter 'nqn=%s'
[  912.699684][T18356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  912.708887][T18356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  912.733575][T18356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  912.743206][T18356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  912.808201][T18356] block device autoloading is deprecated and will be removed.
[  913.207791][   T10] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  913.447525][   T10] usb 1-1: Using ep0 maxpacket: 8
[  913.517535][   T10] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[  913.573651][   T10] usb 1-1: config 2 has no interface number 0
[  913.596904][   T10] usb 1-1: config 2 interface 31 has no altsetting 0
[  913.719386][   T10] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  913.800068][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.811232][   T10] usb 1-1: Product: syz
[  913.816768][   T10] usb 1-1: Manufacturer: syz
[  913.826918][   T10] usb 1-1: SerialNumber: syz
[  915.373584][   T10] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[  915.706581][   T43] usb 1-1: USB disconnect, device number 77
[  915.862984][T18384] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3405'.
[  915.907813][T18384] netlink: 660 bytes leftover after parsing attributes in process `syz.0.3405'.
[  916.389825][T18396] netlink: 'syz.2.3408': attribute type 10 has an invalid length.
[  916.415949][T18396] team0: Device ipvlan1 failed to register rx_handler
[  916.834589][T18421] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3417'.
[  917.510666][T18441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  917.554777][T18441] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  918.527231][T18456] syz_tun: entered allmulticast mode
[  918.535294][T18452] syz_tun: left allmulticast mode
[  918.679417][T18458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  918.700008][T18458] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  918.812375][T18467] FAULT_INJECTION: forcing a failure.
[  918.812375][T18467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  918.875509][T18467] CPU: 0 UID: 0 PID: 18467 Comm: syz.2.3434 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  918.875535][T18467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  918.875545][T18467] Call Trace:
[  918.875550][T18467]  <TASK>
[  918.875555][T18467]  dump_stack_lvl+0x189/0x250
[  918.875571][T18467]  ? __pfx____ratelimit+0x10/0x10
[  918.875588][T18467]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.875598][T18467]  ? __pfx__printk+0x10/0x10
[  918.875612][T18467]  ? __might_fault+0xb0/0x130
[  918.875629][T18467]  should_fail_ex+0x414/0x560
[  918.875646][T18467]  _copy_from_user+0x2d/0xb0
[  918.875659][T18467]  generic_map_update_batch+0x572/0x7f0
[  918.875682][T18467]  ? __pfx_generic_map_update_batch+0x10/0x10
[  918.875697][T18467]  ? __fget_files+0x2a/0x420
[  918.875714][T18467]  ? __pfx_generic_map_update_batch+0x10/0x10
[  918.875728][T18467]  bpf_map_do_batch+0x369/0x5f0
[  918.875743][T18467]  __sys_bpf+0x6af/0x870
[  918.875756][T18467]  ? __pfx___sys_bpf+0x10/0x10
[  918.875773][T18467]  ? ksys_write+0x22a/0x250
[  918.875786][T18467]  ? __pfx_ksys_write+0x10/0x10
[  918.875795][T18467]  ? rcu_is_watching+0x15/0xb0
[  918.875814][T18467]  __x64_sys_bpf+0x7c/0x90
[  918.875825][T18467]  do_syscall_64+0xfa/0x3b0
[  918.875835][T18467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.875844][T18467]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  918.875854][T18467]  ? clear_bhb_loop+0x60/0xb0
[  918.875866][T18467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.875885][T18467] RIP: 0033:0x7f0053b8eb69
[  918.875895][T18467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.875904][T18467] RSP: 002b:00007f0054aaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  918.875916][T18467] RAX: ffffffffffffffda RBX: 00007f0053db6080 RCX: 00007f0053b8eb69
[  918.875923][T18467] RDX: 0000000000000032 RSI: 00002000000000c0 RDI: 000000000000001a
[  918.875930][T18467] RBP: 00007f0054aaf090 R08: 0000000000000000 R09: 0000000000000000
[  918.875936][T18467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  918.875942][T18467] R13: 0000000000000000 R14: 00007f0053db6080 R15: 00007f0053edfa28
[  918.875957][T18467]  </TASK>
[  919.717700][T13540] usb 1-1: new full-speed USB device number 78 using dummy_hcd
[  919.717739][   T10] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  919.868955][T18487] vlan0: entered promiscuous mode
[  919.906717][T13540] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  919.920211][T13540] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  919.931583][T13540] usb 1-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  919.945838][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  919.947208][T13540] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.965822][T18484] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.976518][T18484] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.990839][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  920.016448][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  920.030519][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  920.033836][T13540] usb 1-1: config 0 descriptor??
