last executing test programs:

11.605020486s ago: executing program 4 (id=1745):
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0x20000000002, &(0x7f0000000700))
ptrace$cont(0x21, r1, 0x80000001, 0x4)
sched_setattr(r1, &(0x7f0000000240)={0x38, 0x6, 0x27, 0xf, 0x6, 0x5, 0x9, 0x7, 0x7, 0x9}, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="1c202cda8d21211962deff095135ffceeb84c4e96e2b90bcdde86268c025db24e8d175b4eefcb15d8931bf74d8fad63d2e422eaabbccee230f3e68dbd51a7e441865e86dd46977a2e3e8759cf353f577214b5aa5f53c92d9f856a814fb1fccedc1fe29a36d28b096f1d0c471a3c8aa4387eebb15272ef6b557e38bf51a937a08bf1a54379165769fb0d0765dfba6716519c4218d09ffd568fa883f37b514986d5ebf3acee4c8b2470fcbf91372e01fc3d1d16c5491133879ae39d67f19a9a234f0da36be4b997bc66342637f0f6ddbea4d9b7b8cb6727268f6fff55e65b83b741881834e541e49c3bb9bd8", 0xeb, r0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x64, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xffe0}, {}, {0x1c, 0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0x38, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x3, 0x3}}, @TCA_U32_CLASSID={0x8, 0x1, {0x2}}, @TCA_U32_CLASSID={0x8, 0x1, {0xe, 0xfff3}}, @TCA_U32_INDEV={0x14, 0x8, 'bond_slave_0\x00'}]}}]}, 0x64}}, 0x24000000)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

10.920798925s ago: executing program 4 (id=1746):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, 0x0)
syz_pidfd_open(0x0, 0x0)
r2 = getpid()
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000080)={0x2, 0x0, @ioapic={0x4, 0x1, 0x5, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x16, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x8, 0x0, '\x00', 0x4}, {0xa, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x2}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xae, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0x3, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}})
syz_pidfd_open(r2, 0x0)
r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x2, 0x40080)
recvfrom$inet(r5, &(0x7f0000000500)=""/4096, 0x1000, 0x2120, &(0x7f0000000280)={0x2, 0x4e22, @multicast2}, 0x10)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x7]}}], 0x1c)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000380), &(0x7f00000003c0)=0x14)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r6, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
quotactl$Q_GETFMT(0xffffffff80000403, &(0x7f0000000040)=@md0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
unshare(0x480)
socket(0x15, 0x5, 0x0)

8.738725102s ago: executing program 4 (id=1752):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x2, 0x102, 0x2, {0x4, 0x6, 0x3ff, 0xe97}})
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8040)
ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000100)=0x6)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0xa, 0x7, {0x7, 0xf, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f00000009c0)={0x14, &(0x7f00000008c0)={0x40, 0x8, 0xd5, {0xd5, 0xd, "5b2a72371e83b2d737b051aec0e4bbfd42bfe4d55847a149dd20cfcb307ae6d989648a3e362d1da97ec7a9a87dc374246fa009466439ffa07fec8c54767439ed8b6277c3e96bd8e398b6f1ccf9a31af9bc392b140121b508a562df496170c8b011be7494a57cf3003a56d8398aff6de31d9f9cf45c45139320093f0e423f8be1fe2714141d2a4797eb72bd2c9bfd70990c55ac00d0bbe8a817340290d81f8ccda6cdc57581351a97516b4ca1e5c2684a288038d5e789ee6dd067f5febc6a3c7ddca21e3bed934b06d60527be4c2d73bc65d485"}}, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000cc0)={0x44, &(0x7f0000000a00)={0xa0, 0x10, 0xc4, "ef349735c15cf64c64440472a3e7b048725d7937b9fd4663613205de87f57dab1ee0a43c6d6415b8c45cf3e6c5c3a31426769c9a951293189c3d441f47c6990c10bed4eb2cf067426036b109503a842d83f0860f9fd95f19b72fb4b5f71afdd17ae9dd7ac5834afdfffafd8a0c0801adddd7d1fb2d0bbff0a79a5a1869ca553ab3a2587ddb1ba1bbeef3c3b1b1a1304b265df60387592f7ed4e7764d7952d1ca59140fbd0e06335eb5ad3aeb0b8c0288a347a7daf52f214d8b327fbc8bfdaddd96328dcf"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000b80)={0x20, 0x80, 0x1c, {0x4, 0x69, 0x1, 0x800, 0x2, 0x0, 0x339, 0x401, 0x7, 0x1, 0x7, 0x7}}, &(0x7f0000000bc0)={0x20, 0x85, 0x4, 0xfffffff8}, &(0x7f0000000c00)={0x20, 0x83, 0x2}, &(0x7f0000000c40)={0x20, 0x87, 0x2, 0xd}, &(0x7f0000000c80)={0x20, 0x89, 0x2}})
r3 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb78a405e0483020b990102030109022400010000000009040000025c291d0009050900000000000009"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)={0x20, 0xb, 0x2a, {0x2a, 0xc, "7c02cc6bd306c599601a7aa0dff5cd67a3e45a3e9419dec3a6e361b71046e3ca55efe49c1930d62c"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2003}}, &(0x7f00000001c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x3, 0x2, 0x81, "27faffba", "e9ffffff"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x10, 0x18, 0x1, 0x8, 0x0, 0xe, 0xc38f}}}, &(0x7f00000007c0)={0x84, &(0x7f00000003c0)={0x0, 0x14, 0x33, "d33fd97b1eab483a945adcbd9fb2496eed5a1bd7da6c4fd7f9f946a8f4ebbea331fcc7193401f06a5b73dc997bcbcae21831c3"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0xff}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x2, 0x1}}, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0xb, 0x2, "a94e"}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0xc}, &(0x7f0000000600)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, &(0x7f0000000640)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000680)={0x40, 0x19, 0x2, "5702"}, 0x0, &(0x7f0000000700)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000740)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000780)={0x40, 0x21, 0x1, 0x9}})
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x20, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff}, 0x50)
ioctl$HIDIOCGFEATURE(r3, 0xc0404807, &(0x7f0000000080)={0x5, "da8019dea5c88d695f73e31c18f0c7c7fdac910ee2000e08b73b53930efb1a00"})

7.38456967s ago: executing program 1 (id=1757):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c0001"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3c000005}, 0x10)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000c4b20710200e01015a000000000109021b00010000000009040000012e6d0a000905", @ANYBLOB="19e6c5"], 0x0)

7.25580232s ago: executing program 0 (id=1760):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x1, 0x2000, 0x2000, &(0x7f0000002000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000018c0)={0x2, 0x3, 0x0, 0x3, 0xeb, 0x0, 0x0, 0xfffffffc, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e21, 0x4, @empty, 0x9}}, @sadb_x_sec_ctx={0xe4, 0x18, 0x2, 0x5, 0x711, "55d1c69571aa2aabc9b9057bfc92bec8f656b76bead6ae5304d591fa60c35eab7a2391509cbeac5ef345118c8000e7fcc8ebba9175f8f43866e89d45e1c4e3fbd30cc61f8027573e7f3a88cb2dc2a166c4e518d003c4d64b2a47f69fb946cc048f8a96ed853892cf9335a3bf6c1cf6372662b8ca670fd4675a0647082b0bb2f681266ff29f84bc4563609bd4466d60824f5055eb546e5f1c24df469d04370b779064fc2cb63182dde66b8c7700a28eef1a7105cb35114d787023a44c4483aae96ede8cdeaee2413773551446138e354c4b1b98f596fd7fa5b6b584551bd5a2674f0dbc5815953b56a169f450bcca15201c401ce705069a468008514a26b794c280ede120c680c7e459dd650b476d35fbecb32b91bcac1358260efdc87a53d992a6b27c3b2090ce0de06faf45ba9a7ecb747a0257fe67fe9eb2829a5fa3fb9e666ae5d26ba2781fbd80b37dd30f30e7f644f128f7dedc802136f74ee8af220ca0aec699ec9af00614627cdb0965bac529ea3d06d4b6d768cde6d2dab094419d3aff11fa1cd4b35b9fa28f1f1e6d3c05bb7ea1b2e84e366db0639b961682d9b72dbe40eb227c1f59f211305d4c71650081cc7c3fa41fb9f7ec979c3922dc61f1c3b74ac4a03e0e7c3f69083cc2c9a31e06cfd15198d831534411782c62e0b80932f05d57d4903233b1652234ecc756897c5911463590e33ef20a9fcfa04effd2bf08099644e71e96009cbf55a9da82ce6c555bae72d23495525638ce8ef4286f4bf8736c88fbc5593a9066e63f0a6a545a7cb4bbab9d7ee3734013a2b1e68f57e8c697d1ce39bdefc2c7f68e157e78e2355c2a05bb1c5473f06497f4607f1d343dc70b869aa1098849db3c734b7b6deb03f7663284c349430beaf4773ccdc465404c7b8ea39262365b13f75e5ab07b3d6626b9a36f14c9ebc28740d401e35138d8c744c13210a674edebec66c4d923407c13d611eee6526a833a08d017933e69900c626ac5dcb2898a223a5ca53ed29917266f142cb01376d646b11168ce7c99a02c3fc3f11c9476b6a4ac4d72d0413a59834549ac43f04e5790acbf3823d3cd1ae1563efc6612c1255d9616cf42ddefec310ed4cc5634960623410b9a2d846b3c4ae23a5c55146b09a86a7fe21d2a74bb67916802867a6b10f015bc0215add2a467380dd141d8d584dc35645e7cfcaf7429e27ed7d5d40370cb1940b5cc123a63233e4acc3ce438cccdc9a23bceb41920f1f39d4247b461af58d804ee9e540091b573a252149257247a9a3931d74c8fd9ba4ed28c0a9101e8dead5602554fe2a84bf82445e834866c760513e431cb477dcaef3b9f0e90c8abe539d416e7e5c4ee43acc3acdeec67cd00151235d1586753ce1337209d44806f5dfceaf1e6dc0d9829208be8df0cb2186565d07fa5d3371741df2812278a45da513bc3cf4c886ef9996e67c5cb9ce36088eef9319d24559a9620fa5db65eff58c197b8f33134a1a636f5ae13dad274000f6004d53d4c8a3b0e9c7b128ea8587d81d4cd609a265d6418bf66f935b92bd133240183599e292bb6ad6d9db57fcadf24abd5b25e4ebcb87ebf2766f66bd4a02f20c21b379b7f90bed1b11d00d2378f059c5897643d0012945d7b9908a0eff2153f180f59f2ae7c46711e40d0f80598381d4b20c12e3456718c1d0c49f954c9de6cc3d57b38853ed251b4419a5b24ea036b65930165080e895089dda897d9a3e758855083d2e8bb55753087f522f851c27851dffa3799b3cf5cb7c983d3a09367bc569b6d24423352cc90a0b2cbcf3a593967b3d0ddacfe5c021138b99b7731c6b8ff9cf38c0481d0ab5d4e18361f1d6958058c6f06b561fd00e5d6103fe921921d3df7c5ca4bc7164b225f2651a8bbb120c8d351d6ecb77bd28d97a7055efd2ace479ea1d57fe0aa626ba9ea8311bc7df25c255626b80b81f4aad4b076a428753a7b18904e3bedc6528b7d9b8d71f8e23abaefa0a3d8c973f82e06316cdcdffa857e75c2d8f867a3fd60021373b0e007d1412dbc2b9616b454426018a57ce2cd9c7cc71c70a35d39f064f2e04d691fe21f2190e8b69ba87c1d1df026d328f1b4a6a734471a86f9022692d0920a46327ceb4723a584649d2ef8c745194d4772ebfbaa292b89105402a2e8c15a85bc7f41bebfaceb4fcc8e2c771278d43837453f6c1e987e175a76ee97a220c881475d6b9bcee681b77b472e94573c3b7f0420337b8ed7e5d75a83753421831b90ae461d7d0e24d3d26374e8a234016bd9690d2181a06ea688ed2d96a3e4b422eddfb038ed9e932610cf194f12283745cde499ab7724fa4aabc14f2b7b516032b0ce66c02e2dac4c31f572e37565664f108d8058e70ff83c2adfe666ee0abcae8ae95db4c7e6199c1f3d112709f795bb3f45e30408549acbe6564cc322f1f7dfe384a18ea24fdb16d928211d60565a5db5ed9840a53a592b67465a792d3b1ec35d622e8d0c3d0b72482c1a567ebf9a7182fc5b7194fba0165401aa0e4d38983d1fe57f90371b6b5760e082e120ae32bbae4e9aeb04943ae5708d9fdf"}]}, 0x758}}, 0x20000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7.064953721s ago: executing program 3 (id=1761):
socket$inet6(0xa, 0x6, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) (async, rerun: 64)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0x4) (async, rerun: 64)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket(0x2a, 0x2, 0x0) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async, rerun: 32)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x62102, 0x0) (rerun: 32)
close(r4) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r7) (async)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) (async)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@getchain={0x24, 0x66, 0x8, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r10, {0xc, 0xfff3}, {0x1a, 0xc}, {0xfff3, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async, rerun: 32)
getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) (rerun: 32)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xffffffffffffff6e}}]}, 0x38}}, 0x0) (async, rerun: 64)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) (async, rerun: 64)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f000000a380)=@newtfilter={0x40, 0x2c, 0x601, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r11, {0xffe0}, {}, {0xc, 0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x2, 0xa}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x48081}, 0x24000840) (async, rerun: 32)
r12 = socket$netlink(0x10, 0x3, 0x0) (rerun: 32)
sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000100766574680000000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x80)

6.986825913s ago: executing program 0 (id=1762):
r0 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40088a01, &(0x7f00000000c0)=0x50000000)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4, 0x5, 0x8}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0x80000003})
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000040)={0x2c, &(0x7f0000000140)=ANY=[@ANYRESOCT], 0x0, 0x0, 0x0, 0x0}, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf4})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
syz_emit_ethernet(0x6a, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500005c0000000000019078ac1e0001ac1414aa05009078e00000e04000000000000000001100"], 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000c80), 0x7, 0xc82)
ioctl$VIDIOC_SUBDEV_G_FMT(r5, 0xc0585604, &(0x7f0000000cc0)={0x0, 0x0, {0xfffff982, 0x8, 0x300f, 0x3, 0x7, 0x0, 0x2, 0x4}})
socketpair(0x28, 0xa, 0x0, &(0x7f0000000180)={<r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000001e40)=ANY=[], 0x48)
ioctl$SIOCSIFHWADDR(r6, 0x8b0f, &(0x7f0000000140)={'wlan1\x00', @random="0300000000eb"})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x106}}, 0x20)

6.852278748s ago: executing program 3 (id=1763):
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@getneigh={0x14, 0x1e, 0x800, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x44044)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000a, 0x12, r2, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f00000003c0)=[{0x2, 0x2, {0x0, 0xf, 0x6}, {0x2, 0xf0, 0x1}, 0xfd, 0xfe}], 0x20)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x45, @ioapic={0xd000, 0x7, 0x2, 0x9, 0x0, [{0x3, 0x6}, {0x6, 0xf8, 0xb, '\x00', 0xdb}, {0xff, 0x9, 0x3, '\x00', 0xe2}, {0x5, 0xe, 0x7, '\x00', 0x3}, {0x8, 0x2, 0x4, '\x00', 0x40}, {0x9, 0x9, 0xd, '\x00', 0xea}, {0x9, 0x68, 0x4, '\x00', 0xe}, {0x26, 0x8, 0xa0, '\x00', 0x56}, {0x3, 0x7, 0x4, '\x00', 0x4}, {0x13, 0x10, 0x9d, '\x00', 0x1}, {0x0, 0xc2, 0x38, '\x00', 0x6}, {0x5, 0x1, 0x5, '\x00', 0x4}, {0x8, 0x2, 0x1}, {0x3, 0x0, 0x8, '\x00', 0x8}, {0xa, 0xb, 0x9, '\x00', 0x7}, {0x7f, 0x2, 0x80, '\x00', 0x65}, {0x9c, 0x3, 0x8, '\x00', 0xe}, {0x6, 0x1, 0x6, '\x00', 0x3}, {0x1, 0x9, 0x1, '\x00', 0xb}, {0x4, 0x81, 0x9}, {0x2f, 0xf, 0x1c, '\x00', 0x2}, {0x6, 0x1, 0xf, '\x00', 0xfc}, {0xff, 0x1, 0x4, '\x00', 0x7}, {0x81, 0x3, 0x1, '\x00', 0x9}]}})
syz_usb_control_io(r4, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf2504"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000000180)={'wg2\x00'})
recvfrom(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)

6.335402663s ago: executing program 2 (id=1766):
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x3c0, 0x2c0, 0x0})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket(0x10, 0x800, 0x3)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_clone3(&(0x7f0000000240)={0x26bf52a1b2c34585, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58)
close(0xffffffffffffffff)
socket(0x2, 0x80805, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12000, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000400)={&(0x7f0000f59000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r5, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r5, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r5, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)

4.693403371s ago: executing program 4 (id=1767):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x28)
vmsplice(r2, &(0x7f0000000380)=[{&(0x7f0000013580)='\r', 0x1}], 0x1, 0x1)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000040)=0x14)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00')
ioctl$NS_GET_USERNS(r3, 0xb701, 0x0)
ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(r1, 0xc004ae0a, &(0x7f0000000080)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@overlay={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "12848098"}})
readv(r0, &(0x7f00000006c0)=[{&(0x7f00000017c0)=""/4096, 0x1000}], 0x1)

4.35816367s ago: executing program 1 (id=1768):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="40000000000300"/20, @ANYRES32=0x0, @ANYBLOB="000000008040030020001280080001006774700014000280080003000300000008000200", @ANYRES32, @ANYBLOB], 0x40}}, 0x0)

4.279632622s ago: executing program 1 (id=1769):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x6, 0x1000, 0x0, 0x0, 0x1], [0x7ff]}})
r1 = io_uring_setup(0x2c93, &(0x7f0000000100)={0x0, 0xf0ce, 0x3480, 0xfffffffc, 0x14})
io_uring_enter(r1, 0x0, 0xcb, 0xf, &(0x7f0000000000)={[0x20]}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x7fff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x20040000)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x170, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "52087def75c736f85cc7d27338360e8cb966058f66908611a2da3e15d87ea4bbea3d646bddcbf88d74a8f9e560e73cc92e50a1e1eb696bc28149a6f97bca767db6d5a2e4a0ce4e1f337f52af8d065ab3903bf929f30662e91d6466b050411964902e6bfd3d89271fd28b48677d5cf2caefd8a40abbe65daabf39f028156294855a66954d2349461e5b3fdf380433eb7182203d89bd1637c99109d611ac6ddd1f8bd70df15be1196d73cf82360c81beb73bd89d4e22511b72fa9373f5ff75156b83de4ba43f4325cb81ad4e1ebabd12279a1c2cb16d9b64ac46472168b729780d5697663cde109a2ea16079fdfb016066bd7f663500"}, @TCA_GRED_PARMS={0x38, 0x1, {0x1, 0x6, 0x37, 0xa, 0x80000001, 0xb, 0x6, 0xffffffff, 0x2, 0x0, 0x14, 0x9, 0x8, 0x6, 0x8bc, 0x6}}]}}]}, 0x170}}, 0x0)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010026333bc860bb7e9e056a571a9150ef33814bca7600000018000180a18d7b42335bac0da31400020073797a5f74756e00000000000000000005000200fc"], 0x3c}}, 0x0)

