last executing test programs:

10m31.63276654s ago: executing program 3 (id=941):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b02, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d, 0x2, 0x1, 0x1, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x101}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x4, 0x7ff, 0x1}, {0x6, 0x24, 0x1a, 0x3, 0x2}, [@acm={0x4, 0x24, 0x2, 0x7}, @mbim_extended={0x8, 0x24, 0x1c, 0x3, 0xf8, 0x100}, @mdlm={0x15, 0x24, 0x12, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x3, 0xff, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x4, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xe, 0x40, 0xf1}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0xc8, 0x9, 0x3, 0x8, 0x6}, 0x34, &(0x7f0000000140)={0x5, 0xf, 0x34, 0x2, [@wireless={0xb, 0x10, 0x1, 0xb9af87e5bd7d6dd5, 0x82, 0x8, 0x2, 0x5, 0x33}, @ssp_cap={0x24, 0x10, 0xa, 0x1, 0x6, 0xfbe3, 0xff08, 0x8, [0x30, 0xf0, 0x30, 0x3fc0, 0xc0, 0xff0007]}]}, 0x6, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x814}}, {0xc1, &(0x7f00000001c0)=@string={0xc1, 0x3, "381319b59ba6fcc6555475321a8d9d34ebceb791874d1dbb93d9e004e666acdb4e640deca979a5f129f232995e2597d766ebfd2557faed9ee6cedf94100de0d46bf48009d2665dc81ba9c5ee85a1c6e3571d1b6c66c673d35625d9c1818b22f3d05ff766e2251bd0d65cd68b2a6d5d5047c89173393a3794a3f0454bde2419f2a2656d499f5f38835ac1131bcc40f5b95cf8e74a54890fcd225bbb42ff961a4ae3e75e4afd957bd5d7f46dde26138d0c5487604cdc849742fd6b81c82bf9e4"}}, {0x32, &(0x7f00000002c0)=@string={0x32, 0x3, "cd28cbee1be01cc10b254e203b1958d8fddf0ae0937e35f35be55903e4466e21bcb8d08d85a9862bd25c3f5b314f0a5e"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x402}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2801}}]})

10m28.369485899s ago: executing program 3 (id=946):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delqdisc={0x1f0, 0x25, 0x100, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x10, 0x8}, {0xffff, 0xd}}, [@TCA_STAB={0xb0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1c, 0xfc, 0xffe3, 0x7252, 0x0, 0x2, 0x5, 0x3}}, {0xa, 0x2, [0x32, 0x23, 0x1]}}, {{0x1c, 0x1, {0x3, 0xb1, 0x9, 0xedd, 0x0, 0x91a8, 0x8}}, {0x4}}, {{0x1c, 0x1, {0xe, 0x85, 0x6, 0x81, 0x1, 0x4, 0x9, 0x1}}, {0x6, 0x2, [0xfff1]}}, {{0x1c, 0x1, {0x5, 0x7, 0x2, 0xecc7, 0x1, 0x5, 0x8d2}}, {0x4}}, {{0x1c, 0x1, {0x81, 0x5, 0x800, 0x6, 0x0, 0x3, 0x3ff}}, {0x4}}]}, @TCA_RATE={0x6, 0x5, {0x71, 0x1}}, @qdisc_kind_options=@q_choke={{0xa}, {0x108, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "99476b24af76066257ab6ed09cf866d14fb7ef6509a4936d9158424a074f8c8e671ed5966389a7509bba857409c045bc07dc31c4c729c544cf551f4e16e440b7757a2af085d8bb0e27c134b92247a9303797371cca965228ec735810ab9d670179de8cbe2871cfbfeab079246aef1bf3afe97234c09452d147de3fa0a9db0e4ca1b8d20dd1076da40988ced00fbdc93c192d78cdd59b6c86487f5469435013210b2eb0c129cffc37b6117e51a9b4ba029c785d1a321e7585ccda1b921abe235ae169f62b1af401f7d44278dd4aaaaf796c70bf8150195a94e58ed5ffc95f0710e8fb9bf8a2d9218a776b42c267d9095905b1336259c698481ba38a8229ec037f"}]}}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x40801}, 0x20000080)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0xe, 0x0, &(0x7f0000000340))
r1 = socket(0x10, 0x803, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000300)='GPL\x00', 0x8, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x2e, 0xc8c0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0x600}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0xa, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x44080)
sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x34, 0x24, 0xd0f, 0x70ad26, 0x0, {0x60, 0x0, 0x0, r6, {}, {0x8, 0xa}, {0xfff2, 0x7}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000002e40)=@o_path={&(0x7f0000002e00)='./file0\x00', 0x0, 0x8, r4}, 0x18)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0xfffffffc, <r7=>0x0}, 0x8)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
read$FUSE(r8, &(0x7f0000000640)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x1a, 0x29, &(0x7f0000000a00)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xa1}, @call={0x85, 0x0, 0x0, 0x2b}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x3}, @map_fd={0x18, 0x1, 0x1, 0x0, r2}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_idx={0x18, 0x7, 0x5, 0x0, 0xb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x70, &(0x7f0000000080)=""/112, 0x40f00, 0x38, '\x00', r6, @tracing=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xa, 0x5, 0x23}, 0x10, r7, 0xffffffffffffffff, 0x5, &(0x7f00000005c0)=[r3, r8, r2, r3, r2, r3, r3], &(0x7f0000000880)=[{0x5, 0x2, 0x1, 0x2}, {0x0, 0x3, 0x8, 0x2}, {0x1, 0x5, 0x5, 0xb}, {0x1, 0x4, 0x1, 0x2}, {0x0, 0x3, 0x7, 0x9}], 0x10, 0x10001, @void, @value}, 0x94)
io_setup(0x2, &(0x7f0000000200)=<r9=>0x0)
io_submit(r9, 0x140b, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x700fbff, 0x4, 0x1, 0x0, r3, &(0x7f0000000180)='\x00', 0x1001}])
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000000)={0x9, 0x7, 0x8})
r10 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$revoke(0x3, r10)
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000002680)={0xeeee0000, 0x100000, 0x8, 0x3, 0x4})
r11 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r11, 0xc018643a, &(0x7f0000000000)={0x1})
keyctl$setperm(0x5, r10, 0x0)

10m28.019270062s ago: executing program 3 (id=947):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x101542, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x10000010})

10m27.820476794s ago: executing program 3 (id=950):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x331}, 0x9c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x6, 0xfffe, 0x0, 0x0, 0x74}, &(0x7f0000000100)=0x9c)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000100b060a5000000000000109022400010000500009040002010300000009210000000122f80409058103"], 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = openat$dlm_control(0xffffff9c, &(0x7f0000000700), 0x100, 0x0)
read$FUSE(r6, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x2, 0x2, 0x0, 0xd, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}]}, 0x28}, 0x1, 0x7}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

10m24.516966249s ago: executing program 3 (id=962):
syz_emit_ethernet(0x0, 0x0, 0x0)

10m23.496707732s ago: executing program 3 (id=969):
socket$inet6_sctp(0xa, 0x801, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000304000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0)

10m22.547406662s ago: executing program 32 (id=969):
socket$inet6_sctp(0xa, 0x801, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000304000000000000000000480000", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0)

21.764125672s ago: executing program 2 (id=2987):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x121800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x1) (async)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x200000e, 0x2172, 0xffffffffffffffff, 0x0) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0) (async)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) (async, rerun: 64)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000040)="415b7ac700000000", 0x8) (async, rerun: 64)
r5 = accept(r4, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x18}], 0x1, 0x0)
recvmsg(r5, &(0x7f000000b680)={0x0, 0xfffffe58, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb7b}], 0x2}, 0x0) (async)
r6 = dup(r1) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r6, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="65f0ff454ef30f3066b83e000f00d0db53000fc778000f01c5660fc77509b9060300000f32c4e2790e1666b83a018ed8", 0x30}], 0x1, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async, rerun: 32)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (rerun: 32)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x13, r8, 0x100000000)
r9 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0xa01, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="fe"])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x2, 0x0, 0x0)

21.119673392s ago: executing program 2 (id=2991):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="7a0a00ff00000000711094000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003) (async)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x2a, 0x8, 0x16, 0x16, 0x6, 0x8000, 0x0, 0x1, 0xffffffffffffffff}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001835a800", @ANYRES32, @ANYBLOB="0000000002000000b702000014000000b7030000000000008500000083000000b70900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0x101d, 0xfffffffffffffffe, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)

20.560779249s ago: executing program 2 (id=2993):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
r0 = userfaultfd(0x1)
r1 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
readv(r1, 0x0, 0x0)
r3 = dup3(r1, r2, 0x0)
preadv(r3, &(0x7f0000000280)=[{&(0x7f0000000100)=""/24, 0x30}, {0x0, 0x2}], 0x2, 0x0, 0x0)
read$FUSE(r3, &(0x7f0000001340)={0x2020}, 0x2020)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r5 = dup2(r4, r4)
ioctl$KVM_SET_DEBUGREGS(r5, 0x4080aea2, &(0x7f0000000040)={[0xeeee8000, 0xeeef0000, 0x0, 0x2000], 0xfffffffffffffffb, 0x66, 0x4})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f000016d000/0x1000)=nil, 0x1000}, 0xf})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

8.428515268s ago: executing program 1 (id=3020):
r0 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x6, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000000, 0x2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_INPUT(r4, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000180)=@multiplanar_fd={0x5, 0x2, 0x4, 0x20, 0x2, {0x77359400}, {0x1, 0x1, 0xd, 0x6, 0x15, 0x9, "d4b16c7d"}, 0x81, 0x4, {0x0}, 0x82})
getsockopt$inet6_mreq(r2, 0x3a, 0x14, 0x0, 0xfffffffffffffffc)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x27, 0x1, 0x0, "3a8e00000034b52ba75066c27891ca55e21f0000000000b2b678d200", 0x32344d59})
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2)
syz_usb_connect(0x1, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0xc3, 0xfe, 0x5d, 0x8, 0x16c0, 0x5df, 0x6b16, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7, 0x7, 0x20, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2}}]}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc07}}, {0x0, 0x0}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0xb03137cc5c403bd1}}, {0x0, 0x0}]})
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xa, 0x2, 0x2, "953a23d0cbfbe9ce00eafd00", 0x384c4150})

7.676673397s ago: executing program 4 (id=3023):
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000000, 0x30, r1, 0x0)
write$char_usb(r0, &(0x7f00000004c0)="04", 0x1)

7.270329113s ago: executing program 5 (id=3024):
getrusage(0x0, &(0x7f0000000000))
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000001ec0)={0x1, &(0x7f0000001e80)=[{0x0, 0x1000}]})
socket(0x1d, 0x2, 0x7)
r2 = syz_io_uring_setup(0x1e1a, &(0x7f0000000440)={0x0, 0x430, 0x10100, 0x0, 0x83}, &(0x7f0000002000)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x80, 0xc9, "7e118e8456ee1d14"}}}, 0xe)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23})
io_uring_enter(r2, 0x100048ed, 0x0, 0x2, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r6, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0)
listen(r0, 0xda90)
r7 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x0, 0x0)
socket(0x1, 0x5, 0x8)
ioctl$SNDCTL_SEQ_NRMIDIS(r7, 0xc0046d00, &(0x7f0000001500))
accept4(r0, 0x0, 0x0, 0x0)

6.41665487s ago: executing program 0 (id=3026):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/2)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
io_setup(0x0, 0x0)
syz_io_uring_setup(0x5c2, 0x0, 0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x130)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000040)=0x1, 0x12)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

6.092886144s ago: executing program 5 (id=3027):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000030800020011"], 0x74}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000030800020011"], 0x74}}, 0x0) (async)

5.456606424s ago: executing program 5 (id=3028):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0})
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000200), 0x40180, 0x0)
read$FUSE(r4, &(0x7f0000004300)={0x2020}, 0x2020)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000001980)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x16}, @flat=@weak_handle={0x77682a85, 0xa}, @fda={0x66646185, 0x0, 0x0, 0x1e}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

5.379103439s ago: executing program 2 (id=2996):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x200202, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
fchdir(0xffffffffffffffff)
close(0xffffffffffffffff)
openat$dir(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x2, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x8, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000, 0x3000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x34, r7, 0x101, 0x0, 0x3, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x4}]}, 0x34}}, 0x200000d0)

5.276665421s ago: executing program 1 (id=3029):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x101542, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x10000010, 0x200000000000000})

5.244172054s ago: executing program 5 (id=3030):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x3)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c300741300000800c400010000000400c5"], 0x30}}, 0x0)
sigaltstack(&(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xffffffffffffff5e}, &(0x7f0000000080)={&(0x7f0000000040)})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x421, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x6, {[@main=@item_012={0x0, 0x0, 0xb}, @local=@item_4={0x3, 0x2, 0x5, "43dca19e"}]}}, 0x0}, 0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x77359400}}, 0x0)
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)

4.926670942s ago: executing program 1 (id=3031):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x306)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$kcm(0x11, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'veth0\x00', 0x100})
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x2b)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r3 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000000000/0x4000)=nil)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r6=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000780)={"10628c1965c61e00", r7, <r8=>0xffffffffffffffff})
ppoll(&(0x7f0000000040)=[{r8, 0x8023}, {r7, 0x20}], 0x2, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
open_tree(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_LINK_PRI(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYRES16, @ANYBLOB="0104000000000000000001000000000000000841000100000018ff"], 0x68}}, 0x0)

4.532775753s ago: executing program 4 (id=3032):
socket$key(0xf, 0x3, 0x2)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
epoll_create1(0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100000000000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_KEY(r2, 0x0, 0x4000)
r3 = socket$pppoe(0x18, 0x1, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0)
bind$tipc(r4, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000004c0)={0x42, 0x3, 0x2}, 0x10)
fsopen(0x0, 0x1)
connect$pppoe(r3, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x6000009)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)

4.311600458s ago: executing program 0 (id=3033):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$can_j1939(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)="04e43cb9f9c577e12a648ef79b0d4c14b7", 0x11}, 0x1, 0x0, 0x0, 0x20040800}, 0x20000084)
recvmmsg$unix(r1, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)=""/79, 0x4f}], 0x1}, 0x1000000}], 0x1, 0x0, 0x0)

4.135856574s ago: executing program 0 (id=3034):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_io_uring_setup(0x1dfd, &(0x7f0000000340)={0x0, 0x7d83, 0x100, 0x1, 0x9d}, &(0x7f0000000040), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000000840)={0x4, 0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000400)=""/138, 0x8a}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f00000005c0)=""/220, 0xdc}, {&(0x7f00000006c0)=""/232, 0xe8}], &(0x7f0000000800)=[0x101]}, 0x20)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x18, <r4=>r1, {0xffffffffffffffff}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
recvmmsg(r5, &(0x7f0000005c80), 0x400030f, 0x0, 0x0)
listen(r5, 0xd3)