[  920.041461][   T10] usb 4-1: SerialNumber: syz
[  920.052946][T18474] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22
[  920.069712][   T10] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  920.079227][   T10] usb-storage 4-1:1.0: USB Mass Storage device detected
[  920.094702][   T10] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  920.116052][   T10] scsi host1: usb-storage 4-1:1.0
[  920.487142][T18497] syz_tun: entered allmulticast mode
[  920.494584][T18496] syz_tun: left allmulticast mode
[  920.651896][T18498] netlink: 'syz.3.3438': attribute type 10 has an invalid length.
[  920.682409][T13540] hid (null): invalid report_size 1720
[  920.689299][T18498] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3438'.
[  920.704688][T18500] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3445'.
[  920.725820][T13540] creative-sb0540 0003:041E:3100.0017: invalid report_size 1720
[  920.739106][T18498] team0: Port device geneve0 added
[  920.789924][T18500] netlink: 660 bytes leftover after parsing attributes in process `syz.6.3445'.
[  920.799327][T13540] creative-sb0540 0003:041E:3100.0017: item 0 2 1 7 parsing failed
[  920.813248][T13540] creative-sb0540 0003:041E:3100.0017: parse failed
[  920.822103][T13540] creative-sb0540 0003:041E:3100.0017: probe with driver creative-sb0540 failed with error -22
[  921.015858][T18502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  921.026899][T18502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  921.416126][T13540] usb 4-1: USB disconnect, device number 15
[  922.423743][T13540] usb 1-1: USB disconnect, device number 78
[  923.687019][T18531] netlink: 'syz.0.3451': attribute type 4 has an invalid length.
[  923.726324][T18531] netlink: 'syz.0.3451': attribute type 4 has an invalid length.
[  923.850631][T18534] netlink: 'syz.6.3454': attribute type 3 has an invalid length.
[  923.859356][T18534] netlink: 'syz.6.3454': attribute type 3 has an invalid length.
[  923.868061][T18534] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3454'.
[  925.043396][T18541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  925.198176][T18541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  925.827376][T18554] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3460'.
[  925.907964][T18554] kvm: pic: level sensitive irq not supported
[  925.908040][T18554] kvm: pic: non byte read
[  925.919297][T18554] kvm: pic: level sensitive irq not supported
[  925.919357][T18554] kvm: pic: non byte read
[  925.930808][T18554] kvm: pic: level sensitive irq not supported
[  925.930867][T18554] kvm: pic: non byte read
[  925.942131][T18554] kvm: pic: level sensitive irq not supported
[  925.942192][T18554] kvm: pic: non byte read
[  925.954589][T18554] kvm: pic: level sensitive irq not supported
[  925.954648][T18554] kvm: pic: non byte read
[  925.966152][T18554] kvm: pic: level sensitive irq not supported
[  925.966211][T18554] kvm: pic: non byte read
[  925.978221][T18554] kvm: pic: level sensitive irq not supported
[  925.978279][T18554] kvm: pic: non byte read
[  925.992079][T18554] kvm: pic: level sensitive irq not supported
[  925.992136][T18554] kvm: pic: non byte read
[  926.007475][T18554] kvm: pic: level sensitive irq not supported
[  926.007519][T18554] kvm: pic: non byte read
[  926.291417][T18561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  926.318117][   T30] audit: type=1326 audit(1754040385.582:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18556 comm="syz.0.3461" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8aedd8eb69 code=0x0
[  926.339960][    C1] vkms_vblank_simulate: vblank timer overrun
[  926.348398][T18561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  926.372309][T18561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  926.387732][T18561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  927.510677][T18587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3467'.
