last executing test programs:

9.570007011s ago: executing program 1 (id=335):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0xfffc, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = semget$private(0x0, 0x0, 0x12)
semtimedop(r2, &(0x7f0000000040)=[{0x0, 0xfffe, 0x1000}], 0x1, 0x0)
semop(r2, &(0x7f00000000c0)=[{0x0, 0xc63e}, {0x4, 0x4, 0x1800}], 0x2)
semctl$GETZCNT(r2, 0x0, 0xf, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x4001, 0x3, 0x4b8, 0x0, 0x0, 0x148, 0x158, 0x148, 0x420, 0x240, 0x240, 0x420, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @multicast1, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x16, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x100000, 0x1ff, 0x100000, 0x0, 0xed, 0x7}, {0x4}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x7}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x2e, 0x2, 0x4}, 0x0, 0x260, 0x2c8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @common=@inet=@recent0={{0xf8}, {0x9, 0x7fff, 0x5, 0x0, 'syz0\x00', 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x4e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x518)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x8}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x228, 0x258, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0xdd}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1001, 0x6, 0x3, 0x0, 0x8}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x458)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b40), r3)
sendmsg$DEVLINK_CMD_SB_GET(r3, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000b80)={0x3c, r6, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffe9, 0xb, 0x7}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0x4000)
r7 = semget$private(0x0, 0x2, 0x0)
semctl$GETZCNT(r7, 0x3, 0xf, &(0x7f0000000240)=""/171)
r8 = fsopen(&(0x7f0000000040)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
r9 = fsmount(r8, 0x0, 0x8c)
mknodat$loop(r9, &(0x7f00000000c0)='./file0\x00', 0x2010, 0x0)
openat(r9, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000580)={@rand_addr=' \x01\x00', @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2000000, 0x0, 0x7d, 0xd00, 0x0, 0x930310})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r10, 0x9, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1e, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000791000000000000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x49, '\x00', 0x0, 0x24}, 0x94)

8.813584549s ago: executing program 4 (id=340):
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000002000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004000000"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
fcntl$setown(0xffffffffffffffff, 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000880), 0x10}, 0x94)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

8.80807282s ago: executing program 1 (id=341):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000c00)={0x348, r2, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x124, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "6d507b9dc9106214d4ef62634feb78aeba5bdb132ef9f80bd9a950dc2155306a5989"}}, @TIPC_NLA_NODE_ID={0xa9, 0x3, "27ad5052aaaac8c6c5e120a5f9e0bf547e54930368bf05175973ff363ee861a60a112694c18c937e80690e39b3a9e31a3dd700de187c22abe72f6214c4c810ed101d459558e0b40db06287494415814aafc90ac30beeaf78168982a701e73941e08843a01f04fed7fd51963a01a2d492c53f5d811abe520af3fad4f59be972616874b93d94706b0c0057fb507e2083b41eae2e7f6e5664e1e3aa8c227c5fb0684fba625193"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x101}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @private=0xa010102}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast2}}}}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8883}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_NODE={0x188, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9b2}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "c8e0dfd3d31d9a6c21a1d770f15b631d734116904208bde684252b487131be3e82994963"}}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "7518b88777a2613df5510257b5794a28d02a9e72"}}, @TIPC_NLA_NODE_ID={0x64, 0x3, "3e5dc4e7c061692bbfd74990bcd403da70ae5ebd9d80991594f02d18e6e63d46ced6e03f3ea929b98ab4603571b191f6c58f06f73325d9971553e977787e5deac1dca91cbe7c74f6bd715455a8566b44a3c20c06ee0a3cb89984a11c03cd0b7b"}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "914f53159775d071d9957a9af7e01a801368e8733d9bb44e745a88e5"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "f205042b855e630e34d8fa7026f32b794981e047b5"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x10000}]}]}, 0x348}, 0x1, 0x0, 0x0, 0x20000000}, 0x41)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r4, 0xb23, 0x0, 0x0, 0x3, [<r5=>0x0, 0x0, 0x0, <r6=>0x0], [0x800000], [0x0, 0x1001000, 0x3], [0x39b7, 0xfffffffffffffffd, 0xe8a6, 0x3]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r5, 0x0, 0x0, r6], [0x2b8]})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r7=>0x0})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@bloom_filter={0x1e, 0x2, 0x10001, 0x7, 0x4000, r0, 0xfffffffa, '\x00', r7, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x4}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x39, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r9 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x400)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r9, 0x40045532, &(0x7f0000000040))
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x5}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000240)={0x1, 0x91cc, 0x2000000, 0x10000, 0x0, 0x0, 0x80, 0x0, 0xfffffffffffffffe})

7.359031911s ago: executing program 1 (id=346):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3})
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500000000fcdbdf2500000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000200000100c28000050006"], 0x48}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@lsrr={0x83, 0x7, 0xd3, [@multicast2]}, @timestamp={0x44, 0xc, 0x5, 0x3, 0x0, [0x0, 0x0]}, @generic={0x89, 0xa, "699c83e3efe9d37a"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

6.917245463s ago: executing program 1 (id=348):
r0 = syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000800d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d00000905820200040000010905030200020000003fba83eeee4e95eac2f2dc28c76ba9f4268d00c2702faf749d7f96df083db2c51574808b3a8d56f8ce739fd6b830afcd6db842aa530906d024468a677847fba8bcad3f0f19084ffd6c907803dc1e84071bb74ce20f6cb011ea4cd210a36779e4ae96f4ab3f2e506959c3adb8eaf3bf472ee5b05972904e"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

5.877680779s ago: executing program 2 (id=350):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000180), &(0x7f00000002c0)=r1}, 0x20)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x3b8, 0x190, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2e8, 0xffffffff, 0xffffffff, 0x2e8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0x0, 0x0, 0xffffffff], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x1d}, 0x0, 0x128, 0x190, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xa, 0x101, 0x7fff, 0x3, 'snmp\x00', 'syz0\x00', {0x400}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0xff], [], 'vlan0\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0x128, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x418)
syz_emit_ethernet(0x56, &(0x7f00000006c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x20, 0x6, 0x0, @local, @empty, {[], {{0x800, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x10, 0x0, 0x0, 0x0, {[@generic={0x8, 0x5, "27f7bf"}, @mss={0x2, 0x4, 0x7}]}}}}}}}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
ioctl$TIOCSPTLCK(r3, 0x40045431, 0x0)
setreuid(0x0, 0x0)
syz_clone(0x8000, &(0x7f0000000000)="2c9e8ac9a696bf6eedff293e89258563b524f752725a", 0x16, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="8ecb6615cb254f886a7d9a6a8dd120a128")
syz_clone3(&(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x5c)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x0)
connect$unix(r4, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$sock_timeval(r5, 0x1, 0x15, &(0x7f0000000000)={0x0, 0xea60}, 0x10)
connect$unix(r5, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4(r5, 0x0, 0x0, 0x80800)
socket$inet6_tcp(0xa, 0x1, 0x0)

5.703664032s ago: executing program 4 (id=352):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xe)
ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newqdisc={0x24, 0x24, 0x400, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x2400b881}, 0x3000c81c)
r3 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r3, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r4, r3, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x2}, 0x6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000900)={{}, &(0x7f0000000080), 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r8, @ANYBLOB="0c00990000000000000015000800a000ea15000008009f000c000000080026000816"], 0x40}}, 0x0)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, 0x0, 0x0)

4.600484466s ago: executing program 4 (id=354):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0xffffff80, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f00000054b20000935aa8257f"], 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@getnexthop={0x20, 0x76, 0xb0d, 0x0, 0x0, {0x3}, [@NHA_MASTER={0x8, 0xa, 0x2}]}, 0x20}}, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x100000)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f0000000280), 0x4, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x0, 0x0, 0x0, 0x6, 0xf2c, 0x5c}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec309d59191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000300)={{0x3, 0x6, 0x9, 0x401, 'syz0\x00', 0x9}, 0x4, 0x20000000, 0x4, r6, 0x1, 0x8, 'syz1\x00', &(0x7f0000000200)=['/dev/usb/hiddev#\x00'], 0x11})
poll(&(0x7f0000000000)=[{r3, 0x202}], 0x1, 0xa0)
setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000240), 0x10)
r7 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r7, 0x400c4808, 0x0)

4.580487851s ago: executing program 3 (id=355):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000030428b57000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a100000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1], 0x44}, 0x1, 0xba01, 0x0, 0x4004}, 0x810)

4.333820532s ago: executing program 3 (id=356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0xc0, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_USERDATA={0xa3, 0xc, "b9c6d050e220976906e7d8e7e536624cb7a98e33a2b9c6e9fae33b227559fd2d43ebd735b39515551d9cb5683c8851c0fec3a5c3e74cc4ff41a878775be434c52e23ab671d962ef285c2d20aa253ec4e0e5154363fdb7aa0b2c48d2b39b9cf990e7a4ae64971eb0ae50ea67866dc39366eca48060e91eff5c4f5031cb514bd73554e8d6b669f58a5d7cdf14344c7b0ca7b8f7f83cdb1f8dcb74500b67eaef2"}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x38}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_USERDATA={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x2, 0x84}}}, 0x184}}, 0x0)

4.323313091s ago: executing program 2 (id=358):
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x1000}, &(0x7f0000000940)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r4, 0x40000000af01, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x8020, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/164, &(0x7f0000000100)=""/47, 0xf000})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000340))
r5 = dup(r3)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000000)={0x1, r5})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0))
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r0, 0x3516, 0x3e44, 0x8, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r8, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f00000023c0)=[0x0]})
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet6(r5, &(0x7f0000000900)={&(0x7f0000000240)={0xa, 0x4e20, 0xb, @remote, 0x1}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000380)="3d2671474cfc48840f0c1cebd8292144a0f1a1e487bf56b1487138b80d016cc9b55d7fc880fce668928f2a216052e7c22daf0fbfe41405a1f23ad802d7d4bb4a18bd796c83f1dc2321d212", 0x4b}, {&(0x7f0000000400)="31858232afe7ebf62e8367a4", 0xc}, {&(0x7f0000000440)="5bc3c9fedc52be404ddf688c1aba80b6c4574d6ebe2871ccf5266385b8c029d979fc52020c662ba5b38160aef6", 0x2d}, {&(0x7f0000000480)="d50a", 0x2}, {&(0x7f00000004c0)="89ab31aef9e95ef0c303e20711c5374cbb2eca9c9009b4f11d5b49d008c01ca8425ed592d7164ecffa3733a45dba7431dde4354000be56890e42f4fe5276a3550bf7a1bd09c459a1009c868bd7b852", 0x4f}, {&(0x7f0000000540)="b88d3d8206634af60409ff131f25bca7303da19d9e28a0cef5949fbb56872bdce6b1987117da3df3d1ded7ddd2335e0dee532420f970906a", 0x38}, {&(0x7f0000000580)="069c9727e81a30ea96d5073bf9684d2da9dbdb5ef8ceaf0c4618b3b5b39b41e24084fc4020dea2bacf8c71fa1be8c1972787e5482a0bd86c40c941f8abf63237e1c88206a8ad42e69e63ccf2033daecbc0739d7bd9b7a3065707b1367e678653d6d34b2ef99b2c4759ea22897636ef4225d420c3702336e9125b924d9a7c5e1bbc411337d034bd6e4af143faf9293160f2d302b7442be6654fa11884c5", 0x9d}, {&(0x7f0000000640)="92ea99afbf7abeb3b932de1c6db07f05dfad0ba8de53c6b945a4d2f111ff95ffabcf71fc130d5c1d4f4f73949dc3b87bea859c4521cbfc0e9080a58d49f0ca482c09321d4e3d4478cab2a3e3ed84c62f66bdacd1a873903497fc39e04f87f7675adb5725546eadd3e0380998d0983028f740887df985d11312d1618f5028d89b965f3c12923d5da840d6262fe454cef05dd30d3f0857fe8fc2660ee67566a90cd44ef92c9527545c7b4ce52cd1d51876d7d269668d6703f42f109c84ff04a977801df265fbd59d0c99e732d397d04e488185e30a130da0ce3a", 0xd9}], 0x8, &(0x7f0000000800)=[@hoplimit={{0x14, 0x29, 0x34, 0xed}}, @rthdr={{0x58, 0x29, 0x39, {0x3c, 0x8, 0x1, 0x8, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}}}, @tclass={{0x14, 0x29, 0x43, 0x8}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1a}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @local}]}}}], 0xc8}, 0x0)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r9)
sendmsg$NFC_CMD_FW_DOWNLOAD(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r10, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

4.211638792s ago: executing program 3 (id=359):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x84, 0x7c, 0xfffffffffffffffe, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$kcm(r1, &(0x7f0000000600)={&(0x7f0000000540)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000240)='~', 0x1}], 0x1}, 0x48000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5c00000014006b03000000d86e6c1d0002845da60600000000000000e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700000000000000fe000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000040)

3.986781589s ago: executing program 0 (id=361):
r0 = io_uring_setup(0x17fb, &(0x7f0000000080)={0x0, 0x0, 0x80, 0x8000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)

3.283801339s ago: executing program 2 (id=362):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001d00010000000000ffdbdf2507000000", @ANYRES32=r3, @ANYBLOB="080006000a0002"], 0x30}}, 0x0)
signalfd(r2, &(0x7f0000000080)={[0x80]}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0xe, &(0x7f0000000780)=ANY=[@ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', r3, @fallback=0x12}, 0x94)