3.804634094s ago: executing program 5 (id=3035):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r1, 0x0, 0x2c, &(0x7f00000003c0)={0x2002, {{0x2, 0x4e23, @multicast1}}, {{0x2002, 0x4e24, @loopback}}}, 0x108)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8000)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000780)={'syztnl0\x00', 0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000180)={0x8, <r2=>0xffffffffffffffff, 0x1})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYBLOB="000000489baa6017b86a650000000000000000000000000000000000d43e656f8fa55f8e3d5bb435b2a9f278814773cc33521f9adf3155debeab85ce601023ab0f1ae69746f29d248d83e0d7aee0507cecc89924aac250f42668e82538e23b41d081c857f869b08635c9abd4c9986ce463278aa74ab400003f3919a55d9d8e64592e354eb4ff61059e3b5e6789833283a2841e747951ba0dc4934f55e9dbdc00abe1312f44ca8f7b38e8d3de579b8cfb49006f1948a94ebe1851a23c6d2f36f0cf2c8c"], 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x44008)
syz_emit_ethernet(0xa3, &(0x7f0000000240)=ANY=[@ANYRES16=r1], 0x0)
r5 = socket$inet6(0xa, 0x5, 0x80000001)
futex(&(0x7f0000000140)=0xfffffffb, 0x5, 0xffffffff, 0x0, &(0x7f00000001c0), 0xfffdffff)
connect$inet6(r5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x33, 0x7f, 0x20000a2e, 0x0, 0x0, 0x3, 0x2000000, 0x0, 0x3000000}})
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2.997008131s ago: executing program 2 (id=3036):
mknod$loop(0x0, 0xfff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f0000003800)=[{{&(0x7f0000000580)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000600)=""/42, 0x2a}, {&(0x7f0000000640)=""/129, 0x81}], 0x2}, 0xb268}, {{&(0x7f0000000740)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000002300)=[{&(0x7f00000007c0)=""/161, 0xa1}, {&(0x7f0000000880)=""/66, 0x42}, {&(0x7f0000000900)=""/92, 0x5c}], 0x3, &(0x7f0000003900)=""/201, 0xc9}}, {{&(0x7f0000000ac0)=@ax25={{}, [@default, @default, @bcast, @default, @netrom, @default, @netrom, @netrom]}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000000b40)=""/220, 0xdc}, {&(0x7f0000000c40)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/33, 0x21}, {&(0x7f0000001d00)=""/90, 0x5a}, {&(0x7f0000001d80)=""/163, 0xa3}, {&(0x7f0000002740)=""/4092, 0xffc}], 0x6, &(0x7f0000001ec0)=""/235, 0xeb}, 0x8000}, {{&(0x7f0000001fc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000002640)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000002440)=""/12, 0xc}, {&(0x7f0000002480)=""/130, 0x82}, {&(0x7f0000002540)=""/233, 0xe9}], 0x6, &(0x7f0000003740)=""/170, 0xaa}, 0x7}], 0x4, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000340)='clear_refs\x00')
pread64(r3, 0x0, 0x0, 0x20000100008)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000300)={0xc, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000003c0)={0x48, 0x1, r4, 0x0, 0x3ff, 0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x8044)
syz_emit_ethernet(0x2a, &(0x7f0000000980)=ANY=[@ANYBLOB="0180c200000002341c5d21fccfd7035120cc8f1bf26800000000000008004500001cfffe0000a02f90787f70aa493ae73d91cd01880b00089078"], 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000380)={0xc})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x3, r6, 0x0, 0x7, 0xd4, &(0x7f0000000040)="a9b0a7e479faa680c141d5017ea5adab2fa92037a97c8010275449fd202db67bc26f89d39d1f70d9c5cd0ae86b15afd6cb9893f4c894d449e655f76cd2a93da1ecca7076bd8b44ef2f37c2c3a1adf5054219ba86aad33a108e3d1c0c3e4adfc9315b95dfc53b7d6cfe3b47eea24d7b2728eabd87ae7f0f0d82cb800d1629d21878c6f74e0dfab85cee5dd3e723215d5be12eae586ffcf8cef82791dd4dd8c9001b44b3436ac31a1fa9930fea2035bec5f7a135125736041ba19d60a877da7962644e751e0a090a3661c7c5657f47edc7b6c2a8e8"})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r2, 0x3b8b, &(0x7f0000000140)={0x10})
r7 = syz_open_dev$loop(&(0x7f0000000100), 0x2000000, 0xe2001)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x40042, 0x101)
prctl$PR_GET_NAME(0x10, &(0x7f0000000440)=""/214)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x2000, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffff8]}})

2.08380781s ago: executing program 1 (id=3037):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$poke(0x1, r0, &(0x7f0000000140), 0x40000000000041)

1.824929255s ago: executing program 0 (id=3038):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x43, 0x42}, 0x20000000}}, 0x10)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000140))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local, {[@generic={0x94, 0x6, "d853bd7a"}, @noop, @noop]}}, @address_request={0x11, 0x0, 0x0, 0x90b6}}}}}, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r7 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r8, 0x400, 0x0)

1.824535097s ago: executing program 1 (id=3039):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000bc7000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000c69000/0x2000)=nil)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_TIMER_SLACK={0x8, 0xd, 0xfc}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0xffffffc0}]}}]}, 0x40}}, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x1249, &(0x7f00000004c0)={0x0, 0x2170, 0x1, 0x1, 0x300}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
r8 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_usb_disconnect(r8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xdfffffffffffffff, &(0x7f0000000340)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
fcntl$lock(r10, 0x25, &(0x7f0000000000)={0x1, 0x2, 0xe37ffffffffffe})
fcntl$lock(r10, 0x6, &(0x7f0000000580)={0x0, 0x0, 0x1, 0x3})
fcntl$lock(r10, 0x5, &(0x7f0000000440)={0x1, 0x1, 0x2, 0xb})
write$P9_RSTATu(r9, &(0x7f0000000c00)=ANY=[@ANYBLOB="980100007d00000005f1010000000000000200000000050000000000000000000000000000008000000009000000000000001601046c6f6465767b6376666f7825ffffff8102000000000031ffcebc92000000d337826e997cb134d0d3ae245f7bd16254339bf6a47c7ac16ebb22eddca0e108dde7fbfd6eda7d39d4dc3707f1d9035dec8c7323f013fb4ce0b35f1687cbd4aeb3fb48874976ebb008d1531e34991317230acc2480610dea25e41b050c8debe42461f29d3fcc27f01bbfa8acbf766187fc0a3e103413128800010000000000005bd26d4d62f02bbc3b9257c71eefab25944bc5331c6947589a81014161f78abff6758b8bf3706de42d063d888d0e181d44703cc8aad7afa2230a9a985dff98ef4e1f40ab5bc40517d4740b6e6e042edc000b8b6ad5e39de952179c56f32f9ddc847d6af52b5ddcdfb65c008b0e9e96e088f400000000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8106b494e11200cfc213f600000000000000010000000000005e00f8f669fb716dcf315ecaf385409ac65b9408679d2c3b9e1d52c3d6da9bf699fa88dace6cde7ba4a400b4b0b4dbf6c69a69d017cec45906f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1acd016f6465762d6eb17b2300f9daa5ee23266ecf85fea65e42d9791baaa3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b16aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c60dfdaa86c5570d9428fd1739e1c2d87fff00000000000000000000000000000090df2a15444d19ae2173dc11a47e19e4892e3e73a90c4f60fa52df6f2e23e21dada4a1661de0da77cf5fd621047aacc6f658e3186e5bef206c1bfd724d051189d724443ef934c5172eb5b5792e5cc17584a0d88531b727457a635c645c274bc06c171c41c5ec61a3a3cfaf551dd20e91237368c746dba31dfd1e4dcd0ffa6043e6ce331bc589c556eff61cacacabb54d9a9d5c3d8a956518dcd9632eb2698ae136a1ad55827a7d8ae92e988aa0937622b7c7775891", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x3d3)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000015", @ANYRES16=r0, @ANYBLOB="010827bd7000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="20005080090001006f8584e78b00000005000200020000000800030008ac0f000a0006000802110000010000"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x200000c4)

1.766229478s ago: executing program 2 (id=3040):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x4700)

1.577776687s ago: executing program 4 (id=3041):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="02004402ab79319c061700040000064b0638b9c6258a0080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB='\x00'/28], 0x50)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x7]})
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa02, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x8, 0x2800, 0x6, 0x2, 0xfffffff7, 0x8, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})
dup(r2)

1.476615506s ago: executing program 0 (id=3042):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01"], 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r3, 0x4018aee3, &(0x7f0000001b40)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r1, 0x8008f512, &(0x7f0000000200))
r4 = socket(0x26, 0x3, 0x6)
r5 = accept4$inet6(r3, 0x0, &(0x7f00000000c0), 0x80000)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x2, &(0x7f00000001c0)=[{0xe, 0xf7, 0x0, 0x7fc00100}, {0x1000, 0x2, 0x2, 0x80000000}]})
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
userfaultfd(0x80001)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000140)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r8, 0x40182103, &(0x7f0000000240)={r9, 0x0, r7})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r6, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmsg$TIPC_NL_NET_SET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x14)
close(r4)