[  927.587638][ T5932] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  927.858063][ T5932] usb 1-1: Using ep0 maxpacket: 16
[  927.874635][ T5932] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024
[  928.112243][ T5932] usb 1-1: config 1 interface 0 has no altsetting 0
[  928.195011][ T5932] usb 1-1: string descriptor 0 read error: -22
[  928.201781][ T5932] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  928.230566][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.261223][T18582] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  928.856104][T18605] netlink: 'syz.4.3471': attribute type 4 has an invalid length.
[  928.867216][T18605] netlink: 'syz.4.3471': attribute type 4 has an invalid length.
[  929.816782][T18613] geneve2: entered promiscuous mode
[  930.201670][T18621] netlink: 'syz.3.3479': attribute type 1 has an invalid length.
[  930.549417][T18636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  930.559772][T18636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  930.753328][ T5932] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 79 if 0 alt 9 proto 1 vid 0x0525 pid 0xA4A8
[  930.815805][ T5932] usb 1-1: USB disconnect, device number 79
[  930.842599][ T5932] usblp0: removed
[  931.177672][T13540] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  931.343901][T13540] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  931.362518][T13540] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  931.393258][T13540] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.427084][T13540] usb 4-1: config 0 descriptor??
[  931.693328][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  931.699719][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  932.001048][T13540] logitech-djreceiver 0003:046D:C71F.0018: item fetching failed at offset 5/7
[  932.349925][T13540] logitech-djreceiver 0003:046D:C71F.0018: logi_dj_probe: parse failed
[  932.523645][T13540] logitech-djreceiver 0003:046D:C71F.0018: probe with driver logitech-djreceiver failed with error -22
[  932.571040][T13540] usb 4-1: USB disconnect, device number 16
[  933.537081][T18684] netlink: 'syz.3.3493': attribute type 4 has an invalid length.
[  933.573433][T18684] netlink: 'syz.3.3493': attribute type 4 has an invalid length.
[  934.053122][   T30] audit: type=1326 audit(1754040393.322:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18704 comm="syz.0.3502" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8aedd8eb69 code=0x0
[  935.042772][T18725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  935.064952][T18725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  935.617656][T13540] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  935.822589][T13540] usb 1-1: Using ep0 maxpacket: 16
[  935.832568][T13540] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  935.846272][T13540] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  935.866335][T13540] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  935.882146][T13540] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  935.893988][T13540] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.913144][T13540] usb 1-1: config 0 descriptor??
[  936.375615][T13540] microsoft 0003:045E:07DA.0019: unknown main item tag 0x0
[  936.392457][T13540] microsoft 0003:045E:07DA.0019: unknown main item tag 0x0
[  936.400091][T18742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  936.400469][T18742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  936.441545][T13540] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0019/input/input50
[  936.544218][T13540] microsoft 0003:045E:07DA.0019: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  936.599416][T18744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  936.618931][T18744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  936.737132][T18744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  936.749154][T18744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.599516][ T5923] usb 1-1: reset high-speed USB device number 80 using dummy_hcd
[  937.768910][T18751] program syz.6.3513 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  939.153985][T18780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  939.169072][T18780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  939.435661][T18788] syz_tun: entered allmulticast mode
[  939.443232][T13540] usb 1-1: USB disconnect, device number 80
[  939.509927][T18786] syz_tun: left allmulticast mode
[  939.587732][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  939.785952][    T9] usb 4-1: config 0 has no interfaces?