4.125171128s ago: executing program 1 (id=1770):
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000002a00)=<r2=>0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
unshare(0x8040480)
r3 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x1)
fchdir(r4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff1, 0x3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xd3eb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_RATE={0x6, 0x5, {0x9, 0x8}}]}, 0x48}, 0x1, 0x0, 0x0, 0xd000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_PAYLOAD_OFFSET={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4.046863384s ago: executing program 1 (id=1771):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) (async, rerun: 32)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) (async, rerun: 32)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}, 0x10) (async)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
setsockopt$inet_int(r2, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x0, 0x70bd27, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x2}}}, 0x24}}, 0x0)
r3 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e780cc08c0070515c5b80102030109023400010000800009040000038e4ee2000905000000041a06010905010300021007c109050c04400003030f07059acb"], 0x0)
syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{}, 0x0, 0x0}, 0x20) (async)
recvmmsg(r2, 0x0, 0x0, 0x45833af92e4b39ff, 0x0) (async, rerun: 32)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) (rerun: 32)
r4 = syz_open_procfs(0x0, 0x0)
readv(r4, &(0x7f0000001440)=[{0x0}], 0x1) (async)
connect$qrtr(r4, &(0x7f0000000140)={0x2a, 0x3, 0x7fff}, 0xc)
r5 = fsopen(&(0x7f0000000040)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x8001902}, 0xc, &(0x7f0000000880)={&(0x7f00000002c0)=ANY=[@ANYBLOB="840000000906000000000000000000000000dd050900020073797a31000000000500010007000000090002bc947e11131a414a911cc8da0073797a320000000050000780d81ee491987c690800094000000002c4f8f09d1a357469b315ee1a0c001680295c5d2700000c00028008000140000000000900120073797a32000000001400160062726964675f736c6176655f310001dd1496fc5b697e328eabe47865c57f75ec7d8bff7a398176c4135abaad1adcea8967c8387610935f4436331f3b269872ee0a53f55acf464b2506121a65cbf621afab86fd340125e3af9f3d2de1d358de959c6939a6387dbcca32755e741f19c3c8ce2757ca9e5765ef9687941c14bb8f0d0a7ee8d477a41d6d59"], 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x4010)
socket$nl_rdma(0x10, 0x3, 0x14) (async, rerun: 32)
close(r5) (async, rerun: 32)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x20}, [@FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1a}}]}, 0x24}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)

3.773106521s ago: executing program 4 (id=1772):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getdents64(0xffffffffffffffff, &(0x7f0000000080)=""/105, 0x69)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
getsockopt$sock_int(r4, 0x1, 0x2c, 0x0, &(0x7f00000001c0))
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000000600010017"], 0x1c}}, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b5d390887f70e06d038e7ff7fc6e5539b3272298b089b07081b4d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b39070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc825d8e524b2451138e495bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546850a27af9544ae15a7e454dea05918b4fd42513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cfe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2691491abf8ab9c015073014d9e08d4338b8780bdecd436cf0541e4505bc3a45237f104b962102de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd735892892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5407000000e3ad038f2211f1033195563c7f93cd54b9094f226e78b271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005008000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546def271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652770711935f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f42f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599af40005b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fd30d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb84d9a88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678458fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000bd700", 0x1000}}, 0x375)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = open(&(0x7f0000000280)='.\x00', 0x40000, 0x43)
getdents(r6, 0x0, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x210000, 0x0)
readv(r8, &(0x7f0000000380)=[{&(0x7f0000000180)}, {&(0x7f0000000240)=""/109, 0x6d}, {&(0x7f00000002c0)=""/7, 0x7}], 0x3)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x18, 0x1411, 0x1, 0x4, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x28}]}, 0x18}, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
write$uinput_user_dev(r7, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x519, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0xffffffff, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0xfffffff1, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x40], [0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x9, 0xfffffffd, 0x0, 0xfff, 0x4, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x200, 0x0, 0x0, 0x2, 0x0, 0x0, 0x31c, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xc8a], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffff, 0x4, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x7], [0x0, 0xfffffffe, 0xff, 0x0, 0x0, 0x0, 0x200, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x10, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c)
ioctl$UI_DEV_SETUP(r7, 0x5501, 0x0)
ioctl$UI_GET_SYSNAME(r7, 0x8040552c, &(0x7f0000006480))

3.329263821s ago: executing program 3 (id=1773):
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140)=<r0=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
getpid() (async)
prctl$PR_SET_NAME(0x4, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0xd8, 0xa, 0xd0e0000, 0xd8, 0x100, 0x1a8, 0x1d8, 0x1d8, 0x1a8, 0x1d8, 0x3, 0x0, {[{{@ip={@local, @multicast2, 0xffffff00, 0xff, 'veth0\x00', 'team0\x00', {}, {}, 0x2, 0x3, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0xffff, 0x800, 0x1, 'syz1\x00', 'syz0\x00', {0x3}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x4, 0x2, 0x4, 0x3, 0x5, 0x3], 0x5, 0x5}, {0x0, [0x6, 0x6, 0x1, 0x7, 0x5, 0x5], 0x3, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 32)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async, rerun: 32)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="180000005600080027bd7000fcdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="ff2342065bf83d5442fba44b278049f98533010b0ee75c82b89ca5bdf31e313f698e6e07b9b87f0dfedbdd14663ee868a818548f4a3c00a82d67dcbe80327787b0541c7bba11f633b47873f74892e4bc9111919e887b8e0f6f04cb4597cad6b1a8a8a4bbe9d7df66e33be87484cf94ce01f31867988e8e92decf025845adf4f1b60e025ba7fc618e9fd9f003b2515529c70909fb889aaff2537f4b840c81a9be2a1a355bc2a1b8fd5c9db242a43e51ec68e52d33c25cf0d249d95a951cf781839fea5980f5fb45ddc20f85ce485a838e84b3b17851c7db4635a63383a116e8d884dcda8ba19619b9f4137567e43eebfc859a13965ed51207c34730a32953e274febc74724ede391f0a28c7d60c66455adc66237522dc6767d831470839cb73abd01857789f6f84df6e345ebe751a73d5609b042af9b667f5cfa0738f9d000000000000000000000000005688dd45328c0f6215fc06ae572c18a745affee2d65e2d6c7761fe5f7db9cfb3c7b54035c372ca6b29c9bb46cd9aafa6ee8504121b9340ec8ac4bc829e5aa101e77d3b78e27dac5775347f9633e80c5c55d47fd3d61c82cd0b49175cc3c5bdba911bf32e2d90fa0fa4f0f74b565e07c8edfdc93fcbcd57696b3079528db6196bb071cdcf4b1fd7526ec7f4038dd5285daef9537141051c3a7163e2318d5b377d6a5413a2b3b87c854d7c097c357a33417d82ffd7116c4bb894e4106314fea8f57036a245da62fff2f7db5e7963b76d8098d0c1c4d2a8927f684c1b65fcdd957fc198a81e3b137ffdf4e007e8"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async, rerun: 64)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) (rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000060027000000000008000a00a8"], 0x6c}}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r6, &(0x7f0000000140), 0x4924b68, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'sed\x00', 0x37, 0xffffbffe, 0x7f}, 0x2c) (async, rerun: 64)
r8 = socket(0x2, 0x80805, 0x0) (rerun: 64)
sendmmsg$inet(r8, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0) (async)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

2.952910186s ago: executing program 0 (id=1774):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffa, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e24, 0x5, @loopback, 0x6}], 0x2c) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e24, 0x5, @loopback, 0x6}], 0x2c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}], 0x1c)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000ac0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000180))
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r1}) (async)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r1})

2.844255984s ago: executing program 2 (id=1775):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x164, r1, 0x1, 0x70bd28, 0xc00, {}, [@WGDEVICE_A_PEERS={0x12c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0xb4, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ALLOWEDIPS={0x8c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x33}}, {0x5, 0x3, 0x1}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x3, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}]}, 0x164}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

2.521284695s ago: executing program 0 (id=1776):
r0 = syz_usb_connect$rtl8150(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100160bb41082e0c00073be1010203010902240001a200000009046101022353830309250303ff0308400409058503"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="4000000010003b0c29bd70000000000000000000", @ANYRES16=r1, @ANYBLOB="0c01020006100000200012800b00010065727370616e00001000028004001200080005"], 0x40}}, 0x4040)
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000000140)=0x30)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="640000000206050000000000000000000001050004000100000005a4340001000700000014000780f6ff060000000007080013400000000505000500020000000900020073797a300000000016000300686173683a6e65742c706f72742c6e65740007000000000000002fe085698cb5d780ed637cbf9973eb707a3ddddac9af3531b1b160f4ccee314f6ec6a45090baec6e66fb9ed69e5e1c8fe25f536bbc76a0936a2e197238101c3effbecb96913969a037fde1933d34bd99df8c3fe98c0566888be056b9dba18929f3527800676238b99bb988598f9747b6e967d30e089f27d32e641ede7a0fdca82163b6e0936a6a9315c1006b730000002eb8a9583ff87e941a1a010992808dce76411ceac3d37dd8615a84fc9649bda1d2e8ea30dcf53bc9d6cfd458277791c3f05b76176e8429466e3e3249f8b84ac203133c12c1262143323a4a07b577f0427bcb0fc5057f63c8ff009368e5ec42e44e09da0e6347f1cd2b767237963cdfd27c56b07bbb69fb5959e27d41d66662bcdfee630fcabb06c8d2b215d2ef89c2348bfdcb54207cd264c512cd0a561d3176778fdcbbfccb93f1c89c1699778aa5874bbdd3177b5145c938808462e09ea024b131e03d9c8e86204686e127295feceb05ccae71cfd9f8b70a27b652e806cb487ba5dd36628677aee6cdbdbbd995b1e45d387f82b96c9974858efbe9666863d08f95689c27ad185984d9ddc87bb2b9e5cecf66250bcdd4d10a4549be9493c2365fd2c43d6e3a0c4c20d1441081fb9f76c93ddeb057400055cfa0dd99c4fe5f0dcc3a96d8f36ef7b3c119ac35daa0db0ffd5e8bc568039f463795cc1f"], 0x64}}, 0xb57729584bf0e551)
syz_clone3(&(0x7f0000000080)={0x100801000, 0x0, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000100)={0x0, 0x4, 0x9, 0x3, 0x8, 0xa, 0xfffffffc})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000280), 0x2, 0x800)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={0x0, <r8=>0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0})
r10 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0xe}, 0x1c)
setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, 0x0, 0x0)
setsockopt$sock_int(r10, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0)
recvmmsg(r10, &(0x7f0000001140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=""/2, 0x2}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0x5}], 0x2, 0x2, 0x0)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r11, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, r8, r9, 0x7fff, 0xb, 0xe, 0xfffffff6, {0x403, 0x1, 0x3, 0x8, 0x6, 0x3a5, 0x5, 0x6, 0x22, 0x5, 0x7f, 0x9c1c, 0x200008, 0x8d12074f, "0010b45adb3bdf6bbf43f7e7bdcf42a72e9a4d13e20b354ba4e274f7720904f6"}})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

2.366965152s ago: executing program 1 (id=1777):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
timer_create(0xfffffffd, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x0, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x40000)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r7 = inotify_init1(0x0)
inotify_add_watch(r7, &(0x7f0000000180)='./control\x00', 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)=0xffff0018)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(r5, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)

2.271040648s ago: executing program 2 (id=1778):
r0 = syz_io_uring_setup(0x3b, &(0x7f0000000040)={0x0, 0x2, 0x10100, 0x0, 0x2b5}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1, 0x0, 0x26}, 0x0, 0x80002101})
io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0) (async)
r4 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000500)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x73) (async)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=@newchain={0x24, 0x64, 0x200, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0x1, 0x9}, {0xc, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x2001}, 0x8000) (async)
write(r6, 0x0, 0x0) (async)
write$binfmt_elf64(r4, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x7b, 0x7f, 0x0, 0xfffffffffffffffc, 0x3, 0x3, 0x305f, 0x83, 0x40, 0x6, 0xf, 0x1, 0x38, 0x4, 0x8e7, 0x8d7, 0x3b5}, [{0x60000000, 0x9, 0x5, 0xd, 0x6, 0x9, 0xffffffffffffcb31, 0x6}, {0x4, 0x7, 0x84b, 0x7, 0x3, 0x5, 0x1, 0x2}, {0x70000000, 0x200, 0x7fff, 0xb, 0x3, 0x2, 0x401, 0xffff}, {0x1, 0x27, 0x5, 0x8, 0x4, 0xffffffffffffffff, 0x1, 0xffff}], "72bf52bcb793538c34e8da16f02d9eb4ad287a3ba952a2ff41801fc094b7dd620d5d9be28caa1615ae99668f420913fd97f1fb2fea2b56451cd84581cba02ca82ef4c1067f3956fe6674fe1027f2f62e66aff8ff0fe799853736258192b85ba72b3af053b329951e5e30fdcd887fd6d08b0370f61ccadedb76e4881c58c3d4ab0f64a7530e912e9a37fb310e8a263128b945dc1ee0e20ae3c0edb186ca6c226de0ec1deaeabd01b696d8f11db9e1f00ff2f6274c6e71f12a14fda112343dee572e499944a72bb3638823333329b03bd5c041ad6c05db46f39711fabbea71963a1967ee63"}, 0x204)

1.956860202s ago: executing program 2 (id=1779):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000080)="0f20e06635100000000f22e08ed8b800008ec00f9c86b39e260f01c4c6f8000f01d1baa100ecf20f187e0c260fe4ec660fd97355", 0x34}], 0x1, 0x4, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_clone3(&(0x7f0000000080)={0x100801000, 0x0, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x58)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0xa01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@empty}, 0x14)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
open(&(0x7f00000005c0)='./file0\x00', 0x2a4c0, 0x13)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000a40)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000006380)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000100)={0x50, 0x0, r9, {0x7, 0x1f, 0xf, 0xffffffff80018800, 0x0, 0x0, 0xbf5, 0x0, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r8, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x18}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

738.981743ms ago: executing program 3 (id=1780):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) (async)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
mknodat(0xffffffffffffffff, 0x0, 0x800, 0x0) (async)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000090)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x401, 0x0, 0x9, 0x9, 0x3, 0x12ce, 0x3}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r3, 0x5) (async)
sendmmsg(r3, &(0x7f0000000e40)=[{{&(0x7f0000000200)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRES32=r0], 0x18}}], 0x2, 0x844) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20) (async)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x0, 0x0, 0x0) (async)
r4 = syz_open_dev$sg(&(0x7f0000000100), 0xf9ba, 0x28540)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000010400008a00000008232c5a7fbf9d1b00729f1471caf04e30d45d49449282c58b3c45a34f03dc793524dfb888b1f029acfc6f6bbf4989e0842bc0d3a616982500fdf79d7327bdeab5586eefcafa0646214da5f9b56bbbeb4c839fea9c001b274056e7963d38e9348734cf77fad01f65d2403c5358cf0a424387bcb658ed4f00"])
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004010)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYRES64=r2], 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
read$FUSE(r7, &(0x7f0000001240)={0x2020}, 0x2020) (async)
bind$tipc(r6, &(0x7f00000002c0)=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x2}}, 0x10)

602.153396ms ago: executing program 2 (id=1781):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000a500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="1800000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

529.492632ms ago: executing program 3 (id=1782):
fsopen(&(0x7f0000000040)='9p\x00', 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c"], 0x60}}, 0xc000)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@host})
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2944], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x4a)

402.002851ms ago: executing program 2 (id=1783):
socket$packet(0x11, 0xa, 0x300) (async)
socket$packet(0x11, 0xa, 0x300) (async, rerun: 32)
socket$packet(0x11, 0xa, 0x300) (rerun: 32)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x40080) (async, rerun: 32)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 32)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000000)=0x8) (async, rerun: 64)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64)
setsockopt(r2, 0x84, 0x81, &(0x7f00000000c0)="1a00000082000000", 0x8) (async)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000080)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x8, "23e3c4", "ff1801f10b3020329865571ffe06d9907737dae88636a498f872a4d556e7da252ba5b17da78aef321612a2ea7d193b544ae2b54ca5c03caad54d76a43e981a7277e9326d579378fb1fbf8beedb4c9cd5aead7a5c7d3ae35df834aa2837ec1982eeae042452fca24f18668f024df0b96ee26f01162c5de2744608d9c6d7d29807d8eeb019bfd229a0bcd1aad935d0d4d13e5732443a11f63ef31548bc4f389a5e23bda3d6f665bff825facb2b47631149b6a46513ea0d6cca5415bd732f2412d5a5cb1e13856094257c73cb99b3d8905dca67db19dec27cddfaba2f6cfc6c638d38d230af217eda5c729232cd9b1900e58ed97ea307420a6835d6c6d27d2d7c1b"}}, 0x110)
sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000001c0), &(0x7f0000000200)=0x8) (async, rerun: 64)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000280)=0x3)