3.197260994s ago: executing program 0 (id=363):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_dev$vim2m(0x0, 0x800, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_open_procfs(r0, &(0x7f0000000340)='net/vlan/config\x00')
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r4, 0x7a6, &(0x7f0000000040)={0xb89b, 0x3, 0x2, 0x2, 0x0, 0x2})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c000280080004"], 0x4c}}, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014800800"], 0xf8}, 0x1, 0x1800000000000000, 0x0, 0x4048011}, 0xc000)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, &(0x7f0000000140)={&(0x7f0000000780)=[0x447, 0x89b1, 0x9, 0x9, 0x7, 0x7, 0x5, 0x4, 0x990, 0x1000, 0x3, 0x8000, 0x7, 0x1, 0x0, 0x1, 0x46f4, 0x5, 0x5, 0x4, 0x5, 0x4b, 0x1, 0x1, 0xa6ff, 0xffffffff, 0x1ff, 0xcdf9, 0x9, 0x7, 0x2, 0x3, 0x1, 0x1, 0x3, 0x1000, 0xfffffffc, 0x7, 0xc96, 0xb92, 0x3, 0x9, 0x9, 0x5, 0x9, 0x2, 0x9, 0x9, 0x2, 0xcab, 0x7, 0xfffff111, 0x7, 0x9, 0x3ff, 0x2, 0x8001, 0x7, 0x8, 0x7, 0xb32, 0x3, 0x5, 0x0, 0x58b7, 0x2, 0x5, 0xe4, 0x5, 0x10000, 0x8, 0xfffffffc, 0x6, 0xbc4, 0x9, 0x2, 0x8000, 0x101, 0x8, 0xb714, 0x6, 0x8, 0x101, 0x92a, 0x4, 0x0, 0xfff, 0x32b, 0x3, 0x9, 0x8, 0x0, 0x0, 0x0, 0x7fffffff, 0x8, 0x5, 0x4, 0x3, 0x7, 0x401, 0x4, 0x6, 0x8, 0x4, 0x38, 0x0, 0x4, 0xac0, 0xd3, 0x200000ff, 0x0, 0xfff, 0x0, 0x2, 0x4f, 0x3, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0x755, 0x3, 0x40, 0x65f5, 0xfffff801, 0x4, 0x0, 0x3, 0x8, 0xd86, 0xffffffff, 0x7fffffff, 0xff, 0x0, 0x8, 0x3, 0x3, 0x8, 0x8, 0x8, 0x3d, 0x8, 0xf, 0x6, 0x7, 0xa1, 0x5, 0x5ef5, 0x5f0, 0x7, 0x6, 0x0, 0xe, 0x63, 0x0, 0x1, 0xa7, 0x3, 0x40, 0x80, 0x3, 0x1, 0xffff0001, 0x40800000, 0x95, 0x8000, 0x0, 0x4c0, 0x5, 0xdfd, 0x8, 0x5, 0x9, 0x51eb, 0x9, 0x7, 0x1e38, 0x8, 0xffff047c, 0xd, 0x0, 0x2, 0x7b, 0x800, 0xffff, 0x5, 0xfffffffe, 0x2, 0x9, 0x3d, 0x4, 0x8, 0xd, 0x7fffffff, 0x4, 0xffff, 0x22, 0x6, 0x8001, 0x6, 0x5, 0x7, 0x7, 0x400, 0x6, 0x5, 0x401, 0x8, 0x9, 0x7, 0x7, 0x9, 0x1, 0x8, 0x66, 0x9, 0x4c3, 0x1, 0x2, 0x6, 0x5, 0x5, 0x0, 0x5, 0xffffffff, 0x174, 0x8e, 0x9, 0x9, 0x9fe3, 0xbc99, 0xcd3, 0xd700, 0x401, 0x7, 0x4, 0x9, 0xa, 0x101, 0x800, 0xfffffffc, 0x4f49, 0x2, 0x1, 0x6, 0x1, 0xb, 0x4, 0x5, 0x1000, 0x7, 0x400, 0x6, 0x100, 0x3ff, 0x0, 0x6, 0xffffffe6, 0x3, 0x10000, 0x383, 0x40, 0x9, 0x6, 0x101, 0x9, 0x7, 0x80f, 0x340000, 0x8c6, 0x62, 0x0, 0x3, 0x5, 0x2, 0x9, 0x9, 0xfffffffc, 0x7fff, 0x0, 0x7, 0x5, 0xff, 0x4, 0x5, 0x2b, 0xb32d, 0xfffffdab, 0x8, 0x9, 0x80000000, 0xf, 0x0, 0x8, 0x8, 0x1, 0xe3, 0xbcf6, 0x7, 0x8b9, 0x6b6, 0x4, 0x5, 0x3, 0x6, 0x1, 0x4, 0x401, 0xa40, 0xb, 0xfffffc01, 0x9, 0x2, 0x80, 0x9, 0x5, 0x4, 0x3ff, 0x7fffffff, 0x4, 0x6, 0x9, 0xc58, 0xc, 0x3, 0x10000, 0x4, 0x2, 0x7, 0x2, 0x6, 0xffff, 0x7, 0x5, 0xd, 0x5, 0x379, 0x6e9f, 0xe0fa, 0x1000, 0x7, 0x5, 0x0, 0x4, 0x0, 0x7, 0xffffffff, 0x4, 0x5, 0x3, 0xfffff100, 0x7, 0x80000000, 0x491, 0x40, 0xd, 0x4, 0x101, 0x1, 0x613d, 0x101, 0xd, 0x1, 0x3ff, 0x0, 0xc, 0xfffffffc, 0x4, 0x198, 0x61, 0x1, 0x5, 0x0, 0x9, 0xf911, 0xb, 0xffffffff, 0x6, 0x5, 0x8, 0x3, 0x4, 0xffffffb5, 0x91c9, 0x4, 0x1, 0x200, 0xff, 0x1, 0x7, 0x3ff, 0xcb2a, 0x8001, 0x1003, 0x700000, 0x3, 0x8, 0x9, 0x7fffffff, 0x7d17, 0x400, 0x9, 0xfffffffa, 0x8, 0x9, 0x8, 0x5, 0x2, 0x5, 0x4, 0x595, 0x0, 0x9, 0x6, 0xfffffffd, 0x6, 0x5, 0x8, 0xc1d, 0x3, 0x3000, 0x7, 0xffffffff, 0x1, 0x30000000, 0xfffffff3, 0x7, 0x800, 0x10000, 0xfffffffd, 0xfffff816, 0x401, 0x7, 0x3, 0x388, 0x2, 0x7, 0xca1b, 0xf, 0x0, 0x7, 0x4, 0x8, 0x7, 0x80000000, 0x1, 0x3, 0x9, 0x9, 0x9, 0x747, 0xffffff61, 0x0, 0x8, 0x3, 0x2, 0x8, 0x1, 0xffffff11, 0x2, 0x1, 0x6, 0x9, 0x7fb, 0x2, 0x9, 0x4, 0x2, 0x8, 0x4, 0x2a8c, 0x3, 0x525d, 0x8, 0x4, 0x9, 0x2, 0xa, 0x2, 0x2, 0x15c, 0x1, 0xe34b, 0x7, 0x3, 0x150, 0x6, 0x101, 0x4, 0x0, 0x2c, 0xb, 0x4, 0x8, 0xfff, 0x56a, 0x4, 0xffffffff, 0xa4, 0x80000001, 0x20000008, 0x4, 0x676d, 0x81, 0x7, 0x4, 0x1, 0x3, 0x1, 0xed90, 0x0, 0x7, 0x100, 0x1, 0x4, 0xb, 0xf2, 0x0, 0x7, 0x80, 0xfffffff1, 0xfffff65b, 0x40, 0x400, 0x81, 0x5, 0x8000000, 0x3ff, 0x3ff, 0xe1, 0x7009, 0xfff, 0x0, 0xf0cf, 0xf8ab, 0x8, 0xb, 0x9, 0xfffffb54, 0x8, 0x8, 0x80000001, 0xfff, 0x7, 0x2, 0x7fffffff, 0xffffffff, 0x8, 0xfffffada, 0x40, 0x7d0, 0x5, 0x7, 0x7ff, 0x7ff, 0x5b5, 0x8, 0x1, 0x10000, 0x9, 0x3, 0x5, 0xfffffff8, 0x5, 0x3, 0x2, 0x3, 0x7, 0x5f3, 0x404, 0x1c00, 0x1, 0xfffffffb, 0x80200000, 0x9, 0x80, 0x3, 0x910, 0x8ec, 0x8, 0xf7b, 0x5, 0x79, 0x1, 0x7ff, 0x9, 0x8008, 0x9, 0x401, 0x2, 0x7f, 0x2, 0x80000001, 0x1, 0x6, 0xd47, 0xca, 0x2, 0x100, 0x9, 0x0, 0x9, 0x5c1fc33e, 0x4, 0x0, 0xe, 0x8, 0x80000001, 0x2a1, 0x0, 0x106, 0xfffffff9, 0x4, 0x6, 0x3, 0x0, 0x20003200, 0x5, 0x892, 0x80000001, 0x4, 0x4, 0x40, 0xffffffff, 0x9, 0x887, 0xffffffff, 0x3, 0x1, 0x8, 0x18b348da, 0x1, 0x8, 0x9, 0x1, 0x2, 0x9, 0x5f05d22c, 0x9, 0x0, 0x2, 0x6, 0x8fe, 0x7ff, 0x7, 0x843f, 0x2, 0x7, 0xd575, 0x6, 0x8, 0x4, 0x6, 0x81, 0x7, 0x50000000, 0x6, 0x15, 0x8, 0xffd, 0x6, 0x10000, 0x3, 0x6, 0x749f4463, 0x4, 0x7c20c2c4, 0x2, 0x5, 0x4, 0xfffffffc, 0x5, 0x8, 0x2, 0x8, 0x7, 0x9, 0x8, 0x1, 0x8, 0x9, 0xfff, 0x1000, 0x8, 0x401, 0x1ecd, 0x4, 0x2, 0x3, 0x7b, 0x1, 0x4, 0x200, 0xff, 0x0, 0x3, 0x5, 0xa314, 0x3, 0x10001, 0x9, 0x3, 0x6, 0x7, 0x0, 0xbfb, 0x10000, 0x6, 0x6, 0x1ff, 0x3, 0x7, 0x0, 0x4, 0xff, 0x3, 0x80000000, 0x7, 0xff, 0xbe, 0x4, 0xfffffffe, 0xfffffffc, 0x9, 0x34, 0x3ff, 0x8, 0x5, 0x8, 0x3, 0x10000, 0x0, 0x4, 0x3, 0x9, 0x7, 0x46, 0x9, 0xffff, 0x81, 0x7, 0x2, 0x0, 0x73d, 0xd485, 0xff, 0x9, 0x97, 0x9, 0x6, 0x2, 0xdcc, 0x5e9a, 0xffff, 0x2, 0x9, 0xfffffffd, 0x7, 0xf, 0xfff, 0x4, 0x8, 0x4, 0x3cb, 0x4, 0x418, 0x10000, 0x7, 0x3, 0xa, 0x3b, 0x6, 0x47a, 0x1, 0x7fffffff, 0x7, 0x40, 0x6, 0x81, 0x7, 0x1ff, 0x8, 0x10, 0x9, 0x1, 0x9c, 0xf, 0x6, 0x5, 0x3, 0x3, 0x6, 0x8, 0x7fff, 0x4, 0x8, 0x1, 0xffff7fff, 0x1, 0x3, 0x38, 0xb2, 0x8, 0x2, 0x7, 0x2, 0x5, 0x166, 0x3, 0xe14a, 0x7, 0x4, 0x8, 0x7, 0x9, 0x9, 0x6, 0x8, 0x2, 0xb6, 0x53c, 0x5, 0x5, 0xfffffff9, 0x3, 0x5, 0x8, 0x5, 0x1, 0x6, 0xffffff7f, 0x80000001, 0x5, 0x9, 0x2, 0x0, 0x9, 0x5, 0x4, 0xe4, 0x1, 0x0, 0x5, 0x0, 0xe7d7, 0x7f, 0x101, 0x10000, 0x5, 0xffffffff, 0x9, 0x8, 0xe44e, 0x2, 0x80000000, 0x4, 0x2, 0x1c0460d3, 0xfffffffe, 0x800, 0x8001, 0x1, 0x2, 0x9, 0x3, 0xa190, 0x81, 0x2, 0x8, 0x0, 0x86, 0x7, 0xb90, 0xcf, 0xf8e4, 0x0, 0xd, 0x7, 0x100, 0x8000, 0x478, 0x6, 0x1, 0xb57, 0x5, 0x7, 0x9655, 0x2, 0x0, 0xfffff5d7, 0x3, 0x9, 0x7, 0x6, 0x9, 0xe, 0x4, 0x7, 0x8000, 0x3, 0x2, 0x6, 0x6, 0xae86, 0x4, 0x7, 0x401, 0x8, 0xffffffff, 0x60b, 0x3, 0x2, 0xb, 0x1, 0x2aa, 0xffffbeff, 0x18, 0x2, 0x100, 0x7, 0xfffffffa, 0x6, 0x1, 0x4, 0x0, 0x3, 0x9, 0x401, 0x8, 0xffffffe0, 0x7fffffff, 0x0, 0x100, 0x8, 0x101, 0x10001, 0xfffffffc, 0x8, 0x7, 0x10001, 0x5a1, 0x4, 0x1, 0x4, 0x8, 0x7f, 0x3, 0x7, 0x7, 0xc8, 0xfff, 0x149, 0x0, 0x0, 0x717e17b5, 0x2, 0x5da47ea8, 0x4, 0x400, 0x6, 0x7, 0x25, 0xd, 0x788f, 0x6, 0x7f, 0x71, 0x1, 0x0, 0x6cc7, 0x6, 0x5, 0x9, 0xfffffa99, 0x1000, 0xffffffff, 0xb4, 0x9900000, 0xd, 0xfffffffb, 0x7, 0xc, 0xf55, 0x6d14e279, 0x6, 0x200005, 0x1, 0x3, 0x152358f9, 0x6, 0xf43, 0x81, 0x9da1, 0x0, 0x6, 0x7f, 0x8, 0x6, 0xa1f, 0x80000001, 0xfffffff7, 0x4, 0xf77f, 0x5, 0x3, 0xc2a, 0xffffffff, 0x6, 0x80c, 0x2, 0x13c, 0xae, 0x2, 0x3, 0xfffffff8, 0x7, 0x3, 0xffffffff, 0x7, 0x8, 0x6, 0x1b04e], 0x2, 0x400, 0x8})
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r6, 0x0, 0xf, 0x0, 0x0)

3.196589191s ago: executing program 3 (id=364):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x45, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {0x0, 0x0, 0xe4ff}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r2=>0x0})
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000000), 0x12)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x2)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)='\x00', 0x1, 0x400c801, &(0x7f00000000c0)={0xa, 0x2, 0x10, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, 0x1c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12812, r5, 0x0)
socket(0x28, 0x5, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x1b, &(0x7f0000000800)=ANY=[], 0x0, 0x1, 0x11, &(0x7f00000004c0)=""/17, 0x40f00, 0x58, '\x00', r2, 0x25, r3, 0x8, &(0x7f0000000500)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0x3, 0x8001}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000580)=[{0x2, 0x4, 0x9, 0xa}, {0x5, 0x4, 0x4, 0x7}, {0x0, 0x1, 0x5, 0xb}, {0x3, 0x3, 0xa, 0x2}, {0x3, 0x2, 0x9}, {0x0, 0x4, 0x10, 0x8}], 0x10, 0x7}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000080)='wP', 0x2}], 0x1, 0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x2}, @func_proto]}, {0x0, [0x2e, 0x0, 0x0, 0x61]}}, 0x0, 0x3a}, 0x28)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r6, 0x110, 0x4, 0x0, 0x0)
close(0xffffffffffffffff)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.987510569s ago: executing program 3 (id=365):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r1)
sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)={0x2c, r2, 0xf03, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x15, 0x1, '\x00\x00\x00\x00\x00!\x00'/17}]}, 0x2c}}, 0x0)

2.903789417s ago: executing program 1 (id=366):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b, 0xffffffff}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}]}}}]}, 0x44}}, 0x0)

1.901668821s ago: executing program 0 (id=367):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007"], 0x48)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f00000000c0)={0x48})
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f0000000200)={0xc})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000500)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r3 = socket(0x28, 0x800000000, 0xbe0)
ioctl$SIOCPNENABLEPIPE(r3, 0x541b, 0x1000000000000)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
ioctl$SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, &(0x7f0000000280))
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f00010000000000000000000301008014007e00fc01000000000000000000000000000014000100ff02000000000000004000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b25bd81000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061d04003c0000"], 0x114}], 0x1}, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03)
r5 = syz_io_uring_setup(0x5973, &(0x7f00000003c0)={0x0, 0xfb04, 0x4, 0x3, 0x73}, &(0x7f0000000040), &(0x7f0000000340))
io_uring_enter(r5, 0x1b56, 0xd000, 0x18, &(0x7f0000000440)={[0x8]}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @time_exceeded={0xb, 0x2, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}}}}}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))