[  939.842504][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  939.854996][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.869493][    T9] usb 4-1: Product: syz
[  939.873743][    T9] usb 4-1: Manufacturer: syz
[  939.883028][    T9] usb 4-1: SerialNumber: syz
[  939.893639][    T9] usb 4-1: config 0 descriptor??
[  940.164421][T18810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3533'.
[  940.233383][T18810] netlink: 660 bytes leftover after parsing attributes in process `syz.2.3533'.
[  940.472678][T18818] syz_tun: entered allmulticast mode
[  940.479996][T18816] syz_tun: left allmulticast mode
[  941.196546][T18848] syz_tun: entered allmulticast mode
[  941.229533][T18847] syz_tun: left allmulticast mode
[  941.247909][ T5916] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  941.400057][ T5916] usb 1-1: Using ep0 maxpacket: 32
[  941.416700][ T5916] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  941.432913][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.456264][ T5916] usb 1-1: config 0 descriptor??
[  941.683623][ T5916] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  941.703860][ T5916] usb 1-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  941.923008][ T5916] usb 1-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  943.347950][ T5923] usb 4-1: USB disconnect, device number 17
[  945.197336][T18895] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3561'.
[  945.350267][T18902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  945.362981][T18902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  945.663891][T18905] vlan2: entered allmulticast mode
[  945.698309][T18905] bond1: entered allmulticast mode
[  947.386646][T18946] netlink: 202368 bytes leftover after parsing attributes in process `syz.4.3572'.
[  947.413692][T18944] ip6gre1: entered allmulticast mode
[  947.491959][T18951] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3574'.
[  947.502062][T18951] netlink: 660 bytes leftover after parsing attributes in process `syz.4.3574'.
[  947.624956][T18953] IPVS: ip_vs_add_dest(): server weight less than zero
[  948.066740][T18959] netlink: 148 bytes leftover after parsing attributes in process `syz.6.3576'.
[  949.145772][ T5843] Bluetooth: hci4: command 0x0406 tx timeout
[  949.834854][T18959] syz.6.3576 (18959): drop_caches: 2
[  951.574582][T19002] syz_tun: entered allmulticast mode
[  951.969491][T19013] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  952.057033][T19014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  952.072112][T19014] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  955.216294][T19029] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3594'.
[  957.296227][T19065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3605'.
[  958.128004][T19061] syz.3.3602 (19061): drop_caches: 2
[  958.251125][T19075] FAULT_INJECTION: forcing a failure.
[  958.251125][T19075] name failslab, interval 1, probability 0, space 0, times 0
[  958.292852][T19075] CPU: 1 UID: 0 PID: 19075 Comm: syz.6.3608 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  958.292879][T19075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  958.292890][T19075] Call Trace:
[  958.292897][T19075]  <TASK>
[  958.292904][T19075]  dump_stack_lvl+0x189/0x250
[  958.292925][T19075]  ? __pfx____ratelimit+0x10/0x10
[  958.292944][T19075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.292965][T19075]  ? __pfx__printk+0x10/0x10
[  958.292983][T19075]  ? __pfx___might_resched+0x10/0x10
[  958.293001][T19075]  ? fs_reclaim_acquire+0x7d/0x100
[  958.293021][T19075]  should_fail_ex+0x414/0x560
[  958.293042][T19075]  should_failslab+0xa8/0x100
[  958.293060][T19075]  kmem_cache_alloc_noprof+0x73/0x3c0
[  958.293075][T19075]  ? fcntl_getlk+0x33/0xb30
[  958.293092][T19075]  fcntl_getlk+0x33/0xb30
[  958.293119][T19075]  do_fcntl+0x9f9/0x1910
[  958.293145][T19075]  ? __pfx_do_fcntl+0x10/0x10
[  958.293163][T19075]  ? __fget_files+0x2a/0x420
[  958.293182][T19075]  ? __fget_files+0x2a/0x420
[  958.293203][T19075]  ? bpf_lsm_file_fcntl+0x9/0x20
[  958.293221][T19075]  __se_sys_fcntl+0xc8/0x150
[  958.293237][T19075]  do_syscall_64+0xfa/0x3b0
[  958.293251][T19075]  ? lockdep_hardirqs_on+0x9c/0x150
[  958.293269][T19075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.293282][T19075]  ? clear_bhb_loop+0x60/0xb0
[  958.293297][T19075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.293308][T19075] RIP: 0033:0x7f0a58f8eb69
[  958.293321][T19075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.293332][T19075] RSP: 002b:00007f0a59e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  958.293348][T19075] RAX: ffffffffffffffda RBX: 00007f0a591b6080 RCX: 00007f0a58f8eb69
[  958.293357][T19075] RDX: 0000200000000200 RSI: 0000000000000005 RDI: 0000000000000007
[  958.293365][T19075] RBP: 00007f0a59e5d090 R08: 0000000000000000 R09: 0000000000000000
[  958.293373][T19075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  958.293380][T19075] R13: 0000000000000000 R14: 00007f0a591b6080 R15: 00007f0a592dfa28
[  958.293402][T19075]  </TASK>
[  958.724166][T19089] syz_tun: entered allmulticast mode
[  958.809378][T19093] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3616'.