367.4761ms ago: executing program 0 (id=1784):
r0 = memfd_create(&(0x7f0000000380)='\x103q}2\x9a\xce\xaf\x03\xdfyR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7R\x94\xaf\xbb\xdcM\x90k\xd6\x05\r\x84\x87\x1e?\x10\x95SWFO{\x1f\x1b!\xd5\x991D\x1c\b\x8c`\xeaSA\x90m\xb6&\xd0\xf1\xb3\xed:\x82\xbd\xe3i|BL\x1f\x9d\x00\x00\xc5\xb8$\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\r\xd6h\x80\x8fQ|\xf5d\x10\x10\xd7\t\x00\x00\x00\x00\x00\x00\x00<\xfeeS\xb2l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfaa\xd3\xf1\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7~x\xb8vo\xe6\x15@\xc9\"CY\x11\xb9u\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D4E^7%8\x94y\x90\xf0l\xa0\'L%\xd4\xda\xee\x81\x98\xcc\xfd\xa2\x89$\x9by\xf1\xbb\x01\xb7\xcd\xbf\x99\x1f\x90@b\x03\xb3\xe0CfU\x16{\xbey\xa1cs\x96U\x11\xdb*\xdf\xcdG\xc7z\x85\x8aE\xf7\xd5\x9dAj\xe3\xfb\xc4\xa0\x14\x87\x19\x17\xed\xd1\x185%Q%\x81\xfaK\x82\xec=\xa3\xb8~\xb6O\xbd\x19*\xdb\x1c\x10\xa4\x8dIl\xc1\xceG\xd0h\xa1\xab:dP\xb6\xa0BR\xbe\x03\xac\xd9\x87\x00@\x80\x94\xd88\xc9\x03\x97\x17r\x85#\x7f\x8cu\x8f\xcc\x7fF\xb5\xea\xa6\xc1\x9d\xac\x89\xc9\xa1tuJw\xee\x1a\xe73\xa8\xadS\xd1\x11#d\xc2\xcfdj\x9ec\x93\xd5K\x90*_3\x89\v\xab\x04ih\x12\x93\xc5m\x8f~{\xe5\x85\xa5g\x00\x00\x00\xe45Q\xab%\xa8[\xf3\x17\x94\xf8\xdfq\xff\xd2?\xafW\xde\x1bW]\x1f\aaV\xc5\xc82*\xc7\xc5\"C}L\x10e\xc6\x90\xc0\xf9z\xb6+/d\x86\xf2\xbe\xc9:u\t\\e\x05)\xe4\xd2\xc4\x1a\xc9\xac\xdb\x925\x02\x94@\xa2\xe1\xee\x16\xb4\x98\xff\x0f\xbb\xb2\x81\xcf\x13g6l\xcc\xc8\x02\v\xa2\xb2\xf6\xbf@d\xcecC\x9fVz\xf4\x14\xa5\x8b|\xe1\xc0\xfa3X\xf4\xd9L\xe6\x8f\x9dy\x0fX.\xc5EQ\xd1/\xa1\xd0\x03>\xf0\x90\x13B\xe2\x97\x8b!\xf7\"\xecX\x92\xab\xbc^\xb2\x80@\xcc+\xbbp\xdc|N\xd3[=G\xb2\xe1\x9c\xc5\x81y\x84\xef\xacQ\x01\xdd\xe7<\xb8\xf1Hn\x86\xa6\xe3\x18N\x19\"[-\xdb\xef\xc3\xe0\xa8}', 0x0)
socket$kcm(0xa, 0x3, 0x87)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x690, 0x0, 0x578, 0x3f, 0x4, 0x1, 0x0, 0x0, {0x1}, {}, {0x4}, {0x0, 0x0, 0xffffffff}, 0x1, 0x100, 0x8, 0x0, 0x1, 0x0, 0x0, 0x6, 0x3, 0x6, 0x0, 0x3, 0x4, 0x100})
write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)
ftruncate(r0, 0x800799c)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e20, 0xffffffff, @remote, 0x9}, 0x1c)
sendfile(r3, r0, 0x0, 0xfeff)

205.343457ms ago: executing program 4 (id=1785):
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0xffffffffffffff76, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000240)={0x1, @pix={0x5a0, 0x7fffffff, 0x41415270, 0x5, 0x6, 0x6, 0x2, 0x3, 0x0, 0x2, 0x0, 0x6}})
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r4, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)=',', 0x1}], 0x1}}], 0x1, 0x4c040)
socket$inet(0x2, 0x1, 0x100)

127.350782ms ago: executing program 3 (id=1786):
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xffff030c) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
fsopen(0x0, 0x0) (async)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000d80)={0x3fffffff, 0x100, "6a3ce4ab8ed6c54797be28dc6b7dcc8d5eba4a0f1dea455e02c75ec18cfcdbf4", 0x0, 0xffffffff, 0x40000, 0x5, 0x90}) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
syz_open_dev$vbi(0x0, 0x2, 0x2) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180), 0x4)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)="fa82", 0xff80}], 0x1}, 0x20000000)
write$sysctl(0xffffffffffffffff, 0x0, 0x0) (async)
r6 = syz_open_dev$vcsn(&(0x7f0000000d00), 0xdd, 0x121800)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000cc0)={0x2001})
ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000540)={0x1d2, [0x4, 0x7, 0x3, 0x58d6, 0xff, 0xd, 0xe98, 0xffff, 0x4371, 0xc14, 0x0, 0x1, 0xe, 0x8d26, 0xffff, 0x40, 0x3, 0x9, 0x7, 0x4, 0x10, 0x6, 0x101, 0xff, 0xf, 0x4, 0x3, 0x6, 0x9, 0x1, 0x4, 0xff, 0x6, 0x1000, 0xf, 0x1, 0x7f, 0x8, 0x1400, 0x4, 0xc, 0x7, 0x8, 0x1, 0x7f, 0x5, 0x800, 0x6], 0x9}) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000004d040000000000002d000000000000005504030001ed0a0025000000170000001c0080ff000000007b0a00fe000000006e04000000000000e5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379d00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a607c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a59234ed56bc83987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d06c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292cfbe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d700ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec52d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d105800f000000000000ef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f6845b6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd51015dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d0800bf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3aee1ff8c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9000080ac970cc4fd0847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000000000000000000000000000be9ab5e329e962d96a283b6182c1cf6c8e350a7784ca39ecb9178f4118559f1eccb0b738a255146ebbc4357c16f94cd4"], &(0x7f00000001c0)='GPL\x00'}, 0x48)

0s ago: executing program 0 (id=1787):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0x0, 0x6}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_ECN={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x2250)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

kernel console output (not intermixed with test programs):