1.364085339s ago: executing program 4 (id=3043):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmmsg$unix(r0, &(0x7f0000007b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000080}}], 0x1, 0x2000c080)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x583}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.19996346s ago: executing program 4 (id=3044):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000010004b0400000000000000007a000000", @ANYRES32=r2, @ANYBLOB="00000000000000000a0001"], 0x2c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x6, "96ab3f272339cf3935a8824943478cb18a5722d2da3a03f39b5eaee25558f362e7"}})
ioctl$FS_IOC_READ_VERITY_METADATA(r4, 0xc0286687, &(0x7f0000000080)={0x0, 0xfffffffffffffffe, 0xe8, &(0x7f0000000180)=""/232})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
sendmmsg$inet(r7, &(0x7f0000000880)=[{{&(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000040)="d249f18c5a05459d46486af8e640", 0xe}], 0x1}}], 0x1, 0x20048014)
mmap(&(0x7f00004f7000/0x4000)=nil, 0x4000, 0x4, 0x100810, r3, 0x81aae000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0xf0, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@local, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xff7ffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}}, 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r9 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x800)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r9, 0x7b2, &(0x7f0000000280)={&(0x7f00000008c0)=[0x5, 0xfb6, 0x2, 0xfff, 0x0, 0x2, 0x2, 0x1, 0x0, 0x3, 0x9, 0x1, 0xff, 0xffff, 0x5, 0x9, 0x1, 0x3, 0x39, 0x2, 0x1ff, 0x9, 0x1, 0x33178025, 0xa, 0x6, 0x101, 0xfffffffb, 0x1, 0x5, 0x5, 0x0, 0x4, 0x3, 0x4, 0x8, 0x2665, 0x166, 0x6, 0x5, 0xc1b, 0x200, 0x8001, 0xfff, 0x6, 0xfff, 0x64, 0x81, 0x8, 0x4d6, 0xd8b, 0x7, 0x2, 0x8000, 0x3af, 0x401, 0x3, 0x4, 0xe93, 0x800, 0x7, 0xfffffff2, 0x800, 0x3, 0x6, 0x181d, 0xe2b8, 0x4, 0x5, 0x7, 0x8, 0x8, 0x2, 0x3, 0x9, 0x4, 0x7, 0x2, 0x2, 0x0, 0x1, 0x3, 0x8, 0x0, 0x5, 0xfffffffc, 0xffffffc5, 0x7f, 0x2, 0x1, 0x1, 0xe, 0xffffffff, 0x400, 0x3, 0xd79, 0xfffffffe, 0xe, 0x9, 0x40000000, 0x0, 0x7, 0x6, 0x1, 0x2, 0x200, 0x5, 0x5, 0x1, 0x0, 0x1, 0xd, 0x3, 0x4, 0x7, 0x80000001, 0x101, 0x7, 0x5, 0x12, 0x3, 0x100, 0x6, 0x8, 0xfffffff9, 0x4, 0x5, 0x200, 0x2, 0x4, 0x0, 0x8, 0x4, 0x1, 0x7, 0x2, 0x9, 0x92ec, 0x6, 0x3, 0x6, 0x7f, 0x1290, 0x4, 0x4, 0x1, 0xb, 0x81, 0x98, 0x1, 0x8, 0xd14b61e, 0x75, 0x7, 0x1, 0x9, 0x5, 0x7, 0x1ff, 0x0, 0x2, 0x7, 0x15e5e593, 0x1, 0xffffe944, 0x5, 0x9, 0x5b3, 0x101, 0x8000, 0x71e0de1f, 0x9, 0x0, 0xdde, 0x2, 0xffffffc0, 0x401, 0x5, 0x5, 0x6, 0x7, 0x6, 0x380000, 0x8, 0x4ad, 0x6, 0x8000, 0x3, 0x5, 0x10000, 0x6, 0x6, 0x6, 0xc90, 0x755a, 0x2, 0x2, 0x1485, 0xfffffffb, 0x1ff0, 0x62, 0x5, 0xf607, 0x200, 0x7b, 0x100, 0x9, 0x7ff, 0x5, 0xf, 0x0, 0x2, 0x1, 0x3, 0x1, 0x4, 0x7fff, 0x3, 0x8, 0x9a20, 0xa, 0x81, 0x9, 0x6, 0x4, 0x100, 0xef91, 0xd37, 0x4, 0x2, 0x3, 0x40, 0x2, 0x7, 0x7, 0xfffffffc, 0xfff, 0x4, 0x3ee320c9, 0xdf06, 0x9, 0x5, 0x80, 0xfffffe00, 0x7, 0xffffffff, 0x35508ccb, 0x4, 0x9, 0xffff, 0x0, 0x2, 0x3ff, 0x6, 0xfffffc5f, 0x3, 0x2, 0x5, 0x0, 0x6, 0x3, 0x5, 0xfffffffd, 0x0, 0x1, 0x5, 0x3ff, 0x1, 0x2, 0x5, 0x100, 0x2, 0x2, 0x8, 0x3, 0x8, 0x5, 0x7, 0x3, 0x1, 0xfffffff3, 0x6, 0x0, 0x10000, 0x9, 0x10000, 0xffffffc0, 0xc, 0x9, 0xfffffc00, 0x80, 0x5, 0x40, 0xfff, 0xed0, 0xe, 0x8, 0x5, 0x7f, 0xc2, 0xfffffff9, 0x1ff, 0x91, 0x7, 0x8, 0x0, 0x7, 0x86, 0x1, 0x8, 0x3, 0xb, 0x80, 0x8, 0x80000000, 0x80, 0x7fffffff, 0x2, 0x9, 0x8, 0x6, 0xff, 0x9, 0x4, 0x7, 0x1ff, 0x7, 0x1, 0x0, 0xfffffff9, 0x5, 0xfffffffc, 0x9, 0x10001, 0x100, 0x40000000, 0x9, 0x6, 0x3, 0xf, 0x7fffffff, 0xc, 0xf077, 0x10000, 0x1, 0x6, 0x4, 0x3, 0x9, 0x6, 0x8, 0x10001, 0x9, 0x7, 0x3, 0xc70000, 0x1000, 0x6, 0x6, 0x9, 0x5, 0x40, 0x9, 0x7, 0x10000, 0x22, 0xff, 0x4, 0x6, 0x0, 0x4, 0x80, 0x3, 0x6, 0x78, 0x5, 0x200, 0x2, 0x9, 0x1, 0x7, 0x6, 0x2d, 0x10001, 0x200, 0x2f, 0x9, 0x2, 0x3, 0x7, 0xb, 0x7ff, 0x2, 0x3, 0x9, 0x789, 0x2813, 0x3, 0x7, 0x8, 0x4, 0x10, 0x7, 0x5, 0xfffffff7, 0x3, 0x7fffffff, 0x6, 0x0, 0x7, 0xfffffffe, 0xd, 0xfffffffa, 0x7ff, 0x2, 0x8, 0x7, 0x6, 0x7, 0x4, 0x3ff, 0x5, 0x8, 0x92, 0xc, 0x80000001, 0x2, 0xd, 0xc, 0x100, 0x3, 0xc7, 0x9, 0x100, 0x8, 0x7, 0x3, 0x9, 0x7, 0x0, 0xe, 0xb, 0x7, 0x8, 0x7f, 0x2, 0x2, 0xfffffffa, 0x6, 0xc0, 0x9, 0x40, 0x19f, 0x6, 0x10000, 0x0, 0x0, 0x5, 0x101, 0xb6, 0x81, 0xcbeb9488, 0x0, 0x2, 0x4, 0xff, 0x8, 0x2, 0x6, 0x7, 0x1, 0x3, 0x6, 0x7f0, 0x1000, 0x6, 0x8, 0x200, 0x8, 0x47, 0x8, 0x5, 0x8001, 0xe30, 0x2, 0xc, 0x4, 0x9, 0xff, 0x2, 0x351227db, 0x4, 0x0, 0x127d, 0x7, 0x9, 0x6, 0x4c, 0x101, 0x6a4, 0x5, 0x3, 0x4, 0x4, 0x2, 0x3, 0x277c, 0x7, 0xd, 0x1, 0x8000, 0x0, 0x6, 0x3, 0x25c, 0x200, 0xfffffff7, 0xfffff41a, 0x80000000, 0x7, 0x1, 0x105e, 0xc87, 0x100, 0xb1, 0x0, 0x10, 0xe5bf, 0x4, 0x101, 0xfffffff8, 0x8001, 0x7, 0x5, 0xfffffffd, 0x3, 0x9, 0x8, 0x6, 0x6af, 0x1, 0x0, 0x0, 0x4, 0xc, 0x2, 0x5, 0x8000, 0x10000, 0x6, 0x1, 0x6, 0x40, 0x654e, 0x10001, 0xfffffff8, 0xffffff7f, 0x4, 0xf, 0xca, 0x8c3, 0x2, 0x0, 0x9, 0x9, 0x3, 0x8, 0x4, 0x84d, 0x9, 0x80, 0x4, 0x1000, 0x8, 0x9, 0x3, 0x9, 0x80, 0x46e6ca88, 0x75, 0x6, 0xd4000000, 0x400, 0x0, 0x6d77e8b4, 0x1, 0x1, 0x3, 0x5, 0x2, 0x0, 0x5, 0x4, 0x9, 0x800, 0x5, 0x3ff, 0x80000001, 0x2, 0x96e3, 0x6, 0x5, 0x785a, 0xfd76, 0x401, 0x548, 0xbc, 0x100, 0x1, 0x7, 0x0, 0x1, 0x3d100000, 0xfcab, 0x7fffffff, 0x4, 0x3, 0x0, 0x1, 0x0, 0x828, 0x1, 0x80000000, 0x4, 0x100, 0x4, 0x1000, 0x4, 0x5, 0x400, 0x3, 0x3, 0xfffffffe, 0xd0, 0x4, 0x4, 0x9, 0x7, 0xffffff83, 0x9, 0x1, 0x7, 0x4f87, 0x4, 0x0, 0x9, 0x3ff, 0x80, 0x2, 0xfffffffa, 0x7, 0x87, 0x9, 0x4, 0x4, 0x1000, 0x8000, 0x8c8, 0x7, 0x2, 0xfffffffb, 0x9, 0x7, 0x3, 0xd0bc, 0x3, 0x3, 0x1000, 0xffffffff, 0x9, 0x9, 0x34, 0x70b, 0x4, 0xffffff77, 0x4, 0x9, 0x7, 0x6, 0xd8, 0x5, 0x4, 0x3ea5, 0x0, 0x2, 0x3, 0x8, 0xc1d, 0x6, 0x8001, 0x7fff, 0x5, 0xf31, 0x8, 0x0, 0x8, 0xc, 0x5, 0x1, 0x9, 0xd2, 0x4, 0x0, 0x1, 0x9, 0x3, 0x8, 0x6, 0x3, 0x6, 0xcd7, 0xffffffab, 0xffffffff, 0x4, 0x6, 0x8, 0x3, 0xaf7, 0x80000000, 0xdd, 0x9, 0x80000000, 0x9, 0xa3bd, 0x6, 0x9, 0x80000000, 0x80000000, 0x1000, 0xfffff800, 0x0, 0x9, 0x66, 0x8000, 0x300, 0x3ff, 0x7, 0x8, 0x8c3, 0x0, 0xffff, 0x7fff, 0x6b1, 0x4, 0x9, 0x1000, 0x4, 0x6, 0x3, 0x4, 0x38000000, 0x9100, 0x6, 0x956, 0x66b, 0xffffffff, 0x0, 0x8000, 0x1000, 0x7fffffff, 0x0, 0x1, 0x7fff, 0x6, 0x3ff, 0x6, 0x10, 0x0, 0x4, 0x401, 0x400, 0x8, 0x80000000, 0x0, 0x9, 0x5, 0x3, 0x1, 0x936, 0x7, 0x200, 0x3, 0x0, 0x2, 0xbb0, 0x0, 0x8, 0x1f, 0x0, 0x2, 0xfffffff8, 0x5, 0x8, 0x8a1, 0x4, 0xc, 0x7ff, 0x6, 0x6, 0x1ff, 0x8, 0x3, 0x7fff, 0xf, 0xfffffffb, 0xfffffff9, 0x6, 0x5, 0x9, 0xc3fc, 0x1, 0x0, 0xd235, 0x0, 0x10000, 0xe, 0x9, 0x40, 0x35c, 0x200, 0x40, 0x5e4dea4e, 0x9, 0x2, 0x5, 0x2, 0x8, 0x644, 0x40, 0xf39, 0x6, 0x1, 0x7, 0x10000000, 0x3, 0x10000, 0xfff, 0xffffffff, 0xc7, 0x1000, 0x80000000, 0x3, 0x0, 0x6, 0x6, 0x3, 0x7, 0x6, 0x0, 0x1, 0x0, 0x73b72333, 0x3, 0xf64, 0x40db, 0x6, 0x52, 0x1, 0x3, 0x8001, 0xd, 0x4, 0x8, 0x7f, 0x6, 0x822b, 0xc, 0x8001, 0xfffffffe, 0x0, 0x1, 0x200, 0x6b99, 0xe6a2, 0x1, 0x9, 0x86, 0x7fff, 0xfffffff9, 0x800, 0x1d8, 0x8, 0xc, 0xffffffff, 0x7, 0x3, 0x4, 0x7fff, 0x9acd, 0x3d4, 0x2, 0x80000000, 0x4, 0xf4c, 0xffff0000, 0x81, 0x200, 0x7fff, 0x2, 0x10001, 0x8, 0x4, 0x6, 0xff3b, 0x3, 0x19f9, 0x10000, 0xa, 0x7, 0x267d2d07, 0x6, 0x3, 0x3, 0x0, 0x4, 0x6, 0xfffffff8, 0x7, 0x9, 0xd, 0x54, 0x7, 0x6, 0x4d, 0x1ff, 0x3acd, 0x9, 0x1, 0xfffffff9, 0x8, 0x101, 0x80000001, 0x9, 0x9f, 0x8, 0xc79, 0xf, 0x0, 0x41, 0x9, 0x1, 0xfffffffd, 0x1, 0xbe3, 0x7, 0x5, 0x2, 0x81, 0xff, 0x3, 0x8, 0x5, 0x8, 0xfffffffb, 0x7b, 0xe3a, 0xc08, 0x2, 0x7, 0x4, 0x2, 0x401, 0x1, 0x1ff, 0x1, 0x4, 0x5, 0x1, 0x1, 0xfffff904, 0xa183, 0x8, 0xb, 0xfffffffa, 0x40, 0x7, 0x5, 0x8000, 0x7fff, 0x8, 0x80000001, 0x3, 0x80000001, 0x5, 0x5, 0x200, 0x6, 0x5, 0x8, 0x73ef, 0x8, 0x8, 0x1, 0x8000, 0xd8c2, 0xe, 0x4, 0x5, 0x7fffffff, 0x4, 0x0, 0x3a7d, 0x8, 0x7, 0x2, 0xa, 0xffffffff, 0x9, 0xfff, 0xefe, 0x694a481b, 0x8000, 0x6, 0x9, 0x6f1, 0x4, 0x5, 0x17b, 0x8, 0x0, 0x80, 0xf5, 0x5, 0x8], 0x4, 0x400, 0xfffffffe})
syz_usb_disconnect(r8)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$EVIOCRMFF(r8, 0xc0085504, &(0x7f0000000000))
fsconfig$FSCONFIG_CMD_RECONFIGURE(r9, 0x7, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0400000000000000d90100000000000001"])

869.390149ms ago: executing program 5 (id=3045):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x5, 0x12, 0x2, 0xffffffffffffffff, 0xfffff000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
close(r2)
userfaultfd(0x80001)
mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1\x88\x16', 0x0)
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
ppoll(&(0x7f00000000c0)=[{r4, 0x747}, {r4, 0x6160}], 0x2, 0x0, 0x0, 0x0)
unshare(0x2040400)
signalfd4(r4, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800)
close(r3)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mlockall(0x7)
shutdown(r5, 0x2)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$netlink(0x10, 0x3, 0x12)
socket$inet6(0xa, 0x5, 0x0)

160.276996ms ago: executing program 1 (id=3046):
syz_emit_ethernet(0x1e, &(0x7f0000000200)={@local, @empty, @void, {@can={0xc, {{0x4, 0x1}, 0x0, 0x1, 0x0, 0x0, "014debc8ac3e28b2"}}}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
syz_io_uring_setup(0x1b13, &(0x7f0000000240)={0x0, 0x9c0e, 0x10100, 0xfffffffe, 0x200, 0x0, r0}, &(0x7f0000000000), &(0x7f0000000040))
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "9f900f414dc7e26ad7a1d105a0a09293e32b2807d9738f2ca26013d9f8b17652"})

361.826µs ago: executing program 4 (id=3047):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff000020720501cb3d6600ea000109021200010000000009040000005be8eb00"], 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x7a)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = accept4(r7, 0x0, 0x0, 0x800)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/warn_count', 0x48000, 0x0)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
read$watch_queue(r9, &(0x7f0000000140)=""/16, 0x10)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3bc52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000001400)=""/4096, 0x1000}], 0x2}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000010}, 0x800)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x440, 0x0)
ioctl$SIOCGETNODEID(r2, 0x89e1, &(0x7f0000000000)={0x3})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0x10, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x4}, @TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)

0s ago: executing program 0 (id=3048):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x111, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}, @IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x60}}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r2, 0xe0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000740)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0xfffffffffffffdc5, 0x0, 0x0, 0x0, 0xfffc, 0x13, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x20, 0x41, 0x107, 0x0, 0x25dfdbfc, {0x2, 0x7c}, [@nested={0x4, 0x31}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x40}]}]}, 0x20}}, 0x4010)

kernel console output (not intermixed with test programs):