[  959.620504][T19105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  959.634658][T19105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.494409][T19124] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.3627'.
[  961.078636][T19138] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3631'.
[  961.655844][T19149] tipc: Started in network mode
[  961.680368][T19149] tipc: Node identity b2bb808fc41, cluster identity 4711
[  961.762408][T19149] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  962.026490][T19149] tipc: Disabling bearer <eth:syzkaller0>
[  962.483122][   T30] audit: type=1326 audit(1754040421.742:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9258eb69 code=0x7ffc0000
[  962.571085][   T30] audit: type=1326 audit(1754040421.762:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9258eb69 code=0x7ffc0000
[  962.633464][   T30] audit: type=1326 audit(1754040421.762:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e9258eb69 code=0x7ffc0000
[  962.655760][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.704511][   T30] audit: type=1326 audit(1754040421.802:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e9258eb69 code=0x0
[  962.737139][   T30] audit: type=1326 audit(1754040422.002:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9258eb69 code=0x7ffc0000
[  962.759477][    C0] vkms_vblank_simulate: vblank timer overrun
[  962.768709][   T30] audit: type=1326 audit(1754040422.002:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19168 comm="syz.3.3642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e9258eb69 code=0x7ffc0000
[  962.791072][    C0] vkms_vblank_simulate: vblank timer overrun
[  963.698235][T19182] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3644'.
[  963.707377][T19182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3644'.
[  963.986847][T19184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  963.996407][T19184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  964.023714][T19184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  964.054902][T19184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  964.067362][T19184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  964.076013][T19184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.842533][T19229] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.3658'.
[  969.312202][T19235] netlink: 536 bytes leftover after parsing attributes in process `syz.3.3662'.
[  969.323273][T19235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3662'.
[  969.889893][ T5909] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  970.062311][ T5909] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  970.075031][ T5909] usb 4-1: config 0 has no interface number 0
[  970.092946][ T5909] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  970.122197][ T5909] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  970.137432][T19251] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3303861288 (422894244864 ns) > initial count (241705619456 ns). Using initial count to start timer.
[  970.175224][ T5909] usb 4-1: config 0 interface 255 has no altsetting 0
[  970.184686][ T5909] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  970.204746][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.217202][ T5909] usb 4-1: config 0 descriptor??
[  970.239098][ T5909] ums-realtek 4-1:0.255: USB Mass Storage device detected
[  970.445215][T13540] usb 4-1: USB disconnect, device number 18
[  970.635851][T19261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  970.662637][T19261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  970.664898][T19260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  970.714125][T19260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  970.727796][   T31] INFO: task kworker/0:4:16363 blocked for more than 143 seconds.