 4-1: config 4 has no interface number 0
[  511.536476][ T5861] usb 4-1: config 4 interface 128 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 1023
[  511.548334][ T5861] usb 4-1: config 4 interface 128 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  511.573815][ T5861] usb 4-1: config 4 interface 128 altsetting 5 has a duplicate endpoint with address 0x7, skipping
[  511.586254][ T5861] usb 4-1: config 4 interface 128 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  511.600810][ T5861] usb 4-1: config 4 interface 128 altsetting 5 bulk endpoint 0xC has invalid maxpacket 64
[  511.612437][ T5861] usb 4-1: config 4 interface 128 altsetting 5 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  511.624071][ T5861] usb 4-1: config 4 interface 128 altsetting 5 has a duplicate endpoint with address 0x7, skipping
[  511.636523][ T5861] usb 4-1: config 4 interface 128 altsetting 5 has a duplicate endpoint with address 0x3, skipping
[  511.649161][ T5861] usb 4-1: config 4 interface 128 altsetting 5 bulk endpoint 0x2 has invalid maxpacket 1024
[  511.659908][ T5861] usb 4-1: config 4 interface 128 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  511.671420][ T5861] usb 4-1: config 4 interface 128 has no altsetting 0
[  511.688768][  T980] usb 1-1: USB disconnect, device number 85
[  511.697956][   T10] usb 2-1: USB disconnect, device number 99
[  511.705337][ T5861] usb 4-1: New USB device found, idVendor=0403, idProduct=e0f1, bcdDevice=10.1b
[  511.750112][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.770068][ T5861] usb 4-1: Product: syz
[  511.774817][ T5861] usb 4-1: Manufacturer: syz
[  511.785438][ T5861] usb 4-1: SerialNumber: syz
[  511.808193][T11513] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  511.819052][T11513] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  511.831695][T11513] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  511.843588][T11513] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  512.078313][ T5861] ftdi_sio 4-1:4.128: FTDI USB Serial Device converter detected
[  512.091357][ T5861] ftdi_sio ttyUSB0: unknown device type: 0x101b
[  512.116976][ T5861] usb 4-1: USB disconnect, device number 106
[  512.132730][ T5861] ftdi_sio 4-1:4.128: device disconnected
[  513.018107][  T980] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  513.187477][  T980] usb 1-1: Using ep0 maxpacket: 8
[  513.237509][  T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  513.288884][  T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  513.361290][  T980] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  513.412489][  T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  513.502382][  T980] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  513.538379][  T980] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  513.562854][  T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.647668][  T980] usb 1-1: config 0 descriptor??
[  513.695974][T11537] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  513.921801][T11569] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1395'.
[  513.965250][T11537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.007842][T11537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.265127][ T5992] usb 1-1: USB disconnect, device number 86
[  514.266869][ T5871] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  514.736473][T11581] pim6reg1: entered promiscuous mode
[  514.757257][T11581] pim6reg1: entered allmulticast mode
[  514.857649][   T10] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  515.152221][   T10] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  515.161859][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.171510][   T10] usb 3-1: Product: syz
[  515.183795][   T10] usb 3-1: Manufacturer: syz
[  515.190175][   T10] usb 3-1: SerialNumber: syz
[  515.558986][ T5992] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  515.720657][ T5992] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  515.730316][ T5993] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  515.738819][ T5992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.769936][ T5992] usb 1-1: config 0 descriptor??
[  515.827378][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  515.845773][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  515.982323][ T5993] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  516.015754][ T5993] usb 2-1: New USB device found, idVendor=0471, idProduct=0303, bcdDevice=e5.df
[  516.048542][ T5993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.091265][ T5993] usb 2-1: config 0 descriptor??
[  516.103951][ T5993] pwc: Philips PCA646VC USB webcam detected.
[  516.200089][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.320931][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.335507][T11591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.418763][T11591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.427647][T11593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.436762][T11593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.554791][   T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  516.578521][ T5993] pwc: send_video_command error -71
[  516.584477][   T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  516.601755][ T5993] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  516.618757][ T5992] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  516.639576][   T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  516.655202][ T5992] asix 1-1:0.0: probe with driver asix failed with error -71
[  516.663254][ T5993] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  516.704919][ T5992] usb 1-1: USB disconnect, device number 87
[  516.713921][   T10] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  516.737551][ T5993] usb 2-1: USB disconnect, device number 100
[  516.792446][   T10] usb 3-1: USB disconnect, device number 92
[  517.717328][ T5933] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  517.827300][  T980] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  517.872365][ T5933] usb 3-1: config 16 has an invalid interface number: 169 but max is 0
[  517.881278][ T5933] usb 3-1: config 16 has no interface number 0
[  517.888093][ T5933] usb 3-1: config 16 interface 169 altsetting 90 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  517.901779][ T5933] usb 3-1: config 16 interface 169 altsetting 90 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  517.913176][ T5933] usb 3-1: config 16 interface 169 has no altsetting 0
[  517.922838][ T5933] usb 3-1: New USB device found, idVendor=0644, idProduct=0000, bcdDevice= 1.00
[  517.932260][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.940493][ T5933] usb 3-1: Product: 顊习♹嵜萡꺆ﻜ࿷᫬ꅝ䁇ﻛ漈㋓㇢쀒袠韵彄膆姘ꔚ燫糇⾟⢍ꖥ빦얒똨ᰮꟵ趄ㄙ䃹㇛บꯞ榌后綖ጹ鱵䰶䣇㵇볗䉜Ặ쌟⟿튎믢ﲆ⌆铿狋軹別鳭挾쀱ꚸ⃸팅䜵ᬟ뱥
[  517.964825][ T5933] usb 3-1: Manufacturer: ꌰ喖퓵얹溍ꑣ杳꣐拈እ禥粲繮
[  517.973044][ T5933] usb 3-1: SerialNumber: 《
[  517.980625][ T5933] usb 3-1: rejected 1 configuration due to insufficient available bus power
[  517.989866][ T5933] usb 3-1: no configuration chosen from 1 choice
[  518.001570][  T980] usb 2-1: unable to get BOS descriptor or descriptor too short
[  518.013671][  T980] usb 2-1: config 3 has an invalid interface number: 19 but max is 0
[  518.024373][  T980] usb 2-1: config 3 has an invalid interface number: 4 but max is 0
[  518.032678][  T980] usb 2-1: config 3 has 2 interfaces, different from the descriptor's value: 1
[  518.042232][  T980] usb 2-1: config 3 has no interface number 0
[  518.048832][  T980] usb 2-1: config 3 has no interface number 1
[  518.055168][  T980] usb 2-1: config 3 interface 19 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  518.068425][  T980] usb 2-1: too many endpoints for config 3 interface 4 altsetting 131: 175, using maximum allowed: 30
[  518.080082][  T980] usb 2-1: config 3 interface 4 altsetting 131 bulk endpoint 0x8E has invalid maxpacket 32
[  518.090413][  T980] usb 2-1: config 3 interface 4 altsetting 131 endpoint 0xC has invalid wMaxPacketSize 0
[  518.100487][  T980] usb 2-1: config 3 interface 4 altsetting 131 bulk endpoint 0xC has invalid maxpacket 0
[  518.111030][  T980] usb 2-1: config 3 interface 4 altsetting 131 has 2 endpoint descriptors, different from the interface descriptor's value: 175
[  518.131585][  T980] usb 2-1: config 3 interface 19 has no altsetting 0
[  518.138571][  T980] usb 2-1: config 3 interface 4 has no altsetting 0
[  518.149449][  T980] usb 2-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=53.f5
[  518.159018][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.176315][  T980] usb 2-1: Product: syz
[  518.181147][  T980] usb 2-1: Manufacturer: syz
[  518.187840][  T980] usb 2-1: SerialNumber: syz
[  518.429459][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  518.429480][   T30] audit: type=1326 audit(1756277293.544:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11635 comm="syz.1.1414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x0
[  518.441662][ T5993] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  518.617946][ T5993] usb 1-1: Using ep0 maxpacket: 16
[  518.630241][ T5993] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  518.646325][ T5993] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  518.665842][ T5993] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  518.676699][ T5993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.692183][ T5993] usb 1-1: Product: syz
[  518.696437][ T5993] usb 1-1: Manufacturer: syz
[  518.703931][ T5993] usb 1-1: SerialNumber: syz
[  518.716304][ T5993] usb 1-1: config 0 descriptor??
[  518.731373][ T5993] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  518.742009][ T5993] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  519.345679][T11638] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1415'.
[  519.359656][ T5993] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  519.368272][ T5993] em28xx 1-1:0.0: Config register raw data: 0x1c
[  519.570986][T11638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.580120][ T5993] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  519.588763][T11640] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1415'.
[  519.592816][T11638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.608085][ T5993] em28xx 1-1:0.0: No AC97 audio processor
[  519.667672][ T5993] usb 1-1: USB disconnect, device number 88
[  519.684034][ T5993] em28xx 1-1:0.0: Disconnecting em28xx
[  519.699695][ T5993] em28xx 1-1:0.0: Freeing device
[  520.077310][ T5993] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  520.257567][ T5993] usb 1-1: device descriptor read/64, error -71
[  520.430082][T11650] netlink: 'syz.4.1417': attribute type 10 has an invalid length.
[  520.449846][T11650] 8021q: adding VLAN 0 to HW filter on device team0
[  520.472358][T11650] bond0: (slave team0): Enslaving as an active interface with an up link
[  520.517476][ T5993] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  520.523616][ T5933] usb 3-1: USB disconnect, device number 93
[  520.617386][   T10] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  520.657335][ T5993] usb 1-1: device descriptor read/64, error -71
[  520.715189][  T980] pl2303 2-1:3.19: required endpoints missing
[  520.771011][ T5993] usb usb1-port1: attempt power cycle
[  520.785061][  T980] pl2303 2-1:3.4: required interrupt-in endpoint missing
[  520.798348][   T10] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  520.826149][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.840911][   T10] usb 4-1: Product: syz
[  520.845406][   T10] usb 4-1: Manufacturer: syz
[  520.852033][   T10] usb 4-1: SerialNumber: syz
[  520.880674][  T980] usb 2-1: USB disconnect, device number 101
[  521.160109][ T5993] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  521.198320][ T5993] usb 1-1: device descriptor read/8, error -71
[  521.199956][ T5933] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  521.396643][ T5933] usb 3-1: too many configurations: 141, using maximum allowed: 8
[  521.415807][ T5933] usb 3-1: config index 0 descriptor too short (expected 22, got 18)
[  521.430786][ T5933] usb 3-1: config index 1 descriptor too short (expected 22, got 18)
[  521.442374][ T5933] usb 3-1: config index 2 descriptor too short (expected 22, got 18)
[  521.453441][ T5933] usb 3-1: config index 3 descriptor too short (expected 22, got 18)
[  521.463882][ T5933] usb 3-1: config index 4 descriptor too short (expected 22, got 18)
[  521.475184][ T5933] usb 3-1: config index 5 descriptor too short (expected 22, got 18)
[  521.485544][ T5933] usb 3-1: config index 6 descriptor too short (expected 22, got 18)
[  521.574081][ T5933] usb 3-1: config index 7 descriptor too short (expected 22, got 18)
[  521.604600][ T5993] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  521.607628][ T5933] usb 3-1: New USB device found, idVendor=0af0, idProduct=8e38, bcdDevice=33.46
[  521.621925][ T5933] usb 3-1: New USB device strings: Mfr=201, Product=234, SerialNumber=182
[  521.630921][ T5933] usb 3-1: Product: syz
[  521.635870][ T5933] usb 3-1: Manufacturer: syz
[  521.640909][ T5933] usb 3-1: SerialNumber: syz
[  521.757802][ T5993] usb 1-1: device descriptor read/8, error -71
[  521.785389][ T5933] usb 3-1: config 0 descriptor??
[  521.867938][ T5993] usb usb1-port1: unable to enumerate USB device
[  522.380363][ T5933] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[  522.537317][ T5933] usb 2-1: Using ep0 maxpacket: 8
[  522.548783][ T5933] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  522.560578][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.569043][ T5933] usb 2-1: Product: syz
[  522.573254][ T5933] usb 2-1: Manufacturer: syz
[  522.578134][ T5933] usb 2-1: SerialNumber: syz
[  522.586473][ T5933] usb 2-1: config 0 descriptor??
[  522.600111][ T5933] gspca_main: se401-2.14.0 probing 047d:5003
[  522.715843][   T10] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  522.737764][   T10] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  522.777363][   T10] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  522.805386][   T10] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  522.831129][   T10] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  522.871258][   T10] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  522.915194][   T10] usb 4-1: USB disconnect, device number 107
[  523.008587][T11666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.034272][T11666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  523.063418][T11670] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1424'.
[  523.079906][T11670] netlink: 'syz.3.1424': attribute type 11 has an invalid length.
[  523.262483][ T5933] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input33
[  523.300563][ T5933] usb 2-1: USB disconnect, device number 102
[  523.925531][ T5933] usb 3-1: USB disconnect, device number 94
[  524.134175][T11697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1433'.
[  524.173647][T11697] : entered promiscuous mode
[  524.528482][ T5933] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  524.767607][ T5992] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[  524.779038][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.842913][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  524.962978][  T980] usb 4-1: new low-speed USB device number 108 using dummy_hcd
[  524.967827][ T5992] usb 2-1: config 0 has no interfaces?
[  524.983989][ T5933] usb 1-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  524.993875][ T5992] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  525.009386][ T5992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.038549][ T5992] usb 2-1: Product: syz
[  525.047070][ T5992] usb 2-1: Manufacturer: syz
[  525.059494][ T5992] usb 2-1: SerialNumber: syz
[  525.078945][ T5992] usb 2-1: config 0 descriptor??
[  525.184745][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.257453][ T5933] usb 1-1: config 0 descriptor??
[  525.565583][T11711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.578451][T11711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.617858][  T980] usb 4-1: Invalid ep0 maxpacket: 16
[  525.732488][T11711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.742013][T11711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.784833][  T980] usb 4-1: new low-speed USB device number 109 using dummy_hcd
[  525.967103][ T5933] usbhid 1-1:0.0: can't add hid device: -71
[  525.978525][ T5933] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  525.991052][  T980] usb 4-1: Invalid ep0 maxpacket: 16
[  526.001873][  T980] usb usb4-port1: attempt power cycle
[  526.037595][ T5933] usb 1-1: USB disconnect, device number 93
[  526.207378][ T5861] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  526.387346][  T980] usb 4-1: new low-speed USB device number 110 using dummy_hcd
[  526.418220][  T980] usb 4-1: Invalid ep0 maxpacket: 16
[  526.476403][ T5861] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  526.490183][ T5861] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  526.506334][ T5861] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  526.595219][ T5861] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  526.606862][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  526.617502][ T5861] usb 3-1: Product: syz
[  526.621962][ T5861] usb 3-1: Manufacturer: syz
[  526.626919][ T5861] usb 3-1: SerialNumber: syz
[  526.647396][  T980] usb 4-1: new low-speed USB device number 111 using dummy_hcd
[  526.699016][  T980] usb 4-1: Invalid ep0 maxpacket: 16
[  526.707814][  T980] usb usb4-port1: unable to enumerate USB device
[  526.859503][ T5861] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 95 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  527.455801][   T10] usb 2-1: USB disconnect, device number 103
[  527.568438][ T5992] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  527.654709][T11748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  527.664898][T11748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  527.728078][ T5992] usb 1-1: Using ep0 maxpacket: 32
[  527.735895][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  527.748582][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  527.763352][ T5992] usb 1-1: New USB device found, idVendor=04dd, idProduct=8003, bcdDevice=7d.eb
[  527.773954][ T5992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.788751][ T5992] usb 1-1: Product: syz
[  527.793064][ T5992] usb 1-1: Manufacturer: syz
[  527.799070][ T5992] usb 1-1: SerialNumber: syz
[  527.810351][ T5992] usb 1-1: config 0 descriptor??
[  527.825349][ T5992] safe_serial 1-1:0.0: safe_serial converter detected
[  527.833913][ T5992] safe_serial 1-1:0.0: probe with driver safe_serial failed with error -22
[  527.855316][T11753] loop7: detected capacity change from 0 to 16384
[  527.867876][   T10] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[  528.025411][ T5992] usb 1-1: USB disconnect, device number 94
[  528.047435][   T10] usb 2-1: Using ep0 maxpacket: 8
[  528.063540][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  528.092300][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  528.104131][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  528.119193][   T10] usb 2-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  528.138353][   T10] usb 2-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3
[  528.146980][   T10] usb 2-1: Product: syz
[  528.152756][   T10] usb 2-1: Manufacturer: syz
[  528.159003][   T10] usb 2-1: SerialNumber: syz
[  528.168580][   T10] usb 2-1: config 0 descriptor??
[  528.178785][   T10] smsusb:smsusb_probe: board id=2, interface number 0
[  528.186453][   T10] smsusb:smsusb_probe: Device initialized with return code -19
[  528.906981][ T5992] usb 3-1: USB disconnect, device number 95
[  528.924445][ T5992] usblp0: removed
[  528.957623][   T10] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  529.123638][T11776] binder: 11774:11776 ioctl c0306201 2000000003c0 returned -14
[  529.147358][   T10] usb 4-1: Using ep0 maxpacket: 16
[  529.161717][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  529.173719][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  529.193649][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  529.212573][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.224914][   T10] usb 4-1: Product: syz
[  529.232032][   T10] usb 4-1: Manufacturer: syz
[  529.236674][   T10] usb 4-1: SerialNumber: syz
[  529.250312][   T10] usb 4-1: config 0 descriptor??
[  529.268609][   T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  529.286482][   T10] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  529.874511][   T10] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  529.893713][   T10] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  529.906670][   T10] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  529.918404][   T10] em28xx 4-1:0.0: No AC97 audio processor
[  530.017335][  T980] usb 3-1: new full-speed USB device number 96 using dummy_hcd
[  530.157490][ T5861] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  530.169797][  T980] usb 3-1: config 3 has an invalid interface number: 61 but max is 0
[  530.178494][  T980] usb 3-1: config 3 has no interface number 0
[  530.184675][  T980] usb 3-1: config 3 interface 61 has no altsetting 0
[  530.194912][  T980] usb 3-1: string descriptor 0 read error: -22
[  530.201565][  T980] usb 3-1: New USB device found, idVendor=0499, idProduct=101a, bcdDevice=44.26
[  530.210787][  T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.231561][  T980] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  530.274187][  T980] snd-usb-audio 3-1:3.61: probe with driver snd-usb-audio failed with error -2
[  530.319603][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.330974][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  530.341255][ T5861] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  530.351614][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.362938][ T5861] usb 1-1: config 0 descriptor??
[  530.432684][   T10] usb 3-1: USB disconnect, device number 96
[  530.553735][ T5992] usb 2-1: USB disconnect, device number 104
[  530.983305][ T5861] usbhid 1-1:0.0: can't add hid device: -32
[  531.007476][ T5861] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[  531.029180][ T5992] usb 4-1: USB disconnect, device number 112
[  531.078913][ T5992] em28xx 4-1:0.0: Disconnecting em28xx
[  531.085770][ T5861] usb 1-1: USB disconnect, device number 95
[  531.095019][ T5992] em28xx 4-1:0.0: Freeing device
[  531.387848][ T5993] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  531.527331][ T5992] usb 4-1: new full-speed USB device number 113 using dummy_hcd
[  531.557783][ T5993] usb 3-1: Using ep0 maxpacket: 32
[  531.572328][ T5993] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  531.582102][ T5993] usb 3-1: config 0 has no interface number 0
[  531.592202][ T5993] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  531.603509][ T5993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.612546][ T5993] usb 3-1: Product: syz
[  531.618082][ T5993] usb 3-1: Manufacturer: syz
[  531.622739][ T5993] usb 3-1: SerialNumber: syz
[  531.632598][ T5993] usb 3-1: config 0 descriptor??
[  531.640409][ T5993] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  531.677526][ T5992] usb 4-1: device descriptor read/64, error -71
[  531.787655][ T5861] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  531.846944][ T5993] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  531.864846][ T5993] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  531.921492][ T5992] usb 4-1: new full-speed USB device number 114 using dummy_hcd
[  531.961232][ T5861] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  531.969652][ T5861] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  531.980056][ T5861] usb 1-1: config 0 has no interface number 0
[  531.986688][ T5861] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  531.997312][ T5861] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  532.013580][ T5861] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  532.022925][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.031181][ T5861] usb 1-1: Product: syz
[  532.035594][ T5861] usb 1-1: Manufacturer: syz
[  532.040464][ T5861] usb 1-1: SerialNumber: syz
[  532.048926][ T5861] usb 1-1: config 0 descriptor??
[  532.054912][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 13
[  532.067378][ T5992] usb 4-1: device descriptor read/64, error -71
[  532.177582][ T5992] usb usb4-port1: attempt power cycle
[  532.259809][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  532.277360][ T5993] usb 3-1: USB disconnect, device number 97