1.901046355s ago: executing program 2 (id=368):
pipe(&(0x7f0000000680))
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
socket$packet(0x11, 0x2, 0x300) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
fsopen(0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2007) (async)
r1 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x13, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYRESOCT=r4], 0xb8)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/oss_mixer\x00', 0x4000, 0x0)
dup3(r5, r4, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) (async)
connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00'}) (async)
socket$nl_route(0x10, 0x3, 0x0)

1.883458174s ago: executing program 4 (id=369):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="080200d705a769ea0700ce8cb30100"], 0x24}}, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), r2)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x943, 0x84)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
ioctl$IOCTL_VMCI_SET_NOTIFY(r5, 0x7cb, &(0x7f00000000c0)={0x6, 0x5, 0x4})
sendmsg$inet6(r4, &(0x7f0000001600)={&(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c, &(0x7f0000001580)=[{&(0x7f00000010c0)="bf", 0x1}], 0x1}, 0x0)
sendto$inet6(r4, &(0x7f00000001c0)='nN3ZM', 0x5, 0x4, &(0x7f0000000040)={0xa, 0x4e22, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x401}, 0x1c)
sendmsg$inet6(r4, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0)
shutdown(r4, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000001100)={0x0, @in6={{0xa, 0x0, 0x80000000, @rand_addr=' \x01\x00'}}, 0x0, 0x4}, &(0x7f0000000080)=0x9c)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000140)={0x81, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000000000000200000001000000000000000b00000007"])

1.849520969s ago: executing program 3 (id=370):
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x88040, 0x22)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001300000008000300", @ANYRES32=r5, @ANYBLOB="06001200000000000600b50085010200040013000a00060008021100000000000c0043"], 0x48}, 0x1, 0x0, 0x0, 0x45}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000040), &(0x7f0000000280)='%-010d \x00'}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r6}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0x10000)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102384, 0x18ff0)

1.750212506s ago: executing program 1 (id=371):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000140)=[@code={0x1, 0x67, {"b9960b000048b800100000000000000f23c00f21f835010000000f23f8f3480f2c76ae48b870512caba8d04c780f23d80f21f835000000b00f23f88fa9f812c10f01c5470f78a4ee54000000676564670f01c9460f07"}}], 0x67})
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x401)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x1, 0x3, 0xfffffffe, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x6, 0x2})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xf9)
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000640)={0x8, @pix_mp={0x0, 0x1, 0x30313953, 0x3, 0x1, [{0x0, 0x8}, {0x8, 0xe023}, {0x8, 0x8543}, {0x100, 0x6a}, {0x2, 0xc03}, {0x28, 0x7dbfcf14}, {0x80000000, 0x4e3a318d}, {0x2, 0x401}], 0x7, 0x7f, 0x7, 0x0, 0x6}})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)=0x9)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0xb3)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x4)

853.511379ms ago: executing program 0 (id=372):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000400)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xcc\x9a\xea\xe0\xb4\'\x06\x9c\xd2\xe8\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01{k\x9b_\xb8\xf6\xa7\a\xb5f\x11\xb1\x85\xa9J\xf9\xc6\xbe\x84\xd5P\xa5\xd0\xf9k\xa0q\xf38\xdb!\xceGY\x8bo\xf2\x85\x1e\x1a\xe2\x1dL|\x9d\xfa\xa7\xd3\xbd] \x03\xc1\x8f1/u\xb5\xce\a\xf8\x19W[\xa8\x1a\x91>6\x87\x95[\xeapD\xad\bI\xe8|\x0f\xa1\xee^\xf5]\xe5z\xfd=\xabc\xea\x84\xe7\xee\r,\xf3\x00\x82-\x13\x9bIdd>\x14\xc2\xe5\xd5\xb2\xe8\xb7\x18\x89\x01\xf1\xec\x18zZ\xa9\xd4\xdf3q\x8b\xfeg\xa6e\xf3-\"\xb5\xc5\xa4C5\xa2\xa2\xfbm\xf3\x91T0'], 0xf6ff})

593.698596ms ago: executing program 0 (id=373):
syz_emit_ethernet(0x67, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a27f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x2, 0x8}], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000007000000aa11000001"], 0x0)

448.599497ms ago: executing program 2 (id=374):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x4, &(0x7f0000000100)=@framed={{}, [@ldst={0x3, 0x0, 0x6, 0x0, 0xa, 0x0, 0x51}]}, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x700}, 0x90)

408.34848ms ago: executing program 4 (id=375):
syz_open_dev$hiddev(0x0, 0xffffffffffffffff, 0x8601)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800010001000000140007000000000000000005"], 0x74}, 0x1, 0x2000000}, 0x0)

285.880722ms ago: executing program 0 (id=376):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = fanotify_init(0x8, 0x80000)
fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x604, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

18.964827ms ago: executing program 4 (id=377):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000400)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440), &(0x7f00000000c0)=[0x0, 0xff, 0xf], 0x0, 0x0, 0x0, 0x800000080})
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x1, 0x1, 0x7fff0004}]})
r4 = semget$private(0x0, 0x5, 0x0)
semtimedop(r4, &(0x7f0000000080)=[{0x2, 0x1, 0x800}], 0x1, 0x0)
write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
creat(&(0x7f0000000140)='./file0\x00', 0x0)