[  970.747610][   T31]       Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0
[  970.769932][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  970.799941][   T31] task:kworker/0:4     state:D stack:21528 pid:16363 tgid:16363 ppid:2      task_flags:0x4208060 flags:0x00004000
[  970.815797][   T31] Workqueue: usb_hub_wq hub_event
[  970.826874][   T31] Call Trace:
[  970.830739][   T31]  <TASK>
[  970.833960][   T31]  __schedule+0x1798/0x4cc0
[  970.838774][   T31]  ? worker_thread+0x8a0/0xda0
[  970.843544][   T31]  ? __lock_acquire+0xab9/0xd20
[  970.855151][   T31]  ? __pfx___schedule+0x10/0x10
[  970.860721][   T31]  ? schedule+0x91/0x360
[  970.865135][   T31]  schedule+0x165/0x360
[  970.873050][   T31]  schedule_timeout+0x9a/0x270
[  970.878809][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  970.884384][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  970.892621][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  970.899226][   T31]  ? wait_for_completion+0x267/0x5d0
[  970.906681][   T31]  wait_for_completion+0x2bf/0x5d0
[  970.916775][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  970.925696][   T31]  i2c_del_adapter+0x581/0x6e0
[  970.933090][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  970.944977][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  970.961645][   T31]  ? dvb_usbv2_exit+0x85a/0x9e0
[  970.966638][   T31]  dvb_usbv2_probe+0x4ae/0x41a0
[  971.020849][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  971.026333][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[  971.032259][   T31]  usb_probe_interface+0x637/0xbf0
[  971.037401][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  971.043294][   T31]  really_probe+0x26d/0x9e0
[  971.049656][   T31]  __driver_probe_device+0x18c/0x2f0
[  971.054968][   T31]  driver_probe_device+0x4f/0x430
[  971.060219][   T31]  __device_attach_driver+0x2ce/0x530
[  971.065610][   T31]  bus_for_each_drv+0x24e/0x2e0
[  971.070697][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  971.076605][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  971.082052][   T31]  __device_attach+0x2b8/0x400
[  971.086864][   T31]  ? __pfx___device_attach+0x10/0x10
[  971.092554][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  971.098077][   T31]  bus_probe_device+0x185/0x260
[  971.102998][   T31]  device_add+0x7b6/0xb50
[  971.107348][   T31]  usb_set_configuration+0x1a87/0x20e0
[  971.113575][   T31]  usb_generic_driver_probe+0x8d/0x150
[  971.119111][   T31]  usb_probe_device+0x1c1/0x390
[  971.124072][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  971.129626][   T31]  really_probe+0x26d/0x9e0
[  971.134234][   T31]  __driver_probe_device+0x18c/0x2f0
[  971.140952][   T31]  driver_probe_device+0x4f/0x430
[  971.146019][   T31]  __device_attach_driver+0x2ce/0x530
[  971.151442][   T31]  bus_for_each_drv+0x24e/0x2e0
[  971.156321][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  971.162244][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  971.167710][   T31]  __device_attach+0x2b8/0x400
[  971.172645][   T31]  ? __pfx___device_attach+0x10/0x10
[  971.177995][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  971.183214][   T31]  bus_probe_device+0x185/0x260
[  971.188135][   T31]  device_add+0x7b6/0xb50
[  971.192470][   T31]  usb_new_device+0xa39/0x16f0
[  971.197232][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  971.202500][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.207888][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.213631][   T31]  hub_event+0x2958/0x4a20
[  971.218184][   T31]  ? __pfx_hub_event+0x10/0x10
[  971.222996][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  971.229380][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.234688][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  971.242783][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  971.249820][   T31]  process_scheduled_works+0xae1/0x17b0
[  971.255499][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  971.261673][   T31]  worker_thread+0x8a0/0xda0
[  971.266282][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  971.272712][   T31]  ? __kthread_parkme+0x7b/0x200
[  971.277752][   T31]  kthread+0x70e/0x8a0