[  532.297051][T11808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  532.308000][ T5993] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  532.314770][T11808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  532.353720][ T5993] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  532.371479][ T5993] quatech2 3-1:0.51: device disconnected
[  532.538903][ T5992] usb 4-1: new full-speed USB device number 115 using dummy_hcd
[  532.554425][ T5861] usbtouchscreen 1-1:0.117: probe with driver usbtouchscreen failed with error -71
[  532.584904][ T5992] usb 4-1: device descriptor read/8, error -71
[  532.614353][ T5861] usb 1-1: USB disconnect, device number 96
[  532.879776][ T5992] usb 4-1: new full-speed USB device number 116 using dummy_hcd
[  532.904029][T11818] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  532.938737][ T5992] usb 4-1: device descriptor read/8, error -71
[  533.203106][ T5992] usb usb4-port1: unable to enumerate USB device
[  533.267331][T11818] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  533.457315][ T5861] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[  533.623167][ T5861] usb 2-1: device descriptor read/64, error -71
[  534.019914][ T5861] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[  534.157490][ T5861] usb 2-1: device descriptor read/64, error -71
[  534.305938][ T5861] usb usb2-port1: attempt power cycle
[  534.887307][ T5933] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  534.917356][ T5861] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[  534.978493][ T5861] usb 2-1: device descriptor read/8, error -71
[  535.114846][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  535.142302][ T5933] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  535.153437][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.173733][ T5933] usb 4-1: Product: syz
[  535.186825][ T5933] usb 4-1: Manufacturer: syz
[  535.203402][ T5933] usb 4-1: SerialNumber: syz
[  535.237960][ T5861] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  535.260232][ T5933] usb 4-1: config 0 descriptor??
[  535.338269][ T5861] usb 2-1: device descriptor read/8, error -71
[  535.456967][ T5861] usb usb2-port1: unable to enumerate USB device
[  535.895610][T11851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  535.948225][T11863] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  535.980183][T11865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1481'.
[  535.993077][T11851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.108448][T11870] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1482'.
[  536.227748][ T5992] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[  536.442448][ T5992] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  536.457205][ T5992] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  536.474911][ T5992] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  536.511672][ T5992] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  536.540961][ T5992] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  536.551058][ T5992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.787902][ T5992] ath6kl: Failed to submit usb control message: -71
[  536.815883][ T5992] ath6kl: unable to send the bmi data to the device: -71
[  536.834279][ T5992] ath6kl: Unable to send get target info: -71
[  536.876610][ T5992] ath6kl: Failed to init ath6kl core: -71
[  536.885622][ T5992] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71
[  536.931379][ T5992] usb 2-1: USB disconnect, device number 109
[  537.557030][T11896] ksmbd: Unknown IPC event: 3, ignore.
[  538.028849][ T5861] usb 4-1: USB disconnect, device number 117
[  538.169725][T11897] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.711770][T11916] syzkaller0: entered promiscuous mode
[  539.834382][T11916] syzkaller0: entered allmulticast mode
[  540.615865][T11940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1502'.
[  541.173051][T11950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1504'.
[  542.422357][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031cb0800: rx timeout, send abort
[  542.435303][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888031cb3c00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session.
[  542.930960][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031cb0800: abort rx timeout. Force session deactivation
[  543.496196][T11947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1506'.
[  543.506398][T11947] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  543.523744][T11944] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1502'.
[  543.740632][T11956] macsec1: entered allmulticast mode
[  543.747458][T11956] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  543.780321][T11956] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[  543.782730][T11963] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1510'.
[  543.908122][ T5861] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  544.099698][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  544.142859][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  544.173547][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  544.206468][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  544.222981][T11973] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1513'.
[  544.246550][ T5861] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  544.270434][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.292505][T11984] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1514'.
[  544.320927][ T5861] usb 1-1: config 0 descriptor??
[  544.364617][T11986] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  544.529615][T11992] netlink: 'syz.3.1519': attribute type 12 has an invalid length.
[  544.564929][T11992] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1519'.
[  544.754023][ T5861] plantronics 0003:047F:FFFF.0024: ignoring exceeding usage max
[  544.802385][T12002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1523'.
[  544.822655][ T5861] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  544.948340][ T5933] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  545.117663][ T5933] usb 4-1: Using ep0 maxpacket: 32
[  545.129526][ T5933] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  545.154835][ T5933] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  545.197307][ T5933] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  545.197347][ T5933] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  545.197377][ T5933] usb 4-1: config 0 interface 0 has no altsetting 0
[  545.203403][ T5933] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  545.203441][ T5933] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  545.203463][ T5933] usb 4-1: Product: syz
[  545.203480][ T5933] usb 4-1: Manufacturer: syz
[  545.203498][ T5933] usb 4-1: SerialNumber: syz
[  545.207526][ T5933] usb 4-1: config 0 descriptor??
[  545.285073][ T5933] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  545.286861][ T5933] ldusb 4-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  545.328532][   T30] audit: type=1326 audit(1756277320.444:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.330508][   T30] audit: type=1326 audit(1756277320.444:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.383365][ T5933] usb 1-1: USB disconnect, device number 97
[  545.505956][ T5861] usb 4-1: USB disconnect, device number 118
[  545.517037][ T5861] ldusb 4-1:0.0: LD USB Device #1 now disconnected
[  545.650168][   T30] audit: type=1326 audit(1756277320.764:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.677577][   T30] audit: type=1326 audit(1756277320.794:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.700952][   T30] audit: type=1326 audit(1756277320.814:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.740117][   T30] audit: type=1326 audit(1756277320.844:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.762785][   T30] audit: type=1326 audit(1756277320.844:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.788430][   T30] audit: type=1326 audit(1756277320.844:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.817697][   T30] audit: type=1326 audit(1756277320.844:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  545.846691][   T30] audit: type=1326 audit(1756277320.844:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12013 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f4d74f8ebe9 code=0x7ffc0000
[  546.218116][ T5993] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  546.377483][ T5993] usb 1-1: Using ep0 maxpacket: 16
[  546.396824][ T5993] usb 1-1: config 0 has an invalid interface number: 190 but max is 1
[  546.411705][ T5993] usb 1-1: config 0 has an invalid interface number: 2 but max is 1
[  546.436772][ T5993] usb 1-1: config 0 has 3 interfaces, different from the descriptor's value: 2
[  546.452975][ T5993] usb 1-1: config 0 has no interface number 1
[  546.459970][ T5993] usb 1-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  546.495023][ T5993] usb 1-1: config 0 interface 2 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  546.517974][ T5993] usb 1-1: config 0 interface 0 has no altsetting 0
[  546.525104][ T5993] usb 1-1: config 0 interface 2 has no altsetting 0
[  546.542230][ T5993] usb 1-1: New USB device found, idVendor=0499, idProduct=150a, bcdDevice=f6.7f
[  546.552018][ T5992] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  546.587304][ T5993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.605025][ T5993] usb 1-1: Product: syz
[  546.614325][ T5993] usb 1-1: Manufacturer: syz
[  546.623797][ T5993] usb 1-1: SerialNumber: syz
[  546.644273][ T5993] usb 1-1: config 0 descriptor??
[  546.707250][ T5992] usb 2-1: Using ep0 maxpacket: 16
[  546.784303][ T5992] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  546.801850][ T5992] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[  546.826107][ T5992] usb 2-1: config 0 has no interface number 0
[  546.854102][ T5992] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  546.868942][ T5992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.884321][ T5993] usb 1-1: selecting invalid altsetting 0
[  546.944136][ T5992] usb 2-1: Product: syz
[  546.970540][ T5992] usb 2-1: Manufacturer: syz
[  546.975820][ T5992] usb 2-1: SerialNumber: syz
[  546.998041][ T5992] usb 2-1: config 0 descriptor??
[  547.011391][ T5992] usb 2-1: Found UVC 0.00 device syz (046d:08f3)
[  547.019617][ T5993] usb 1-1: USB disconnect, device number 98
[  547.027051][ T5992] usb 2-1: No valid video chain found.
[  547.186090][ T6456] udevd[6456]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.190/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  547.230996][ T5861] usb 2-1: USB disconnect, device number 110
[  548.188706][ T5933] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  548.335204][T12056] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1538'.
[  548.367387][ T5933] usb 1-1: Using ep0 maxpacket: 8
[  548.407589][ T5933] usb 1-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d0.ab
[  548.423057][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.432073][ T5933] usb 1-1: Product: syz
[  548.436730][ T5933] usb 1-1: Manufacturer: syz
[  548.488368][ T5861] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  548.528681][ T5933] usb 1-1: SerialNumber: syz
[  548.544140][ T5933] usb 1-1: config 0 descriptor??
[  548.734102][ T5861] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x62, changing to 0x2
[  548.825605][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  548.878687][ T5861] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  548.997298][ T5861] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  549.018172][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.135537][ T5861] usb 4-1: config 0 descriptor??
[  549.164865][ T5861] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  549.353454][T12066] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  549.379931][T12060] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1540'.
[  549.737820][T12073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.760822][T12073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.261276][ T5992] usb 4-1: USB disconnect, device number 119
[  552.382808][ T5933] usb 1-1: USB disconnect, device number 99
[  552.407453][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1548'.
[  554.558392][T12130] macsec0: entered promiscuous mode
[  554.636018][T12130] macsec0: entered allmulticast mode
[  554.783736][T12130] veth1_macvtap: entered allmulticast mode
[  554.937592][ T5993] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  555.301024][ T5993] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  555.322635][ T5993] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.391796][ T5993] usb 2-1: Product: syz
[  555.416086][ T5993] usb 2-1: Manufacturer: syz
[  555.487267][ T5993] usb 2-1: SerialNumber: syz
[  555.500026][T12135] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  555.506684][T12135] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  555.515715][ T5993] usb 2-1: config 0 descriptor??
[  555.616130][T12135] vhci_hcd vhci_hcd.0: Device attached
[  555.953100][ T5861] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  556.086571][ T5993] usb 2-1: USB disconnect, device number 111
[  556.457537][T12136] vhci_hcd: connection reset by peer
[  556.479800][ T1102] vhci_hcd: stop threads
[  556.484110][ T1102] vhci_hcd: release socket
[  556.493778][ T1102] vhci_hcd: disconnect device
[  556.908323][   T92] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  557.167371][   T92] usb 4-1: Using ep0 maxpacket: 8
[  557.184593][   T92] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  557.209400][   T92] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  557.269870][   T92] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  557.304759][   T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.338186][   T92] usb 4-1: config 0 descriptor??
[  557.363690][   T92] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  557.677609][ T5933] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  557.896798][ T5933] usb 1-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  557.912445][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.927420][ T5933] usb 1-1: Product: syz
[  557.931793][ T5933] usb 1-1: Manufacturer: syz
[  557.936685][ T5933] usb 1-1: SerialNumber: syz
[  557.945066][ T5933] usb 1-1: config 0 descriptor??
[  558.165390][ T5933] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  558.271929][ T5933] asix 1-1:0.0: probe with driver asix failed with error -71
[  558.349205][ T5933] usb 1-1: USB disconnect, device number 100
[  559.631021][   T92] usb 4-1: USB disconnect, device number 120
[  559.817318][ T5933] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  559.992061][   T30] kauditd_printk_skb: 65 callbacks suppressed
[  559.992076][   T30] audit: type=1326 audit(1756277335.104:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12206 comm="syz.3.1578" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4043f8ebe9 code=0x0
[  560.020519][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.048047][ T5933] usb 3-1: Using ep0 maxpacket: 32
[  560.152402][ T5933] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  560.224250][T12212] program syz.1.1580 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  560.234028][ T5933] usb 3-1: config 0 has no interface number 0
[  560.256072][ T5933] usb 3-1: config 0 interface 184 has no altsetting 0
[  560.478357][ T5933] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  560.508488][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.516610][ T5933] usb 3-1: Product: syz
[  560.555963][ T5933] usb 3-1: Manufacturer: syz
[  560.613939][ T5933] usb 3-1: SerialNumber: syz
[  560.686033][ T5933] usb 3-1: config 0 descriptor??
[  560.733272][ T5933] smsc75xx v1.0.0
[  560.759775][ T5933] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  560.790646][T12222] netlink: 'syz.3.1582': attribute type 1 has an invalid length.
[  560.801056][ T5933] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[  560.844218][T12224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  560.866786][T12225] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1583'.
[  560.875916][T12222] 8021q: adding VLAN 0 to HW filter on device bond3
[  560.912507][T12225] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1583'.
[  561.150885][ T5861] vhci_hcd: vhci_device speed not set
[  561.297389][   T92] usb 1-1: new full-speed USB device number 101 using dummy_hcd
[  561.474991][T12237] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1587'.
[  561.488945][   T92] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  561.512659][   T92] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  561.613080][   T92] usb 1-1: config 0 has no interface number 0
[  561.620501][   T92] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  561.638107][   T92] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  561.654115][   T92] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  561.672038][   T92] usb 1-1: config 0 interface 52 has no altsetting 0
[  561.682408][   T92] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  561.698573][   T92] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  561.711698][   T92] usb 1-1: Product: syz
[  561.716384][   T92] usb 1-1: SerialNumber: syz
[  561.733823][   T92] usb 1-1: config 0 descriptor??
[  561.747326][ T5933] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  561.909002][ T5933] usb 2-1: Using ep0 maxpacket: 32
[  561.925957][ T5933] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  561.957440][   T92] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input36
[  561.986525][ T5933] usb 2-1: config 0 has no interface number 0
[  562.006472][ T5933] usb 2-1: config 0 interface 184 has no altsetting 0
[  562.075628][ T5933] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  562.086769][   T92] usb 1-1: USB disconnect, device number 101
[  562.119575][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.154781][ T5933] usb 2-1: Product: syz
[  562.180133][ T5933] usb 2-1: Manufacturer: syz
[  562.215313][ T5933] usb 2-1: SerialNumber: syz
[  562.272058][ T5933] usb 2-1: config 0 descriptor??
[  562.298316][ T5933] smsc75xx v1.0.0
[  562.307054][ T5933] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  562.363291][ T5933] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  562.564689][T12246] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  562.906557][ T5933] usb 3-1: USB disconnect, device number 98
[  563.049999][T12260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1591'.
[  563.067598][T12260] @: renamed from syz_tun
[  563.132412][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  563.142449][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  563.153460][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  563.164313][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  563.183349][T12261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  563.238323][T12263] netlink: 'syz.2.1593': attribute type 27 has an invalid length.
[  563.692533][ T5933] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  563.895535][ T5933] usb 3-1: device descriptor read/64, error -71
[  564.207469][ T5933] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  564.526073][  T980] usb 2-1: USB disconnect, device number 112
[  564.597363][ T5933] usb 3-1: device descriptor read/64, error -71
[  564.707900][ T5933] usb usb3-port1: attempt power cycle
[  565.077625][ T5933] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  565.119596][ T5933] usb 3-1: device descriptor read/8, error -71
[  565.159076][T12272] kvm: user requested TSC rate below hardware speed
[  565.357341][ T5933] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  565.398598][ T5933] usb 3-1: device descriptor read/8, error -71
[  565.514154][ T5933] usb usb3-port1: unable to enumerate USB device
[  565.844607][T12268] syz.0.1588 (12268): drop_caches: 2
[  565.850652][ T5933] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  566.027828][ T5933] usb 2-1: Using ep0 maxpacket: 32
[  566.044604][ T5933] usb 2-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d
[  566.071073][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.097492][ T5933] usb 2-1: Product: syz
[  566.107695][ T5933] usb 2-1: Manufacturer: syz
[  566.123986][ T5933] usb 2-1: SerialNumber: syz
[  566.362504][ T5933] aqc111 2-1:1.0: probe with driver aqc111 failed with error -22
[  566.374602][ T5933] usb 2-1: USB disconnect, device number 113
[  566.388385][ T5861] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  566.547445][ T5861] usb 4-1: Using ep0 maxpacket: 16
[  566.565437][ T5861] usb 4-1: New USB device found, idVendor=05ac, idProduct=027e, bcdDevice= 0.00
[  566.599704][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.635816][ T5861] usb 4-1: config 0 descriptor??
[  566.828318][T12294] __nla_validate_parse: 49 callbacks suppressed
[  566.828338][T12294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1602'.
[  566.831110][    C0] I/O error, dev loop7, sector 6144 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  566.857290][T12292] loop7: detected capacity change from 16384 to 0
[  566.986277][T12296] FAULT_INJECTION: forcing a failure.
[  566.986277][T12296] name failslab, interval 1, probability 0, space 0, times 0
[  567.016198][T12296] CPU: 1 UID: 0 PID: 12296 Comm: syz.0.1603 Not tainted syzkaller #0 PREEMPT(full) 
[  567.016229][T12296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.016242][T12296] Call Trace:
[  567.016255][T12296]  <TASK>
[  567.016266][T12296]  dump_stack_lvl+0x189/0x250
[  567.016300][T12296]  ? __pfx____ratelimit+0x10/0x10
[  567.016332][T12296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.016357][T12296]  ? __pfx__printk+0x10/0x10
[  567.016395][T12296]  ? __pfx___might_resched+0x10/0x10
[  567.016415][T12296]  ? fs_reclaim_acquire+0x7d/0x100
[  567.016461][T12296]  should_fail_ex+0x414/0x560
[  567.016495][T12296]  should_failslab+0xa8/0x100
[  567.016528][T12296]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  567.016557][T12296]  ? __kthread_create_on_node+0x1c6/0x3e0
[  567.016584][T12296]  kvasprintf+0xdc/0x190
[  567.016613][T12296]  ? __pfx_kvasprintf+0x10/0x10
[  567.016639][T12296]  ? __kasan_kmalloc+0x93/0xb0
[  567.016670][T12296]  ? __kthread_create_on_node+0xef/0x3e0
[  567.016698][T12296]  __kthread_create_on_node+0x1c6/0x3e0
[  567.016725][T12296]  ? __pfx___kthread_create_on_node+0x10/0x10
[  567.016766][T12296]  ? __pfx_napi_threaded_poll+0x10/0x10
[  567.016796][T12296]  ? __pfx_napi_threaded_poll+0x10/0x10
[  567.016825][T12296]  kthread_create_on_node+0xdd/0x130
[  567.016857][T12296]  ? __pfx_kthread_create_on_node+0x10/0x10
[  567.016882][T12296]  ? __local_bh_enable_ip+0x12d/0x1c0
[  567.016904][T12296]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  567.016926][T12296]  ? netif_napi_add_weight_locked+0x5f1/0x970
[  567.016955][T12296]  ? kmem_cache_free+0x18f/0x400
[  567.016985][T12296]  ? netif_napi_add_weight_locked+0x565/0x970
[  567.017017][T12296]  netif_napi_add_weight_locked+0x6c4/0x970
[  567.017060][T12296]  wg_peer_create+0x54e/0x8a0
[  567.017101][T12296]  wg_set_device+0x10f3/0x1fe0
[  567.017140][T12296]  ? __pfx_wg_set_device+0x10/0x10
[  567.017200][T12296]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  567.017235][T12296]  genl_family_rcv_msg_doit+0x215/0x300
[  567.017269][T12296]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  567.017310][T12296]  ? bpf_lsm_capable+0x9/0x20
[  567.017339][T12296]  ? security_capable+0x7e/0x2e0
[  567.017380][T12296]  genl_rcv_msg+0x60e/0x790
[  567.017412][T12296]  ? __pfx_genl_rcv_msg+0x10/0x10
[  567.017434][T12296]  ? __pfx_wg_set_device+0x10/0x10
[  567.017469][T12296]  ? __asan_memcpy+0x40/0x70
[  567.017493][T12296]  ? __pfx_ref_tracker_free+0x10/0x10
[  567.017533][T12296]  netlink_rcv_skb+0x205/0x470
[  567.017562][T12296]  ? __lock_acquire+0xab9/0xd20
[  567.017596][T12296]  ? __pfx_genl_rcv_msg+0x10/0x10
[  567.017623][T12296]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  567.017688][T12296]  ? down_read+0x1ad/0x2e0
[  567.017712][T12296]  genl_rcv+0x28/0x40
[  567.017733][T12296]  netlink_unicast+0x82c/0x9e0
[  567.017771][T12296]  ? __pfx_netlink_unicast+0x10/0x10
[  567.017800][T12296]  ? netlink_sendmsg+0x642/0xb30
[  567.017827][T12296]  ? skb_put+0x11b/0x210
[  567.017852][T12296]  netlink_sendmsg+0x805/0xb30
[  567.017893][T12296]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.017928][T12296]  ? aa_sock_msg_perm+0xf1/0x1d0
[  567.017950][T12296]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  567.017972][T12296]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.018004][T12296]  __sock_sendmsg+0x219/0x270
[  567.018033][T12296]  ____sys_sendmsg+0x505/0x830
[  567.018063][T12296]  ? __pfx_____sys_sendmsg+0x10/0x10
[  567.018098][T12296]  ? import_iovec+0x74/0xa0
[  567.018127][T12296]  ___sys_sendmsg+0x21f/0x2a0