0s ago: executing program 2 (id=378):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="030626c27000fedbdf255820601eb96cb27e", @ANYRES32=0x0, @ANYBLOB="0c0006000100000001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r4 = gettid()
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r5, &(0x7f0000000200)=""/202, 0xca)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}})
tkill(r4, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r5, 0x40045304, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/vmstat\x00', 0x0, 0x0)
futex_waitv(&(0x7f00000011c0)=[{0x7ff, &(0x7f0000000180)=0x6, 0x82}, {0x9, &(0x7f00000001c0)=0x4, 0x2}, {0x8000000000000001, &(0x7f0000000300)=0xfff, 0x2}, {0x0, &(0x7f0000000340)=0x18, 0x82}, {0x2, &(0x7f0000000440)=0x81, 0x82}, {0x350, &(0x7f0000000480)=0x5, 0x82}, {0x401, &(0x7f00000004c0)=0x2, 0x2}, {0x3, &(0x7f0000000500)=0x5, 0x2}, {0x2, &(0x7f0000000540)=0x4, 0x2}, {0x9, &(0x7f0000000580)=0x3, 0x2}, {0x400, &(0x7f00000005c0)=0x4000000000000000, 0x2}, {0x2, &(0x7f0000000600), 0x82}, {0x3ff, &(0x7f0000000640)=0x4, 0x82}, {0x400, &(0x7f0000000680)=0x3ff, 0x2}, {0x2, &(0x7f00000006c0)=0x80, 0x2}, {0x1, &(0x7f0000000740)=0x3, 0x82}, {0x4, &(0x7f0000000780)=0x8, 0x82}, {0x100, &(0x7f00000007c0)=0x6, 0x82}, {0x6, &(0x7f0000000800)=0xeb5c, 0x2}, {0x4, &(0x7f0000000840)=0x5}, {0x7fffffffffffffff, &(0x7f0000000880)=0x7fff, 0x82}, {0x380000000000000, &(0x7f00000008c0)=0x7fff, 0x2}, {0x0, &(0x7f0000000900)=0x8001, 0x2}, {0x9, &(0x7f0000000940)=0x1ff, 0x82}, {0x7, &(0x7f0000000980)=0xba, 0x2}, {0x6, &(0x7f00000009c0)=0x3ff, 0x2}, {0x100000000, &(0x7f0000000a00)=0x3, 0x2}, {0x7, &(0x7f0000000a40)=0x4, 0x82}, {0xe, &(0x7f0000000a80)=0x6, 0x2}, {0x2, &(0x7f0000000ac0)=0x2, 0x82}, {0x2a4, &(0x7f0000000b00)=0x401, 0x2}, {0x7, &(0x7f0000000b40)=0x101, 0x82}, {0xfff, &(0x7f0000000b80)=0x10, 0x2}, {0x768, &(0x7f0000000bc0)=0x9, 0x2}, {0x5, &(0x7f0000000c00)=0xffffffffffff0000, 0x2}, {0xfffffffffffff801, &(0x7f0000000c40)=0xfffffffffffffffa, 0x82}, {0x73c, &(0x7f0000000c80)=0x8000000000000000, 0x82}, {0x2, &(0x7f0000000cc0)=0x1, 0x82}], 0x26, 0x0, &(0x7f0000000d00)={0x0, 0x3938700}, 0x35f66d9d6861788e)
sendfile(r6, r7, 0x0, 0x20000023896)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000100)={0x4, 0x26, 0x0, 0x8, 0x1, 0xa7f})
read$FUSE(r7, &(0x7f0000006380)={0x2020, 0x0, <r8=>0x0}, 0x2081)
write$FUSE_INIT(r3, &(0x7f0000000100)={0x50, 0x0, r8, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x84c, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r9 = dup(r2)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000791208000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_inet_udp_SIOCINQ(r9, 0x541b, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts.
[   82.845547][ T5805] cgroup: Unknown subsys name 'net'
[   82.954852][ T5805] cgroup: Unknown subsys name 'cpuset'
[   82.964378][ T5805] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.639383][ T5805] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.946471][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.958151][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.958416][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.974403][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.979928][ T5830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.982557][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   88.989051][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.997341][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.007326][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   89.010725][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   89.019841][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   89.024735][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.032938][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   89.039496][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   89.047411][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.053372][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   89.059311][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.067465][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   89.080596][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.081452][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   89.088838][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.103278][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.132971][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   89.147249][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   89.156622][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   89.807974][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   89.935336][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   89.972607][ T5817] chnl_net:caif_netlink_parms(): no params data found
[   90.076211][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   90.107661][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   90.163015][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.170599][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.178852][ T5819] bridge_slave_0: entered allmulticast mode
[   90.186203][ T5819] bridge_slave_0: entered promiscuous mode
[   90.237784][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.250355][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.257782][ T5819] bridge_slave_1: entered allmulticast mode
[   90.266535][ T5819] bridge_slave_1: entered promiscuous mode
[   90.362085][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.369301][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.376749][ T5817] bridge_slave_0: entered allmulticast mode
[   90.384089][ T5817] bridge_slave_0: entered promiscuous mode
[   90.392869][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.400018][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.407302][ T5817] bridge_slave_1: entered allmulticast mode
[   90.414971][ T5817] bridge_slave_1: entered promiscuous mode
[   90.429340][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.437263][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.444687][ T5816] bridge_slave_0: entered allmulticast mode
[   90.451945][ T5816] bridge_slave_0: entered promiscuous mode
[   90.496618][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.506128][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.513420][ T5816] bridge_slave_1: entered allmulticast mode
[   90.520519][ T5816] bridge_slave_1: entered promiscuous mode
[   90.542285][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.603112][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.654298][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.667074][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.705733][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.732622][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.739724][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.748492][ T5821] bridge_slave_0: entered allmulticast mode
[   90.755846][ T5821] bridge_slave_0: entered promiscuous mode
[   90.777643][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.785093][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.792560][ T5832] bridge_slave_0: entered allmulticast mode
[   90.799728][ T5832] bridge_slave_0: entered promiscuous mode
[   90.810769][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.823624][ T5819] team0: Port device team_slave_0 added
[   90.834171][ T5819] team0: Port device team_slave_1 added
[   90.840662][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.848387][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.856206][ T5821] bridge_slave_1: entered allmulticast mode
[   90.863631][ T5821] bridge_slave_1: entered promiscuous mode
[   90.885477][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.893047][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.900250][ T5832] bridge_slave_1: entered allmulticast mode
[   90.907728][ T5832] bridge_slave_1: entered promiscuous mode
[   90.969554][ T5817] team0: Port device team_slave_0 added
[   91.006078][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.013779][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.040595][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.055598][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.063163][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.089398][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.114931][ T5817] team0: Port device team_slave_1 added
[   91.121673][ T5834] Bluetooth: hci1: command tx timeout
[   91.153250][ T5816] team0: Port device team_slave_0 added
[   91.169262][ T5816] team0: Port device team_slave_1 added
[   91.190179][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.201496][ T5833] Bluetooth: hci2: command tx timeout
[   91.207246][ T5833] Bluetooth: hci3: command tx timeout
[   91.212956][ T5836] Bluetooth: hci0: command tx timeout
[   91.219372][ T5834] Bluetooth: hci4: command tx timeout
[   91.228897][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.274101][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.284357][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.291415][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.317983][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.331261][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.357421][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.364533][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.390592][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.403790][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.410760][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.437021][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.460559][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.467894][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.494308][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.543398][ T5819] hsr_slave_0: entered promiscuous mode
[   91.550043][ T5819] hsr_slave_1: entered promiscuous mode
[   91.580537][ T5821] team0: Port device team_slave_0 added
[   91.602542][ T5832] team0: Port device team_slave_0 added
[   91.629496][ T5821] team0: Port device team_slave_1 added
[   91.637607][ T5832] team0: Port device team_slave_1 added
[   91.738040][ T5816] hsr_slave_0: entered promiscuous mode
[   91.745338][ T5816] hsr_slave_1: entered promiscuous mode
[   91.751772][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.759690][ T5816] Cannot create hsr debugfs directory
[   91.766320][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.773442][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.803755][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.885025][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.892390][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.918628][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.932948][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.939910][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.966364][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.985216][ T5817] hsr_slave_0: entered promiscuous mode
[   91.991574][ T5817] hsr_slave_1: entered promiscuous mode
[   91.997581][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.006907][  T977] cfg80211: failed to load regulatory.db
[   92.009200][ T5817] Cannot create hsr debugfs directory
[   92.049442][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.056962][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.084751][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.280013][ T5821] hsr_slave_0: entered promiscuous mode
[   92.286833][ T5821] hsr_slave_1: entered promiscuous mode
[   92.293166][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.300722][ T5821] Cannot create hsr debugfs directory
[   92.313449][ T5832] hsr_slave_0: entered promiscuous mode
[   92.319726][ T5832] hsr_slave_1: entered promiscuous mode
[   92.326242][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.333834][ T5832] Cannot create hsr debugfs directory
[   92.739131][ T5819] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.786494][ T5819] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.814632][ T5819] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.847085][ T5819] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.894587][ T5816] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   92.912623][ T5816] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   92.925817][ T5816] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   92.937550][ T5816] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   93.039978][ T5817] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   93.055364][ T5817] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.073429][ T5817] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.088406][ T5817] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.201985][ T5834] Bluetooth: hci1: command tx timeout
[   93.224857][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.246307][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.257782][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.268520][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.281192][ T5833] Bluetooth: hci3: command tx timeout
[   93.286647][ T5833] Bluetooth: hci0: command tx timeout
[   93.293294][ T5836] Bluetooth: hci2: command tx timeout
[   93.298850][ T5834] Bluetooth: hci4: command tx timeout
[   93.331587][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.426679][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.452251][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   93.459130][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.487899][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.499092][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.516721][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.523965][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.541509][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.594484][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.601703][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.615599][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   93.638635][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.645789][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.699266][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.713110][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.720244][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.799426][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   93.846175][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.865397][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.872547][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.906795][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   93.939708][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.946909][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.960304][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.967434][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.051771][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.059025][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.105164][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.348058][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   94.414402][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.421642][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.468491][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.475708][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.526470][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.576091][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.680216][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   94.766997][ T5816] veth0_vlan: entered promiscuous mode
[   94.820527][ T5816] veth1_vlan: entered promiscuous mode
[   94.848908][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.908874][ T5819] veth0_vlan: entered promiscuous mode
[   95.018713][ T5816] veth0_macvtap: entered promiscuous mode
[   95.038562][ T5819] veth1_vlan: entered promiscuous mode
[   95.074372][ T5816] veth1_macvtap: entered promiscuous mode
[   95.214518][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.247724][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.272630][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.288950][ T5833] Bluetooth: hci1: command tx timeout
[   95.308295][ T5819] veth0_macvtap: entered promiscuous mode
[   95.327149][ T5816] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.336843][ T5816] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.346170][ T5816] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.359136][ T5816] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.369428][ T5833] Bluetooth: hci0: command tx timeout
[   95.372017][ T5834] Bluetooth: hci4: command tx timeout
[   95.374954][ T5833] Bluetooth: hci3: command tx timeout
[   95.380226][ T5834] Bluetooth: hci2: command tx timeout
[   95.396427][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.419476][ T5819] veth1_macvtap: entered promiscuous mode
[   95.456137][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.498981][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.567358][ T5819] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.577394][ T5819] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.586353][ T5819] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.595088][ T5819] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.626709][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.647500][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.677463][ T5821] veth0_vlan: entered promiscuous mode
[   95.739052][ T5817] veth0_vlan: entered promiscuous mode
[   95.753557][ T5821] veth1_vlan: entered promiscuous mode
[   95.773389][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.780373][ T5832] veth0_vlan: entered promiscuous mode
[   95.796003][ T5817] veth1_vlan: entered promiscuous mode
[   95.805108][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.867221][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.883173][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.920119][ T5832] veth1_vlan: entered promiscuous mode
[   95.940584][ T5816] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   95.996438][ T5821] veth0_macvtap: entered promiscuous mode
[   96.012015][ T5817] veth0_macvtap: entered promiscuous mode
[   96.030435][ T5817] veth1_macvtap: entered promiscuous mode
[   96.038697][ T5832] veth0_macvtap: entered promiscuous mode
[   96.063461][ T5821] veth1_macvtap: entered promiscuous mode
[   96.101613][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.109559][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.115581][ T5832] veth1_macvtap: entered promiscuous mode
[   96.170392][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.753079][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.768869][ T5938] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   96.781323][ T5939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2'.
[   96.795561][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.838260][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.875914][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.897230][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.907155][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.918303][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.946023][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.036842][ T5817] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.054783][ T5817] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.070897][ T5817] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.079755][ T5817] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.107494][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.195420][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.209817][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.221995][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.231833][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.361836][ T5834] Bluetooth: hci1: command tx timeout
[   97.404986][   T43] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   97.441414][ T5836] Bluetooth: hci2: command tx timeout
[   97.441432][ T5833] Bluetooth: hci4: command tx timeout
[   97.441467][ T5833] Bluetooth: hci0: command tx timeout
[   97.447465][ T5834] Bluetooth: hci3: command tx timeout