[  971.281838][   T31]  ? __pfx_worker_thread+0x10/0x10
[  971.286959][   T31]  ? __pfx_kthread+0x10/0x10
[  971.291673][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.296885][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.302270][   T31]  ? __pfx_kthread+0x10/0x10
[  971.306875][   T31]  ret_from_fork+0x3f9/0x770
[  971.311600][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  971.317973][   T31]  ? __switch_to_asm+0x39/0x70
[  971.322763][   T31]  ? __switch_to_asm+0x33/0x70
[  971.327540][   T31]  ? __pfx_kthread+0x10/0x10
[  971.332209][   T31]  ret_from_fork_asm+0x1a/0x30
[  971.336969][   T31]  </TASK>
[  971.340958][   T31] 
[  971.340958][   T31] Showing all locks held in the system:
[  971.357812][   T31] 1 lock held by khungtaskd/31:
[  971.362692][   T31]  #0: ffffffff8e139e60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  971.383173][   T31] 2 locks held by getty/5601:
[  971.388068][   T31]  #0: ffff888033ca60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  971.398779][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  971.409932][   T31] 1 lock held by syz-executor/5830:
[  971.415155][   T31]  #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  971.425811][   T31] 6 locks held by kworker/1:3/5916:
[  971.431508][   T31]  #0: ffff888143a96948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  971.442975][   T31]  #1: ffffc900042ffbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  971.455114][   T31]  #2: ffff888144358198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  971.464218][   T31]  #3: ffff88807f77f198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  971.474495][   T31]  #4: ffff88807bdaf160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  971.488107][   T31]  #5: ffffffff8dfe0270 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xf0/0x2b0
[  971.498644][   T31] 3 locks held by kworker/u8:9/12021:
[  971.504177][   T31]  #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  971.514318][   T31]  #1: ffff8880b8624008 (per_cpu_ptr(&psi_seq, cpu)){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  971.525905][   T31]  #2: ffff88807c630768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x460
[  971.536102][   T31] 5 locks held by kworker/0:4/16363:
[  971.541412][   T31]  #0: ffff888143a96948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  971.552858][   T31]  #1: ffffc9000c81fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  971.564777][   T31]  #2: ffff888028320198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  971.573756][   T31]  #3: ffff88807d07e198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  971.583090][   T31]  #4: ffff888023da4160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  971.592623][   T31] 4 locks held by udevd/16492:
[  971.597393][   T31]  #0: ffff88806cdb1d58 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  971.612126][   T31]  #1: ffff888050cc0888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[  971.623065][   T31]  #2: ffff888056db6b48 (kn->active#29){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[  971.632658][   T31]  #3: ffff88807d07e198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  971.642061][   T31] 
[  971.644411][   T31] =============================================
[  971.644411][   T31] 
[  971.652989][   T31] NMI backtrace for cpu 1
[  971.653004][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  971.653021][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  971.653037][   T31] Call Trace:
[  971.653043][   T31]  <TASK>
[  971.653050][   T31]  dump_stack_lvl+0x189/0x250
[  971.653075][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  971.653092][   T31]  ? __pfx__printk+0x10/0x10
[  971.653120][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  971.653141][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  971.653160][   T31]  ? __pfx__printk+0x10/0x10
[  971.653179][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  971.653204][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  971.653226][   T31]  watchdog+0xf93/0xfe0
[  971.653249][   T31]  ? watchdog+0x1de/0xfe0
[  971.653274][   T31]  kthread+0x70e/0x8a0
[  971.653295][   T31]  ? __pfx_watchdog+0x10/0x10