0x54b/0x3c00
[  897.038500][T16025]  ? copy_process+0x54b/0x3c00
[  897.038516][T16025]  dup_task_struct+0x3e7/0x860
[  897.038534][T16025]  copy_process+0x54b/0x3c00
[  897.038563][T16025]  ? get_pid_task+0x20/0x1f0
[  897.038584][T16025]  ? __pfx_copy_process+0x10/0x10
[  897.038609][T16025]  kernel_clone+0x21e/0x870
[  897.038624][T16025]  ? vfs_write+0x8d8/0xa90
[  897.038651][T16025]  ? __pfx_kernel_clone+0x10/0x10
[  897.038674][T16025]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  897.038693][T16025]  __x64_sys_clone+0x18b/0x1e0
[  897.038712][T16025]  ? __pfx___x64_sys_clone+0x10/0x10
[  897.038741][T16025]  ? __pfx_ksys_write+0x10/0x10
[  897.038753][T16025]  ? rcu_is_watching+0x15/0xb0
[  897.038780][T16025]  ? do_syscall_64+0xbe/0x3b0
[  897.038797][T16025]  do_syscall_64+0xfa/0x3b0
[  897.038809][T16025]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.038832][T16025]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.038856][T16025]  ? clear_bhb_loop+0x60/0xb0
[  897.038875][T16025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.038890][T16025] RIP: 0033:0x7f5a5d58e929
[  897.038904][T16025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.038918][T16025] RSP: 002b:00007f5a5e3d3fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  897.038934][T16025] RAX: ffffffffffffffda RBX: 00007f5a5d7b5fa0 RCX: 00007f5a5d58e929
[  897.038945][T16025] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000120000
[  897.038956][T16025] RBP: 00007f5a5e3d4090 R08: 0000000000000000 R09: 0000000000000000
[  897.038965][T16025] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  897.038974][T16025] R13: 0000000000000000 R14: 00007f5a5d7b5fa0 R15: 00007f5a5d8dfa28
[  897.038996][T16025]  </TASK>
[  897.039827][T16025] syz.2.2699: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  897.529547][T16025] CPU: 1 UID: 0 PID: 16025 Comm: syz.2.2699 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  897.529572][T16025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  897.529582][T16025] Call Trace:
[  897.529588][T16025]  <TASK>
[  897.529595][T16025]  dump_stack_lvl+0x189/0x250
[  897.529626][T16025]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.529649][T16025]  ? __pfx__printk+0x10/0x10
[  897.529666][T16025]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  897.529683][T16025]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  897.529701][T16025]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  897.529727][T16025]  warn_alloc+0x214/0x310
[  897.529744][T16025]  ? kasan_quarantine_put+0xdd/0x220
[  897.529767][T16025]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.529791][T16025]  ? __pfx_warn_alloc+0x10/0x10
[  897.529809][T16025]  ? kfree+0x18e/0x440
[  897.529830][T16025]  ? __get_vm_area_node+0x13f/0x300
[  897.529853][T16025]  ? copy_process+0x54b/0x3c00
[  897.529872][T16025]  ? __get_vm_area_node+0x211/0x300
[  897.529901][T16025]  __vmalloc_node_range_noprof+0x326/0x12f0
[  897.529936][T16025]  ? percpu_ref_get_many+0x19/0x140
[  897.529959][T16025]  ? percpu_ref_get_many+0x19/0x140
[  897.529986][T16025]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  897.530005][T16025]  ? memcpy_and_pad+0x48/0x80
[  897.530026][T16025]  __vmalloc_node_noprof+0xc2/0x110
[  897.530043][T16025]  ? copy_process+0x54b/0x3c00
[  897.530055][T16025]  ? copy_process+0x54b/0x3c00
[  897.530070][T16025]  dup_task_struct+0x3e7/0x860
[  897.530088][T16025]  copy_process+0x54b/0x3c00
[  897.530118][T16025]  ? get_pid_task+0x20/0x1f0
[  897.530138][T16025]  ? __pfx_copy_process+0x10/0x10
[  897.530162][T16025]  kernel_clone+0x21e/0x870
[  897.530176][T16025]  ? vfs_write+0x8d8/0xa90
[  897.530202][T16025]  ? __pfx_kernel_clone+0x10/0x10
[  897.530224][T16025]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  897.530244][T16025]  __x64_sys_clone+0x18b/0x1e0
[  897.530262][T16025]  ? __pfx___x64_sys_clone+0x10/0x10
[  897.530295][T16025]  ? __pfx_ksys_write+0x10/0x10
[  897.530307][T16025]  ? rcu_is_watching+0x15/0xb0
[  897.530333][T16025]  ? do_syscall_64+0xbe/0x3b0
[  897.530349][T16025]  do_syscall_64+0xfa/0x3b0
[  897.530362][T16025]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.530384][T16025]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.530398][T16025]  ? clear_bhb_loop+0x60/0xb0
[  897.530416][T16025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.530430][T16025] RIP: 0033:0x7f5a5d58e929
[  897.530444][T16025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.530457][T16025] RSP: 002b:00007f5a5e3d3fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  897.530474][T16025] RAX: ffffffffffffffda RBX: 00007f5a5d7b5fa0 RCX: 00007f5a5d58e929
[  897.530486][T16025] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000120000
[  897.530495][T16025] RBP: 00007f5a5e3d4090 R08: 0000000000000000 R09: 0000000000000000
[  897.530505][T16025] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  897.530514][T16025] R13: 0000000000000000 R14: 00007f5a5d7b5fa0 R15: 00007f5a5d8dfa28
[  897.530536][T16025]  </TASK>
[  897.572987][T16025] Mem-Info:
[  897.915662][T16025] active_anon:12556 inactive_anon:0 isolated_anon:0
[  897.915662][T16025]  active_file:19923 inactive_file:40222 isolated_file:0
[  897.915662][T16025]  unevictable:768 dirty:280 writeback:0
[  897.915662][T16025]  slab_reclaimable:10771 slab_unreclaimable:104065
[  897.915662][T16025]  mapped:32067 shmem:3735 pagetables:2113
[  897.915662][T16025]  sec_pagetables:3 bounce:0
[  897.915662][T16025]  kernel_misc_reclaimable:0
[  897.915662][T16025]  free:1267977 free_pcp:24251 free_cma:0
[  898.023015][T16025] Node 0 active_anon:50224kB inactive_anon:0kB active_file:79548kB inactive_file:160688kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128176kB dirty:1120kB writeback:0kB shmem:13404kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13512kB pagetables:8184kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB
[  898.182801][T16025] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:92kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:268kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  898.260747][T16025] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  898.290665][T16025] lowmem_reserve[]: 0 2500 2502 2502 2502
[  898.297641][T16025] Node 0 DMA32 free:1193120kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:50904kB inactive_anon:0kB active_file:79548kB inactive_file:158868kB unevictable:1536kB writepending:1128kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:40588kB local_pcp:19620kB free_cma:0kB
[  898.377025][T16025] lowmem_reserve[]: 0 0 1 1 1
[  898.397895][T16025] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  898.432789][T11025] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  898.446096][T16025] lowmem_reserve[]: 0 0 0 0 0
[  898.472887][T16025] Node 1 Normal free:3863412kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:57492kB local_pcp:28732kB free_cma:0kB
[  898.595282][T11025] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  898.604865][T16025] lowmem_reserve[]: 0 0 0 0 0
[  898.609623][T16025] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  898.655042][T11025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.690064][T11025] usb 6-1: config 0 descriptor??
[  898.749839][T16025] Node 0 DMA32: 1112*4kB (UME) 898*8kB (UME) 725*16kB (UM) 725*32kB (UME) 313*64kB (UME) 184*128kB (UME) 45*256kB (UME) 52*512kB (UM) 29*1024kB (UM) 3*2048kB (UM) 251*4096kB (UM) = 1192096kB
[  899.112870][T16025] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  899.240852][T16025] Node 1 Normal: 7*4kB (UME) 7*8kB (UME) 12*16kB (UME) 7*32kB (UME) 6*64kB (UME) 2*128kB (ME) 13*256kB (UM) 11*512kB (UME) 7*1024kB (UME) 6*2048kB (UME) 936*4096kB (UM) = 3863412kB
[  899.300778][T16025] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  899.321804][T16025] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[  899.352361][T11025] usb 6-1: Cannot set MAC address
[  899.362354][T16025] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  899.362505][T11025] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  899.423302][T16025] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  899.502835][T16025] 63868 total pagecache pages
[  899.521079][T16025] 0 pages in swap cache
[  899.532523][T11025] usb 6-1: USB disconnect, device number 84
[  899.555049][T16025] Free swap  = 124996kB
[  899.587496][T16025] Total swap = 124996kB
[  899.636935][T16025] 2097051 pages RAM
[  899.640817][T16025] 0 pages HighMem/MovableOnly
[  899.662775][T16025] 424690 pages reserved
[  899.667013][T16025] 0 pages cma reserved
[  899.932809][ T5926] usb 1-1: new full-speed USB device number 121 using dummy_hcd
[  900.180843][ T5926] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  900.204281][ T5926] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  900.215416][ T5926] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  900.230997][ T5926] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  900.242531][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.295309][ T5926] usbtmc 1-1:16.0: bulk endpoints not found
[  900.661066][T16070] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  900.789670][T16070] FAULT_INJECTION: forcing a failure.
[  900.789670][T16070] name failslab, interval 1, probability 0, space 0, times 0
[  900.882794][T16070] CPU: 1 UID: 0 PID: 16070 Comm: syz.2.2709 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  900.882828][T16070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  900.882842][T16070] Call Trace:
[  900.882851][T16070]  <TASK>
[  900.882861][T16070]  dump_stack_lvl+0x189/0x250
[  900.882900][T16070]  ? __pfx____ratelimit+0x10/0x10
[  900.882933][T16070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  900.882965][T16070]  ? __pfx__printk+0x10/0x10
[  900.883002][T16070]  should_fail_ex+0x414/0x560
[  900.883034][T16070]  should_failslab+0xa8/0x100
[  900.883060][T16070]  kmem_cache_alloc_noprof+0x73/0x3c0
[  900.883093][T16070]  ? skb_clone+0x212/0x3a0
[  900.883127][T16070]  skb_clone+0x212/0x3a0
[  900.883168][T16070]  __netlink_deliver_tap+0x404/0x850
[  900.883207][T16070]  ? netlink_deliver_tap+0x2e/0x1b0
[  900.883233][T16070]  netlink_deliver_tap+0x19c/0x1b0
[  900.883260][T16070]  netlink_sendskb+0x68/0x140
[  900.883284][T16070]  netlink_rcv_skb+0x28c/0x470
[  900.883310][T16070]  ? __pfx_genl_rcv_msg+0x10/0x10
[  900.883343][T16070]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  900.883387][T16070]  ? down_read+0x1ad/0x2e0
[  900.883410][T16070]  genl_rcv+0x28/0x40
[  900.883437][T16070]  netlink_unicast+0x758/0x8d0
[  900.883472][T16070]  netlink_sendmsg+0x805/0xb30
[  900.883507][T16070]  ? __pfx_netlink_sendmsg+0x10/0x10
[  900.883535][T16070]  ? aa_sock_msg_perm+0x94/0x160
[  900.883560][T16070]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  900.883582][T16070]  ? __pfx_netlink_sendmsg+0x10/0x10
[  900.883603][T16070]  __sock_sendmsg+0x219/0x270
[  900.883633][T16070]  ____sys_sendmsg+0x505/0x830
[  900.883665][T16070]  ? __pfx_____sys_sendmsg+0x10/0x10
[  900.883699][T16070]  ? import_iovec+0x74/0xa0
[  900.883719][T16070]  ___sys_sendmsg+0x21f/0x2a0
[  900.883743][T16070]  ? __pfx____sys_sendmsg+0x10/0x10
[  900.883796][T16070]  ? __fget_files+0x2a/0x420
[  900.883813][T16070]  ? __fget_files+0x3a0/0x420
[  900.883840][T16070]  __x64_sys_sendmsg+0x19b/0x260
[  900.883864][T16070]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  900.883894][T16070]  ? __pfx_ksys_write+0x10/0x10
[  900.883907][T16070]  ? rcu_is_watching+0x15/0xb0
[  900.883938][T16070]  ? do_syscall_64+0xbe/0x3b0
[  900.883957][T16070]  do_syscall_64+0xfa/0x3b0
[  900.883971][T16070]  ? lockdep_hardirqs_on+0x9c/0x150
[  900.883996][T16070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.884013][T16070]  ? clear_bhb_loop+0x60/0xb0
[  900.884034][T16070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.884050][T16070] RIP: 0033:0x7f5a5d58e929
[  900.884066][T16070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  900.884081][T16070] RSP: 002b:00007f5a5e3d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  900.884099][T16070] RAX: ffffffffffffffda RBX: 00007f5a5d7b5fa0 RCX: 00007f5a5d58e929
[  900.884112][T16070] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  900.884123][T16070] RBP: 00007f5a5e3d4090 R08: 0000000000000000 R09: 0000000000000000
[  900.884134][T16070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  900.884144][T16070] R13: 0000000000000000 R14: 00007f5a5d7b5fa0 R15: 00007f5a5d8dfa28
[  900.884176][T16070]  </TASK>
[  901.720393][T16082] delete_channel: no stack
[  902.123047][ T5922] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  902.356292][ T5922] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  902.437926][ T5922] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  902.504851][ T5922] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  902.514370][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.572962][T16087] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  902.610792][ T5922] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  902.679397][ T5926] usb 1-1: USB disconnect, device number 121
[  903.092560][T16112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.168164][T16112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.238475][T16112] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns
[  903.341639][T16098] cgroup: fork rejected by pids controller in /syz4
[  903.356107][ T5926] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  903.457836][ T5922] usb 3-1: USB disconnect, device number 121
[  903.469754][T16132] bridge0: entered promiscuous mode
[  903.494370][T16132] vlan2: entered promiscuous mode
[  903.628205][ T5926] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  903.759584][ T5926] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  903.876146][ T5926] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  903.928060][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.947692][T16113] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  904.048410][ T5926] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  905.133833][T11025] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  905.293765][T11025] usb 3-1: Using ep0 maxpacket: 8
[  905.327999][T11025] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 45, changing to 9
[  905.416729][T11025] usb 3-1: config 1 interface 0 has no altsetting 0
[  905.520535][T11025] usb 3-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  905.536536][T11025] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.556838][T11025] usb 3-1: Product: syz
[  905.566673][T11025] usb 3-1: Manufacturer: syz
[  905.579154][T11025] usb 3-1: SerialNumber: syz
[  906.232451][ T5926] usb 1-1: USB disconnect, device number 122
[  906.735451][T11016] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  906.935016][T11016] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  907.016591][T11016] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  907.094697][T11016] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  907.151495][T11016] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  907.195598][T11016] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.239835][T11016] usbtmc 2-1:16.0: bulk endpoints not found
[  907.644321][T11025] usbhid 3-1:1.0: can't add hid device: -71
[  907.650412][T11025] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  907.698616][T11025] usb 3-1: USB disconnect, device number 122
[  908.122798][T11016] usb 1-1: new full-speed USB device number 123 using dummy_hcd
[  908.199097][T16190] vlan2: entered promiscuous mode
[  908.207558][T16190] batadv0: entered promiscuous mode
[  908.294723][T11016] usb 1-1: config 2 has an invalid interface number: 1 but max is 0
[  908.302922][T10925] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  908.324040][T11016] usb 1-1: config 2 has no interface number 0
[  908.330473][T11016] usb 1-1: config 2 interface 1 has no altsetting 0
[  908.347213][T11016] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  908.357969][T11016] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.387295][T11016] usb 1-1: Product: syz
[  908.391548][T11016] usb 1-1: Manufacturer: syz
[  908.422948][T11016] usb 1-1: SerialNumber: syz
[  908.499487][T10925] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  908.513105][T10925] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  908.536279][T10925] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  908.577360][T10925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  908.599814][T10925] usb 3-1: SerialNumber: syz
[  908.644206][T16185] support for cryptoloop has been removed.  Use dm-crypt instead.
[  908.654459][T16185] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2728'.
[  908.700695][T16185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  908.746025][T16185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  908.884849][   T24] hid-generic 001D:0001:00F5.0028: unknown main item tag 0x4
[  908.982166][   T24] hid-generic 001D:0001:00F5.0028: item fetching failed at offset 1/134
[  909.028836][   T24] hid-generic 001D:0001:00F5.0028: probe with driver hid-generic failed with error -22
[  909.252419][T10925] usb 3-1: 0:2 : does not exist
[  909.316706][T10925] usb 3-1: USB disconnect, device number 123
[  909.446331][ T5967] udevd[5967]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  909.485343][T11016] snd-usb-audio 1-1:2.1: probe with driver snd-usb-audio failed with error -22
[  909.505215][T11016] snd-usb-us122l 1-1:2.1: usb_set_interface error
[  909.512193][T11016] snd-usb-us122l 1-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  909.545851][   T24] usb 2-1: USB disconnect, device number 16
[  909.582606][T11016] usb 1-1: USB disconnect, device number 123
[  909.643614][ T5967] udevd[5967]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  909.742289][T16206] bridge0: entered promiscuous mode
[  909.767938][T16206] vlan2: entered promiscuous mode
[  909.922778][T11016] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  910.051578][T16217] netlink: 'syz.4.2737': attribute type 23 has an invalid length.
[  910.093551][T11016] usb 1-1: Using ep0 maxpacket: 8
[  910.110735][T11016] usb 1-1: config 0 has an invalid interface number: 113 but max is 0
[  910.119515][T11016] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  910.130378][T11016] usb 1-1: config 0 has no interface number 0
[  910.137068][T11016] usb 1-1: config 0 interface 113 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  910.158941][T11016] usb 1-1: config 0 interface 113 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 7