[  567.018152][T12296]  ? __pfx____sys_sendmsg+0x10/0x10
[  567.018217][T12296]  ? __fget_files+0x2a/0x420
[  567.018249][T12296]  ? __fget_files+0x3a0/0x420
[  567.018291][T12296]  __x64_sys_sendmsg+0x19b/0x260
[  567.018317][T12296]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  567.018352][T12296]  ? __pfx_ksys_write+0x10/0x10
[  567.018377][T12296]  ? rcu_is_watching+0x15/0xb0
[  567.018405][T12296]  ? do_syscall_64+0xbe/0x3b0
[  567.018459][T12296]  do_syscall_64+0xfa/0x3b0
[  567.018490][T12296]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.018519][T12296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.018539][T12296]  ? clear_bhb_loop+0x60/0xb0
[  567.018566][T12296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.018587][T12296] RIP: 0033:0x7f1611b8ebe9
[  567.018607][T12296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.018626][T12296] RSP: 002b:00007f1612a38038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  567.018649][T12296] RAX: ffffffffffffffda RBX: 00007f1611db5fa0 RCX: 00007f1611b8ebe9
[  567.018665][T12296] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003
[  567.018678][T12296] RBP: 00007f1612a38090 R08: 0000000000000000 R09: 0000000000000000
[  567.018691][T12296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  567.018704][T12296] R13: 00007f1611db6038 R14: 00007f1611db5fa0 R15: 00007f1611edfa28
[  567.018741][T12296]  </TASK>
[  567.538307][ T5861] apple 0003:05AC:027E.0025: unknown main item tag 0x6
[  567.545518][ T5861] apple 0003:05AC:027E.0025: invalid report_size 24312
[  567.553730][ T5861] apple 0003:05AC:027E.0025: item 0 2 1 7 parsing failed
[  567.561854][ T5861] apple 0003:05AC:027E.0025: parse failed
[  567.566589][T12296] kthread_run failed with err -12
[  567.567904][ T5861] apple 0003:05AC:027E.0025: probe with driver apple failed with error -22
[  567.582858][T12298] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  567.792975][   T92] usb 4-1: USB disconnect, device number 121
[  567.800666][ T5993] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  568.027655][ T5861] usb 3-1: new full-speed USB device number 103 using dummy_hcd
[  568.037427][ T5993] usb 2-1: device descriptor read/64, error -71
[  568.167394][ T5992] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  568.182565][ T5861] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  568.192731][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.200954][ T5861] usb 3-1: Product: syz
[  568.205314][ T5861] usb 3-1: Manufacturer: syz
[  568.210171][ T5861] usb 3-1: SerialNumber: syz
[  568.217993][ T5861] usb 3-1: config 0 descriptor??
[  568.228215][ T5861] gspca_main: sq930x-2.14.0 probing 2770:930c
[  568.277411][ T5993] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  568.319762][ T5992] usb 1-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config
[  568.331041][ T5992] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 91, using maximum allowed: 30
[  568.346445][ T5992] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 91
[  568.361581][ T5992] usb 1-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  568.372999][ T5992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.385846][ T5992] usb 1-1: config 0 descriptor??
[  568.417555][ T5993] usb 2-1: device descriptor read/64, error -71
[  568.537822][ T5993] usb usb2-port1: attempt power cycle
[  568.673225][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  568.679725][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  568.977322][ T5993] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  568.998306][ T5993] usb 2-1: device descriptor read/8, error -71
[  569.047315][   T92] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  569.062247][ T5861] gspca_sq930x: ucbus_write failed -71
[  569.075782][ T5861] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  569.100634][ T5861] usb 3-1: USB disconnect, device number 103
[  569.197315][   T92] usb 4-1: device descriptor read/64, error -71
[  569.237391][ T5993] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  569.284743][ T5993] usb 2-1: device descriptor read/8, error -71
[  569.401632][ T5993] usb usb2-port1: unable to enumerate USB device
[  569.467816][   T92] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  569.617706][   T92] usb 4-1: device descriptor read/64, error -71
[  569.738689][   T92] usb usb4-port1: attempt power cycle
[  570.237384][   T92] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[  570.258386][   T92] usb 4-1: device descriptor read/8, error -71
[  570.507690][   T92] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[  570.747626][T12340] usb usb8: usbfs: process 12340 (syz.1.1615) did not claim interface 0 before use
[  570.905500][   T92] usb 4-1: device descriptor read/8, error -71
[  571.026359][ T5992] usb 1-1: string descriptor 0 read error: -71
[  571.033229][   T92] usb usb4-port1: unable to enumerate USB device
[  571.072028][ T5992] usb 1-1: USB disconnect, device number 102
[  571.123554][T12343] FAULT_INJECTION: forcing a failure.
[  571.123554][T12343] name failslab, interval 1, probability 0, space 0, times 0
[  571.145476][T12343] CPU: 0 UID: 0 PID: 12343 Comm: syz.0.1616 Not tainted syzkaller #0 PREEMPT(full) 
[  571.145510][T12343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  571.145524][T12343] Call Trace:
[  571.145535][T12343]  <TASK>
[  571.145546][T12343]  dump_stack_lvl+0x189/0x250
[  571.145580][T12343]  ? __pfx____ratelimit+0x10/0x10
[  571.145613][T12343]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.145640][T12343]  ? __pfx__printk+0x10/0x10
[  571.145677][T12343]  ? __pfx___might_resched+0x10/0x10
[  571.145698][T12343]  ? fs_reclaim_acquire+0x7d/0x100
[  571.145738][T12343]  should_fail_ex+0x414/0x560
[  571.145775][T12343]  should_failslab+0xa8/0x100
[  571.145808][T12343]  kmem_cache_alloc_noprof+0x73/0x3c0
[  571.145843][T12343]  ? add+0x19b/0x16e0
[  571.145869][T12343]  add+0x19b/0x16e0
[  571.145887][T12343]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  571.145921][T12343]  ? napi_enable_locked+0x762/0x8f0
[  571.145956][T12343]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  571.145990][T12343]  ? __pfx_napi_enable_locked+0x10/0x10
[  571.146038][T12343]  wg_allowedips_insert_v6+0x134/0x200
[  571.146066][T12343]  ? __pfx_wg_allowedips_insert_v6+0x10/0x10
[  571.146093][T12343]  ? __nla_parse+0x40/0x60
[  571.146131][T12343]  wg_set_device+0x1845/0x1fe0
[  571.146175][T12343]  ? __pfx_wg_set_device+0x10/0x10
[  571.146239][T12343]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  571.146277][T12343]  genl_family_rcv_msg_doit+0x215/0x300
[  571.146313][T12343]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  571.146353][T12343]  ? bpf_lsm_capable+0x9/0x20
[  571.146382][T12343]  ? security_capable+0x7e/0x2e0
[  571.146422][T12343]  genl_rcv_msg+0x60e/0x790
[  571.146456][T12343]  ? __pfx_genl_rcv_msg+0x10/0x10
[  571.146485][T12343]  ? __pfx_wg_set_device+0x10/0x10
[  571.146511][T12343]  ? __asan_memcpy+0x40/0x70
[  571.146536][T12343]  ? __pfx_ref_tracker_free+0x10/0x10
[  571.146575][T12343]  netlink_rcv_skb+0x205/0x470
[  571.146606][T12343]  ? __lock_acquire+0xab9/0xd20
[  571.146638][T12343]  ? __pfx_genl_rcv_msg+0x10/0x10
[  571.146671][T12343]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  571.146734][T12343]  ? down_read+0x1ad/0x2e0
[  571.146757][T12343]  genl_rcv+0x28/0x40
[  571.146779][T12343]  netlink_unicast+0x82c/0x9e0
[  571.146820][T12343]  ? __pfx_netlink_unicast+0x10/0x10
[  571.146852][T12343]  ? netlink_sendmsg+0x642/0xb30
[  571.146881][T12343]  ? skb_put+0x11b/0x210
[  571.146907][T12343]  netlink_sendmsg+0x805/0xb30
[  571.146951][T12343]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.146987][T12343]  ? aa_sock_msg_perm+0xf1/0x1d0
[  571.147017][T12343]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  571.147041][T12343]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.147074][T12343]  __sock_sendmsg+0x219/0x270
[  571.147107][T12343]  ____sys_sendmsg+0x505/0x830
[  571.147134][T12343]  ? __pfx_____sys_sendmsg+0x10/0x10
[  571.147165][T12343]  ? import_iovec+0x74/0xa0
[  571.147192][T12343]  ___sys_sendmsg+0x21f/0x2a0
[  571.147217][T12343]  ? __pfx____sys_sendmsg+0x10/0x10
[  571.147285][T12343]  ? __fget_files+0x2a/0x420
[  571.147316][T12343]  ? __fget_files+0x3a0/0x420
[  571.147361][T12343]  __x64_sys_sendmsg+0x19b/0x260
[  571.147388][T12343]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  571.147423][T12343]  ? __pfx_ksys_write+0x10/0x10
[  571.147449][T12343]  ? rcu_is_watching+0x15/0xb0
[  571.147477][T12343]  ? do_syscall_64+0xbe/0x3b0
[  571.147515][T12343]  do_syscall_64+0xfa/0x3b0
[  571.147545][T12343]  ? lockdep_hardirqs_on+0x9c/0x150
[  571.147575][T12343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.147597][T12343]  ? clear_bhb_loop+0x60/0xb0
[  571.147624][T12343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.147646][T12343] RIP: 0033:0x7f1611b8ebe9
[  571.147667][T12343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.147686][T12343] RSP: 002b:00007f1612a38038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  571.147717][T12343] RAX: ffffffffffffffda RBX: 00007f1611db5fa0 RCX: 00007f1611b8ebe9
[  571.147733][T12343] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003
[  571.147747][T12343] RBP: 00007f1612a38090 R08: 0000000000000000 R09: 0000000000000000
[  571.147760][T12343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  571.147772][T12343] R13: 00007f1611db6038 R14: 00007f1611db5fa0 R15: 00007f1611edfa28
[  571.147807][T12343]  </TASK>
[  572.417512][  T980] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  572.447437][ T5861] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[  572.596554][   T30] audit: type=1326 audit(1756277347.704:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12360 comm="syz.4.1622" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb500b8ebe9 code=0x0
[  572.622728][  T980] usb 4-1: Using ep0 maxpacket: 8
[  572.651528][T12367] block nbd0: Attempted send on invalid socket
[  572.658474][T12367] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  572.670381][ T5861] usb 1-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  572.690036][ T5861] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  572.731591][  T980] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  572.750021][  T980] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  572.760442][  T980] usb 4-1: Product: syz
[  572.766400][ T5861] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  572.777519][  T980] usb 4-1: Manufacturer: syz
[  572.782334][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.794268][  T980] usb 4-1: SerialNumber: syz
[  572.801289][ T5861] usb 1-1: Product: syz
[  572.809351][ T5861] usb 1-1: Manufacturer: syz
[  572.815817][ T5861] usb 1-1: SerialNumber: syz
[  572.822268][  T980] usb 4-1: config 0 descriptor??
[  572.835964][  T980] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  573.056950][  T980] gspca_zc3xx: reg_w_i err -71
[  573.077659][  T980] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  573.128007][T12351] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  573.143175][  T980] usb 4-1: USB disconnect, device number 126
[  573.773561][T12351] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  574.020373][ T5861] cdc_ncm 1-1:1.0: bind() failure
[  574.069712][ T5861] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  574.099130][ T5861] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  574.150988][ T5861] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  574.237607][ T5861] usb 1-1: USB disconnect, device number 103
[  574.458575][   T30] audit: type=1326 audit(1756277349.574:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  574.570034][   T30] audit: type=1326 audit(1756277349.604:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  574.711736][T12387] FAULT_INJECTION: forcing a failure.
[  574.711736][T12387] name failslab, interval 1, probability 0, space 0, times 0
[  574.717428][   T30] audit: type=1326 audit(1756277349.604:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  574.764957][T12387] CPU: 0 UID: 0 PID: 12387 Comm: syz.1.1627 Not tainted syzkaller #0 PREEMPT(full) 
[  574.764982][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  574.764993][T12387] Call Trace:
[  574.765001][T12387]  <TASK>
[  574.765009][T12387]  dump_stack_lvl+0x189/0x250
[  574.765037][T12387]  ? __pfx____ratelimit+0x10/0x10
[  574.765061][T12387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.765080][T12387]  ? __pfx__printk+0x10/0x10
[  574.765104][T12387]  ? __pfx___might_resched+0x10/0x10
[  574.765119][T12387]  ? fs_reclaim_acquire+0x7d/0x100
[  574.765156][T12387]  should_fail_ex+0x414/0x560
[  574.765183][T12387]  should_failslab+0xa8/0x100
[  574.765208][T12387]  kmem_cache_alloc_noprof+0x73/0x3c0
[  574.765228][T12387]  ? wg_peer_create+0xe8/0x8a0
[  574.765252][T12387]  wg_peer_create+0xe8/0x8a0
[  574.765279][T12387]  wg_set_device+0x10f3/0x1fe0
[  574.765310][T12387]  ? __pfx_wg_set_device+0x10/0x10
[  574.765354][T12387]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  574.765381][T12387]  genl_family_rcv_msg_doit+0x215/0x300
[  574.765404][T12387]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  574.765433][T12387]  ? bpf_lsm_capable+0x9/0x20
[  574.765454][T12387]  ? security_capable+0x7e/0x2e0
[  574.765482][T12387]  genl_rcv_msg+0x60e/0x790
[  574.765505][T12387]  ? __pfx_genl_rcv_msg+0x10/0x10
[  574.765521][T12387]  ? __pfx_wg_set_device+0x10/0x10
[  574.765540][T12387]  ? __asan_memcpy+0x40/0x70
[  574.765556][T12387]  ? __pfx_ref_tracker_free+0x10/0x10
[  574.765583][T12387]  netlink_rcv_skb+0x205/0x470
[  574.765605][T12387]  ? __lock_acquire+0xab9/0xd20
[  574.765628][T12387]  ? __pfx_genl_rcv_msg+0x10/0x10
[  574.765646][T12387]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  574.765682][T12387]  ? down_read+0x1ad/0x2e0
[  574.765700][T12387]  genl_rcv+0x28/0x40
[  574.765715][T12387]  netlink_unicast+0x82c/0x9e0
[  574.765742][T12387]  ? __pfx_netlink_unicast+0x10/0x10
[  574.765768][T12387]  ? netlink_sendmsg+0x642/0xb30
[  574.765790][T12387]  ? skb_put+0x11b/0x210
[  574.765808][T12387]  netlink_sendmsg+0x805/0xb30
[  574.765839][T12387]  ? __pfx_netlink_sendmsg+0x10/0x10
[  574.765865][T12387]  ? aa_sock_msg_perm+0xf1/0x1d0
[  574.765881][T12387]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  574.765897][T12387]  ? __pfx_netlink_sendmsg+0x10/0x10
[  574.765926][T12387]  __sock_sendmsg+0x219/0x270
[  574.765951][T12387]  ____sys_sendmsg+0x505/0x830
[  574.765972][T12387]  ? __pfx_____sys_sendmsg+0x10/0x10
[  574.765996][T12387]  ? import_iovec+0x74/0xa0
[  574.766019][T12387]  ___sys_sendmsg+0x21f/0x2a0
[  574.766037][T12387]  ? __pfx____sys_sendmsg+0x10/0x10
[  574.766083][T12387]  ? __fget_files+0x2a/0x420
[  574.766106][T12387]  ? __fget_files+0x3a0/0x420
[  574.766138][T12387]  __x64_sys_sendmsg+0x19b/0x260
[  574.766157][T12387]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  574.766181][T12387]  ? __pfx_ksys_write+0x10/0x10
[  574.766203][T12387]  ? rcu_is_watching+0x15/0xb0
[  574.766223][T12387]  ? do_syscall_64+0xbe/0x3b0
[  574.766250][T12387]  do_syscall_64+0xfa/0x3b0
[  574.766271][T12387]  ? lockdep_hardirqs_on+0x9c/0x150
[  574.766292][T12387]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.766307][T12387]  ? clear_bhb_loop+0x60/0xb0
[  574.766327][T12387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.766342][T12387] RIP: 0033:0x7f55ed18ebe9
[  574.766356][T12387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.766370][T12387] RSP: 002b:00007f55edf1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  574.766388][T12387] RAX: ffffffffffffffda RBX: 00007f55ed3b5fa0 RCX: 00007f55ed18ebe9
[  574.766399][T12387] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003
[  574.766409][T12387] RBP: 00007f55edf1c090 R08: 0000000000000000 R09: 0000000000000000
[  574.766420][T12387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  574.766429][T12387] R13: 00007f55ed3b6038 R14: 00007f55ed3b5fa0 R15: 00007f55ed4dfa28
[  574.766453][T12387]  </TASK>
[  575.155325][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.162881][   T30] audit: type=1326 audit(1756277349.604:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.186648][   T30] audit: type=1326 audit(1756277349.614:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.280632][   T30] audit: type=1326 audit(1756277349.614:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.303280][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.321228][   T30] audit: type=1326 audit(1756277349.614:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.344267][   T30] audit: type=1326 audit(1756277349.624:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.366845][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.373487][   T30] audit: type=1326 audit(1756277349.624:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.4.1625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  575.797556][ T5861] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  575.958283][ T5861] usb 3-1: Using ep0 maxpacket: 32
[  575.965913][ T5861] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  575.976205][T12406] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  575.987236][ T5861] usb 3-1: config 0 has no interface number 0
[  575.993391][ T5861] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  576.015211][T12406] PKCS7: Only support pkcs7_signedData type
[  576.031832][ T5861] usb 3-1: config 0 interface 1 has no altsetting 0
[  576.049600][ T5861] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  576.069846][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.107880][ T5861] usb 3-1: Product: syz
[  576.127463][ T5861] usb 3-1: Manufacturer: syz
[  576.132131][ T5861] usb 3-1: SerialNumber: syz
[  576.168019][ T5861] usb 3-1: config 0 descriptor??
[  576.396902][T12391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.418044][T12391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.164629][T12425] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  577.205284][T12427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1637'.
[  577.237633][ T5993] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  577.397370][ T5993] usb 4-1: Using ep0 maxpacket: 32
[  577.413006][ T5993] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  577.430854][ T5993] usb 4-1: config 0 has no interface number 0
[  577.446942][ T5993] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  577.458693][ T5993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.466880][ T5993] usb 4-1: Product: syz
[  577.479543][ T5993] usb 4-1: Manufacturer: syz
[  577.484367][ T5993] usb 4-1: SerialNumber: syz
[  577.496762][ T5993] usb 4-1: config 0 descriptor??
[  577.518897][ T5993] smsc95xx v2.0.0
[  577.622405][ T5861] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  577.634819][ T5861] cx231xx 3-1:0.1: Not found matching IAD interface
[  577.663490][ T5861] usb 3-1: USB disconnect, device number 104
[  577.677588][   T92] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  577.850594][   T92] usb 2-1: no configurations
[  577.855541][   T92] usb 2-1: can't read configurations, error -22
[  578.007479][   T92] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  578.067421][ T5861] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  578.158374][   T92] usb 2-1: no configurations
[  578.163234][   T92] usb 2-1: can't read configurations, error -22
[  578.171529][   T92] usb usb2-port1: attempt power cycle
[  578.177451][ T5992] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[  578.220201][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  578.232135][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  578.243393][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  578.253565][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  578.267063][ T5861] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  578.276540][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.288007][ T5861] usb 3-1: config 0 descriptor??
[  578.350595][ T5992] usb 1-1: Using ep0 maxpacket: 16
[  578.368318][ T5992] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  578.379628][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  578.391201][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  578.402315][ T5992] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  578.412183][ T5992] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  578.435121][ T5992] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  578.446429][ T5992] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  578.459053][ T5992] usb 1-1: Manufacturer: syz
[  578.466880][ T5992] usb 1-1: config 0 descriptor??
[  578.527345][   T92] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  578.542449][ T5993] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  578.561118][ T5993] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  578.571327][   T92] usb 2-1: no configurations
[  578.576050][   T92] usb 2-1: can't read configurations, error -22
[  578.583307][ T5993] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  578.596111][ T5993] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  578.614223][ T5993] usb 4-1: USB disconnect, device number 127
[  578.702792][ T5861] plantronics 0003:047F:FFFF.0026: ignoring exceeding usage max
[  578.717660][ T5861] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  578.718085][   T92] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  578.725499][ T5861] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  578.741093][ T5861] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  578.749587][ T5861] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  578.759869][ T5861] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0
[  578.780173][   T92] usb 2-1: no configurations
[  578.785076][   T92] usb 2-1: can't read configurations, error -22
[  578.797285][ T5992] rc_core: IR keymap rc-hauppauge not found
[  578.798455][ T5861] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  578.803316][ T5992] Registered IR keymap rc-empty
[  578.822235][   T92] usb usb2-port1: unable to enumerate USB device
[  578.830570][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  578.859389][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  578.891932][ T5992] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  578.914416][ T5992] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input37
[  578.951429][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.023446][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.044444][T12439] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1643'.
[  579.058918][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.077526][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.094386][   T44] usb 3-1: USB disconnect, device number 105
[  579.108167][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.149473][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.198019][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.229592][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.237487][T12452] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1647'.
[  579.267587][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.312044][ T5992] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  579.346946][ T5992] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  579.360015][ T5992] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  579.398583][ T5992] usb 1-1: USB disconnect, device number 104
[  580.027403][ T5992] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  580.157477][   T92] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[  580.257212][ T5992] usb 3-1: Using ep0 maxpacket: 8
[  580.267973][ T5992] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  580.277877][ T5992] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  580.291407][ T5992] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  580.305558][ T5992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  580.322913][ T5992] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  580.333834][ T5992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.342918][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  580.354420][   T92] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  580.364818][   T92] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  580.374782][ T5992] usb 3-1: Product: syz
[  580.382175][ T5992] usb 3-1: Manufacturer: syz
[  580.395366][   T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.406281][ T5992] usb 3-1: SerialNumber: syz
[  580.430013][ T5992] usb 3-1: config 0 descriptor??
[  580.444802][   T92] usb 1-1: config 0 descriptor??
[  580.469892][ T5992] hub 3-1:0.0: bad descriptor, ignoring hub
[  580.485334][ T5992] hub 3-1:0.0: probe with driver hub failed with error -5