[   97.476474][ T4523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.495298][ T4523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.549763][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.576123][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.608456][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.634346][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.635778][   T43] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[   97.656206][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.678167][   T43] usb 2-1: config 0 descriptor??
[   97.699890][ T4523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.725347][ T4523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.732620][   T43] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[   97.747754][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.756409][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.863319][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.875378][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.929225][ T5931] IPVS: starting estimator thread 0...
[   98.051283][ T5951] IPVS: using max 29 ests per chain, 69600 per kthread
[   98.111246][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.247460][   T43] gp8psk: usb in 137 operation failed.
[   98.548874][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   98.616668][   T43] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   98.665561][   T43] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[   98.753953][   T43] usb 2-1: USB disconnect, device number 2
[   98.840259][ T5959] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[   98.958555][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.021217][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   99.061095][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.163333][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.265756][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.675021][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   99.675262][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   99.962809][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.336476][ T5993] netlink: 4344 bytes leftover after parsing attributes in process `syz.4.15'.
[  102.361088][ T5996] syz.2.14 uses obsolete (PF_INET,SOCK_PACKET)
[  102.374761][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.658319][ T5833] Bluetooth: hci4: command 0x0405 tx timeout
[  107.090196][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'.
[  107.133957][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'.
[  107.189847][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'.
[  107.220498][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'.
[  107.262864][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'.
[  107.373315][ T3079] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  107.705731][ T3079] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.855452][ T3079] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.028233][ T3079] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  108.230018][ T3079] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  108.380123][ T3079] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.680105][ T3079] usb 4-1: config 0 descriptor??
[  109.054956][ T6014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.077128][ T6014] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.542653][ T3079] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  110.001222][ T3079] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  110.384109][    C1] plantronics 0003:047F:FFFF.0001: hid_field_extract() called with n (132) > 32! (syz-executor)
[  110.824045][    T9] usb 4-1: USB disconnect, device number 2
[  111.012708][ T6047] capability: warning: `syz.0.32' uses deprecated v2 capabilities in a way that may be insecure
[  111.108410][ T6041] fido_id[6041]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  111.723457][ T6042] trusted_key: syz.1.28 sent an empty control message without MSG_MORE.
[  111.991215][   T30] audit: type=1326 audit(1750882117.729:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6045 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb9f8e929 code=0x7ffc0000
[  112.012364][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.039394][ T6069] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.787990][ T6077] netlink: 'syz.0.41': attribute type 14 has an invalid length.
[  114.134189][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  114.320057][ T6082] mmap: syz.4.40 (6082) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  114.761440][ T6074] netlink: 32 bytes leftover after parsing attributes in process `syz.0.41'.
[  114.805830][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.859739][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.916644][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  114.992993][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  115.053284][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.083788][    T9] usb 4-1: config 0 descriptor??
[  115.529804][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.563683][ T6097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.48'.
[  115.573618][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.705693][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.713257][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.721382][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.730554][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.738242][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.755177][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.770142][ T5893] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  115.787168][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.798451][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.806471][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.814681][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.831017][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.851914][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  115.950943][ T5893] usb 3-1: Using ep0 maxpacket: 8
[  116.687420][    T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  116.696913][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  116.707596][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  116.720342][    T9] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  116.728456][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  116.739318][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.753694][ T5893] usb 3-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  116.768271][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.777999][    T9] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  116.813230][    T9] usb 4-1: USB disconnect, device number 3
[  116.820195][ T5893] usb 3-1: config 0 descriptor??
[  116.835790][ T5893] hso 3-1:0.0: Can't find BULK IN endpoint
[  117.040273][ T6111] fido_id[6111]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  117.099566][ T6094] capability: warning: `syz.2.46' uses 32-bit capabilities (legacy support in use)
[  117.162617][ T5893] usb 3-1: USB disconnect, device number 2
[  117.470718][ T6117] process 'syz.4.54' launched '/dev/fd/9' with NULL argv: empty string added
[  117.876373][ T6117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.54'.
[  118.022165][ T6119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.54'.
[  118.071091][ T3079] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  118.129621][ T6119] netlink: 'syz.4.54': attribute type 1 has an invalid length.
[  118.151211][ T6119] netlink: 'syz.4.54': attribute type 2 has an invalid length.
[  118.229186][ T6131] zonefs (nullb0) ERROR: Not a zoned block device
[  118.253807][ T3079] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  120.347768][ T3079] usb 4-1: config 1 has no interface number 1
[  120.355471][ T3079] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  120.355501][ T3079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.355521][ T3079] usb 4-1: Product: syz
[  120.355544][ T3079] usb 4-1: Manufacturer: syz
[  120.355559][ T3079] usb 4-1: SerialNumber: syz
[  120.534201][ T6145] input: syz1 as /devices/virtual/input/input6
[  120.581399][ T6121] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.55'.
[  120.634572][ T6121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'.
[  120.638537][ T6146] netlink: 256 bytes leftover after parsing attributes in process `syz.2.60'.
[  120.657321][ T6145] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.759159][ T6148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'.
[  120.839429][ T6121] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  121.566086][ T6148] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.576582][ T6148] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.947261][ T3079] usb 4-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  122.015920][ T3079] usb 4-1: failed to enable PITCH for EP 0x82
[  122.211316][ T3079] usb 4-1: USB disconnect, device number 4
[  122.383746][ T6173] netlink: 20 bytes leftover after parsing attributes in process `syz.4.68'.
[  123.052611][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  123.453778][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  123.584377][ T6189] FAULT_INJECTION: forcing a failure.
[  123.584377][ T6189] name failslab, interval 1, probability 0, space 0, times 1
[  123.611473][ T6189] CPU: 1 UID: 0 PID: 6189 Comm: syz.0.72 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  123.611501][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  123.611511][ T6189] Call Trace:
[  123.611518][ T6189]  <TASK>
[  123.611526][ T6189]  dump_stack_lvl+0x189/0x250
[  123.611559][ T6189]  ? __pfx____ratelimit+0x10/0x10
[  123.611585][ T6189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.611611][ T6189]  ? __pfx__printk+0x10/0x10
[  123.611637][ T6189]  ? __pfx___might_resched+0x10/0x10
[  123.611663][ T6189]  ? fs_reclaim_acquire+0x7d/0x100
[  123.611694][ T6189]  should_fail_ex+0x414/0x560
[  123.611729][ T6189]  should_failslab+0xa8/0x100
[  123.611754][ T6189]  __kmalloc_noprof+0xcb/0x4f0
[  123.611782][ T6189]  ? kfree+0x4d/0x440
[  123.611799][ T6189]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  123.611831][ T6189]  tomoyo_realpath_from_path+0xe3/0x5d0
[  123.611860][ T6189]  ? tomoyo_domain+0xda/0x130
[  123.611892][ T6189]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  123.611915][ T6189]  tomoyo_path_number_perm+0x1e8/0x5a0
[  123.611941][ T6189]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  123.611983][ T6189]  ? __lock_acquire+0xab9/0xd20
[  123.612030][ T6189]  ? __fget_files+0x2a/0x420
[  123.612057][ T6189]  ? __fget_files+0x2a/0x420
[  123.612078][ T6189]  ? __fget_files+0x3a0/0x420
[  123.612100][ T6189]  ? __fget_files+0x2a/0x420
[  123.612128][ T6189]  security_file_ioctl+0xcb/0x2d0
[  123.612155][ T6189]  __se_sys_ioctl+0x47/0x170
[  123.612177][ T6189]  do_syscall_64+0xfa/0x3b0
[  123.612202][ T6189]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.612226][ T6189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.612245][ T6189]  ? clear_bhb_loop+0x60/0xb0
[  123.612267][ T6189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.612285][ T6189] RIP: 0033:0x7f8fb9f8e929
[  123.612301][ T6189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.612317][ T6189] RSP: 002b:00007f8fbae76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.612338][ T6189] RAX: ffffffffffffffda RBX: 00007f8fba1b5fa0 RCX: 00007f8fb9f8e929
[  123.612351][ T6189] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  123.612362][ T6189] RBP: 00007f8fbae76090 R08: 0000000000000000 R09: 0000000000000000
[  123.612373][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.612383][ T6189] R13: 0000000000000000 R14: 00007f8fba1b5fa0 R15: 00007ffc4dda3d78
[  123.612415][ T6189]  </TASK>
[  123.612450][ T6189] ERROR: Out of memory at tomoyo_realpath_from_path.
[  123.680266][   T10] usb 5-1: Using ep0 maxpacket: 8
[  123.947603][   T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  123.957302][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.970207][   T10] usb 5-1: config 0 descriptor??
[  124.301699][ T3079] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  124.409471][ T6204] ip6gretap0: entered promiscuous mode
[  124.513227][ T3079] usb 4-1: config 0 has an invalid interface number: 95 but max is 0
[  124.532156][ T3079] usb 4-1: config 0 has no interface number 0
[  124.573778][ T3079] usb 4-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8
[  124.836884][ T3079] usb 4-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  124.847458][ T3079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.857754][ T3079] usb 4-1: Product: syz
[  124.873503][ T3079] usb 4-1: Manufacturer: syz
[  124.884588][ T3079] usb 4-1: SerialNumber: syz
[  124.909170][ T3079] usb 4-1: config 0 descriptor??
[  124.939529][ T6198] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  125.134134][ T6211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.78'.
[  125.174912][ T3079] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  125.198378][ T3079] usb 4-1: MIDIStreaming interface descriptor not found
[  125.310698][ T3079] usb 4-1: USB disconnect, device number 5
[  125.387389][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  125.780932][   T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  125.958956][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.022770][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  126.104816][   T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  126.148047][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  126.176903][   T24] usb 3-1: SerialNumber: syz
[  126.295219][   T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71
[  126.400490][   T10] asix 5-1:0.0: probe with driver asix failed with error -71
[  126.702197][   T10] usb 5-1: USB disconnect, device number 2
[  126.814305][ T6219] netlink: del zone limit has 4 unknown bytes
[  126.897430][   T24] usb 3-1: 0:2 : does not exist
[  126.922181][   T24] usb 3-1: unit 5 not found!
[  127.016867][   T24] usb 3-1: USB disconnect, device number 3
[  127.029881][ T6236] loop8: detected capacity change from 0 to 16384
[  127.087106][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  127.345306][    C0] I/O error, dev loop8, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  127.355761][    C0] I/O error, dev loop8, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  127.365245][    C0] Buffer I/O error on dev loop8, logical block 2, async page read
[  127.386220][    C0] I/O error, dev loop8, sector 1800 op 0x0:(READ) flags 0x80700 phys_seg 9 prio class 0
[  127.396356][    C0] I/O error, dev loop8, sector 2056 op 0x0:(READ) flags 0x80700 phys_seg 9 prio class 0
[  127.413176][ T6239] loop8: detected capacity change from 16384 to 0
[  127.583919][ T6249] netlink: 'syz.4.89': attribute type 23 has an invalid length.
[  129.458964][ T6261] Zero length message leads to an empty skb
[  130.080731][ T6282] netlink: 104 bytes leftover after parsing attributes in process `syz.2.104'.
[  130.291080][ T5900] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  130.466967][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  130.488520][ T5900] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.536510][ T5900] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  130.547355][ T6293] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  130.628234][ T5900] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  131.603200][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  131.627093][    T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  131.641649][    T9] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  131.656593][ T5900] usb 1-1: SerialNumber: syz
[  132.519538][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  132.951849][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  132.985634][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.997884][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  133.000872][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  133.070840][ T6307] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  133.246200][ T5900] usb 1-1: 0:2 : does not exist
[  133.279653][    T9] usb 3-1: string descriptor 0 read error: -71
[  133.299578][ T5900] usb 1-1: unit 5 not found!
[  133.319889][    T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  133.356009][    T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  133.370727][ T5900] usb 1-1: USB disconnect, device number 2
[  133.394863][    T9] usb 3-1: can't set config #1, error -71
[  133.422262][ T6312] syz_tun: entered allmulticast mode
[  133.519141][    T9] usb 3-1: USB disconnect, device number 4
[  133.608024][ T6318] FAULT_INJECTION: forcing a failure.
[  133.608024][ T6318] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  133.621467][ T6318] CPU: 0 UID: 0 PID: 6318 Comm: syz.0.116 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  133.621493][ T6318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.621503][ T6318] Call Trace:
[  133.621510][ T6318]  <TASK>
[  133.621518][ T6318]  dump_stack_lvl+0x189/0x250
[  133.621547][ T6318]  ? __pfx____ratelimit+0x10/0x10
[  133.621567][ T6318]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.621583][ T6318]  ? __pfx__printk+0x10/0x10
[  133.621594][ T6318]  ? __might_fault+0xb0/0x130
[  133.621614][ T6318]  should_fail_ex+0x414/0x560
[  133.621630][ T6318]  _copy_from_user+0x2d/0xb0
[  133.621641][ T6318]  ___sys_sendmsg+0x158/0x2a0
[  133.621656][ T6318]  ? __pfx____sys_sendmsg+0x10/0x10
[  133.621690][ T6318]  ? __fget_files+0x2a/0x420
[  133.621704][ T6318]  ? __fget_files+0x3a0/0x420
[  133.621724][ T6318]  __x64_sys_sendmsg+0x19b/0x260
[  133.621746][ T6318]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  133.621773][ T6318]  do_syscall_64+0xfa/0x3b0
[  133.621789][ T6318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.621799][ T6318]  ? asm_sysvec_call_function_single+0x1a/0x20
[  133.621810][ T6318]  ? clear_bhb_loop+0x60/0xb0
[  133.621822][ T6318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.621832][ T6318] RIP: 0033:0x7f8fb9f8e929
[  133.621843][ T6318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.621852][ T6318] RSP: 002b:00007f8fbae55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  133.621865][ T6318] RAX: ffffffffffffffda RBX: 00007f8fba1b6080 RCX: 00007f8fb9f8e929
[  133.621873][ T6318] RDX: 0000000000000084 RSI: 0000200000000000 RDI: 0000000000000005
[  133.621880][ T6318] RBP: 00007f8fbae55090 R08: 0000000000000000 R09: 0000000000000000
[  133.621886][ T6318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.621892][ T6318] R13: 0000000000000000 R14: 00007f8fba1b6080 R15: 00007ffc4dda3d78
[  133.621909][ T6318]  </TASK>
[  134.292369][   T10] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  134.315787][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  134.331408][ T6325] =======================================================
[  134.331408][ T6325] WARNING: The mand mount option has been deprecated and
[  134.331408][ T6325]          and is ignored by this kernel. Remove the mand
[  134.331408][ T6325]          option from the mount to silence this warning.
[  134.331408][ T6325] =======================================================
[  134.456816][   T10] usb 4-1: device descriptor read/64, error -71
[  134.467123][ T6325] tmpfs: Bad value for 'mpol'
[  134.562866][ T5833] Bluetooth: hci4: command 0x0405 tx timeout
[  134.701859][ T5900] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  135.161014][   T10] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  135.282718][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  135.313872][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.324385][   T10] usb 4-1: device descriptor read/64, error -71
[  136.673017][ T5913] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  136.693883][ T5900] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  137.044994][ T6312] syz_tun: left allmulticast mode
[  137.052038][   T10] usb usb4-port1: attempt power cycle
[  137.208675][ T5900] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  137.217935][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.226485][ T5900] usb 1-1: Product: syz
[  137.231277][ T5900] usb 1-1: Manufacturer: syz
[  137.235911][ T5900] usb 1-1: SerialNumber: syz
[  137.297973][ T5900] usb 1-1: config 0 descriptor??
[  137.383671][ T5913] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  137.391933][ T5913] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.396421][   T24] usb 1-1: USB disconnect, device number 3