[  910.217047][T11016] usb 1-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=c0.0a
[  910.227013][T11016] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.236987][T11016] usb 1-1: Product: syz
[  910.241475][T11016] usb 1-1: Manufacturer: syz
[  910.253210][T11016] usb 1-1: SerialNumber: syz
[  910.281323][T11016] usb 1-1: config 0 descriptor??
[  910.304277][T11016] ttusb_dec_send_command: command bulk message failed: error -8
[  910.315128][T11016] ttusb-dec 1-1:0.113: probe with driver ttusb-dec failed with error -8
[  910.328894][T11016] usbhid 1-1:0.113: couldn't find an input interrupt endpoint
[  910.443165][T10925] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  910.570281][T16203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  910.602515][T16203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  910.619138][T10925] usb 6-1: config 0 has an invalid interface number: 175 but max is 0
[  910.636072][T10925] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  910.658168][T10925] usb 6-1: config 0 has no interface number 0
[  910.673469][T10925] usb 6-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  910.707070][T10925] usb 6-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  910.779962][T10925] usb 6-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  910.794200][T10925] usb 6-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  910.815240][T10925] usb 6-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  910.826733][T10925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.842837][T10925] usb 6-1: Product: syz
[  910.849456][T10925] usb 6-1: Manufacturer: syz
[  910.858763][T10925] usb 6-1: SerialNumber: syz
[  910.882073][T10925] usb 6-1: config 0 descriptor??
[  910.913780][T10925] symbolserial 6-1:0.175: symbol converter detected
[  910.950965][T10925] usb 6-1: symbol converter now attached to ttyUSB0
[  910.990223][T16234] ucma_write: process 1938 (syz.4.2743) changed security contexts after opening file descriptor, this is not allowed.
[  911.100524][T11025] usb 6-1: USB disconnect, device number 85
[  911.130201][T11025] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  911.148725][T11025] symbolserial 6-1:0.175: device disconnected
[  911.162364][T16237] tap0: tun_chr_ioctl cmd 1074025673
[  911.193928][T16237] kvm: MWAIT instruction emulated as NOP!
[  911.765360][T16253] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2747'.
[  912.003726][T16255] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2748'.
[  912.273492][T16262] loop7: detected capacity change from 0 to 16384
[  912.532749][T11016] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[  912.703025][T11016] usb 3-1: Using ep0 maxpacket: 8
[  912.728782][T11016] usb 3-1: config 0 has no interfaces?
[  912.750809][T11016] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  912.795157][T11016] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  912.812507][T11016] usb 3-1: Product: syz
[  912.821137][T11016] usb 3-1: Manufacturer: syz
[  912.826021][T11016] usb 3-1: SerialNumber: syz
[  912.853502][T11016] usb 3-1: config 0 descriptor??
[  913.153584][   T30] kauditd_printk_skb: 76 callbacks suppressed
[  913.153605][   T30] audit: type=1326 audit(1750487266.906:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16261 comm="syz.2.2750" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a5d58e929 code=0x7eff0000
[  913.187615][T16262] I/O error, dev loop7, sector 520 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
[  913.906527][T10925] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  914.149828][T10925] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  914.170323][T10925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  914.228135][T10925] usb 6-1: Product: syz
[  914.235754][T10925] usb 6-1: Manufacturer: syz
[  914.249483][T10925] usb 6-1: SerialNumber: syz
[  914.283986][T10925] r8152-cfgselector 6-1: Unknown version 0x0000
[  914.290557][T10925] r8152-cfgselector 6-1: config 0 descriptor??
[  914.787940][T10925] r8152-cfgselector 6-1: USB disconnect, device number 86
[  914.795534][   T24] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  915.154903][T16314] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2765'.
[  915.579840][T10925] usb 3-1: USB disconnect, device number 124
[  915.625989][T16261] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 32 prio class 0
[  915.700119][T16261] buffer_io_error: 90 callbacks suppressed
[  915.700140][T16261] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  915.781783][T16261] Buffer I/O error on dev loop7, logical block 1, lost async page write
[  915.825075][T16261] Buffer I/O error on dev loop7, logical block 2, lost async page write
[  915.859955][T16261] Buffer I/O error on dev loop7, logical block 3, lost async page write
[  915.904508][T16261] Buffer I/O error on dev loop7, logical block 4, lost async page write
[  915.931267][T16261] Buffer I/O error on dev loop7, logical block 5, lost async page write
[  915.956321][T16261] Buffer I/O error on dev loop7, logical block 6, lost async page write
[  915.992764][T16261] Buffer I/O error on dev loop7, logical block 7, lost async page write
[  916.037871][T16325] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2767'.
[  916.047148][T16325] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  916.056619][T16325] sit0: entered promiscuous mode
[  916.061752][T16325] sit0: left allmulticast mode
[  916.067033][T16325] netlink: 21 bytes leftover after parsing attributes in process `syz.5.2767'.
[  916.102896][T16261] Buffer I/O error on dev loop7, logical block 8, lost async page write
[  916.147071][T16261] Buffer I/O error on dev loop7, logical block 9, lost async page write
[  917.256828][T16346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  917.273686][T16346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  917.305348][   T24] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  917.464341][   T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  917.496550][   T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  917.560489][   T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  917.611124][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.884288][   T24] usb 2-1: usb_control_msg returned -32
[  917.916160][   T24] usbtmc 2-1:16.0: can't read capabilities
[  918.219216][T16359] usbtmc 2-1:16.0: INDICATOR_PULSE returned 0
[  918.368499][T16357] only policy match revision 0 supported
[  918.368524][T16357] unable to load match
[  918.440759][   T24] usb 2-1: USB disconnect, device number 17
[  919.462232][T16375] loop2: detected capacity change from 0 to 7
[  919.503954][T16375] ldm_validate_partition_table(): Disk read failed.
[  919.561376][T16375] Dev loop2: unable to read RDB block 0
[  919.623208][T16375]  loop2: unable to read partition table
[  919.673048][T16375] loop2: partition table beyond EOD, truncated
[  919.686529][T16375] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  920.105172][T16386] futex_wake_op: syz.5.2781 tries to shift op by -33; fix this program
[  920.119685][T16386] netdevsim netdevsim5: Direct firmware load for .
[  920.119685][T16386]  failed with error -2
[  920.130427][T16386] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  920.130427][T16386] 
[  920.196070][T16385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  920.294361][T16385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  920.642764][T11016] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  920.956110][T11016] usb 2-1: unable to get BOS descriptor or descriptor too short
[  920.975748][T11016] usb 2-1: not running at top speed; connect to a high speed hub
[  920.987580][T11016] usb 2-1: config 1 descriptor has 1 excess byte, ignoring
[  920.995109][T11016] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  921.007092][T11016] usb 2-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.40
[  921.023286][T11016] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  921.039760][T11016] usb 2-1: Product: syz
[  921.070942][T11016] usb 2-1: Manufacturer: syz
[  921.161088][T11016] usb 2-1: SerialNumber: syz
[  922.437208][T16406] IPVS: set_ctl: invalid protocol: 98 100.1.1.2:20003
[  922.715377][T11016] usb 2-1: USB disconnect, device number 18
[  923.238845][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2797'.
[  923.251091][T16426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2797'.
[  923.260389][T16426] netlink: 'syz.0.2797': attribute type 11 has an invalid length.
[  923.339825][T16429] macsec0: entered promiscuous mode
[  923.348998][T16429] macsec0: entered allmulticast mode
[  923.356665][T16426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  923.365308][T16429] veth1_macvtap: entered allmulticast mode
[  923.405841][T16426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  923.576680][T16434] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2800'.
[  923.912288][T16444] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2803'.
[  923.955923][T16445] futex_wake_op: syz.2.2801 tries to shift op by -33; fix this program
[  923.970045][T16445] netdevsim netdevsim2: Direct firmware load for .
[  923.970045][T16445]  failed with error -2
[  923.981093][T16445] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  923.981093][T16445] 
[  923.993138][T16446] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2803'.
[  924.989170][T16463] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  925.635645][T16473] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  925.993769][T16477] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2815'.
[  926.148802][T16477] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2815'.
[  926.428744][T16484] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  927.097212][T16500] FAULT_INJECTION: forcing a failure.
[  927.097212][T16500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  927.117585][T16500] CPU: 0 UID: 0 PID: 16500 Comm: syz.0.2821 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  927.117614][T16500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  927.117624][T16500] Call Trace:
[  927.117631][T16500]  <TASK>
[  927.117638][T16500]  dump_stack_lvl+0x189/0x250
[  927.117667][T16500]  ? __pfx____ratelimit+0x10/0x10
[  927.117690][T16500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  927.117713][T16500]  ? __pfx__printk+0x10/0x10
[  927.117731][T16500]  ? lockdep_hardirqs_on+0x9c/0x150
[  927.117758][T16500]  should_fail_ex+0x414/0x560
[  927.117781][T16500]  _copy_to_user+0x31/0xb0
[  927.117798][T16500]  __htab_map_lookup_and_delete_batch+0x103d/0x13a0
[  927.117846][T16500]  ? __pfx___htab_map_lookup_and_delete_batch+0x10/0x10
[  927.117874][T16500]  ? __pfx_htab_percpu_map_lookup_batch+0x10/0x10
[  927.117894][T16500]  bpf_map_do_batch+0x25b/0x5f0
[  927.117917][T16500]  ? security_bpf+0x7e/0x300
[  927.117936][T16500]  __sys_bpf+0x70c/0x860
[  927.117958][T16500]  ? __pfx___sys_bpf+0x10/0x10
[  927.117986][T16500]  ? ksys_write+0x22a/0x250
[  927.118002][T16500]  ? __pfx_ksys_write+0x10/0x10
[  927.118014][T16500]  ? rcu_is_watching+0x15/0xb0
[  927.118043][T16500]  __x64_sys_bpf+0x7c/0x90
[  927.118061][T16500]  do_syscall_64+0xfa/0x3b0
[  927.118074][T16500]  ? lockdep_hardirqs_on+0x9c/0x150
[  927.118106][T16500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.118121][T16500]  ? clear_bhb_loop+0x60/0xb0
[  927.118139][T16500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  927.118154][T16500] RIP: 0033:0x7f18adf8e929
[  927.118168][T16500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  927.118181][T16500] RSP: 002b:00007f18aee58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  927.118197][T16500] RAX: ffffffffffffffda RBX: 00007f18ae1b5fa0 RCX: 00007f18adf8e929
[  927.118209][T16500] RDX: 0000000000000038 RSI: 0000200000000080 RDI: 0000000000000018
[  927.118219][T16500] RBP: 00007f18aee58090 R08: 0000000000000000 R09: 0000000000000000
[  927.118228][T16500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  927.118237][T16500] R13: 0000000000000000 R14: 00007f18ae1b5fa0 R15: 00007f18ae2dfa28
[  927.118259][T16500]  </TASK>
[  928.368052][T16523] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2827'.
[  928.446826][T16523] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2827'.
[  929.020242][T11027] usb 1-1: USB disconnect, device number 124
[  929.338275][T16540] ip6gretap2: entered promiscuous mode
[  929.437904][T16546] FAULT_INJECTION: forcing a failure.
[  929.437904][T16546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  929.559414][T16546] CPU: 0 UID: 0 PID: 16546 Comm: syz.1.2834 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  929.559446][T16546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  929.559458][T16546] Call Trace:
[  929.559468][T16546]  <TASK>
[  929.559477][T16546]  dump_stack_lvl+0x189/0x250
[  929.559516][T16546]  ? __pfx____ratelimit+0x10/0x10
[  929.559548][T16546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  929.559580][T16546]  ? __pfx__printk+0x10/0x10
[  929.559603][T16546]  ? __might_fault+0xb0/0x130
[  929.559636][T16546]  should_fail_ex+0x414/0x560
[  929.559669][T16546]  _copy_from_user+0x2d/0xb0
[  929.559691][T16546]  ___sys_recvmsg+0x12e/0x510
[  929.559726][T16546]  ? __pfx____sys_recvmsg+0x10/0x10
[  929.559788][T16546]  ? __might_fault+0xb0/0x130
[  929.559812][T16546]  do_recvmmsg+0x307/0x770
[  929.559857][T16546]  ? __pfx_do_recvmmsg+0x10/0x10
[  929.559899][T16546]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  929.559939][T16546]  __x64_sys_recvmmsg+0x190/0x240
[  929.559970][T16546]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  929.559997][T16546]  ? rcu_is_watching+0x15/0xb0
[  929.560035][T16546]  ? do_syscall_64+0xbe/0x3b0
[  929.560059][T16546]  do_syscall_64+0xfa/0x3b0
[  929.560077][T16546]  ? lockdep_hardirqs_on+0x9c/0x150
[  929.560107][T16546]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.560128][T16546]  ? clear_bhb_loop+0x60/0xb0
[  929.560154][T16546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.560175][T16546] RIP: 0033:0x7f374cf8e929
[  929.560193][T16546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  929.560212][T16546] RSP: 002b:00007f374dd11038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  929.560235][T16546] RAX: ffffffffffffffda RBX: 00007f374d1b6080 RCX: 00007f374cf8e929
[  929.560251][T16546] RDX: 000000000291962b RSI: 0000200000000040 RDI: 0000000000000003
[  929.560265][T16546] RBP: 00007f374dd11090 R08: 0000000000000000 R09: 0000000000000000
[  929.560279][T16546] R10: 45833af92e4b39ff R11: 0000000000000246 R12: 0000000000000002
[  929.560293][T16546] R13: 0000000000000000 R14: 00007f374d1b6080 R15: 00007f374d2dfa28
[  929.560323][T16546]  </TASK>
[  929.796569][T16544] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  929.951597][T16550] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  929.977130][T16550] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  929.987799][T16550] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  930.006168][T16550] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  930.016746][T16550] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  930.523526][T16556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  930.540953][T16556] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  930.849133][T11016] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[  931.012900][T11016] usb 6-1: Using ep0 maxpacket: 8
[  931.035372][T11016] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  931.056318][T11016] usb 6-1: config 0 has no interface number 0
[  931.075111][T11016] usb 6-1: config 0 interface 12 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  931.097581][T11016] usb 6-1: config 0 interface 12 altsetting 0 has an endpoint descriptor with address 0x98, changing to 0x88
[  931.177479][T11016] usb 6-1: config 0 interface 12 altsetting 0 endpoint 0x88 has invalid maxpacket 10453, setting to 1024
[  931.250442][T11016] usb 6-1: config 0 interface 12 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 1024
[  931.343360][T11016] usb 6-1: config 0 interface 12 altsetting 0 bulk endpoint 0xE has invalid maxpacket 8
[  931.380090][T16572] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2841'.
[  931.396419][T11016] usb 6-1: config 0 interface 12 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  931.431871][T16575] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2841'.
[  931.487777][T11016] usb 6-1: New USB device found, idVendor=1066, idProduct=0700, bcdDevice=60.6a
[  931.498845][T11016] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.508198][T11016] usb 6-1: Product: syz
[  931.515510][T11016] usb 6-1: Manufacturer: syz
[  931.522909][T11016] usb 6-1: SerialNumber: syz
[  931.532139][T11016] usb 6-1: config 0 descriptor??
[  931.549140][T16560] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  931.592971][T16560] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  931.606659][T16552] chnl_net:caif_netlink_parms(): no params data found
[  931.613839][T11016] ipaq 6-1:0.12: PocketPC PDA converter detected
[  931.614278][T11016] usb 6-1: active config #0 != 1 ??
[  931.787615][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.794265][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  931.808128][T16288] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.825535][T11016] usb 6-1: USB disconnect, device number 87
[  931.910204][T16579] binder: 16578:16579 ioctl c0306201 200000000640 returned -22
[  932.118359][T16288] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.150449][T16584] binder: 16583:16584 ioctl c0306201 200000000640 returned -22
[  932.187715][T16550] Bluetooth: hci5: command tx timeout
[  932.391685][T16288] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.434271][T16552] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.441792][T16552] bridge0: port 1(bridge_slave_0) entered disabled state
[  932.455469][T16552] bridge_slave_0: entered allmulticast mode
[  932.466737][T16552] bridge_slave_0: entered promiscuous mode
[  932.540876][T16552] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.574275][T16552] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.581875][T16552] bridge_slave_1: entered allmulticast mode
[  932.595615][T16552] bridge_slave_1: entered promiscuous mode
[  932.915431][T16288] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.945374][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2850'.
[  932.964063][T16609] xt_CT: You must specify a L4 protocol and not use inversions on it