[  971.653315][   T31]  ? __pfx_kthread+0x10/0x10
[  971.653334][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.653355][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.653376][   T31]  ? __pfx_kthread+0x10/0x10
[  971.653395][   T31]  ret_from_fork+0x3f9/0x770
[  971.653421][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  971.653449][   T31]  ? __switch_to_asm+0x39/0x70
[  971.653466][   T31]  ? __switch_to_asm+0x33/0x70
[  971.653483][   T31]  ? __pfx_kthread+0x10/0x10
[  971.653500][   T31]  ret_from_fork_asm+0x1a/0x30
[  971.653533][   T31]  </TASK>
[  971.653540][   T31] Sending NMI from CPU 1 to CPUs 0:
[  971.802089][    C0] NMI backtrace for cpu 0
[  971.802108][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  971.802127][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  971.802138][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  971.802171][    C0] Code: 53 e7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 2f 15 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  971.802185][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
[  971.802200][    C0] RAX: 1017c60f73c76e00 RBX: ffffffff81967ab8 RCX: 1017c60f73c76e00
[  971.802213][    C0] RDX: 0000000000000001 RSI: ffffffff8d98513c RDI: ffffffff8be2fe00
[  971.802225][    C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[  971.802238][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa1b830
[  971.802250][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a18
[  971.802262][    C0] FS:  0000000000000000(0000) GS:ffff888125c5c000(0000) knlGS:0000000000000000
[  971.802275][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  971.802287][    C0] CR2: 000055558f1a65c8 CR3: 000000007ed68000 CR4: 00000000003526f0
[  971.802302][    C0] Call Trace:
[  971.802309][    C0]  <TASK>
[  971.802316][    C0]  default_idle+0x13/0x20
[  971.802333][    C0]  default_idle_call+0x74/0xb0
[  971.802351][    C0]  do_idle+0x1e8/0x510
[  971.802375][    C0]  ? __pfx_do_idle+0x10/0x10
[  971.802401][    C0]  ? do_idle+0x5/0x510
[  971.802422][    C0]  cpu_startup_entry+0x44/0x60
[  971.802443][    C0]  rest_init+0x2de/0x300
[  971.802462][    C0]  start_kernel+0x3a9/0x410
[  971.802483][    C0]  x86_64_start_reservations+0x24/0x30
[  971.802499][    C0]  x86_64_start_kernel+0x143/0x1c0
[  971.802514][    C0]  common_startup_64+0x13e/0x147
[  971.802540][    C0]  </TASK>
[  971.803126][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  971.803144][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) 
[  971.803168][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  971.803179][   T31] Call Trace:
[  971.803188][   T31]  <TASK>
[  971.803196][   T31]  dump_stack_lvl+0x99/0x250
[  971.803217][   T31]  ? __asan_memcpy+0x40/0x70
[  971.803235][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  971.803254][   T31]  ? __pfx__printk+0x10/0x10
[  971.803285][   T31]  vpanic+0x27a/0x730
[  971.803306][   T31]  ? __pfx_vpanic+0x10/0x10
[  971.803321][   T31]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  971.803342][   T31]  ? preempt_schedule+0xae/0xc0
[  971.803367][   T31]  ? preempt_schedule_common+0x83/0xd0
[  971.803396][   T31]  panic+0xb9/0xc0
[  971.803413][   T31]  ? __pfx_panic+0x10/0x10
[  971.803432][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  971.803460][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  971.803486][   T31]  watchdog+0xfd2/0xfe0
[  971.803511][   T31]  ? watchdog+0x1de/0xfe0
[  971.803536][   T31]  kthread+0x70e/0x8a0
[  971.803558][   T31]  ? __pfx_watchdog+0x10/0x10
[  971.803578][   T31]  ? __pfx_kthread+0x10/0x10
[  971.803599][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  971.803621][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.803644][   T31]  ? __pfx_kthread+0x10/0x10
[  971.803663][   T31]  ret_from_fork+0x3f9/0x770
[  971.803690][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  971.803718][   T31]  ? __switch_to_asm+0x39/0x70
[  971.803736][   T31]  ? __switch_to_asm+0x33/0x70
[  971.803754][   T31]  ? __pfx_kthread+0x10/0x10
[  971.803774][   T31]  ret_from_fork_asm+0x1a/0x30
[  971.803806][   T31]  </TASK>
[  971.807661][   T31] Kernel Offset: disabled