[  137.410257][ T6342] FAULT_INJECTION: forcing a failure.
[  137.410257][ T6342] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.429032][ T5913] usb 2-1: config 0 has no interface number 0
[  137.448580][ T6342] CPU: 1 UID: 0 PID: 6342 Comm: syz.3.125 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  137.448608][ T6342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.448619][ T6342] Call Trace:
[  137.448625][ T6342]  <TASK>
[  137.448633][ T6342]  dump_stack_lvl+0x189/0x250
[  137.448666][ T6342]  ? __pfx____ratelimit+0x10/0x10
[  137.448692][ T6342]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.448718][ T6342]  ? __pfx__printk+0x10/0x10
[  137.448736][ T6342]  ? __might_fault+0xb0/0x130
[  137.448770][ T6342]  should_fail_ex+0x414/0x560
[  137.448797][ T6342]  _copy_from_user+0x2d/0xb0
[  137.448816][ T6342]  ___sys_sendmsg+0x158/0x2a0
[  137.448841][ T6342]  ? __pfx____sys_sendmsg+0x10/0x10
[  137.448902][ T6342]  ? __fget_files+0x2a/0x420
[  137.448924][ T6342]  ? __fget_files+0x3a0/0x420
[  137.448958][ T6342]  __x64_sys_sendmsg+0x19b/0x260
[  137.448983][ T6342]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  137.449014][ T6342]  ? __pfx_ksys_write+0x10/0x10
[  137.449041][ T6342]  ? do_syscall_64+0xbe/0x3b0
[  137.449072][ T6342]  do_syscall_64+0xfa/0x3b0
[  137.449095][ T6342]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.449119][ T6342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.449137][ T6342]  ? clear_bhb_loop+0x60/0xb0
[  137.449159][ T6342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.449176][ T6342] RIP: 0033:0x7eff14b8e929
[  137.449193][ T6342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.449207][ T6342] RSP: 002b:00007eff159c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.449228][ T6342] RAX: ffffffffffffffda RBX: 00007eff14db6080 RCX: 00007eff14b8e929
[  137.449240][ T6342] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  137.449251][ T6342] RBP: 00007eff159c5090 R08: 0000000000000000 R09: 0000000000000000
[  137.449262][ T6342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.449273][ T6342] R13: 0000000000000001 R14: 00007eff14db6080 R15: 00007fffd3124448
[  137.449303][ T6342]  </TASK>
[  137.474473][ T5913] usb 2-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x13, changing to 0x3
[  137.729957][ T5913] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  137.757936][ T5913] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.796758][ T5913] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  137.914019][ T5913] usb 2-1: config 0 interface 52 has no altsetting 0
[  137.937333][ T5913] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  137.947146][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  137.959540][ T5913] usb 2-1: Product: syz
[  137.971011][ T5913] usb 2-1: SerialNumber: syz
[  137.981803][ T5877] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  138.008726][ T5913] usb 2-1: config 0 descriptor??
[  138.164907][ T5877] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  138.221020][ T5877] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  138.248825][ T5877] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  138.387261][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  138.420157][ T5877] usb 3-1: SerialNumber: syz
[  138.452698][ T3079] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  138.461166][ T6357] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  138.478942][ T5913] usb 2-1: Can not set alternate setting to 1, error: -71
[  138.504955][ T6357] bond1: entered promiscuous mode
[  138.510035][ T6357] bond1: entered allmulticast mode
[  138.515654][ T6357] 8021q: adding VLAN 0 to HW filter on device bond1
[  138.533161][ T5913] synaptics_usb 2-1:0.52: probe with driver synaptics_usb failed with error -71
[  138.573811][ T5913] usb 2-1: USB disconnect, device number 3
[  138.769820][ T3079] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  138.781078][ T3079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.789141][ T3079] usb 1-1: Product: syz
[  138.843648][ T3079] usb 1-1: Manufacturer: syz
[  138.848355][ T3079] usb 1-1: SerialNumber: syz
[  138.892984][ T3079] usb 1-1: config 0 descriptor??
[  138.922788][ T6344] netlink: del zone limit has 4 unknown bytes
[  139.024725][ T3079] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  139.037282][ T5877] usb 3-1: 0:2 : does not exist
[  139.059818][ T5877] usb 3-1: unit 5 not found!
[  139.150131][ T5877] usb 3-1: USB disconnect, device number 5
[  139.561262][ T3079] gspca_sunplus: reg_r err -110
[  139.772457][ T6358] binder: 6354:6358 ioctl c0306201 2000000003c0 returned -14
[  139.877682][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  140.633859][ T3079] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  141.962063][ T3079] usb 5-1: Using ep0 maxpacket: 32
[  141.993285][ T6364] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  142.097890][ T3079] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  142.172058][ T3079] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  142.260117][ T3079] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  142.318537][ T3079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.368216][ T3079] usb 5-1: Product: syz
[  142.400514][ T3079] usb 5-1: Manufacturer: syz
[  142.403157][ T6379] team_slave_0: entered promiscuous mode
[  142.411085][ T6379] team_slave_1: entered promiscuous mode
[  142.416951][ T6379] macsec1: entered promiscuous mode
[  142.422239][ T6379] team0: entered promiscuous mode
[  142.448273][ T3079] usb 5-1: SerialNumber: syz
[  142.471076][ T5913] usb 1-1: USB disconnect, device number 4
[  142.496924][ T6379] team0: left promiscuous mode
[  142.503149][ T3079] usb 5-1: config 0 descriptor??
[  142.529543][ T6379] team_slave_0: left promiscuous mode
[  142.535133][ T6379] team_slave_1: left promiscuous mode
[  143.351909][ T5834] Bluetooth: hci0: command 0x0401 tx timeout
[  146.051204][ T5913] usb 5-1: USB disconnect, device number 3
[  146.591976][ T5913] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  146.777237][ T6432] Invalid logical block size (1310720)
[  146.996322][ T5913] usb 5-1: Using ep0 maxpacket: 32
[  147.013447][ T6428] loop2: detected capacity change from 0 to 3
[  147.033668][ T6428] ldm_validate_privheads(): Disk read failed.
[  147.054735][ T6428] Dev loop2: unable to read RDB block 3
[  147.077427][ T6428]  loop2: unable to read partition table
[  147.115807][ T6428] loop2: partition table beyond EOD, truncated
[  147.145891][ T6428] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  147.186175][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short
[  147.225886][ T5913] usb 5-1: too many configurations: 105, using maximum allowed: 8
[  147.262684][ T5913] usb 5-1: unable to read config index 0 descriptor/start: -71
[  147.270346][ T5913] usb 5-1: can't read configurations, error -71
[  147.308057][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.159'.
[  147.398684][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  147.685582][    T9] usb 2-1: Using ep0 maxpacket: 32
[  147.971935][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.055850][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.073597][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  148.088921][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.155080][    T9] usb 2-1: config 0 descriptor??
[  148.192803][    T9] hub 2-1:0.0: USB hub found
[  148.337494][ T6459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.363188][ T6459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.411843][    T9] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  148.524594][   T24] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  148.597160][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  148.616289][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  148.625841][ T5913] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  148.672128][    T9] usb 2-1: USB disconnect, device number 4
[  148.694643][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  148.709746][ T6466] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  148.719028][   T24] usb 4-1: config 0 has no interface number 0
[  148.741024][   T24] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10
[  148.771946][   T24] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  148.778551][ T6466] kvm: pic: non byte read
[  148.797026][   T24] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[  148.809881][ T6466] kvm: pic: level sensitive irq not supported
[  148.809996][ T6466] kvm: pic: non byte read
[  148.820863][ T5913] usb 5-1: Using ep0 maxpacket: 32
[  148.828833][   T24] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  148.842870][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  148.846673][   T24] usb 4-1: Product: syz
[  148.873704][ T5913] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  148.899885][   T24] usb 4-1: SerialNumber: syz
[  148.913382][ T5913] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  148.946306][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.948030][   T24] usb 4-1: config 0 descriptor??
[  148.972904][ T5913] usb 5-1: Product: syz
[  148.996104][ T5913] usb 5-1: Manufacturer: syz
[  149.013911][ T5913] usb 5-1: SerialNumber: syz
[  149.051800][ T5913] usb 5-1: config 0 descriptor??
[  149.225344][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  149.451271][   T24] snd-usb-audio 4-1:0.2: probe with driver snd-usb-audio failed with error -12
[  149.484742][   T24] usb 4-1: USB disconnect, device number 9
[  149.512097][ T5900] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  149.536093][ T6178] udevd[6178]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  149.711043][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  149.714311][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.410558][ T5900] usb 1-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice= 8.68
[  151.421575][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.429627][ T5900] usb 1-1: Product: syz
[  151.452259][ T5913] usb 5-1: USB disconnect, device number 6
[  151.453903][ T5900] usb 1-1: Manufacturer: syz
[  151.453924][ T5900] usb 1-1: SerialNumber: syz
[  151.459273][ T5900] usb 1-1: config 0 descriptor??
[  151.476226][ T5900] gspca_main: sn9c2028-2.14.0 probing 0458:7005
[  151.723814][ T6474] netlink: 'syz.0.168': attribute type 12 has an invalid length.
[  151.775316][ T5900] gspca_sn9c2028: read1 error -71
[  151.783680][ T5900] gspca_sn9c2028: read1 error -71
[  151.792299][ T5900] gspca_sn9c2028: read1 error -71
[  151.799376][ T5900] sn9c2028 1-1:0.0: probe with driver sn9c2028 failed with error -71
[  152.054812][ T5900] usb 1-1: USB disconnect, device number 5
[  152.682748][ T6507] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  153.018012][ T6523] FAULT_INJECTION: forcing a failure.
[  153.018012][ T6523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.060950][ T5877] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  153.064866][ T6523] CPU: 0 UID: 0 PID: 6523 Comm: syz.0.185 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  153.064889][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.064898][ T6523] Call Trace:
[  153.064906][ T6523]  <TASK>
[  153.064913][ T6523]  dump_stack_lvl+0x189/0x250
[  153.064942][ T6523]  ? __pfx____ratelimit+0x10/0x10
[  153.064965][ T6523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.064986][ T6523]  ? __pfx__printk+0x10/0x10
[  153.065003][ T6523]  ? __might_fault+0xb0/0x130
[  153.065034][ T6523]  should_fail_ex+0x414/0x560
[  153.065059][ T6523]  _copy_from_user+0x2d/0xb0
[  153.065075][ T6523]  snd_seq_write+0x300/0x810
[  153.065111][ T6523]  ? __pfx_snd_seq_write+0x10/0x10
[  153.065134][ T6523]  ? bpf_lsm_file_permission+0x9/0x20
[  153.065153][ T6523]  ? security_file_permission+0x75/0x290
[  153.065175][ T6523]  ? rw_verify_area+0x258/0x650
[  153.065197][ T6523]  vfs_writev+0x4b6/0x960
[  153.065221][ T6523]  ? __pfx_snd_seq_write+0x10/0x10
[  153.065245][ T6523]  ? __pfx_vfs_writev+0x10/0x10
[  153.065281][ T6523]  ? __fget_files+0x2a/0x420
[  153.065306][ T6523]  ? __fget_files+0x3a0/0x420
[  153.065325][ T6523]  ? __fget_files+0x2a/0x420
[  153.065353][ T6523]  do_writev+0x14d/0x2d0
[  153.065377][ T6523]  ? __pfx_do_writev+0x10/0x10
[  153.065396][ T6523]  ? rcu_is_watching+0x15/0xb0
[  153.065423][ T6523]  ? do_syscall_64+0xbe/0x3b0
[  153.065457][ T6523]  do_syscall_64+0xfa/0x3b0
[  153.065477][ T6523]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.065499][ T6523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.065514][ T6523]  ? clear_bhb_loop+0x60/0xb0
[  153.065541][ T6523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.065557][ T6523] RIP: 0033:0x7f8fb9f8e929
[  153.065573][ T6523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.065585][ T6523] RSP: 002b:00007f8fbae76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  153.065603][ T6523] RAX: ffffffffffffffda RBX: 00007f8fba1b5fa0 RCX: 00007f8fb9f8e929
[  153.065615][ T6523] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  153.065625][ T6523] RBP: 00007f8fbae76090 R08: 0000000000000000 R09: 0000000000000000
[  153.065635][ T6523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.065644][ T6523] R13: 0000000000000000 R14: 00007f8fba1b5fa0 R15: 00007ffc4dda3d78
[  153.065671][ T6523]  </TASK>
[  153.121067][   T30] audit: type=1326 audit(1750882158.869:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6517 comm="syz.4.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e938e929 code=0x7fc00000
[  153.290902][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  153.390920][ T5877] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[  153.400873][ T5877] usb 2-1: config 0 has no interface number 0
[  153.471138][ T5877] usb 2-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=4d.67
[  153.528085][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.551941][ T5877] usb 2-1: Product: syz
[  153.556487][ T5877] usb 2-1: Manufacturer: syz
[  153.565673][ T5877] usb 2-1: SerialNumber: syz
[  153.588797][ T5877] usb 2-1: config 0 descriptor??
[  153.702399][   T24] usb 4-1: Using ep0 maxpacket: 32
[  153.717251][   T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  153.748804][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.769416][   T24] usb 4-1: config 0 has no interface number 0
[  153.968581][   T30] audit: type=1326 audit(1750882159.729:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6517 comm="syz.4.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb2e938e929 code=0x7fc00000
[  154.125959][   T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  154.211478][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.296999][   T24] usb 4-1: Product: syz
[  154.324010][ T5877] usb 2-1: USB disconnect, device number 5
[  154.349707][   T24] usb 4-1: Manufacturer: syz
[  154.367491][   T24] usb 4-1: SerialNumber: syz
[  154.385633][   T24] usb 4-1: config 0 descriptor??
[  154.398968][   T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  155.725869][   T24] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[  155.732945][   T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[  156.690882][ T5900] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  156.863484][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  156.874607][ T5913] usb 4-1: USB disconnect, device number 10
[  157.031536][    T9] usb 1-1: Using ep0 maxpacket: 16
[  157.067757][ T5900] usb 2-1: config 1 interface 0 has no altsetting 0
[  157.090950][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  157.101166][ T6578] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  157.106358][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  157.132214][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.140486][    T9] usb 1-1: unable to read config index 0 descriptor/start: -71
[  157.166178][    T9] usb 1-1: can't read configurations, error -71
[  157.173787][ T5900] usb 2-1: Product: syz
[  157.188744][ T5900] usb 2-1: Manufacturer: syz
[  157.194534][ T5900] usb 2-1: SerialNumber: syz
[  158.159072][ T5900] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  158.184323][ T5900] usb 2-1: USB disconnect, device number 6
[  158.210195][ T5900] usblp0: removed
[  158.224526][   T30] audit: type=1326 audit(1750882163.989:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6588 comm="syz.3.203" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff14b8e929 code=0x0
[  159.630924][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  159.790935][   T24] usb 5-1: Using ep0 maxpacket: 32
[  160.846711][   T24] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  161.510618][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.527976][   T24] usb 5-1: config 0 has no interface number 0
[  161.536627][   T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  161.557675][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.565937][   T24] usb 5-1: Product: syz
[  161.570169][   T24] usb 5-1: Manufacturer: syz
[  161.581514][   T24] usb 5-1: SerialNumber: syz
[  161.849309][   T24] usb 5-1: config 0 descriptor??
[  161.884683][   T24] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  162.643653][   T24] usb 5-1: qt2_setup_urbs - submit read urb failed -8
[  163.330562][   T24] quatech2 5-1:0.51: probe with driver quatech2 failed with error -8
[  163.807448][   T10] usb 5-1: USB disconnect, device number 7
[  164.038137][ T6660] FAULT_INJECTION: forcing a failure.
[  164.038137][ T6660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.108789][ T6662] mmap: syz.1.226 (6662): VmData 45854720 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  164.121439][ T6660] CPU: 0 UID: 0 PID: 6660 Comm: syz.2.224 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  164.121467][ T6660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.121478][ T6660] Call Trace:
[  164.121486][ T6660]  <TASK>
[  164.121493][ T6660]  dump_stack_lvl+0x189/0x250
[  164.121525][ T6660]  ? __pfx____ratelimit+0x10/0x10
[  164.121552][ T6660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.121578][ T6660]  ? __pfx__printk+0x10/0x10
[  164.121597][ T6660]  ? __might_fault+0xb0/0x130
[  164.121633][ T6660]  should_fail_ex+0x414/0x560
[  164.121662][ T6660]  _copy_from_iter+0x1db/0x16f0
[  164.121689][ T6660]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[  164.121727][ T6660]  ? __pfx__copy_from_iter+0x10/0x10
[  164.121753][ T6660]  ? policy_nodemask+0x27c/0x720
[  164.121784][ T6660]  ? page_copy_sane+0x4e/0x280
[  164.121812][ T6660]  copy_page_from_iter+0xdd/0x170
[  164.121843][ T6660]  anon_pipe_write+0x99a/0x1360
[  164.121893][ T6660]  ? __pfx_anon_pipe_write+0x10/0x10
[  164.121912][ T6660]  ? rcu_read_lock_any_held+0xb3/0x120
[  164.121936][ T6660]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  164.121961][ T6660]  ? bpf_lsm_file_permission+0x9/0x20
[  164.121980][ T6660]  ? security_file_permission+0x75/0x290
[  164.122009][ T6660]  vfs_write+0x54b/0xa90
[  164.122032][ T6660]  ? __pfx_anon_pipe_write+0x10/0x10
[  164.122053][ T6660]  ? __pfx_vfs_write+0x10/0x10
[  164.122082][ T6660]  ? __fget_files+0x2a/0x420
[  164.122112][ T6660]  ksys_write+0x145/0x250
[  164.122133][ T6660]  ? __pfx_ksys_write+0x10/0x10
[  164.122166][ T6660]  ? do_syscall_64+0xbe/0x3b0
[  164.122193][ T6660]  do_syscall_64+0xfa/0x3b0
[  164.122213][ T6660]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.122233][ T6660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.122249][ T6660]  ? clear_bhb_loop+0x60/0xb0
[  164.122268][ T6660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.122283][ T6660] RIP: 0033:0x7faa4ef8e929
[  164.122300][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.122313][ T6660] RSP: 002b:00007faa4fdb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  164.122331][ T6660] RAX: ffffffffffffffda RBX: 00007faa4f1b6160 RCX: 00007faa4ef8e929
[  164.122342][ T6660] RDX: 0000000000011000 RSI: 0000200000000340 RDI: 0000000000000004
[  164.122352][ T6660] RBP: 00007faa4fdb6090 R08: 0000000000000000 R09: 0000000000000000
[  164.122361][ T6660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.122370][ T6660] R13: 0000000000000001 R14: 00007faa4f1b6160 R15: 00007ffda1c7c9f8
[  164.122398][ T6660]  </TASK>
[  164.936376][ T6668] loop6: detected capacity change from 0 to 524287999