[  933.172347][T16610] fuse: Bad value for 'user_id'
[  933.262938][T16610] fuse: Bad value for 'user_id'
[  933.326218][T16552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  933.716602][T16552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  933.981756][T16552] team0: Port device team_slave_0 added
[  934.039125][T16552] team0: Port device team_slave_1 added
[  934.266711][T16550] Bluetooth: hci5: command tx timeout
[  934.372860][T11016] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[  934.522885][T11016] usb 6-1: Using ep0 maxpacket: 32
[  934.529830][T11016] usb 6-1: config 14 has an invalid interface number: 227 but max is 1
[  934.538400][T11016] usb 6-1: config 14 has an invalid interface number: 3 but max is 1
[  934.548930][T11016] usb 6-1: config 14 has no interface number 0
[  934.689843][T11016] usb 6-1: config 14 has no interface number 1
[  934.776810][T11016] usb 6-1: config 14 interface 3 altsetting 6 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  934.963909][T11016] usb 6-1: config 14 interface 3 altsetting 6 endpoint 0x9 has invalid maxpacket 1289, setting to 1024
[  935.013564][T11016] usb 6-1: config 14 interface 227 has no altsetting 0
[  935.033703][T11016] usb 6-1: config 14 interface 3 has no altsetting 0
[  935.076814][T16620] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2853'.
[  935.136335][T11016] usb 6-1: New USB device found, idVendor=0582, idProduct=003b, bcdDevice=18.f3
[  935.155374][T16621] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2853'.
[  935.205874][T16552] batman_adv: batadv0: Adding interface: batadv_slave_0
[  935.225649][T11016] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.239014][T16552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  935.265639][T11016] usb 6-1: Product: syz
[  935.269882][T11016] usb 6-1: Manufacturer: syz
[  935.274634][T11016] usb 6-1: SerialNumber: syz
[  935.287259][T16552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  935.310778][T16552] batman_adv: batadv0: Adding interface: batadv_slave_1
[  935.321827][T16552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  935.385385][T16552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  936.168168][T16288] team0: Port device geneve0 removed
[  936.353719][T16550] Bluetooth: hci5: command tx timeout
[  936.496871][T16288] bond0 (unregistering): Released all slaves
[  936.687259][T16288] bond1 (unregistering): Released all slaves
[  936.710728][T16288] bond2 (unregistering): Released all slaves
[  936.810045][T16552] hsr_slave_0: entered promiscuous mode
[  936.818722][T16552] hsr_slave_1: entered promiscuous mode
[  936.837748][T16552] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  936.845748][T16552] Cannot create hsr debugfs directory
[  936.944952][ T5922] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  936.959793][T11016] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  937.074121][T11016] usb 6-1: USB disconnect, device number 88
[  937.123418][ T5922] usb 2-1: Using ep0 maxpacket: 16
[  937.146005][ T5922] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  937.158066][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  937.173265][ T5922] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  937.182618][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.191551][ T5922] usb 2-1: Product: syz
[  937.226930][ T5922] usb 2-1: Manufacturer: syz
[  937.255792][ T5922] usb 2-1: SerialNumber: syz
[  937.322359][ T5922] usb 2-1: config 0 descriptor??
[  937.343642][ T5922] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  937.428649][ T5922] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  937.459982][ T5884] udevd[5884]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:14.227/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  937.953455][ T5922] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  937.963154][ T5922] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  938.219446][ T5922] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  938.382696][ T5922] em28xx 2-1:0.0: No AC97 audio processor
[  938.432790][T16550] Bluetooth: hci5: command tx timeout
[  938.484279][ T5922] usb 2-1: USB disconnect, device number 19
[  938.504320][ T5922] em28xx 2-1:0.0: Disconnecting em28xx
[  938.532088][ T5922] em28xx 2-1:0.0: Freeing device
[  938.863089][T16288] tipc: Left network mode
[  939.368912][T16669] netlink: 'syz.2.2863': attribute type 13 has an invalid length.
[  939.437493][T16675] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2865'.
[  939.502911][   T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  939.524099][T16679] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2865'.
[  939.585924][T16669] gretap0: refused to change device tx_queue_len
[  939.592346][T16669] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  939.782852][   T24] usb 2-1: Using ep0 maxpacket: 32
[  939.794888][   T24] usb 2-1: config 7 has an invalid interface number: 123 but max is 0
[  939.886561][T16686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2864'.
[  939.903364][   T24] usb 2-1: config 7 has no interface number 0
[  939.925139][T16288] hsr_slave_0: left promiscuous mode
[  939.931629][   T24] usb 2-1: config 7 interface 123 altsetting 6 bulk endpoint 0xC has invalid maxpacket 8
[  939.952784][T16288] hsr_slave_1: left promiscuous mode
[  939.970587][   T24] usb 2-1: config 7 interface 123 has no altsetting 0
[  939.988184][T16684] xt_CT: You must specify a L4 protocol and not use inversions on it
[  940.005503][   T24] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0123, bcdDevice=b0.be
[  940.035829][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.099254][   T24] usb 2-1: Product: syz
[  940.107786][   T24] usb 2-1: Manufacturer: syz
[  940.129536][   T24] usb 2-1: SerialNumber: syz
[  940.136178][T16288] veth1_macvtap: left promiscuous mode
[  940.155618][T16288] veth0_macvtap: left promiscuous mode
[  940.164668][T16288] veth1_vlan: left promiscuous mode
[  940.175867][T16288] veth0_vlan: left promiscuous mode
[  940.205374][T16667] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  940.298540][T16686] fuse: Bad value for 'user_id'
[  940.303625][T16686] fuse: Bad value for 'user_id'
[  940.433031][T11023] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[  940.514827][T16691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  940.524355][T16691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  940.654465][T11023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  940.715192][T11023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  940.738139][T11023] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  940.764589][T11023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.814007][T11023] usb 3-1: config 0 descriptor??
[  941.027191][T11023] cp2112 0003:10C4:EA90.0029: unknown main item tag 0x0
[  941.071591][T11023] cp2112 0003:10C4:EA90.0029: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  941.224831][T11023] cp2112 0003:10C4:EA90.0029: Part Number: 0x82 Device Version: 0xFE
[  941.459201][T11023] cp2112 0003:10C4:EA90.0029: error setting SMBus config
[  941.495805][T11023] cp2112 0003:10C4:EA90.0029: probe with driver cp2112 failed with error -71
[  941.531906][T11023] usb 3-1: USB disconnect, device number 125
[  942.011432][   T24] kvaser_usb 2-1:7.123: error -ENODEV: Cannot get usb endpoint(s)
[  942.090374][   T24] usb 2-1: USB disconnect, device number 20
[  942.155883][T11016] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  942.322962][T11016] usb 3-1: Using ep0 maxpacket: 16
[  942.348744][T11016] usb 3-1: config 0 has no interfaces?
[  942.354438][T11016] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  942.366740][T11016] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  942.387180][T11016] usb 3-1: config 0 descriptor??
[  942.457608][T16707] netlink: 'syz.4.2871': attribute type 1 has an invalid length.
[  942.612974][T16699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2867'.
[  942.674873][T16714] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  944.010026][T16719] vlan1: entered allmulticast mode
[  944.030384][T16719] bond1: entered allmulticast mode
[  944.132911][T16718] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2874'.
[  944.151111][T16718] netlink: 204 bytes leftover after parsing attributes in process `syz.1.2874'.
[  944.665568][T16552] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  944.769638][T16552] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  944.836199][T16552] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  944.961715][T16552] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  944.975529][T16288] IPVS: stop unused estimator thread 0...
[  944.981983][T16743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2877'.
[  945.242786][T16743] xt_CT: You must specify a L4 protocol and not use inversions on it
[  945.301988][T16749] loop2: detected capacity change from 0 to 7
[  945.335841][T16749] buffer_io_error: 36 callbacks suppressed
[  945.335856][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.397122][   T24] usb 3-1: USB disconnect, device number 126
[  945.427581][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.505513][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.542550][T16746] fuse: Bad value for 'user_id'
[  945.551367][T16746] fuse: Bad value for 'user_id'
[  945.556404][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.722867][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.752725][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.770631][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.790856][T16552] 8021q: adding VLAN 0 to HW filter on device bond0
[  945.791996][T16749] ldm_validate_partition_table(): Disk read failed.
[  945.808434][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.831156][T16552] 8021q: adding VLAN 0 to HW filter on device team0
[  945.843907][T16284] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.851193][T16284] bridge0: port 1(bridge_slave_0) entered forwarding state
[  945.869150][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.900062][T16284] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.907308][T16284] bridge0: port 2(bridge_slave_1) entered forwarding state
[  945.909867][T16749] Buffer I/O error on dev loop2, logical block 0, async page read
[  945.967899][T16749] Dev loop2: unable to read RDB block 0
[  946.036977][T16749]  loop2: unable to read partition table
[  946.053475][T16749] loop2: partition table beyond EOD, truncated
[  946.064135][T16749] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  946.149329][T16552] 8021q: adding VLAN 0 to HW filter on device batadv0
[  946.193144][    T9] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  946.335985][T16552] veth0_vlan: entered promiscuous mode
[  946.353304][    T9] usb 5-1: Using ep0 maxpacket: 8
[  946.369694][    T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  946.381306][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  946.411593][T16552] veth1_vlan: entered promiscuous mode
[  946.432584][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  946.466049][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  946.566009][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  946.616040][T16552] veth0_macvtap: entered promiscuous mode
[  946.639525][T16552] veth1_macvtap: entered promiscuous mode
[  946.680322][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  946.699438][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.730422][T16552] batman_adv: batadv0: Interface activated: batadv_slave_0
[  946.782312][T16552] batman_adv: batadv0: Interface activated: batadv_slave_1
[  946.973815][    T9] usb 5-1: usb_control_msg returned -71
[  946.979504][    T9] usbtmc 5-1:16.0: can't read capabilities
[  946.997582][T16552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  947.038767][    T9] usb 5-1: USB disconnect, device number 115
[  947.045113][T16552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  947.190964][T16552] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  947.234687][T16552] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  947.661538][T16789] binder: 16787:16789 ioctl c0306201 200000000100 returned -14
[  948.025030][T11016] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  948.139200][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  948.169060][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.212785][T11016] usb 2-1: device descriptor read/64, error -71
[  948.326494][T16288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  948.338304][T16288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.453646][T11016] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  948.605720][T11016] usb 2-1: device descriptor read/64, error -71
[  948.715345][T11016] usb usb2-port1: attempt power cycle
[  949.185524][T11016] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  949.735645][T11016] usb 2-1: device descriptor read/8, error -71
[  950.089751][T11016] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  950.172805][T11016] usb 2-1: device descriptor read/8, error -71
[  950.300085][T11016] usb usb2-port1: unable to enumerate USB device
[  950.615600][T16815] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2895'.
[  951.453100][T11023] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  951.480723][T16837] netlink: 14528 bytes leftover after parsing attributes in process `syz.2.2905'.
[  951.592173][T16840] raw_sendmsg: syz.5.2903 forgot to set AF_INET. Fix it!
[  951.603034][T11023] usb 1-1: Using ep0 maxpacket: 32
[  951.620137][T11023] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  951.640395][T11023] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  951.656286][T11023] usb 1-1: Product: syz
[  951.681946][T11023] usb 1-1: Manufacturer: syz
[  951.687002][T11023] usb 1-1: SerialNumber: syz
[  951.713422][T11023] usb 1-1: config 0 descriptor??
[  952.124874][   T24] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[  952.141813][   T24] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  952.389806][T16828] syzkaller1: entered promiscuous mode
[  952.419719][T16828] syzkaller1: entered allmulticast mode
[  952.461794][T11023] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  952.813599][T11023] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71
[  952.838885][T11023] usb 1-1: USB disconnect, device number 125
[  953.876069][T16878] veth0: entered promiscuous mode
[  953.992829][T11016] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  954.034905][T16877] veth0: left promiscuous mode
[  954.152771][T11016] usb 6-1: Using ep0 maxpacket: 32
[  954.161883][T11016] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  954.170202][T11016] usb 6-1: can't read configurations, error -22
[  954.322831][T11016] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  954.456958][T16887] input: syz1 as /devices/virtual/input/input71
[  954.524429][T16888] FAULT_INJECTION: forcing a failure.
[  954.524429][T16888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  954.537785][T11016] usb 6-1: Using ep0 maxpacket: 32
[  954.547866][T16888] CPU: 0 UID: 0 PID: 16888 Comm: syz.0.2920 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  954.547899][T16888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  954.547912][T16888] Call Trace:
[  954.547922][T16888]  <TASK>
[  954.547932][T16888]  dump_stack_lvl+0x189/0x250
[  954.547971][T16888]  ? __pfx____ratelimit+0x10/0x10
[  954.548004][T16888]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.548036][T16888]  ? __pfx__printk+0x10/0x10
[  954.548059][T16888]  ? __might_fault+0xb0/0x130
[  954.548092][T16888]  should_fail_ex+0x414/0x560
[  954.548123][T16888]  _copy_from_user+0x2d/0xb0
[  954.548145][T16888]  input_event_from_user+0xb2/0x280
[  954.548173][T16888]  ? __pfx_input_event_from_user+0x10/0x10
[  954.548207][T16888]  ? input_event+0x8c/0xc0
[  954.548240][T16888]  uinput_write+0x279/0xfc0
[  954.548277][T16888]  ? __pfx_uinput_write+0x10/0x10
[  954.548309][T16888]  ? bpf_lsm_file_permission+0x9/0x20
[  954.548339][T16888]  ? security_file_permission+0x75/0x290
[  954.548365][T16888]  ? rw_verify_area+0x258/0x650
[  954.548395][T16888]  ? __pfx_uinput_write+0x10/0x10
[  954.548425][T16888]  vfs_write+0x27b/0xa90
[  954.548465][T16888]  ? __pfx_vfs_write+0x10/0x10
[  954.548500][T16888]  ? __fget_files+0x2a/0x420
[  954.548527][T16888]  ? __fget_files+0x2a/0x420
[  954.548548][T16888]  ? __fget_files+0x3a0/0x420
[  954.548568][T16888]  ? __fget_files+0x2a/0x420
[  954.548606][T16888]  ksys_write+0x145/0x250
[  954.548628][T16888]  ? __pfx_ksys_write+0x10/0x10
[  954.548652][T16888]  ? do_syscall_64+0xbe/0x3b0
[  954.548676][T16888]  do_syscall_64+0xfa/0x3b0
[  954.548694][T16888]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.548724][T16888]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.548745][T16888]  ? clear_bhb_loop+0x60/0xb0
[  954.548771][T16888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.548791][T16888] RIP: 0033:0x7fb70b98e929
[  954.548811][T16888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.548829][T16888] RSP: 002b:00007fb70c80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  954.548851][T16888] RAX: ffffffffffffffda RBX: 00007fb70bbb6080 RCX: 00007fb70b98e929
[  954.548867][T16888] RDX: 000000000000045c RSI: 0000200000000900 RDI: 0000000000000003
[  954.548880][T16888] RBP: 00007fb70c80d090 R08: 0000000000000000 R09: 0000000000000000
[  954.548894][T16888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  954.548906][T16888] R13: 0000000000000001 R14: 00007fb70bbb6080 R15: 00007fb70bcdfa28
[  954.548938][T16888]  </TASK>
[  954.556603][T11016] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  954.915582][T11016] usb 6-1: can't read configurations, error -22
[  954.935955][T11016] usb usb6-port1: attempt power cycle
[  955.014276][    T9] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  955.076244][T16895] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  955.184328][    T9] usb 5-1: no configurations
[  955.192502][    T9] usb 5-1: can't read configurations, error -22
[  955.305273][T11016] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  955.343830][    T9] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  955.367291][T11016] usb 6-1: Using ep0 maxpacket: 32
[  955.376866][T11016] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  955.386875][T11016] usb 6-1: can't read configurations, error -22
[  955.543081][T11016] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  955.563836][    T9] usb 5-1: no configurations