[  580.660684][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  580.660702][   T30] audit: type=1326 audit(1756277355.774:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  580.801283][   T30] audit: type=1326 audit(1756277355.774:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  580.807651][   T44] usb 3-1: USB disconnect, device number 106
[  580.900197][   T92] usbhid 1-1:0.0: can't add hid device: -32
[  580.906637][   T92] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[  580.951916][   T30] audit: type=1326 audit(1756277355.774:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  580.996003][   T30] audit: type=1326 audit(1756277355.774:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.031746][   T30] audit: type=1326 audit(1756277355.774:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.060172][   T30] audit: type=1326 audit(1756277355.774:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.156703][   T30] audit: type=1326 audit(1756277355.774:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.187589][   T30] audit: type=1326 audit(1756277355.774:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.217237][   T30] audit: type=1326 audit(1756277355.774:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.277771][   T30] audit: type=1326 audit(1756277355.774:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12471 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ed18ebe9 code=0x7ffc0000
[  581.619490][T12494] program syz.2.1657 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  582.895368][   T44] usb 1-1: USB disconnect, device number 105
[  583.397318][  T980] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  583.644303][  T980] usb 4-1: Using ep0 maxpacket: 16
[  583.741823][  T980] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  583.758567][  T980] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  583.773198][  T980] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  583.793480][  T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.814392][  T980] usb 4-1: Product: syz
[  583.822667][  T980] usb 4-1: Manufacturer: syz
[  583.832127][  T980] usb 4-1: SerialNumber: syz
[  583.858240][  T980] usb 4-1: config 0 descriptor??
[  584.055206][T12525] FAULT_INJECTION: forcing a failure.
[  584.055206][T12525] name failslab, interval 1, probability 0, space 0, times 0
[  584.087838][T12522] random: crng reseeded on system resumption
[  584.124594][T12525] CPU: 0 UID: 0 PID: 12525 Comm: syz.1.1666 Not tainted syzkaller #0 PREEMPT(full) 
[  584.124627][T12525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  584.124640][T12525] Call Trace:
[  584.124650][T12525]  <TASK>
[  584.124659][T12525]  dump_stack_lvl+0x189/0x250
[  584.124692][T12525]  ? __pfx____ratelimit+0x10/0x10
[  584.124723][T12525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.124748][T12525]  ? __pfx__printk+0x10/0x10
[  584.124785][T12525]  ? __pfx___might_resched+0x10/0x10
[  584.124804][T12525]  ? fs_reclaim_acquire+0x7d/0x100
[  584.124841][T12525]  should_fail_ex+0x414/0x560
[  584.124876][T12525]  should_failslab+0xa8/0x100
[  584.124910][T12525]  kmem_cache_alloc_noprof+0x73/0x3c0
[  584.124935][T12525]  ? add+0x19b/0x16e0
[  584.124962][T12525]  add+0x19b/0x16e0
[  584.124998][T12525]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  584.125030][T12525]  ? napi_enable_locked+0x762/0x8f0
[  584.125066][T12525]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  584.125098][T12525]  ? __pfx_napi_enable_locked+0x10/0x10
[  584.125133][T12525]  wg_allowedips_insert_v6+0x134/0x200
[  584.125159][T12525]  ? __pfx_wg_allowedips_insert_v6+0x10/0x10
[  584.125186][T12525]  ? __nla_parse+0x40/0x60
[  584.125223][T12525]  wg_set_device+0x1845/0x1fe0
[  584.125265][T12525]  ? __pfx_wg_set_device+0x10/0x10
[  584.125328][T12525]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  584.125376][T12525]  genl_family_rcv_msg_doit+0x215/0x300
[  584.125410][T12525]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  584.125449][T12525]  ? bpf_lsm_capable+0x9/0x20
[  584.125476][T12525]  ? security_capable+0x7e/0x2e0
[  584.125515][T12525]  genl_rcv_msg+0x60e/0x790
[  584.125548][T12525]  ? __pfx_genl_rcv_msg+0x10/0x10
[  584.125569][T12525]  ? __pfx_wg_set_device+0x10/0x10
[  584.125594][T12525]  ? __asan_memcpy+0x40/0x70
[  584.125621][T12525]  ? __pfx_ref_tracker_free+0x10/0x10
[  584.125659][T12525]  netlink_rcv_skb+0x205/0x470
[  584.125687][T12525]  ? __lock_acquire+0xab9/0xd20
[  584.125718][T12525]  ? __pfx_genl_rcv_msg+0x10/0x10
[  584.125742][T12525]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  584.125792][T12525]  ? down_read+0x1ad/0x2e0
[  584.125817][T12525]  genl_rcv+0x28/0x40
[  584.125839][T12525]  netlink_unicast+0x82c/0x9e0
[  584.125881][T12525]  ? __pfx_netlink_unicast+0x10/0x10
[  584.125913][T12525]  ? netlink_sendmsg+0x642/0xb30
[  584.125941][T12525]  ? skb_put+0x11b/0x210
[  584.125968][T12525]  netlink_sendmsg+0x805/0xb30
[  584.126010][T12525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.126043][T12525]  ? aa_sock_msg_perm+0xf1/0x1d0
[  584.126065][T12525]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  584.126087][T12525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.126117][T12525]  __sock_sendmsg+0x219/0x270
[  584.126145][T12525]  ____sys_sendmsg+0x505/0x830
[  584.126173][T12525]  ? __pfx_____sys_sendmsg+0x10/0x10
[  584.126204][T12525]  ? import_iovec+0x74/0xa0
[  584.126233][T12525]  ___sys_sendmsg+0x21f/0x2a0
[  584.126260][T12525]  ? __pfx____sys_sendmsg+0x10/0x10
[  584.126321][T12525]  ? __fget_files+0x2a/0x420
[  584.126360][T12525]  ? __fget_files+0x3a0/0x420
[  584.126400][T12525]  __x64_sys_sendmsg+0x19b/0x260
[  584.126426][T12525]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  584.126460][T12525]  ? __pfx_ksys_write+0x10/0x10
[  584.126486][T12525]  ? rcu_is_watching+0x15/0xb0
[  584.126514][T12525]  ? do_syscall_64+0xbe/0x3b0
[  584.126552][T12525]  do_syscall_64+0xfa/0x3b0
[  584.126582][T12525]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.126611][T12525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.126632][T12525]  ? clear_bhb_loop+0x60/0xb0
[  584.126659][T12525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.126680][T12525] RIP: 0033:0x7f55ed18ebe9
[  584.126700][T12525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.126720][T12525] RSP: 002b:00007f55edf1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  584.126745][T12525] RAX: ffffffffffffffda RBX: 00007f55ed3b5fa0 RCX: 00007f55ed18ebe9
[  584.126761][T12525] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003
[  584.126776][T12525] RBP: 00007f55edf1c090 R08: 0000000000000000 R09: 0000000000000000
[  584.126789][T12525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  584.126801][T12525] R13: 00007f55ed3b6038 R14: 00007f55ed3b5fa0 R15: 00007f55ed4dfa28
[  584.126836][T12525]  </TASK>
[  584.987448][   T92] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  585.122124][ T5992] usb 4-1: USB disconnect, device number 2
[  585.147562][   T92] usb 3-1: device descriptor read/64, error -71
[  585.397802][   T92] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  585.412333][T12538] IPVS: set_ctl: invalid protocol: 29 127.0.0.1:20001
[  585.527985][   T92] usb 3-1: device descriptor read/64, error -71
[  585.637730][   T92] usb usb3-port1: attempt power cycle
[  585.742378][T12541] netlink: 'syz.1.1671': attribute type 3 has an invalid length.
[  586.095260][   T92] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  586.118204][   T92] usb 3-1: device descriptor read/8, error -71
[  586.367274][   T92] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[  586.398103][   T92] usb 3-1: device descriptor read/8, error -71
[  586.517803][   T92] usb usb3-port1: unable to enumerate USB device
[  586.622666][T12553] FAULT_INJECTION: forcing a failure.
[  586.622666][T12553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  586.636768][T12553] CPU: 1 UID: 0 PID: 12553 Comm: syz.1.1675 Not tainted syzkaller #0 PREEMPT(full) 
[  586.636792][T12553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  586.636804][T12553] Call Trace:
[  586.636814][T12553]  <TASK>
[  586.636822][T12553]  dump_stack_lvl+0x189/0x250
[  586.636848][T12553]  ? __pfx____ratelimit+0x10/0x10
[  586.636872][T12553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  586.636890][T12553]  ? __pfx__printk+0x10/0x10
[  586.636920][T12553]  should_fail_ex+0x414/0x560
[  586.636956][T12553]  _copy_to_user+0x31/0xb0
[  586.636976][T12553]  simple_read_from_buffer+0xe1/0x170
[  586.637004][T12553]  proc_fail_nth_read+0x1b3/0x220
[  586.637024][T12553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  586.637044][T12553]  ? rw_verify_area+0x2a6/0x4d0
[  586.637063][T12553]  ? __lock_acquire+0xab9/0xd20
[  586.637086][T12553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  586.637114][T12553]  vfs_read+0x1fd/0xa30
[  586.637140][T12553]  ? fdget_pos+0x247/0x320
[  586.637163][T12553]  ? __pfx___mutex_lock+0x10/0x10
[  586.637193][T12553]  ? __pfx_vfs_read+0x10/0x10
[  586.637219][T12553]  ? __fget_files+0x2a/0x420
[  586.637254][T12553]  ? __fget_files+0x3a0/0x420
[  586.637283][T12553]  ? __fget_files+0x2a/0x420
[  586.637324][T12553]  ksys_read+0x145/0x250
[  586.637354][T12553]  ? __pfx_ksys_read+0x10/0x10
[  586.637382][T12553]  ? __secure_computing+0xe2/0x2a0
[  586.637412][T12553]  do_syscall_64+0xfa/0x3b0
[  586.637441][T12553]  ? lockdep_hardirqs_on+0x9c/0x150
[  586.637467][T12553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.637486][T12553]  ? clear_bhb_loop+0x60/0xb0
[  586.637513][T12553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.637534][T12553] RIP: 0033:0x7f55ed18d5fc
[  586.637553][T12553] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  586.637572][T12553] RSP: 002b:00007f55edf1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  586.637596][T12553] RAX: ffffffffffffffda RBX: 00007f55ed3b5fa0 RCX: 00007f55ed18d5fc
[  586.637611][T12553] RDX: 000000000000000f RSI: 00007f55edf1c0a0 RDI: 0000000000000008
[  586.637623][T12553] RBP: 00007f55edf1c090 R08: 0000000000000000 R09: 0000000000000000
[  586.637636][T12553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  586.637648][T12553] R13: 00007f55ed3b6038 R14: 00007f55ed3b5fa0 R15: 00007f55ed4dfa28
[  586.637681][T12553]  </TASK>
[  587.328162][T12561] netlink: 'syz.2.1677': attribute type 2 has an invalid length.
[  587.370271][T12557] netlink: 'syz.1.1676': attribute type 4 has an invalid length.
[  587.408564][T12557] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1676'.
[  587.617771][  T980] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[  587.687458][   T92] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  587.797250][  T980] usb 1-1: Using ep0 maxpacket: 16
[  587.816097][  T980] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  587.825659][  T980] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  587.856956][  T980] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  587.867686][   T92] usb 2-1: Using ep0 maxpacket: 8
[  587.879552][  T980] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  587.881811][   T92] usb 2-1: config 0 has an invalid descriptor of length 250, skipping remainder of the config
[  587.897012][  T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.908500][  T980] usb 1-1: Product: syz
[  587.917424][   T92] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  587.923927][  T980] usb 1-1: Manufacturer: syz
[  587.947456][  T980] usb 1-1: SerialNumber: syz
[  587.948976][   T92] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  587.964918][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  587.978873][   T92] usb 2-1: SerialNumber: syz
[  588.005124][   T92] usb 2-1: config 0 descriptor??
[  588.039958][   T92] hso 2-1:0.0: Can't find BULK IN endpoint
[  588.082044][T12574] xt_time: invalid argument - start or stop time greater than 23:59:59
[  588.105537][T12574] netlink: 'syz.3.1681': attribute type 10 has an invalid length.
[  588.125435][T12574] team0: Failed to send options change via netlink (err -105)
[  588.136698][T12574] team0: Port device netdevsim0 added
[  588.241526][   T92] usb 2-1: USB disconnect, device number 122
[  588.375987][  T980] usb 1-1: 0:2 : does not exist
[  589.081973][  T980] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  589.244658][  T980] usb 1-1: USB disconnect, device number 106
[  589.336216][ T6456] udevd[6456]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  589.832293][T12612] program syz.0.1691 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  589.868985][T12612] batadv0: entered promiscuous mode
[  589.874787][T12612] vlan5: entered promiscuous mode
[  590.134544][T12617] binder: 12616:12617 unknown command 0
[  590.168533][  T980] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[  590.197461][T12617] binder: 12616:12617 ioctl c0306201 200000000080 returned -22
[  590.259916][T12619] binder: BINDER_SET_CONTEXT_MGR already set
[  590.300721][T12619] binder: 12616:12619 ioctl 4018620d 2000000000c0 returned -16
[  590.358351][  T980] usb 1-1: Using ep0 maxpacket: 8
[  590.378209][  T980] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  590.414088][  T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.452418][  T980] usb 1-1: Product: syz
[  590.470087][  T980] usb 1-1: Manufacturer: syz
[  590.489654][  T980] usb 1-1: SerialNumber: syz
[  590.514674][  T980] usb 1-1: config 0 descriptor??
[  590.673240][T12620] netlink: 'syz.3.1692': attribute type 3 has an invalid length.
[  590.747482][  T980] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  590.773647][  T980] dvb_usb_af9015 1-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  590.792944][  T980] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  590.799891][ T5861] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  590.815531][  T980] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  590.833751][  T980] usb 1-1: USB disconnect, device number 107
[  590.970041][ T5861] usb 2-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.00
[  590.984071][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.014089][ T5861] usb 2-1: config 0 descriptor??
[  591.528236][ T5861] gembird 0003:11FF:3331.0027: unknown main item tag 0x0
[  591.563345][ T5861] gembird 0003:11FF:3331.0027: item fetching failed at offset 3/5
[  591.603970][ T5861] gembird 0003:11FF:3331.0027: probe with driver gembird failed with error -22
[  591.812100][ T5861] usb 2-1: USB disconnect, device number 123
[  591.850089][T12641] Context (ID=0x0) not attached to queue pair (handle=0x2:0x0)
[  593.761847][T12664] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  594.187934][T12676] ptm ptm2: ldisc open failed (-12), clearing slot 2
[  594.915274][T12690] usb usb8: usbfs: process 12690 (syz.1.1711) did not claim interface 0 before use
[  595.001476][ T5861] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[  595.239097][ T5861] usb 1-1: Using ep0 maxpacket: 16
[  595.274055][ T5861] usb 1-1: config 0 has no interfaces?
[  595.306683][ T5861] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  595.348902][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.380560][ T5861] usb 1-1: config 0 descriptor??
[  595.488086][ T5992] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  595.676950][ T5992] usb 4-1: device descriptor read/64, error -71
[  595.691741][T12687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.729462][   T30] kauditd_printk_skb: 106 callbacks suppressed
[  595.729490][   T30] audit: type=1326 audit(1756277370.844:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  595.753248][T12687] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.806942][   T30] audit: type=1326 audit(1756277370.874:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  595.835361][T12687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.846055][T12687] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.877828][   T30] audit: type=1326 audit(1756277370.874:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  595.903245][   T30] audit: type=1326 audit(1756277370.874:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  595.929947][   T10] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  595.959260][T12704] usb usb8: usbfs: process 12704 (syz.1.1715) did not claim interface 0 before use
[  596.007355][ T5992] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  596.043398][   T30] audit: type=1326 audit(1756277370.874:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.097764][   T10] usb 3-1: device descriptor read/64, error -71
[  596.133300][ T5861] usb 1-1: string descriptor 0 read error: -71
[  596.136343][   T30] audit: type=1326 audit(1756277370.874:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.167484][ T5992] usb 4-1: device descriptor read/64, error -71
[  596.195417][   T30] audit: type=1326 audit(1756277370.994:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.212588][ T5861] usb 1-1: USB disconnect, device number 108
[  596.235907][   T30] audit: type=1326 audit(1756277370.994:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.287648][ T5992] usb usb4-port1: attempt power cycle
[  596.316033][   T30] audit: type=1326 audit(1756277371.054:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.357420][   T10] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  596.386564][   T30] audit: type=1326 audit(1756277371.054:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12698 comm="syz.4.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  596.509211][   T10] usb 3-1: device descriptor read/64, error -71
[  596.632087][   T10] usb usb3-port1: attempt power cycle
[  596.638652][ T5992] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  596.668198][ T5992] usb 4-1: device descriptor read/8, error -71
[  596.853313][T12707] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  596.938223][ T5992] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  596.971099][ T5992] usb 4-1: device descriptor read/8, error -71
[  597.017930][   T10] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  597.059449][   T10] usb 3-1: device descriptor read/8, error -71
[  597.100151][ T5992] usb usb4-port1: unable to enumerate USB device
[  597.447522][   T10] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  597.479269][   T10] usb 3-1: device descriptor read/8, error -71
[  597.534145][T12722] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.1717'.
[  597.560717][T12722] : entered promiscuous mode
[  597.634579][   T10] usb usb3-port1: unable to enumerate USB device
[  597.802676][T12726] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  598.467386][   T10] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[  598.587353][  T980] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  598.631485][   T10] usb 1-1: Using ep0 maxpacket: 16
[  598.694331][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  598.707443][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.725894][   T10] usb 1-1: Product: syz
[  598.747585][   T10] usb 1-1: Manufacturer: syz
[  598.759876][  T980] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  598.776945][   T10] usb 1-1: SerialNumber: syz
[  598.777176][  T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.821365][   T10] r8152-cfgselector 1-1: Unknown version 0x0000
[  598.832833][   T10] r8152-cfgselector 1-1: config 0 descriptor??
[  598.840833][  T980] usb 4-1: config 0 descriptor??
[  598.881408][  T980] cp210x 4-1:0.0: cp210x converter detected
[  599.080255][  T980] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  599.080421][   T10] r8152-cfgselector 1-1: Unknown version 0x0000
[  599.100041][   T10] r8152-cfgselector 1-1: bad CDC descriptors
[  599.319731][  T980] usb 4-1: cp210x converter now attached to ttyUSB0
[  599.338731][ T5861] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  599.388887][   T92] r8152-cfgselector 1-1: USB disconnect, device number 109
[  599.477285][ T5861] usb 2-1: device descriptor read/64, error -71
[  599.518033][T12756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.541206][T12756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.567536][   T10] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  599.727462][   T10] usb 3-1: Using ep0 maxpacket: 32
[  599.727484][ T5861] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  599.750247][   T10] usb 3-1: config 0 has an invalid interface number: 42 but max is 0
[  599.816050][   T10] usb 3-1: config 0 has no interface number 0
[  599.829732][   T10] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  599.841559][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.851073][   T10] usb 3-1: Product: syz
[  599.855530][   T10] usb 3-1: Manufacturer: syz
[  599.864455][   T10] usb 3-1: SerialNumber: syz
[  599.874367][   T10] usb 3-1: config 0 descriptor??
[  599.887306][ T5861] usb 2-1: device descriptor read/64, error -71
[  599.999463][ T5861] usb usb2-port1: attempt power cycle
[  600.034068][T12758] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1729'.
[  600.095070][   T10] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40)
[  600.106575][   T10] usb 3-1: Forcing UVC version to 1.0a
[  600.144338][   T10] usb 3-1: No valid video chain found.
[  600.168438][   T10] usb 3-1: USB disconnect, device number 115
[  600.347672][ T5861] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  600.378658][ T5861] usb 2-1: device descriptor read/8, error -71
[  600.527524][  T980] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[  600.617450][ T5861] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  600.638136][ T5861] usb 2-1: device descriptor read/8, error -71
[  600.677360][  T980] usb 1-1: Using ep0 maxpacket: 32
[  600.688595][  T980] usb 1-1: unable to get BOS descriptor or descriptor too short
[  600.700389][  T980] usb 1-1: unable to read config index 0 descriptor/start: -71
[  600.708437][  T980] usb 1-1: can't read configurations, error -71
[  600.747834][ T5861] usb usb2-port1: unable to enumerate USB device
[  600.849915][T12769] netlink: 14212 bytes leftover after parsing attributes in process `syz.2.1733'.
[  601.192090][ T5861] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  601.335717][ T5933] usb 4-1: USB disconnect, device number 7
[  601.352482][ T5861] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  601.374256][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.383687][ T5933] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  601.400007][ T5933] cp210x 4-1:0.0: device disconnected
[  601.415803][ T5861] usb 3-1: config 0 descriptor??
[  601.495196][T12782] fuse: Bad value for 'fd'
[  601.977365][   T10] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[  602.119521][   T10] usb 1-1: device descriptor read/64, error -71
[  602.377522][   T10] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[  602.502924][ T5861] usb 3-1: Cannot set autoneg
[  602.508141][ T5861] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[  602.527405][   T10] usb 1-1: device descriptor read/64, error -71
[  602.645961][T12794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1740'.
[  602.655974][   T10] usb usb1-port1: attempt power cycle
[  602.706027][T12794] bridge_slave_1: left allmulticast mode
[  602.754264][T12794] bridge_slave_1: left promiscuous mode
[  602.762836][T12794] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.876416][T12794] bridge_slave_0: left allmulticast mode
[  602.882635][T12794] bridge_slave_0: left promiscuous mode
[  602.889748][T12794] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.027241][   T10] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[  603.059940][   T10] usb 1-1: device descriptor read/8, error -71
[  603.418117][   T10] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[  603.478278][   T10] usb 1-1: device descriptor read/8, error -71
[  603.554982][T12807] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1743'.
[  603.588073][   T10] usb usb1-port1: unable to enumerate USB device
[  604.787456][ T5861] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  604.963184][  T980] usb 3-1: USB disconnect, device number 116
[  605.006131][ T5861] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  605.053463][ T5861] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  605.102053][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[  605.170372][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[  605.205545][T12836] team_slave_0: entered promiscuous mode
[  605.213035][T12836] team_slave_1: entered promiscuous mode
[  605.219351][T12836] batadv1: entered promiscuous mode