[  164.950079][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  164.959317][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  164.970710][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  164.980845][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  164.989611][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.005686][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.025518][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.042271][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.052506][ T6668] ldm_validate_partition_table(): Disk read failed.
[  165.060681][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.071296][ T6668] Buffer I/O error on dev loop6, logical block 0, async page read
[  165.083415][ T6668] Dev loop6: unable to read RDB block 0
[  165.118220][ T6668]  loop6: unable to read partition table
[  165.130963][ T6668] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  166.037684][ T5824] ldm_validate_partition_table(): Disk read failed.
[  166.744487][ T5824] Dev loop6: unable to read RDB block 0
[  166.752712][ T5824]  loop6: unable to read partition table
[  167.528530][ T3079] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  167.690942][ T3079] usb 4-1: Using ep0 maxpacket: 32
[  167.724390][ T3079] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  167.791646][ T3079] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.898126][ T3079] usb 4-1: config 0 has no interface number 0
[  167.916986][ T3079] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  167.970863][ T3079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.007948][ T3079] usb 4-1: Product: syz
[  168.033788][ T3079] usb 4-1: Manufacturer: syz
[  168.038463][ T3079] usb 4-1: SerialNumber: syz
[  168.075882][ T3079] usb 4-1: config 0 descriptor??
[  168.111994][ T3079] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  168.170675][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.239'.
[  168.182010][ T6706] netlink: 'syz.1.239': attribute type 5 has an invalid length.
[  168.190320][ T6706] netlink: 20 bytes leftover after parsing attributes in process `syz.1.239'.
[  168.260342][ T6709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.239'.
[  168.303218][ T3079] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[  168.310729][ T3079] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[  168.598192][ T6706] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  168.625770][ T6706] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  168.639444][ T6706] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  168.655142][ T6706] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  168.737166][ T6706] geneve2: entered promiscuous mode
[  168.742992][ T6706] geneve2: entered allmulticast mode
[  170.961734][ T3079] usb 4-1: USB disconnect, device number 11
[  171.427389][ T6724] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  172.556227][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'.
[  173.192575][ T6763] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  174.101362][   T43] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  174.484081][   T43] usb 4-1: Using ep0 maxpacket: 32
[  174.533598][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  174.587828][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.690339][ T6779] overlayfs: failed to resolve './file2': -2
[  174.712634][   T43] usb 4-1: config 0 has no interface number 0
[  174.811906][   T43] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  174.821237][ T5900] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  174.883914][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.942341][   T43] usb 4-1: Product: syz
[  174.946572][   T43] usb 4-1: Manufacturer: syz
[  174.983127][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.005132][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.012267][   T43] usb 4-1: SerialNumber: syz
[  175.048842][ T6783] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  175.049226][   T43] usb 4-1: config 0 descriptor??
[  175.068503][ T5900] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  175.098350][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.124509][   T43] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  175.222933][ T5900] usb 2-1: config 0 descriptor??
[  175.320731][   T43] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[  175.350019][ T6788] netlink: 'syz.4.266': attribute type 1 has an invalid length.
[  175.359437][   T43] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[  175.646888][ T5900] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  175.706143][ T5900] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  176.091085][ T5900] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE
[  176.696943][ T6778] cp2112 0003:10C4:EA90.0003: Error starting transaction: -38
[  176.704994][ T5900] cp2112 0003:10C4:EA90.0003: error reading lock byte: -32
[  176.737144][ T6807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.270'.
[  176.776977][ T6807] netlink: 28 bytes leftover after parsing attributes in process `syz.4.270'.
[  176.860659][ T5900] usb 2-1: USB disconnect, device number 7
[  176.883471][ T6807] geneve2: entered promiscuous mode
[  176.907742][ T6807] geneve2: entered allmulticast mode
[  177.188077][ T6815] netlink: 56 bytes leftover after parsing attributes in process `syz.4.275'.
[  178.251423][ T6819] netlink: 20 bytes leftover after parsing attributes in process `syz.0.276'.
[  178.268547][ T5913] usb 4-1: USB disconnect, device number 12
[  178.478722][ T6823] netlink: 56 bytes leftover after parsing attributes in process `syz.4.277'.
[  178.688474][ T6816] syz.2.273: vmalloc error: size 67108864, failed to allocated page array size 131072, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  179.273414][ T6816] CPU: 0 UID: 0 PID: 6816 Comm: syz.2.273 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  179.273446][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.273458][ T6816] Call Trace:
[  179.273465][ T6816]  <TASK>
[  179.273474][ T6816]  dump_stack_lvl+0x189/0x250
[  179.273509][ T6816]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  179.273534][ T6816]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.273561][ T6816]  ? __pfx__printk+0x10/0x10
[  179.273581][ T6816]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  179.273611][ T6816]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  179.273650][ T6816]  warn_alloc+0x214/0x310
[  179.273682][ T6816]  ? __pfx_warn_alloc+0x10/0x10
[  179.273725][ T6816]  ? __get_vm_area_node+0x28f/0x300
[  179.273750][ T6816]  ? translate_table+0x19b/0x2040
[  179.273778][ T6816]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  179.273834][ T6816]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  179.273863][ T6816]  ? rcu_is_watching+0x15/0xb0
[  179.273891][ T6816]  ? translate_table+0x19b/0x2040
[  179.273910][ T6816]  ? translate_table+0x19b/0x2040
[  179.273929][ T6816]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  179.273953][ T6816]  ? translate_table+0x19b/0x2040
[  179.273982][ T6816]  ? xt_alloc_table_info+0x3b/0xa0
[  179.274015][ T6816]  translate_table+0x19b/0x2040
[  179.274052][ T6816]  ? __lock_acquire+0xab9/0xd20
[  179.274081][ T6816]  ? __pfx_translate_table+0x10/0x10
[  179.274106][ T6816]  ? __might_fault+0xb0/0x130
[  179.274149][ T6816]  ? _copy_from_user+0x94/0xb0
[  179.274173][ T6816]  do_ip6t_set_ctl+0x970/0xce0
[  179.274204][ T6816]  ? rcu_is_watching+0x15/0xb0
[  179.274226][ T6816]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  179.274270][ T6816]  ? __pfx___mutex_lock+0x10/0x10
[  179.274298][ T6816]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  179.274345][ T6816]  nf_setsockopt+0x26f/0x290
[  179.274370][ T6816]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  179.274401][ T6816]  do_sock_setsockopt+0x25a/0x3e0
[  179.274424][ T6816]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  179.274451][ T6816]  ? __fget_files+0x2a/0x420
[  179.274484][ T6816]  __x64_sys_setsockopt+0x18b/0x220
[  179.274513][ T6816]  do_syscall_64+0xfa/0x3b0
[  179.274539][ T6816]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.274563][ T6816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.274582][ T6816]  ? clear_bhb_loop+0x60/0xb0
[  179.274604][ T6816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.274622][ T6816] RIP: 0033:0x7faa4ef8e929
[  179.274640][ T6816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.274656][ T6816] RSP: 002b:00007faa4fdd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  179.274677][ T6816] RAX: ffffffffffffffda RBX: 00007faa4f1b6080 RCX: 00007faa4ef8e929
[  179.274690][ T6816] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  179.274701][ T6816] RBP: 00007faa4f010b39 R08: 0000000000000310 R09: 0000000000000000
[  179.274713][ T6816] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.274724][ T6816] R13: 0000000000000000 R14: 00007faa4f1b6080 R15: 00007ffda1c7c9f8
[  179.274754][ T6816]  </TASK>
[  179.402505][ T6816] Mem-Info:
[  179.740935][ T6816] active_anon:269 inactive_anon:5889 isolated_anon:0
[  179.740935][ T6816]  active_file:5415 inactive_file:36346 isolated_file:0
[  179.740935][ T6816]  unevictable:768 dirty:290 writeback:0
[  179.740935][ T6816]  slab_reclaimable:10001 slab_unreclaimable:99473
[  179.740935][ T6816]  mapped:30310 shmem:1411 pagetables:1301
[  179.740935][ T6816]  sec_pagetables:0 bounce:0
[  179.740935][ T6816]  kernel_misc_reclaimable:0
[  179.740935][ T6816]  free:1322489 free_pcp:13515 free_cma:0
[  179.741606][ T6835] netlink: 28 bytes leftover after parsing attributes in process `syz.0.282'.
[  179.786732][    C1] vkms_vblank_simulate: vblank timer overrun
[  179.896029][ T6835] netlink: 28 bytes leftover after parsing attributes in process `syz.0.282'.
[  179.915673][ T6841] netlink: 40 bytes leftover after parsing attributes in process `syz.3.283'.
[  179.925763][ T6816] Node 0 active_anon:1076kB inactive_anon:23756kB active_file:21460kB inactive_file:145384kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121240kB dirty:760kB writeback:300kB shmem:4108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12384kB pagetables:4768kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  179.959705][    C1] vkms_vblank_simulate: vblank timer overrun
[  179.986670][ T6843] tipc: Started in network mode
[  179.997185][ T6843] tipc: Node identity 7, cluster identity 4711
[  180.007548][ T6843] tipc: Node number set to 7
[  180.053619][ T6816] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  180.085198][    C1] vkms_vblank_simulate: vblank timer overrun
[  180.114998][ T6816] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  180.300063][ T6816] lowmem_reserve[]: 0 2501 2503 2503 2503
[  180.368165][ T6816] Node 0 DMA32 free:1373904kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1068kB inactive_anon:25996kB active_file:19740kB inactive_file:145296kB unevictable:1536kB writepending:680kB present:3129332kB managed:2561468kB mlocked:0kB bounce:0kB free_pcp:42128kB local_pcp:18364kB free_cma:0kB
[  180.511234][ T6816] lowmem_reserve[]: 0 0 1 1 1
[  180.540979][ T6816] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB
[  180.661878][ T6816] lowmem_reserve[]: 0 0 0 0 0
[  180.676967][ T6816] Node 1 Normal free:3903548kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18248kB local_pcp:9504kB free_cma:0kB
[  180.678637][ T6857] netlink: 160 bytes leftover after parsing attributes in process `syz.0.290'.
[  180.719971][ T6858] netlink: 'syz.0.290': attribute type 10 has an invalid length.
[  180.724829][ T6857] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  180.727886][ T6858] netlink: 40 bytes leftover after parsing attributes in process `syz.0.290'.
[  180.750913][ T6816] lowmem_reserve[]: 0 0 0 0 0
[  180.766472][ T6816] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  180.782807][ T6816] Node 0 DMA32: 669*4kB (UE) 302*8kB (UE) 107*16kB (UME) 265*32kB (UE) 101*64kB (UME) 33*128kB (UME) 24*256kB (UME) 13*512kB (UME) 5*1024kB (UME) 12*2048kB (UM) 319*4096kB (UM) = 1375092kB
[  180.802275][ T6816] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  180.811080][ T6858] dummy0: entered promiscuous mode
[  180.815505][ T6816] Node 1 Normal: 189*4kB (U) 43*8kB (UME) 35*16kB (UME) 54*32kB (UME) 22*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 2*2048kB (UE) 949*4096kB (M) = 3903548kB
[  180.840924][ T5877] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  180.853165][ T6858] bridge0: port 3(dummy0) entered blocking state
[  180.859880][ T6816] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  180.863172][ T6858] bridge0: port 3(dummy0) entered disabled state
[  180.870556][ T6816] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  180.890516][   T43] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  180.893555][ T6858] dummy0: entered allmulticast mode
[  180.900543][ T6816] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  180.913483][ T6816] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  180.924566][ T6816] 46022 total pagecache pages
[  180.929392][ T6816] 0 pages in swap cache
[  180.934384][ T6816] Free swap  = 124996kB
[  180.938653][ T6816] Total swap = 124996kB
[  180.943326][ T6816] 2097051 pages RAM
[  180.947334][ T6816] 0 pages HighMem/MovableOnly
[  180.952565][ T6816] 424577 pages reserved
[  180.956824][ T6816] 0 pages cma reserved
[  180.992306][ T6858] bridge0: port 3(dummy0) entered blocking state
[  180.999072][ T6858] bridge0: port 3(dummy0) entered forwarding state
[  181.008612][ T5877] usb 4-1: Using ep0 maxpacket: 32
[  181.022548][ T5877] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  181.051055][   T43] usb 5-1: Using ep0 maxpacket: 8
[  181.071004][   T43] usb 5-1: config 135 has an invalid interface number: 230 but max is 0
[  181.079557][ T5877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.093810][   T43] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  181.121034][ T5877] usb 4-1: config 0 has no interface number 0
[  181.132180][   T43] usb 5-1: config 135 has no interface number 0
[  181.154579][ T5877] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  181.167611][   T43] usb 5-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  181.189425][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.200551][   T43] usb 5-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  181.217789][ T5877] usb 4-1: Product: syz
[  181.225793][ T5877] usb 4-1: Manufacturer: syz
[  181.234272][ T5877] usb 4-1: SerialNumber: syz
[  181.245770][   T43] usb 5-1: config 135 interface 230 has no altsetting 0
[  181.291202][ T6863] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  181.293661][   T43] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  181.325749][ T5877] usb 4-1: config 0 descriptor??
[  181.427393][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.477598][ T5877] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  181.524297][   T43] usb 5-1: Product: syz
[  181.575602][   T43] usb 5-1: Manufacturer: syz
[  181.580499][   T43] usb 5-1: SerialNumber: syz
[  181.604272][ T5877] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[  181.696018][ T5877] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[  182.076188][   T43] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  182.744327][   T43] usb 5-1: No valid video chain found.
[  182.794617][   T43] usb 5-1: USB disconnect, device number 8
[  183.603147][ T6874] netlink: 'syz.0.293': attribute type 3 has an invalid length.
[  183.774170][   T24] usb 4-1: USB disconnect, device number 13
[  183.851058][ T5913] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  183.911042][   T43] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  184.005026][   T30] audit: type=1326 audit(1750882189.739:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.035773][   T30] audit: type=1326 audit(1750882189.739:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.060142][   T30] audit: type=1326 audit(1750882189.739:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.062189][ T5913] usb 5-1: Using ep0 maxpacket: 8
[  184.091230][   T30] audit: type=1326 audit(1750882189.739:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.118021][   T30] audit: type=1326 audit(1750882189.739:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa4ef2ab19 code=0x7ffc0000
[  184.141548][   T43] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  184.156971][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.177113][   T30] audit: type=1326 audit(1750882189.739:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.202575][   T43] usb 2-1: config 0 descriptor??
[  184.223944][   T43] cp210x 2-1:0.0: cp210x converter detected
[  184.270413][   T30] audit: type=1326 audit(1750882189.739:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.303422][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short
[  184.318146][   T30] audit: type=1326 audit(1750882189.739:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4ef8e929 code=0x7ffc0000
[  184.342764][ T5913] usb 5-1: config 4 has an invalid interface number: 154 but max is 0
[  184.377256][ T5913] usb 5-1: config 4 has no interface number 0
[  184.386883][ T5913] usb 5-1: config 4 interface 154 has no altsetting 0
[  184.389631][ T6889] netlink: 92 bytes leftover after parsing attributes in process `syz.3.300'.
[  184.397263][   T30] audit: type=1326 audit(1750882189.739:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa4ef2ab19 code=0x7ffc0000
[  184.449477][ T5913] usb 5-1: New USB device found, idVendor=19d2, idProduct=1138, bcdDevice=41.5e
[  184.473490][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.491358][ T5913] usb 5-1: Product: syz
[  184.495588][ T5913] usb 5-1: Manufacturer: syz
[  184.500216][ T5913] usb 5-1: SerialNumber: syz
[  184.511670][   T30] audit: type=1326 audit(1750882189.749:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6873 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa4ef2ab19 code=0x7ffc0000
[  184.580189][ T6893] FAULT_INJECTION: forcing a failure.
[  184.580189][ T6893] name failslab, interval 1, probability 0, space 0, times 0
[  184.620188][ T6893] CPU: 1 UID: 0 PID: 6893 Comm: syz.2.301 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  184.620216][ T6893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  184.620227][ T6893] Call Trace:
[  184.620234][ T6893]  <TASK>
[  184.620243][ T6893]  dump_stack_lvl+0x189/0x250
[  184.620278][ T6893]  ? __pfx____ratelimit+0x10/0x10
[  184.620304][ T6893]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.620329][ T6893]  ? __pfx__printk+0x10/0x10
[  184.620355][ T6893]  ? __pfx___might_resched+0x10/0x10
[  184.620379][ T6893]  ? fs_reclaim_acquire+0x7d/0x100
[  184.620409][ T6893]  should_fail_ex+0x414/0x560
[  184.620435][ T6893]  should_failslab+0xa8/0x100
[  184.620460][ T6893]  __kmalloc_cache_noprof+0x70/0x3d0
[  184.620481][ T6893]  ? vhost_task_create+0xf6/0x290
[  184.620503][ T6893]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  184.620526][ T6893]  vhost_task_create+0xf6/0x290
[  184.620545][ T6893]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  184.620568][ T6893]  ? __pfx_vhost_task_create+0x10/0x10
[  184.620595][ T6893]  ? __pfx_vhost_task_fn+0x10/0x10
[  184.620626][ T6893]  ? kasan_save_track+0x4f/0x80
[  184.620643][ T6893]  ? kasan_save_track+0x3e/0x80
[  184.620668][ T6893]  kvm_mmu_post_init_vm+0x147/0x2b0
[  184.620697][ T6893]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  184.620725][ T6893]  ? __mutex_trylock_common+0x153/0x260
[  184.620756][ T6893]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  184.620778][ T6893]  ? rcu_is_watching+0x15/0xb0
[  184.620801][ T6893]  ? look_up_lock_class+0x74/0x170
[  184.620828][ T6893]  ? register_lock_class+0x51/0x320
[  184.620855][ T6893]  ? __lock_acquire+0xab9/0xd20
[  184.620911][ T6893]  kvm_vcpu_ioctl+0x95c/0xe90
[  184.620936][ T6893]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  184.620960][ T6893]  ? __lock_acquire+0xab9/0xd20
[  184.620987][ T6893]  ? __asan_memset+0x22/0x50
[  184.621004][ T6893]  ? smack_file_ioctl+0x302/0x340
[  184.621027][ T6893]  ? __pfx_smack_file_ioctl+0x10/0x10
[  184.621059][ T6893]  ? __fget_files+0x2a/0x420
[  184.621081][ T6893]  ? __fget_files+0x3a0/0x420
[  184.621102][ T6893]  ? __fget_files+0x2a/0x420
[  184.621129][ T6893]  ? bpf_lsm_file_ioctl+0x9/0x20
[  184.621153][ T6893]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  184.621186][ T6893]  __se_sys_ioctl+0xf9/0x170
[  184.621209][ T6893]  do_syscall_64+0xfa/0x3b0