[  955.568791][    T9] usb 5-1: can't read configurations, error -22
[  955.583978][T11016] usb 6-1: Using ep0 maxpacket: 32
[  955.592267][T11016] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  955.599125][    T9] usb usb5-port1: attempt power cycle
[  955.602351][T11016] usb 6-1: can't read configurations, error -22
[  955.630232][T11016] usb usb6-port1: unable to enumerate USB device
[  956.003200][    T9] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  956.064170][    T9] usb 5-1: no configurations
[  956.092293][    T9] usb 5-1: can't read configurations, error -22
[  956.242744][    T9] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  956.274167][    T9] usb 5-1: no configurations
[  956.296789][    T9] usb 5-1: can't read configurations, error -22
[  956.332939][    T9] usb usb5-port1: unable to enumerate USB device
[  956.503010][T11023] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  956.658839][T16929] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2934'.
[  956.697082][T11023] usb 1-1: config 0 has no interfaces?
[  956.709249][T11023] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  956.718706][T11023] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.789953][T11023] usb 1-1: Product: syz
[  956.822563][T11023] usb 1-1: Manufacturer: syz
[  956.848346][T11023] usb 1-1: SerialNumber: syz
[  956.879193][T11023] usb 1-1: config 0 descriptor??
[  957.333455][T16921] ALSA: seq fatal error: cannot create timer (-19)
[  958.252864][T16949] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2939'.
[  959.000916][T11027] usb 3-1: new full-speed USB device number 127 using dummy_hcd
[  959.092283][T11023] usb 1-1: USB disconnect, device number 126
[  959.267518][T11027] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  959.304251][T11027] usb 3-1: config 0 interface 0 has no altsetting 0
[  959.310965][T11027] usb 3-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[  959.368053][T11027] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.456692][T11027] usb 3-1: config 0 descriptor??
[  959.548924][T16970] x_tables: duplicate underflow at hook 2
[  959.899941][T11027] kye 0003:0458:5019.002B: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  959.927094][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  959.941239][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  959.951785][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  959.971519][T11027] kye 0003:0458:5019.002B: hidraw0: USB HID v0.00 Device [HID 0458:5019] on usb-dummy_hcd.2-1/input0
[  959.983141][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  959.992745][T11023] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  960.001117][T11027] kye 0003:0458:5019.002B: tablet-enabling feature report not found
[  960.009656][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  960.018141][T11027] kye 0003:0458:5019.002B: tablet enabling failed
[  960.166833][T11023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  960.184465][T16956] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  960.185180][T11023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  960.262991][T11023] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  960.281982][T11023] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  960.322891][T11023] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  960.345132][T11023] usb 1-1: config 0 descriptor??
[  960.493598][T11027] usb 3-1: USB disconnect, device number 127
[  960.772997][T16976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.794252][T16976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.852226][T16976] tipc: Started in network mode
[  960.860420][T16976] tipc: Node identity ff, cluster identity 4711
[  960.872695][T16976] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  960.913028][T11023] plantronics 0003:047F:FFFF.002C: reserved main item tag 0xe
[  960.924490][T11023] plantronics 0003:047F:FFFF.002C: unknown main item tag 0x0
[  960.934036][T11023] plantronics 0003:047F:FFFF.002C: No inputs registered, leaving
[  960.970070][T11023] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  961.182911][   T24] usb 1-1: USB disconnect, device number 127
[  961.278593][T17002] fido_id[17002]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  961.646255][T16986] chnl_net:caif_netlink_parms(): no params data found
[  961.811298][T17023] netlink: 'syz.1.2960': attribute type 10 has an invalid length.
[  961.972305][T16287] bridge_slave_0: left allmulticast mode
[  961.978524][T16287] bridge_slave_0: left promiscuous mode
[  961.985302][T16287] bridge0: port 1(bridge_slave_0) entered disabled state
[  962.105999][ T5833] Bluetooth: hci2: command tx timeout
[  962.113172][T11023] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  962.276134][T11023] usb 1-1: Using ep0 maxpacket: 8
[  962.277725][T16287] tipc: Disabling bearer <ib:gre0>
[  962.291349][T11023] usb 1-1: unable to get BOS descriptor or descriptor too short
[  962.316281][T11023] usb 1-1: config 0 has an invalid interface number: 88 but max is 0
[  962.328322][T16287] dvmrp0 (unregistering): left allmulticast mode
[  962.334753][T11027] usb 6-1: new full-speed USB device number 94 using dummy_hcd
[  962.350272][T11023] usb 1-1: config 0 has no interface number 0
[  962.356785][T11023] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  962.370185][T16287] dvmrp1 (unregistering): left allmulticast mode
[  962.376026][T11023] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  962.398390][T11023] usb 1-1: config 0 interface 88 has no altsetting 0
[  962.409427][T11023] usb 1-1: string descriptor 0 read error: -22
[  962.421625][T11023] usb 1-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  962.432198][T11023] usb 1-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  962.461137][T11023] usb 1-1: config 0 descriptor??
[  962.497001][T11023] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.88/input/input72
[  962.518733][T11027] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  962.529561][T11027] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  962.542012][T11027] usb 6-1: Product: syz
[  962.548149][T11027] usb 6-1: Manufacturer: syz
[  962.556543][T11027] usb 6-1: SerialNumber: syz
[  962.573353][T11027] usb 6-1: config 0 descriptor??
[  962.582720][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  962.664225][ T9204] udevd[9204]: Error opening device "/dev/input/event4": Input/output error
[  962.699854][ T9204] udevd[9204]: Unable to EVIOCGABS device "/dev/input/event4"
[  962.716315][ T9204] udevd[9204]: Unable to EVIOCGABS device "/dev/input/event4"
[  962.790569][T11023] usb 1-1: USB disconnect, device number 2
[  962.861918][T16287] $H� (unregistering): (slave bond_slave_0): Releasing backup interface
[  962.874989][T16287] $H� (unregistering): (slave bond_slave_1): Releasing backup interface
[  962.884697][T16287] $H� (unregistering): Released all slaves
[  962.904387][T16287] bond1 (unregistering): Released all slaves
[  962.986811][T11027] airspy 6-1:0.0: Board ID: 00
[  962.994883][T11027] airspy 6-1:0.0: Firmware version: 
[  963.081382][T16287] bond0 (unregistering): Released all slaves
[  963.228407][T16287] bond2 (unregistering): (slave bond3): Releasing backup interface
[  963.236673][T16287] bond3 (unregistering): left promiscuous mode
[  963.244301][T16287] bond2 (unregistering): Released all slaves
[  963.475203][T16287] bond3 (unregistering): Released all slaves
[  963.503399][T16287] bond4 (unregistering): Released all slaves
[  963.527990][T17023] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  963.632765][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  963.838642][T16986] bridge0: port 1(bridge_slave_0) entered blocking state
[  963.877057][T16986] bridge0: port 1(bridge_slave_0) entered disabled state
[  963.903338][T16986] bridge_slave_0: entered allmulticast mode
[  963.916697][T16986] bridge_slave_0: entered promiscuous mode
[  963.958707][T16986] bridge0: port 2(bridge_slave_1) entered blocking state
[  963.976639][T16986] bridge0: port 2(bridge_slave_1) entered disabled state
[  963.994778][T16986] bridge_slave_1: entered allmulticast mode
[  964.013828][T16986] bridge_slave_1: entered promiscuous mode
[  964.169584][T16986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  964.183423][ T5833] Bluetooth: hci2: command tx timeout
[  964.189959][T16986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  964.222266][T11027] airspy 6-1:0.0: usb_control_msg() failed -71 request 12
[  964.240608][T11027] airspy 6-1:0.0: Registered as swradio24
[  964.246727][T11027] airspy 6-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  964.268174][T11027] usb 6-1: USB disconnect, device number 94
[  964.346325][T16986] team0: Port device team_slave_0 added
[  964.370041][T16986] team0: Port device team_slave_1 added
[  964.577933][T16986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  964.603332][T16986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  964.629282][    C0] vkms_vblank_simulate: vblank timer overrun
[  964.662816][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  964.689563][T17043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2967'.
[  964.724114][T16986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  964.765854][T16986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  964.792144][T16986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  964.908886][T16986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  965.313524][T17064] FAULT_INJECTION: forcing a failure.
[  965.313524][T17064] name failslab, interval 1, probability 0, space 0, times 0
[  965.358906][T17064] CPU: 1 UID: 0 PID: 17064 Comm: syz.1.2970 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  965.358939][T17064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  965.358952][T17064] Call Trace:
[  965.358962][T17064]  <TASK>
[  965.358972][T17064]  dump_stack_lvl+0x189/0x250
[  965.359010][T17064]  ? __pfx____ratelimit+0x10/0x10
[  965.359042][T17064]  ? __pfx_dump_stack_lvl+0x10/0x10
[  965.359074][T17064]  ? __pfx__printk+0x10/0x10
[  965.359102][T17064]  ? __pfx___might_resched+0x10/0x10
[  965.359134][T17064]  ? fs_reclaim_acquire+0x7d/0x100
[  965.359163][T17064]  should_fail_ex+0x414/0x560
[  965.359195][T17064]  should_failslab+0xa8/0x100
[  965.359218][T17064]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  965.359238][T17064]  ? __d_alloc+0x31/0x6f0
[  965.359268][T17064]  __d_alloc+0x31/0x6f0
[  965.359298][T17064]  d_alloc_pseudo+0x1f/0xb0
[  965.359325][T17064]  alloc_file_pseudo+0xcc/0x210
[  965.359364][T17064]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  965.359389][T17064]  ? evm_inode_alloc_security+0x40/0xb0
[  965.359420][T17064]  ? security_inode_alloc+0xd5/0x330
[  965.359462][T17064]  sock_alloc_file+0xb8/0x2e0
[  965.359498][T17064]  do_accept+0x34b/0x680
[  965.359527][T17064]  ? __pfx_do_accept+0x10/0x10
[  965.359573][T17064]  __sys_accept4+0x11c/0x1c0
[  965.359598][T17064]  ? __pfx___sys_accept4+0x10/0x10
[  965.359621][T17064]  ? __pfx_ksys_write+0x10/0x10
[  965.359638][T17064]  ? rcu_is_watching+0x15/0xb0
[  965.359678][T17064]  __x64_sys_accept4+0x9a/0xb0
[  965.359703][T17064]  do_syscall_64+0xfa/0x3b0
[  965.359721][T17064]  ? lockdep_hardirqs_on+0x9c/0x150
[  965.359752][T17064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.359773][T17064]  ? clear_bhb_loop+0x60/0xb0
[  965.359799][T17064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.359820][T17064] RIP: 0033:0x7f374cf8e929
[  965.359839][T17064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  965.359856][T17064] RSP: 002b:00007f374dd11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  965.359879][T17064] RAX: ffffffffffffffda RBX: 00007f374d1b6080 RCX: 00007f374cf8e929
[  965.359894][T17064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  965.359907][T17064] RBP: 00007f374dd11090 R08: 0000000000000000 R09: 0000000000000000
[  965.359921][T17064] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  965.359934][T17064] R13: 0000000000000000 R14: 00007f374d1b6080 R15: 00007f374d2dfa28
[  965.359966][T17064]  </TASK>
[  965.704578][T16986] hsr_slave_0: entered promiscuous mode
[  965.712785][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  965.816634][T16986] hsr_slave_1: entered promiscuous mode
[  966.051967][T16986] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  966.132531][T16986] Cannot create hsr debugfs directory
[  966.263322][ T5833] Bluetooth: hci2: command tx timeout
[  966.662869][T11016] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  966.742713][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  966.809770][T17094] xt_CT: You must specify a L4 protocol and not use inversions on it
[  966.984723][T11016] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10
[  967.032700][T11016] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  967.282843][T11016] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  967.372694][T11016] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  967.414284][T11016] usb 2-1: Product: syz
[  967.418531][T11016] usb 2-1: Manufacturer: syz
[  967.462923][T11016] usb 2-1: SerialNumber: syz
[  967.489654][T11016] usb 2-1: config 0 descriptor??
[  967.552525][T11016] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -90
[  967.676883][T17094] syz.5.2976: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  967.745449][T17094] CPU: 0 UID: 0 PID: 17094 Comm: syz.5.2976 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  967.745484][T17094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  967.745498][T17094] Call Trace:
[  967.745508][T17094]  <TASK>
[  967.745518][T17094]  dump_stack_lvl+0x189/0x250
[  967.745561][T17094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  967.745596][T17094]  ? __pfx__printk+0x10/0x10
[  967.745621][T17094]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  967.745646][T17094]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  967.745673][T17094]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  967.745701][T17094]  warn_alloc+0x214/0x310
[  967.745732][T17094]  ? __pfx_warn_alloc+0x10/0x10
[  967.745767][T17094]  ? __get_vm_area_node+0x28f/0x300
[  967.745789][T17094]  ? packet_set_ring+0x6f4/0x2380
[  967.745818][T17094]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  967.745864][T17094]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  967.745885][T17094]  ? alloc_pages_mpol+0x3c4/0x4a0
[  967.745905][T17094]  ? packet_set_ring+0x6f4/0x2380
[  967.745929][T17094]  vzalloc_noprof+0xb2/0xf0
[  967.745948][T17094]  ? packet_set_ring+0x6f4/0x2380
[  967.745973][T17094]  packet_set_ring+0x6f4/0x2380
[  967.746015][T17094]  ? __pfx_packet_set_ring+0x10/0x10
[  967.746055][T17094]  ? _copy_from_user+0x94/0xb0
[  967.746076][T17094]  packet_setsockopt+0xc5a/0x12c0
[  967.746103][T17094]  ? __pfx_packet_setsockopt+0x10/0x10
[  967.746124][T17094]  ? futex_wake+0x4b2/0x560
[  967.746150][T17094]  ? bl_return_range+0x20/0x130
[  967.746184][T17094]  ? aa_sk_perm+0x81e/0x950
[  967.746210][T17094]  ? __pfx_aa_sk_perm+0x10/0x10
[  967.746228][T17094]  ? __lock_acquire+0xab9/0xd20
[  967.746258][T17094]  ? aa_sock_opt_perm+0x74/0x110
[  967.746283][T17094]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  967.746306][T17094]  ? __pfx_packet_setsockopt+0x10/0x10
[  967.746331][T17094]  do_sock_setsockopt+0x257/0x3e0
[  967.746356][T17094]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  967.746381][T17094]  ? __fget_files+0x2a/0x420
[  967.746415][T17094]  __x64_sys_setsockopt+0x18b/0x220
[  967.746442][T17094]  do_syscall_64+0xfa/0x3b0
[  967.746459][T17094]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.746485][T17094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.746502][T17094]  ? clear_bhb_loop+0x60/0xb0
[  967.746523][T17094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.746540][T17094] RIP: 0033:0x7f13a618e929
[  967.746556][T17094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  967.746572][T17094] RSP: 002b:00007f13a6f1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  967.746591][T17094] RAX: ffffffffffffffda RBX: 00007f13a63b6160 RCX: 00007f13a618e929
[  967.746605][T17094] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000009
[  967.746616][T17094] RBP: 00007f13a6210b39 R08: 000000000000001c R09: 0000000000000000
[  967.746627][T17094] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  967.746639][T17094] R13: 0000000000000000 R14: 00007f13a63b6160 R15: 00007f13a64dfa28
[  967.746665][T17094]  </TASK>
[  967.746679][T17094] Mem-Info:
[  967.782707][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  967.846770][T11027] hid-generic 0000:0000:0000.002D: unknown main item tag 0x7
[  967.846821][T11027] hid-generic 0000:0000:0000.002D: ignoring exceeding usage max
[  967.850618][T11027] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0
[  967.962864][T17094] active_anon:11580 inactive_anon:0 isolated_anon:0
[  967.962864][T17094]  active_file:19942 inactive_file:40243 isolated_file:0
[  967.962864][T17094]  unevictable:768 dirty:223 writeback:0
[  967.962864][T17094]  slab_reclaimable:10956 slab_unreclaimable:104770
[  967.962864][T17094]  mapped:35150 shmem:3739 pagetables:1987
[  967.962864][T17094]  sec_pagetables:0 bounce:0
[  967.962864][T17094]  kernel_misc_reclaimable:0
[  967.962864][T17094]  free:1262337 free_pcp:22645 free_cma:0
[  968.134601][T17094] Node 0 active_anon:46368kB inactive_anon:0kB active_file:79624kB inactive_file:160772kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140544kB dirty:892kB writeback:0kB shmem:13432kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13388kB pagetables:7652kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  968.194866][T11027] hid-generic 0000:0000:0000.002D: unknown main item tag 0x6
[  968.202467][T11027] hid-generic 0000:0000:0000.002D: reserved main item tag 0xd
[  968.236704][T11027] hid-generic 0000:0000:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  968.306264][T17094] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:268kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  968.338149][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.344908][ T5833] Bluetooth: hci2: command tx timeout
[  968.362128][T17094] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  968.391120][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.409153][T17081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  968.453992][T17081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.509925][T17094] lowmem_reserve[]: 0 2500 2502 2502 2502