[  605.245412][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  605.279835][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  605.310836][ T5861] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  605.417387][   T92] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[  605.571847][   T92] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  605.586911][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  605.609574][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  605.642551][ T5861] usb 2-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  605.661095][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.669043][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  605.695108][ T5861] usb 2-1: Product: syz
[  605.715748][ T5861] usb 2-1: Manufacturer: syz
[  605.728909][ T5861] usb 2-1: SerialNumber: syz
[  605.757384][ T5861] usb 2-1: config 0 descriptor??
[  605.769959][T12824] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  605.784333][ T5861] ati_remote 2-1:0.0: Initializing ati_remote hardware failed.
[  605.808211][ T5861] ati_remote 2-1:0.0: probe with driver ati_remote failed with error -5
[  605.854638][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  605.880102][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  605.969058][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  605.989765][ T5861] usb 2-1: USB disconnect, device number 2
[  606.009190][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.026671][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.054982][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.084404][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.099939][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.121289][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.246679][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.256257][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.277221][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.304088][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.313934][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.333605][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.344225][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.356038][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.372892][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.384100][   T92] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  606.398999][   T92] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  606.425169][   T92] usb 1-1: config 0 interface 0 has no altsetting 0
[  606.472026][   T92] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  606.482095][   T92] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  606.496230][   T92] usb 1-1: Product: syz
[  606.500832][   T92] usb 1-1: Manufacturer: syz
[  606.505651][   T92] usb 1-1: SerialNumber: syz
[  606.522294][   T92] usb 1-1: config 0 descriptor??
[  606.535379][   T92] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  606.662237][T12853] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1755'.
[  606.697455][ T5861] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  606.734240][  T980] usb 1-1: USB disconnect, device number 116
[  606.754009][  T980] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  606.758234][T12854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1755'.
[  606.762505][T12853] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  606.872828][T12853] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1755'.
[  606.884787][ T5861] usb 4-1: Using ep0 maxpacket: 8
[  606.890738][T12853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'.
[  606.895154][ T5861] usb 4-1: unable to get BOS descriptor or descriptor too short
[  606.915379][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.920513][ T5861] usb 4-1: config 10 has an invalid interface number: 130 but max is 0
[  606.936726][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.942895][ T5861] usb 4-1: config 10 has no interface number 0
[  606.951512][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.954862][ T5861] usb 4-1: config 10 interface 130 has no altsetting 0
[  606.964652][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.978542][ T5861] usb 4-1: New USB device found, idVendor=413c, idProduct=81e0, bcdDevice=53.5c
[  606.983248][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.989465][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.005393][ T5861] usb 4-1: Product: syz
[  607.009782][ T5861] usb 4-1: Manufacturer: syz
[  607.014537][ T5861] usb 4-1: SerialNumber: syz
[  607.030192][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.042887][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.052060][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.062489][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.072911][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.150888][ T5933] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  607.248145][T12850] ALSA: mixer_oss: invalid OSS volume ''
[  607.442685][ T5861] usb 4-1: USB disconnect, device number 8
[  607.449025][  T980] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  607.597587][  T980] usb 2-1: device descriptor read/64, error -71
[  607.843795][T12886] netlink: 'syz.3.1763': attribute type 2 has an invalid length.
[  607.861775][  T980] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  607.877489][ T5861] usb 1-1: new full-speed USB device number 117 using dummy_hcd
[  607.997272][  T980] usb 2-1: device descriptor read/64, error -71
[  608.052388][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  608.067479][ T5861] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  608.076854][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.091520][ T5861] usb 1-1: config 0 descriptor??
[  608.105160][T12884] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  608.108785][  T980] usb usb2-port1: attempt power cycle
[  608.468176][  T980] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  608.630904][  T980] usb 2-1: device descriptor read/8, error -71
[  609.182110][  T980] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  609.505898][  T980] usb 2-1: device descriptor read/8, error -71
[  609.779252][  T980] usb usb2-port1: unable to enumerate USB device
[  610.339364][T12914] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1769'.
[  611.453216][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  611.453358][   T30] audit: type=1326 audit(1756277386.564:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  611.482925][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.548541][T12926] input: syz0 as /devices/virtual/input/input39
[  611.565613][ T5861] usbhid 1-1:0.0: can't add hid device: -71
[  611.615363][ T5861] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  611.692183][ T5861] usb 1-1: USB disconnect, device number 117
[  611.729883][   T30] audit: type=1326 audit(1756277386.624:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  611.752549][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.779419][   T30] audit: type=1326 audit(1756277386.624:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  611.803237][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.809940][   T30] audit: type=1326 audit(1756277386.624:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  611.833121][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.839685][   T30] audit: type=1326 audit(1756277386.624:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  611.918826][   T30] audit: type=1326 audit(1756277386.634:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  612.046022][   T30] audit: type=1326 audit(1756277386.634:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  612.068490][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.198301][T10831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  612.207246][   T30] audit: type=1326 audit(1756277386.654:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  612.207314][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  612.297499][   T30] audit: type=1326 audit(1756277386.654:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  612.320137][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.395172][   T30] audit: type=1326 audit(1756277386.654:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb500b8ebe9 code=0x7ffc0000
[  612.417971][    C1] vkms_vblank_simulate: vblank timer overrun
[  612.642514][ T5861] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[  612.827314][ T5861] usb 1-1: Using ep0 maxpacket: 8
[  612.834280][ T5861] usb 1-1: config 162 has an invalid interface number: 97 but max is 0
[  612.846221][ T5861] usb 1-1: config 162 has no interface number 0
[  612.852759][ T5861] usb 1-1: config 162 interface 97 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  612.876793][ T5861] usb 1-1: config 162 interface 97 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  613.042926][ T5861] usb 1-1: config 162 interface 97 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  613.064051][ T5861] usb 1-1: config 162 interface 97 has no altsetting 0
[  613.074912][ T5861] usb 1-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  613.096585][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.122277][ T5861] usb 1-1: Product: syz
[  613.134729][ T5861] usb 1-1: Manufacturer: syz
[  613.153027][ T5861] usb 1-1: SerialNumber: syz
[  613.386504][T12940] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1776'.
[  613.650616][ T5861] metro_usb 1-1:162.97: interrupt-out endpoint missing
[  613.666925][ T5861] usb 1-1: USB disconnect, device number 118
[  614.107884][T10831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.116882][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.578847][T12980] ==================================================================
[  614.587174][T12980] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x44cd/0x5400
[  614.595123][T12980] Read of size 1 at addr ffff88807bee7eb0 by task syz.4.1785/12980
[  614.603050][T12980] 
[  614.605423][T12980] CPU: 1 UID: 0 PID: 12980 Comm: syz.4.1785 Not tainted syzkaller #0 PREEMPT(full) 
[  614.605455][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  614.605472][T12980] Call Trace:
[  614.605482][T12980]  <TASK>
[  614.605494][T12980]  dump_stack_lvl+0x189/0x250
[  614.605529][T12980]  ? __kasan_check_byte+0x12/0x40
[  614.605565][T12980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.605592][T12980]  ? lock_release+0x4b/0x3e0
[  614.605629][T12980]  ? __virt_addr_valid+0x4a5/0x5c0
[  614.605660][T12980]  print_report+0xca/0x240
[  614.605681][T12980]  ? xfrm_state_find+0x44cd/0x5400
[  614.605701][T12980]  kasan_report+0x118/0x150
[  614.605732][T12980]  ? xfrm_state_find+0x44cd/0x5400
[  614.605758][T12980]  xfrm_state_find+0x44cd/0x5400
[  614.605793][T12980]  ? xfrm_state_find+0x1da/0x5400
[  614.605816][T12980]  ? __pfx_xfrm_state_find+0x10/0x10
[  614.605846][T12980]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  614.605887][T12980]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  614.605917][T12980]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  614.605946][T12980]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  614.605975][T12980]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  614.606020][T12980]  ? xfrm_expand_policies+0x41f/0x6a0
[  614.606049][T12980]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  614.606088][T12980]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  614.606117][T12980]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  614.606150][T12980]  ? ip6_dst_lookup_flow+0x9a/0xe0
[  614.606183][T12980]  xfrm_lookup_route+0x3c/0x1c0
[  614.606212][T12980]  sctp_v6_get_dst+0xffa/0x1bc0
[  614.606243][T12980]  ? crng_make_state+0x13a/0x700
[  614.606271][T12980]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  614.606303][T12980]  ? __pfx_sctp_v6_get_dst+0x10/0x10
[  614.606333][T12980]  ? __asan_memset+0x22/0x50
[  614.606368][T12980]  ? dst_release+0x72/0x1b0
[  614.606396][T12980]  sctp_transport_route+0x115/0x2f0
[  614.606427][T12980]  sctp_assoc_add_peer+0x657/0x13b0
[  614.606455][T12980]  sctp_connect_new_asoc+0x30a/0x690
[  614.606480][T12980]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  614.606500][T12980]  ? __local_bh_enable_ip+0x12d/0x1c0
[  614.606525][T12980]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  614.606552][T12980]  ? security_sctp_bind_connect+0x7e/0x2e0
[  614.606597][T12980]  sctp_sendmsg+0x155c/0x2810
[  614.606643][T12980]  ? __pfx_sctp_sendmsg+0x10/0x10
[  614.606676][T12980]  ? rcu_is_watching+0x15/0xb0
[  614.606697][T12980]  ? aa_sk_perm+0x81e/0x950
[  614.606732][T12980]  ? __pfx_aa_sk_perm+0x10/0x10
[  614.606763][T12980]  ? sock_rps_record_flow+0x19/0x410
[  614.606792][T12980]  ? inet_sendmsg+0x2f4/0x370
[  614.606821][T12980]  __sock_sendmsg+0x19c/0x270
[  614.606851][T12980]  ____sys_sendmsg+0x52d/0x830
[  614.606877][T12980]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.606905][T12980]  ? import_iovec+0x74/0xa0
[  614.606932][T12980]  ___sys_sendmsg+0x21f/0x2a0
[  614.606955][T12980]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.606997][T12980]  ? __fget_files+0x2a/0x420
[  614.607029][T12980]  ? __fget_files+0x3a0/0x420
[  614.607066][T12980]  __sys_sendmmsg+0x227/0x430
[  614.607097][T12980]  ? __pfx___sys_sendmmsg+0x10/0x10
[  614.607117][T12980]  ? do_futex+0x333/0x420
[  614.607146][T12980]  ? fdget+0x184/0x1e0
[  614.607172][T12980]  ? rcu_is_watching+0x15/0xb0
[  614.607196][T12980]  __x64_sys_sendmmsg+0xa0/0xc0
[  614.607219][T12980]  do_syscall_64+0xfa/0x3b0
[  614.607252][T12980]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.607280][T12980]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.607303][T12980]  ? clear_bhb_loop+0x60/0xb0
[  614.607327][T12980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.607349][T12980] RIP: 0033:0x7fb500b8ebe9
[  614.607371][T12980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.607391][T12980] RSP: 002b:00007fb4fedf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  614.607416][T12980] RAX: ffffffffffffffda RBX: 00007fb500db5fa0 RCX: 00007fb500b8ebe9
[  614.607433][T12980] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003
[  614.607448][T12980] RBP: 00007fb500c11e19 R08: 0000000000000000 R09: 0000000000000000
[  614.607462][T12980] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000000
[  614.607477][T12980] R13: 00007fb500db6038 R14: 00007fb500db5fa0 R15: 00007fb500edfa28
[  614.607503][T12980]  </TASK>
[  614.607511][T12980] 
[  615.037726][T12980] Allocated by task 12503:
[  615.042262][T12980]  kasan_save_track+0x3e/0x80
[  615.047160][T12980]  __kasan_slab_alloc+0x6c/0x80
[  615.052236][T12980]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  615.057891][T12980]  xfrm_state_alloc+0x24/0x2f0
[  615.062923][T12980]  __find_acq_core+0x8a7/0x1c00
[  615.067982][T12980]  xfrm_find_acq+0x78/0xa0
[  615.072684][T12980]  xfrm_alloc_userspi+0x6b3/0xc90
[  615.077720][T12980]  xfrm_user_rcv_msg+0x7a3/0xab0
[  615.082756][T12980]  netlink_rcv_skb+0x205/0x470
[  615.087552][T12980]  xfrm_netlink_rcv+0x79/0x90
[  615.092443][T12980]  netlink_unicast+0x82c/0x9e0
[  615.097223][T12980]  netlink_sendmsg+0x805/0xb30
[  615.102007][T12980]  __sock_sendmsg+0x219/0x270
[  615.106985][T12980]  ____sys_sendmsg+0x505/0x830
[  615.111971][T12980]  ___sys_sendmsg+0x21f/0x2a0
[  615.117351][T12980]  __x64_sys_sendmsg+0x19b/0x260
[  615.122486][T12980]  do_syscall_64+0xfa/0x3b0
[  615.127308][T12980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.133317][T12980] 
[  615.135642][T12980] Freed by task 980:
[  615.139548][T12980]  kasan_save_track+0x3e/0x80
[  615.144358][T12980]  kasan_save_free_info+0x46/0x50
[  615.149853][T12980]  __kasan_slab_free+0x5b/0x80
[  615.154727][T12980]  kmem_cache_free+0x18f/0x400
[  615.159700][T12980]  xfrm_state_gc_task+0x52d/0x6b0
[  615.164842][T12980]  process_scheduled_works+0xae1/0x17b0
[  615.170512][T12980]  worker_thread+0x8a0/0xda0
[  615.175110][T12980]  kthread+0x70e/0x8a0
[  615.179205][T12980]  ret_from_fork+0x3f9/0x770
[  615.183812][T12980]  ret_from_fork_asm+0x1a/0x30
[  615.188596][T12980] 
[  615.191131][T12980] The buggy address belongs to the object at ffff88807bee7b80
[  615.191131][T12980]  which belongs to the cache xfrm_state of size 928
[  615.205374][T12980] The buggy address is located 816 bytes inside of
[  615.205374][T12980]  freed 928-byte region [ffff88807bee7b80, ffff88807bee7f20)
[  615.219296][T12980] 
[  615.221858][T12980] The buggy address belongs to the physical page:
[  615.228865][T12980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bee4
[  615.238236][T12980] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  615.246750][T12980] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  615.254552][T12980] page_type: f5(slab)
[  615.258668][T12980] raw: 00fff00000000040 ffff888020ad5640 dead000000000122 0000000000000000
[  615.267345][T12980] raw: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[  615.275950][T12980] head: 00fff00000000040 ffff888020ad5640 dead000000000122 0000000000000000
[  615.284660][T12980] head: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[  615.293388][T12980] head: 00fff00000000002 ffffea0001efb901 00000000ffffffff 00000000ffffffff
[  615.302167][T12980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  615.310870][T12980] page dumped because: kasan: bad access detected
[  615.317520][T12980] page_owner tracks the page as allocated
[  615.323423][T12980] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6170, tgid 6166 (syz.3.52), ts 113045619540, free_ts 112976317988
[  615.343315][T12980]  post_alloc_hook+0x240/0x2a0
[  615.348135][T12980]  get_page_from_freelist+0x21e4/0x22c0
[  615.353696][T12980]  __alloc_frozen_pages_noprof+0x181/0x370
[  615.359502][T12980]  alloc_pages_mpol+0x232/0x4a0
[  615.364359][T12980]  allocate_slab+0x8a/0x370
[  615.368880][T12980]  ___slab_alloc+0xbeb/0x1410
[  615.373583][T12980]  kmem_cache_alloc_noprof+0x283/0x3c0
[  615.379044][T12980]  xfrm_state_alloc+0x24/0x2f0
[  615.383840][T12980]  pfkey_add+0x6e4/0x2e00
[  615.388168][T12980]  pfkey_sendmsg+0xbfb/0x1090
[  615.392882][T12980]  __sock_sendmsg+0x219/0x270
[  615.397562][T12980]  ____sys_sendmsg+0x505/0x830
[  615.402473][T12980]  ___sys_sendmsg+0x21f/0x2a0
[  615.407270][T12980]  __x64_sys_sendmsg+0x19b/0x260
[  615.412232][T12980]  do_syscall_64+0xfa/0x3b0
[  615.416840][T12980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.422850][T12980] page last free pid 6166 tgid 6166 stack trace:
[  615.429187][T12980]  __free_frozen_pages+0xbc4/0xd30
[  615.434324][T12980]  __slab_free+0x303/0x3c0
[  615.438943][T12980]  qlist_free_all+0x97/0x140
[  615.443556][T12980]  kasan_quarantine_reduce+0x148/0x160
[  615.449120][T12980]  __kasan_slab_alloc+0x22/0x80
[  615.454074][T12980]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  615.459635][T12980]  mas_alloc_nodes+0x2e9/0x8e0
[  615.464428][T12980]  mas_preallocate+0x3ad/0x6f0
[  615.469470][T12980]  __split_vma+0x2fa/0xa00
[  615.473898][T12980]  vma_modify+0x12c3/0x1970
[  615.478414][T12980]  vma_modify_flags+0x1e8/0x230
[  615.483366][T12980]  mprotect_fixup+0x407/0x9c0
[  615.488051][T12980]  do_mprotect_pkey+0x8cd/0xce0
[  615.493019][T12980]  __x64_sys_mprotect+0x80/0x90
[  615.497879][T12980]  do_syscall_64+0xfa/0x3b0
[  615.502431][T12980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.508339][T12980] 
[  615.510673][T12980] Memory state around the buggy address:
[  615.516757][T12980]  ffff88807bee7d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  615.524942][T12980]  ffff88807bee7e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  615.533027][T12980] >ffff88807bee7e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  615.541431][T12980]                                      ^
[  615.547264][T12980]  ffff88807bee7f00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  615.555435][T12980]  ffff88807bee7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  615.563653][T12980] ==================================================================
[  615.572610][    C1] vkms_vblank_simulate: vblank timer overrun
[  615.578845][T12980] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  615.586109][T12980] CPU: 1 UID: 0 PID: 12980 Comm: syz.4.1785 Not tainted syzkaller #0 PREEMPT(full) 
[  615.595589][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  615.605669][T12980] Call Trace:
[  615.608966][T12980]  <TASK>
[  615.611921][T12980]  dump_stack_lvl+0x99/0x250
[  615.616625][T12980]  ? __asan_memcpy+0x40/0x70
[  615.621402][T12980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.626625][T12980]  ? __pfx__printk+0x10/0x10
[  615.631504][T12980]  vpanic+0x281/0x750
[  615.635708][T12980]  ? __pfx_vpanic+0x10/0x10
[  615.640341][T12980]  ? irqentry_exit+0x74/0x90
[  615.644985][T12980]  panic+0xb9/0xc0
[  615.648737][T12980]  ? __pfx_panic+0x10/0x10
[  615.653342][T12980]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  615.659251][T12980]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  615.665161][T12980]  ? xfrm_state_find+0x44cd/0x5400
[  615.670277][T12980]  check_panic_on_warn+0x89/0xb0
[  615.675313][T12980]  ? xfrm_state_find+0x44cd/0x5400
[  615.680607][T12980]  end_report+0x78/0x160
[  615.685289][T12980]  kasan_report+0x129/0x150
[  615.689847][T12980]  ? xfrm_state_find+0x44cd/0x5400
[  615.695007][T12980]  xfrm_state_find+0x44cd/0x5400
[  615.700219][T12980]  ? xfrm_state_find+0x1da/0x5400
[  615.705265][T12980]  ? __pfx_xfrm_state_find+0x10/0x10
[  615.710661][T12980]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  615.716836][T12980]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  615.722845][T12980]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  615.729565][T12980]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  615.735687][T12980]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  615.742073][T12980]  ? xfrm_expand_policies+0x41f/0x6a0
[  615.747588][T12980]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  615.753006][T12980]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  615.758917][T12980]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  615.763966][T12980]  ? ip6_dst_lookup_flow+0x9a/0xe0
[  615.769622][T12980]  xfrm_lookup_route+0x3c/0x1c0
[  615.774528][T12980]  sctp_v6_get_dst+0xffa/0x1bc0
[  615.779497][T12980]  ? crng_make_state+0x13a/0x700
[  615.784477][T12980]  ? sctp_v6_get_dst+0x57e/0x1bc0
[  615.789616][T12980]  ? __pfx_sctp_v6_get_dst+0x10/0x10
[  615.795203][T12980]  ? __asan_memset+0x22/0x50
[  615.799826][T12980]  ? dst_release+0x72/0x1b0
[  615.804367][T12980]  sctp_transport_route+0x115/0x2f0
[  615.810005][T12980]  sctp_assoc_add_peer+0x657/0x13b0
[  615.815331][T12980]  sctp_connect_new_asoc+0x30a/0x690
[  615.820651][T12980]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  615.826472][T12980]  ? __local_bh_enable_ip+0x12d/0x1c0
[  615.831871][T12980]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  615.837994][T12980]  ? security_sctp_bind_connect+0x7e/0x2e0
[  615.844081][T12980]  sctp_sendmsg+0x155c/0x2810
[  615.848795][T12980]  ? __pfx_sctp_sendmsg+0x10/0x10
[  615.854118][T12980]  ? rcu_is_watching+0x15/0xb0
[  615.858994][T12980]  ? aa_sk_perm+0x81e/0x950
[  615.863534][T12980]  ? __pfx_aa_sk_perm+0x10/0x10
[  615.868401][T12980]  ? sock_rps_record_flow+0x19/0x410
[  615.873725][T12980]  ? inet_sendmsg+0x2f4/0x370
[  615.878426][T12980]  __sock_sendmsg+0x19c/0x270
[  615.883155][T12980]  ____sys_sendmsg+0x52d/0x830
[  615.888020][T12980]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.893611][T12980]  ? import_iovec+0x74/0xa0
[  615.898136][T12980]  ___sys_sendmsg+0x21f/0x2a0
[  615.902992][T12980]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.908666][T12980]  ? __fget_files+0x2a/0x420
[  615.913377][T12980]  ? __fget_files+0x3a0/0x420
[  615.918074][T12980]  __sys_sendmmsg+0x227/0x430
[  615.922827][T12980]  ? __pfx___sys_sendmmsg+0x10/0x10
[  615.928125][T12980]  ? do_futex+0x333/0x420
[  615.932573][T12980]  ? fdget+0x184/0x1e0
[  615.936751][T12980]  ? rcu_is_watching+0x15/0xb0
[  615.941818][T12980]  __x64_sys_sendmmsg+0xa0/0xc0
[  615.947071][T12980]  do_syscall_64+0xfa/0x3b0
[  615.952267][T12980]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.957736][T12980]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.964322][T12980]  ? clear_bhb_loop+0x60/0xb0
[  615.969295][T12980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.975241][T12980] RIP: 0033:0x7fb500b8ebe9
[  615.979863][T12980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.000140][T12980] RSP: 002b:00007fb4fedf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  616.008572][T12980] RAX: ffffffffffffffda RBX: 00007fb500db5fa0 RCX: 00007fb500b8ebe9
[  616.016580][T12980] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003
[  616.024554][T12980] RBP: 00007fb500c11e19 R08: 0000000000000000 R09: 0000000000000000
[  616.032529][T12980] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000000
[  616.040525][T12980] R13: 00007fb500db6038 R14: 00007fb500db5fa0 R15: 00007fb500edfa28
[  616.048519][T12980]  </TASK>
[  616.051988][T12980] Kernel Offset: disabled
[  616.056371][T12980] Rebooting in 86400 seconds..