[  184.621237][ T6893]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.621254][ T6893]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  184.621272][ T6893]  ? clear_bhb_loop+0x60/0xb0
[  184.621294][ T6893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.621310][ T6893] RIP: 0033:0x7faa4ef8e929
[  184.621327][ T6893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.621343][ T6893] RSP: 002b:00007faa4fdf8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  184.621363][ T6893] RAX: ffffffffffffffda RBX: 00007faa4f1b5fa0 RCX: 00007faa4ef8e929
[  184.621376][ T6893] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  184.621387][ T6893] RBP: 00007faa4fdf8090 R08: 0000000000000000 R09: 0000000000000000
[  184.621398][ T6893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.621408][ T6893] R13: 0000000000000000 R14: 00007faa4f1b5fa0 R15: 00007ffda1c7c9f8
[  184.621440][ T6893]  </TASK>
[  184.765905][ T5913] option 5-1:4.154: GSM modem (1-port) converter detected
[  184.775810][   T43] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  184.790045][ T5913] usb 5-1: USB disconnect, device number 9
[  184.793563][   T43] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  184.801431][ T5913] option 5-1:4.154: device disconnected
[  184.803456][   T43] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  185.012069][   T43] usb 2-1: cp210x converter now attached to ttyUSB0
[  185.022419][   T43] usb 2-1: USB disconnect, device number 8
[  185.053176][   T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  185.085453][   T43] cp210x 2-1:0.0: device disconnected
[  185.342415][ T6905] netlink: 68 bytes leftover after parsing attributes in process `syz.0.303'.
[  186.727073][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.306'.
[  186.755301][ T6914] netlink: 24 bytes leftover after parsing attributes in process `syz.4.306'.
[  187.060894][   T43] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  187.221389][   T43] usb 1-1: Using ep0 maxpacket: 32
[  187.277776][   T43] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  187.351150][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  187.448695][   T43] usb 1-1: config 0 has no interface number 0
[  187.547721][   T43] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  187.651551][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.720827][   T43] usb 1-1: Product: syz
[  187.727958][   T43] usb 1-1: Manufacturer: syz
[  187.740904][   T43] usb 1-1: SerialNumber: syz
[  187.762070][   T43] usb 1-1: config 0 descriptor??
[  187.834010][   T43] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  188.128020][   T43] usb 1-1: qt2_setup_urbs - submit read urb failed -8
[  188.141175][   T43] quatech2 1-1:0.51: probe with driver quatech2 failed with error -8
[  190.229608][ T6972] FAULT_INJECTION: forcing a failure.
[  190.229608][ T6972] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  190.431118][ T6972] CPU: 0 UID: 0 PID: 6972 Comm: syz.1.320 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  190.431143][ T6972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.431152][ T6972] Call Trace:
[  190.431159][ T6972]  <TASK>
[  190.431168][ T6972]  dump_stack_lvl+0x189/0x250
[  190.431199][ T6972]  ? __pfx____ratelimit+0x10/0x10
[  190.431224][ T6972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.431249][ T6972]  ? __pfx__printk+0x10/0x10
[  190.431268][ T6972]  ? fs_reclaim_acquire+0x7d/0x100
[  190.431302][ T6972]  should_fail_ex+0x414/0x560
[  190.431328][ T6972]  prepare_alloc_pages+0x213/0x610
[  190.431359][ T6972]  __alloc_frozen_pages_noprof+0x123/0x370
[  190.431384][ T6972]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  190.431408][ T6972]  ? __pfx__copy_from_iter+0x10/0x10
[  190.431429][ T6972]  ? policy_nodemask+0x27c/0x720
[  190.431452][ T6972]  alloc_pages_mpol+0x232/0x4a0
[  190.431475][ T6972]  alloc_pages_noprof+0xa9/0x190
[  190.431495][ T6972]  anon_pipe_write+0xb85/0x1360
[  190.431534][ T6972]  ? __pfx_anon_pipe_write+0x10/0x10
[  190.431551][ T6972]  ? rcu_read_lock_any_held+0xb3/0x120
[  190.431573][ T6972]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  190.431596][ T6972]  ? bpf_lsm_file_permission+0x9/0x20
[  190.431615][ T6972]  ? security_file_permission+0x75/0x290
[  190.431646][ T6972]  vfs_write+0x54b/0xa90
[  190.431673][ T6972]  ? __pfx_anon_pipe_write+0x10/0x10
[  190.431696][ T6972]  ? __pfx_vfs_write+0x10/0x10
[  190.431735][ T6972]  ? __fget_files+0x2a/0x420
[  190.431767][ T6972]  ksys_write+0x145/0x250
[  190.431791][ T6972]  ? __pfx_ksys_write+0x10/0x10
[  190.431819][ T6972]  ? do_syscall_64+0xbe/0x3b0
[  190.431849][ T6972]  do_syscall_64+0xfa/0x3b0
[  190.431873][ T6972]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.431896][ T6972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.431913][ T6972]  ? clear_bhb_loop+0x60/0xb0
[  190.431934][ T6972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.431949][ T6972] RIP: 0033:0x7f3ca5d8e929
[  190.431966][ T6972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.431981][ T6972] RSP: 002b:00007f3ca6c6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  190.432000][ T6972] RAX: ffffffffffffffda RBX: 00007f3ca5fb6160 RCX: 00007f3ca5d8e929
[  190.432022][ T6972] RDX: 0000000000011000 RSI: 0000200000000340 RDI: 0000000000000004
[  190.432033][ T6972] RBP: 00007f3ca6c6b090 R08: 0000000000000000 R09: 0000000000000000
[  190.432044][ T6972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.432054][ T6972] R13: 0000000000000001 R14: 00007f3ca5fb6160 R15: 00007ffca5153a88
[  190.432085][ T6972]  </TASK>
[  190.703568][    C0] vkms_vblank_simulate: vblank timer overrun
[  190.932500][   T43] usb 1-1: USB disconnect, device number 8
[  191.254111][ T6987] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  191.346570][ T6994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.328'.
[  191.378063][ T6994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.328'.
[  191.409982][ T6994] netlink: 2 bytes leftover after parsing attributes in process `syz.1.328'.
[  191.477690][ T6994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.328'.
[  191.532793][ T6994] netlink: 2 bytes leftover after parsing attributes in process `syz.1.328'.
[  191.830965][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  191.919305][ T7017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.335'.
[  192.192831][    T9] usb 4-1: Using ep0 maxpacket: 8
[  192.200485][    T9] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 45, changing to 9
[  192.214462][    T9] usb 4-1: config 1 interface 0 has no altsetting 0
[  192.224265][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  192.233861][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.250849][    T9] usb 4-1: Product: syz
[  192.255077][    T9] usb 4-1: Manufacturer: syz
[  192.259880][    T9] usb 4-1: SerialNumber: syz
[  192.484341][ T7004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.506924][ T7004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  193.175524][ T7032] netlink: 16 bytes leftover after parsing attributes in process `syz.0.342'.
[  193.834380][    T9] usbhid 4-1:1.0: can't add hid device: -71
[  193.866394][    T9] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  193.910126][ T7039] UHID_CREATE from different security context by process 224 (syz.2.343), this is not allowed.
[  193.925109][    T9] usb 4-1: USB disconnect, device number 14
[  194.017539][ T7040] team_slave_0: entered promiscuous mode
[  194.023413][ T7040] team_slave_1: entered promiscuous mode
[  194.037582][ T7040] macsec1: entered promiscuous mode
[  194.043406][ T7040] team0: entered promiscuous mode
[  194.052670][ T7040] team0: left promiscuous mode
[  194.058395][ T7040] team_slave_0: left promiscuous mode
[  194.063947][ T7040] team_slave_1: left promiscuous mode
[  194.407204][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  195.363278][ T7057] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  195.643933][ T7063] netlink: 'syz.3.351': attribute type 6 has an invalid length.
[  195.646423][ T5913] usb 2-1: new low-speed USB device number 9 using dummy_hcd
[  195.831065][ T5913] usb 2-1: Invalid ep0 maxpacket: 64
[  195.889917][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  195.889959][   T30] audit: type=1107 audit(1750882201.639:44): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  195.991058][ T5913] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  196.705164][ T5913] usb 2-1: Invalid ep0 maxpacket: 64
[  196.715218][ T5913] usb usb2-port1: attempt power cycle
[  196.739512][ T7075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'.
[  196.766648][ T7075] hsr0: entered promiscuous mode
[  196.773101][ T7073] xt_hashlimit: max too large, truncated to 1048576
[  196.796824][ T7073] xt_limit: Overflow, try lower: 0/0
[  197.073997][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  197.081814][ T5913] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[  197.118843][ T5913] usb 2-1: Invalid ep0 maxpacket: 64
[  197.242899][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.260876][ T5913] usb 2-1: new low-speed USB device number 12 using dummy_hcd
[  197.281116][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.295754][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  197.338179][ T5913] usb 2-1: Invalid ep0 maxpacket: 64
[  197.346541][ T5913] usb usb2-port1: unable to enumerate USB device
[  197.363307][    T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  197.397975][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.427652][    T9] usb 5-1: config 0 descriptor??
[  197.871963][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.883987][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.891563][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.899099][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.912867][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.920332][    T9] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  197.968106][    T9] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  198.077447][    T9] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  198.091458][ T7073] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  198.127121][ T7073] snd_dummy snd_dummy.0: control 6:9:1025:syz0:9 is already present
[  198.182308][ T7099] netlink: 8 bytes leftover after parsing attributes in process `syz.2.362'.
[  198.240991][ T7099] hsr0: default FDB implementation only supports local addresses
[  198.351678][   T10] usb 5-1: USB disconnect, device number 10
[  198.400043][ T7103] netlink: 'syz.3.365': attribute type 1 has an invalid length.
[  198.466642][ T7105] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.400426][ T7104] fido_id[7104]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  199.478156][ T7109] Bluetooth: MGMT ver 1.23
[  199.482914][ T7109] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes
[  199.605147][ T7114] netlink: 'syz.0.367': attribute type 1 has an invalid length.
[  199.613111][ T7114] netlink: 216 bytes leftover after parsing attributes in process `syz.0.367'.
[  199.623441][ T7114] NCSI netlink: No device for ifindex 767
[  200.353050][ T7113] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802b7b8c40 pfn:0x2b7b8
[  200.389095][ T7113] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  200.433534][ T7113] memcg:ffff888028bb0c80
[  200.453463][ T7113] flags: 0xfff00000000041(locked|head|node=0|zone=1|lastcpupid=0x7ff)
[  200.517807][ T7113] raw: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000
[  200.547894][ T7113] raw: ffff88802b7b8c40 0000000000000000 00000001ffffffff ffff888028bb0c80
[  200.585143][ T7113] head: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000
[  200.624106][ T7113] head: ffff88802b7b8c40 0000000000000000 00000001ffffffff ffff888028bb0c80
[  200.634580][ T7119] ALSA: mixer_oss: invalid OSS volume '00000000000000000000014'
[  200.651796][ T7113] head: 00fff00000000201 ffffea0000adee01 00000000ffffffff 00000000ffffffff
[  200.679181][ T7119] ALSA: mixer_oss: invalid OSS volume ''
[  200.719676][ T7113] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  200.796543][ T7113] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping))
[  200.837879][ T7113] page_owner tracks the page as allocated
[  200.891159][ T7113] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 7113, tgid 7112 (syz.3.370), ts 200353023722, free_ts 200351216445
[  200.925563][ T7113]  post_alloc_hook+0x240/0x2a0
[  200.930543][ T7113]  get_page_from_freelist+0x21d5/0x22b0
[  200.940974][ T7113]  __alloc_frozen_pages_noprof+0x181/0x370
[  200.957815][ T7113]  alloc_pages_mpol+0x232/0x4a0
[  200.966656][ T7133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.375'.
[  200.983374][ T7113]  alloc_pages_noprof+0xa9/0x190
[  200.994403][ T7113]  folio_alloc_noprof+0x1e/0x30
[  201.005331][ T7133] netlink: 28 bytes leftover after parsing attributes in process `syz.4.375'.
[  201.026491][ T7113]  filemap_alloc_folio_noprof+0xdf/0x470
[  201.041826][ T7113]  page_cache_ra_order+0x5e5/0xc70
[  201.066738][ T7113]  filemap_fault+0x59e/0x1200
[  201.088974][ T7113]  __do_fault+0x135/0x390
[  201.108948][ T7113]  __handle_mm_fault+0x198b/0x5620
[  201.136264][ T7113]  handle_mm_fault+0x2d5/0x7f0
[  201.149709][ T7113]  do_user_addr_fault+0x764/0x1390
[  201.159983][ T7113]  exc_page_fault+0x76/0xf0
[  201.176990][ T7113]  asm_exc_page_fault+0x26/0x30
[  201.187232][ T7113] page last free pid 5189 tgid 5189 stack trace:
[  201.212057][ T7113]  __free_frozen_pages+0xc65/0xe60
[  201.219710][ T7113]  rcu_core+0xca8/0x1710
[  201.237294][ T7113]  handle_softirqs+0x286/0x870
[  201.252604][ T7113]  __irq_exit_rcu+0xca/0x1f0
[  201.273999][ T7113]  irq_exit_rcu+0x9/0x30
[  201.293807][ T7113]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  201.299530][ T7113]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  201.318245][ T7113] ------------[ cut here ]------------
[  201.324675][ T7113] kernel BUG at mm/filemap.c:868!
[  201.331382][ T7113] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  201.337673][ T7113] CPU: 1 UID: 0 PID: 7113 Comm: syz.3.370 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[  201.349574][ T7113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.359671][ T7113] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0
[  201.365753][ T7113] Code: fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 4b 99 0e 00 90 0f 0b e8 53 fe c8 ff 4c 89 e7 48 c7 c6 80 2e 94 8b e8 34 99 0e 00 90 <0f> 0b e8 3c fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 1d 99 0e 00
[  201.385456][ T7113] RSP: 0018:ffffc90003b67320 EFLAGS: 00010246
[  201.391548][ T7113] RAX: 6a7af666f18d0000 RBX: 0000000000000001 RCX: 0000000000000000
[  201.399640][ T7113] RDX: 0000000000000007 RSI: ffffffff8d96ea60 RDI: 00000000ffffffff
[  201.407616][ T7113] RBP: ffffc90003b67488 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e
[  201.415605][ T7113] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffffea0000adee00
[  201.423614][ T7113] R13: dffffc0000000000 R14: ffffea0000adee08 R15: 0000000000000004
[  201.431600][ T7113] FS:  00007eff159e66c0(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000
[  201.440537][ T7113] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  201.447137][ T7113] CR2: 0000001b2f71fffc CR3: 00000000327c6000 CR4: 00000000003526f0
[  201.455123][ T7113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  201.463099][ T7113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  201.471077][ T7113] Call Trace:
[  201.474359][ T7113]  <TASK>
[  201.477300][ T7113]  ? percpu_ref_put+0x19/0x180
[  201.482079][ T7113]  ? __pfx___filemap_add_folio+0x10/0x10
[  201.487716][ T7113]  ? percpu_ref_put+0xf9/0x180
[  201.492491][ T7113]  filemap_add_folio+0xd5/0x270
[  201.497361][ T7113]  page_cache_ra_order+0x74c/0xc70
[  201.502487][ T7113]  filemap_fault+0x59e/0x1200
[  201.507177][ T7113]  ? __pfx_filemap_fault+0x10/0x10
[  201.512331][ T7113]  __do_fault+0x135/0x390
[  201.516758][ T7113]  __handle_mm_fault+0x198b/0x5620
[  201.522446][ T7113]  ? __pfx___handle_mm_fault+0x10/0x10
[  201.527914][ T7113]  ? find_vma+0xe7/0x160
[  201.532164][ T7113]  ? __pfx_find_vma+0x10/0x10
[  201.536849][ T7113]  handle_mm_fault+0x2d5/0x7f0
[  201.541625][ T7113]  do_user_addr_fault+0x764/0x1390
[  201.546754][ T7113]  exc_page_fault+0x76/0xf0
[  201.551272][ T7113]  asm_exc_page_fault+0x26/0x30
[  201.556127][ T7113] RIP: 0010:rep_movs_alternative+0x33/0x90
[  201.561944][ T7113] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 3d 00 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  201.581557][ T7113] RSP: 0000:ffffc90003b67b88 EFLAGS: 00050246
[  201.587642][ T7113] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
[  201.595620][ T7113] RDX: 0000000000000000 RSI: ffffc90003b67c20 RDI: 0000200000019680
[  201.603609][ T7113] RBP: ffffc90003b67c90 R08: ffffc90003b67c27 R09: 1ffff9200076cf84
[  201.611589][ T7113] R10: dffffc0000000000 R11: fffff5200076cf85 R12: 0000200000019688
[  201.619587][ T7113] R13: 00007ffffffff000 R14: ffffc90003b67c20 R15: 0000200000019680
[  201.627576][ T7113]  _copy_to_user+0x8a/0xb0
[  201.632001][ T7113]  msr_read+0x177/0x250
[  201.636164][ T7113]  ? __pfx_msr_read+0x10/0x10
[  201.640935][ T7113]  ? security_file_permission+0x75/0x290
[  201.646573][ T7113]  ? rw_verify_area+0x258/0x650
[  201.651430][ T7113]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  201.657153][ T7113]  ? __pfx_msr_read+0x10/0x10
[  201.661836][ T7113]  vfs_read+0x1fd/0x980
[  201.666009][ T7113]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  201.672000][ T7113]  ? __pfx_vfs_read+0x10/0x10
[  201.676683][ T7113]  ? __rcu_read_unlock+0x84/0xe0
[  201.681634][ T7113]  ? __fget_files+0x2a/0x420
[  201.686230][ T7113]  ? __fget_files+0x3a0/0x420
[  201.690912][ T7113]  ? __fget_files+0x2a/0x420
[  201.695510][ T7113]  ksys_read+0x145/0x250
[  201.699770][ T7113]  ? __pfx_ksys_read+0x10/0x10
[  201.704625][ T7113]  ? rcu_is_watching+0x15/0xb0
[  201.709410][ T7113]  ? trace_sys_enter+0x25/0x120
[  201.714271][ T7113]  do_syscall_64+0xfa/0x3b0
[  201.718786][ T7113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.724861][ T7113]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  201.730510][ T7113]  ? clear_bhb_loop+0x60/0xb0
[  201.735192][ T7113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.741090][ T7113] RIP: 0033:0x7eff14b8e929
[  201.745511][ T7113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.765301][ T7113] RSP: 002b:00007eff159e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  201.773727][ T7113] RAX: ffffffffffffffda RBX: 00007eff14db5fa0 RCX: 00007eff14b8e929
[  201.781706][ T7113] RDX: 0000000000018ff0 RSI: 0000200000019680 RDI: 000000000000000b
[  201.789679][ T7113] RBP: 00007eff14c10b39 R08: 0000000000000000 R09: 0000000000000000
[  201.797745][ T7113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  201.805721][ T7113] R13: 0000000000000000 R14: 00007eff14db5fa0 R15: 00007fffd3124448
[  201.813705][ T7113]  </TASK>
[  201.817098][ T7113] Modules linked in:
[  201.822607][ T7113] ---[ end trace 0000000000000000 ]---
[  201.831333][ T7113] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0
[  201.837469][ T7113] Code: fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 4b 99 0e 00 90 0f 0b e8 53 fe c8 ff 4c 89 e7 48 c7 c6 80 2e 94 8b e8 34 99 0e 00 90 <0f> 0b e8 3c fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 1d 99 0e 00
[  201.912845][ T7113] RSP: 0018:ffffc90003b67320 EFLAGS: 00010246
[  201.935933][ T7113] RAX: 6a7af666f18d0000 RBX: 0000000000000001 RCX: 0000000000000000
[  201.945512][ T7113] RDX: 0000000000000007 RSI: ffffffff8d96ea60 RDI: 00000000ffffffff
[  201.974990][ T7113] RBP: ffffc90003b67488 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e
[  202.043714][ T7113] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffffea0000adee00
[  202.077608][ T7113] R13: dffffc0000000000 R14: ffffea0000adee08 R15: 0000000000000004
[  202.094662][ T7113] FS:  00007eff159e66c0(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000
[  202.106095][ T7113] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  202.113787][ T7113] CR2: 00007faa4fdb6d58 CR3: 00000000327c6000 CR4: 00000000003526f0
[  202.122133][ T7113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  202.130149][ T7113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  202.138804][ T7113] Kernel panic - not syncing: Fatal exception
[  202.145295][ T7113] Kernel Offset: disabled
[  202.149620][ T7113] Rebooting in 86400 seconds..