[  968.536247][T17094] Node 0 DMA32 free:1173624kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:42812kB inactive_anon:0kB active_file:79548kB inactive_file:158952kB unevictable:1536kB writepending:876kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:49772kB local_pcp:17000kB free_cma:0kB
[  968.610511][T17105] fido_id[17105]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  968.822691][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  969.040340][T17094] lowmem_reserve[]: 0 0 1 1 1
[  969.156017][T17094] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  969.185230][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.256439][T11023] usb 2-1: USB disconnect, device number 25
[  969.305944][T17094] lowmem_reserve[]: 0 0 0 0 0
[  969.311127][T17094] Node 1 Normal free:3859884kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:200kB unevictable:1536kB writepending:16kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:44664kB local_pcp:28512kB free_cma:0kB
[  969.343421][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.358670][T17094] lowmem_reserve[]: 0 0 0 0 0
[  969.366130][T17094] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  969.597883][T17094] Node 0 DMA32: 352*4kB (UME) 707*8kB (UME) 498*16kB (M) 180*32kB (UME) 94*64kB (UME) 111*128kB (UME) 64*256kB (UME) 88*512kB (UM) 45*1024kB (UME) 4*2048kB (M) 248*4096kB (UM) = 1172536kB
[  969.634720][T17094] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  969.652939][T17094] Node 1 Normal: 7*4kB (UME) 6*8kB (UME) 10*16kB (ME) 6*32kB (UME) 4*64kB (UME) 2*128kB (ME) 2*256kB (M) 10*512kB (UME) 7*1024kB (UME) 6*2048kB (UME) 936*4096kB (UM) = 3859884kB
[  969.691413][T17094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  969.707725][T17094] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  969.725935][T17094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  969.781043][T17094] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  969.815358][T17094] 67561 total pagecache pages
[  969.845376][T17094] 0 pages in swap cache
[  969.857932][T17094] Free swap  = 124996kB
[  969.862695][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  969.877399][T17094] Total swap = 124996kB
[  969.892792][T17094] 2097051 pages RAM
[  969.898595][T17094] 0 pages HighMem/MovableOnly
[  969.984287][T17094] 424690 pages reserved
[  970.033322][T17094] 0 pages cma reserved
[  970.113625][T17107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2980'.
[  970.711176][T16986] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  970.777780][T16986] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  970.881245][T16986] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  970.902732][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  970.972523][T16986] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  971.006335][T17131] input: syz1 as /devices/virtual/input/input73
[  971.212851][T11016] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  971.315496][T17143] futex_wake_op: syz.1.2982 tries to shift op by -33; fix this program
[  971.355765][T17143] netdevsim netdevsim1: Direct firmware load for .
[  971.355765][T17143]  failed with error -2
[  971.366921][T17143] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  971.366921][T17143] 
[  971.414564][T11016] usb 3-1: Using ep0 maxpacket: 32
[  971.430960][T11016] usb 3-1: config 0 has an invalid interface number: 219 but max is 0
[  971.439481][T11016] usb 3-1: config 0 has no interface number 0
[  971.448659][T11016] usb 3-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  971.488487][T11016] usb 3-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  971.512274][T11016] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  971.524179][T11016] usb 3-1: config 0 interface 219 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  971.544292][T11016] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  971.565632][T11016] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  971.576764][T11016] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.586362][T11016] usb 3-1: Product: syz
[  971.590686][T11016] usb 3-1: Manufacturer: syz
[  971.598320][T11016] usb 3-1: SerialNumber: syz
[  971.729086][T11016] usb 3-1: config 0 descriptor??
[  971.751340][T17132] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  971.942699][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  972.014935][T11016] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz)
[  972.030283][T16986] 8021q: adding VLAN 0 to HW filter on device bond0
[  972.110794][T16986] 8021q: adding VLAN 0 to HW filter on device team0
[  972.148309][T16286] bridge0: port 1(bridge_slave_0) entered blocking state
[  972.155789][T16286] bridge0: port 1(bridge_slave_0) entered forwarding state
[  972.239889][T16284] bridge0: port 2(bridge_slave_1) entered blocking state
[  972.247169][T16284] bridge0: port 2(bridge_slave_1) entered forwarding state
[  972.271250][T11016] etas_es58x 3-1:0.219: could not parse product info: 'У'
[  972.542417][T11016] usb 3-1: USB disconnect, device number 2
[  972.566804][T11016] etas_es58x 3-1:0.219: Disconnecting syz syz
[  972.771222][T16986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  972.992724][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  973.008225][T16986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  973.288751][T16986] veth0_vlan: entered promiscuous mode
[  973.378558][T16986] veth1_vlan: entered promiscuous mode
[  973.475394][T16986] veth0_macvtap: entered promiscuous mode
[  973.495239][T16986] veth1_macvtap: entered promiscuous mode
[  973.529237][T16986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  973.556751][T16986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  973.596345][T16986] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  973.639593][T16986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  973.659944][T16986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  973.710067][T16986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  974.017757][T17183] rtc_cmos 00:00: Alarms can be up to one day in the future
[  974.035031][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  974.113289][   T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  974.179445][T16284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.221961][T16284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  974.307083][   T24] usb 1-1: Using ep0 maxpacket: 16
[  974.326991][T16288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.338449][   T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  974.363060][T16288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  974.392688][   T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  974.463953][   T24] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  974.499635][   T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  974.529963][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.566809][   T24] usb 1-1: Product: syz
[  974.580936][   T24] usb 1-1: Manufacturer: syz
[  974.593825][   T24] usb 1-1: SerialNumber: syz
[  974.865209][T17198] loop2: detected capacity change from 0 to 7
[  974.872163][T17198] buffer_io_error: 4 callbacks suppressed
[  974.872178][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.890738][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.939747][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.948350][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.957655][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.966908][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.977582][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  974.987375][T17198] ldm_validate_partition_table(): Disk read failed.
[  975.009060][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  975.072700][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  975.208503][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  975.275679][T17198] Buffer I/O error on dev loop2, logical block 0, async page read
[  975.290809][T17198] Dev loop2: unable to read RDB block 0
[  975.368929][T17198]  loop2: unable to read partition table
[  975.382960][   T24] usb 1-1: 2:1 : format type 0 is detected, processed as PCM
[  975.404418][   T24] usb 1-1: 2:1: cannot set freq 9338507 to ep 0x82
[  975.453051][T17198] loop2: partition table beyond EOD, truncated
[  975.460710][T17198] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  975.622881][   T24] usb 1-1: USB disconnect, device number 3
[  975.776381][T17186] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2992'.
[  976.102848][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  976.552895][   T24] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  976.732769][   T24] usb 5-1: Using ep0 maxpacket: 16
[  976.941542][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  977.013046][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  977.084451][   T24] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  977.142694][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  977.480016][   T24] usb 5-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  977.540513][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.603098][T11027] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  977.623036][   T24] usb 5-1: Product: syz
[  977.660387][   T24] usb 5-1: Manufacturer: syz
[  977.691584][   T24] usb 5-1: SerialNumber: syz
[  977.700717][T17229] syzkaller1: entered promiscuous mode
[  977.752186][T17231] FAULT_INJECTION: forcing a failure.
[  977.752186][T17231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  977.834278][T11027] usb 1-1: Using ep0 maxpacket: 16
[  977.846147][T17229] syzkaller1: entered allmulticast mode
[  977.856754][T11027] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  977.893016][T11027] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  977.922759][T17231] CPU: 1 UID: 0 PID: 17231 Comm: syz.5.3000 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  977.922793][T17231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  977.922805][T17231] Call Trace:
[  977.922815][T17231]  <TASK>
[  977.922825][T17231]  dump_stack_lvl+0x189/0x250
[  977.922861][T17231]  ? __pfx____ratelimit+0x10/0x10
[  977.922897][T17231]  ? __pfx_dump_stack_lvl+0x10/0x10
[  977.922929][T17231]  ? __pfx__printk+0x10/0x10
[  977.922952][T17231]  ? __might_fault+0xb0/0x130
[  977.922984][T17231]  should_fail_ex+0x414/0x560
[  977.923016][T17231]  _copy_from_iter+0x1db/0x16f0
[  977.923050][T17231]  ? rep_movs_alternative+0x4a/0x90
[  977.923083][T17231]  ? __pfx__copy_from_iter+0x10/0x10
[  977.923111][T17231]  ? sock_alloc_send_pskb+0x875/0x990
[  977.923147][T17231]  ? __pfx__copy_from_iter+0x10/0x10
[  977.923180][T17231]  ? page_copy_sane+0x16a/0x280
[  977.923213][T17231]  copy_page_from_iter+0xdd/0x170
[  977.923247][T17231]  skb_copy_datagram_from_iter+0x306/0x720
[  977.923288][T17231]  tun_get_user+0x15c3/0x3ce0
[  977.923337][T17231]  ? aa_file_perm+0x11f/0xed0
[  977.923366][T17231]  ? __pfx_tun_get_user+0x10/0x10
[  977.923394][T17231]  ? aa_file_perm+0x11f/0xed0
[  977.923431][T17231]  ? aa_file_perm+0x3e7/0xed0
[  977.923474][T17231]  ? ref_tracker_alloc+0x318/0x460
[  977.923502][T17231]  ? __lock_acquire+0xab9/0xd20
[  977.923534][T17231]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  977.923567][T17231]  ? tun_get+0x1c/0x2f0
[  977.923599][T17231]  ? tun_get+0x1c/0x2f0
[  977.923627][T17231]  ? tun_get+0x1c/0x2f0
[  977.923660][T17231]  tun_chr_write_iter+0x113/0x200
[  977.923694][T17231]  vfs_write+0x548/0xa90
[  977.923733][T17231]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  977.923765][T17231]  ? __pfx_vfs_write+0x10/0x10
[  977.923807][T17231]  ? __fget_files+0x2a/0x420
[  977.923841][T17231]  ksys_write+0x145/0x250
[  977.923863][T17231]  ? __pfx_ksys_write+0x10/0x10
[  977.923887][T17231]  ? do_syscall_64+0xbe/0x3b0
[  977.923912][T17231]  do_syscall_64+0xfa/0x3b0
[  977.923930][T17231]  ? lockdep_hardirqs_on+0x9c/0x150
[  977.923960][T17231]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.923982][T17231]  ? clear_bhb_loop+0x60/0xb0
[  977.924008][T17231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.924029][T17231] RIP: 0033:0x7f13a618e929
[  977.924048][T17231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  977.924067][T17231] RSP: 002b:00007f13a6f3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  977.924089][T17231] RAX: ffffffffffffffda RBX: 00007f13a63b6080 RCX: 00007f13a618e929
[  977.924104][T17231] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[  977.924117][T17231] RBP: 00007f13a6f3d090 R08: 0000000000000000 R09: 0000000000000000
[  977.924129][T17231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  977.924142][T17231] R13: 0000000000000001 R14: 00007f13a63b6080 R15: 00007f13a64dfa28
[  977.924171][T17231]  </TASK>
[  978.224033][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  978.283014][T11027] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  978.356517][T17234] FAULT_INJECTION: forcing a failure.
[  978.356517][T17234] name failslab, interval 1, probability 0, space 0, times 0
[  978.394767][T11027] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  978.506337][T11023] IPVS: starting estimator thread 0...
[  978.543508][T11027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.576238][T11027] usb 1-1: Product: syz
[  978.582336][T11027] usb 1-1: Manufacturer: syz
[  978.588545][T17234] CPU: 1 UID: 0 PID: 17234 Comm: syz.1.3001 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  978.588577][T17234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  978.588591][T17234] Call Trace:
[  978.588600][T17234]  <TASK>
[  978.588609][T17234]  dump_stack_lvl+0x189/0x250
[  978.588647][T17234]  ? __pfx____ratelimit+0x10/0x10
[  978.588684][T17234]  ? __pfx_dump_stack_lvl+0x10/0x10
[  978.588717][T17234]  ? __pfx__printk+0x10/0x10
[  978.588747][T17234]  ? __pfx___might_resched+0x10/0x10
[  978.588785][T17234]  should_fail_ex+0x414/0x560
[  978.588817][T17234]  ? nf_tables_commit+0xaa9/0x8700
[  978.588842][T17234]  should_failslab+0xa8/0x100
[  978.588868][T17234]  __kvmalloc_node_noprof+0x161/0x5f0
[  978.588891][T17234]  ? nf_tables_commit+0xaa9/0x8700
[  978.588916][T17234]  ? nf_tables_commit+0x79d/0x8700
[  978.588948][T17234]  nf_tables_commit+0xaa9/0x8700
[  978.588974][T17234]  ? do_raw_spin_unlock+0x122/0x240
[  978.589022][T17234]  ? __pfx___folio_put+0x10/0x10
[  978.589048][T17234]  ? __pfx_nf_tables_commit+0x10/0x10
[  978.589076][T17234]  ? free_large_kmalloc+0xeb/0x200
[  978.589101][T17234]  ? free_large_kmalloc+0x145/0x200
[  978.589126][T17234]  ? nf_tables_newrule+0x23bc/0x2890
[  978.589170][T17234]  ? __pfx_nf_tables_newrule+0x10/0x10
[  978.589224][T17234]  nfnetlink_rcv+0x1a4b/0x2520
[  978.589291][T17234]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  978.589366][T17234]  ? ref_tracker_free+0x63a/0x7d0
[  978.589428][T17234]  ? __netlink_deliver_tap+0x807/0x850
[  978.589464][T17234]  ? netlink_deliver_tap+0x2e/0x1b0
[  978.589487][T17234]  ? netlink_deliver_tap+0x2e/0x1b0
[  978.589518][T17234]  netlink_unicast+0x758/0x8d0
[  978.589552][T17234]  netlink_sendmsg+0x805/0xb30
[  978.589589][T17234]  ? __pfx_netlink_sendmsg+0x10/0x10
[  978.589619][T17234]  ? aa_sock_msg_perm+0x94/0x160
[  978.589649][T17234]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  978.589675][T17234]  ? __pfx_netlink_sendmsg+0x10/0x10
[  978.589701][T17234]  __sock_sendmsg+0x219/0x270
[  978.589738][T17234]  ____sys_sendmsg+0x505/0x830
[  978.589770][T17234]  ? __pfx_____sys_sendmsg+0x10/0x10
[  978.589806][T17234]  ? import_iovec+0x74/0xa0
[  978.589831][T17234]  ___sys_sendmsg+0x21f/0x2a0
[  978.589861][T17234]  ? __pfx____sys_sendmsg+0x10/0x10
[  978.589929][T17234]  ? __fget_files+0x2a/0x420
[  978.589951][T17234]  ? __fget_files+0x3a0/0x420
[  978.589986][T17234]  __x64_sys_sendmsg+0x19b/0x260
[  978.590016][T17234]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  978.590054][T17234]  ? __pfx_ksys_write+0x10/0x10
[  978.590071][T17234]  ? rcu_is_watching+0x15/0xb0
[  978.590108][T17234]  ? do_syscall_64+0xbe/0x3b0
[  978.590133][T17234]  do_syscall_64+0xfa/0x3b0
[  978.590151][T17234]  ? lockdep_hardirqs_on+0x9c/0x150
[  978.590182][T17234]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  978.590202][T17234]  ? clear_bhb_loop+0x60/0xb0
[  978.590228][T17234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  978.590249][T17234] RIP: 0033:0x7f374cf8e929
[  978.590268][T17234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  978.590286][T17234] RSP: 002b:00007f374dd32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  978.590309][T17234] RAX: ffffffffffffffda RBX: 00007f374d1b5fa0 RCX: 00007f374cf8e929
[  978.590325][T17234] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  978.590339][T17234] RBP: 00007f374dd32090 R08: 0000000000000000 R09: 0000000000000000
[  978.590352][T17234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  978.590372][T17234] R13: 0000000000000000 R14: 00007f374d1b5fa0 R15: 00007f374d2dfa28
[  978.590405][T17234]  </TASK>
[  978.603386][T17235] IPVS: using max 25 ests per chain, 60000 per kthread
[  978.972064][T11027] usb 1-1: SerialNumber: syz
[  978.993775][T16550] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  979.004096][T16550] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  979.017340][T16550] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  979.028736][T16550] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  979.099066][T16550] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  979.302686][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  979.662997][T11027] usb 1-1: 0:2 : does not exist
[  979.990372][   T24] usb 5-1: USB disconnect, device number 120
[  980.205696][T17257] sctp: [Deprecated]: syz.1.3006 (pid 17257) Use of int in max_burst socket option deprecated.
[  980.205696][T17257] Use struct sctp_assoc_value instead
[  980.292083][T17262] sctp: [Deprecated]: syz.5.3004 (pid 17262) Use of struct sctp_assoc_value in delayed_ack socket option.
[  980.292083][T17262] Use struct sctp_sack_info instead
[  980.315275][T17262] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3004'.
[  980.350020][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  980.445262][T17267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  980.454601][T17267] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  980.493719][   T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  980.493784][T17267] program syz.0.2998 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  980.608005][T17269] input: syz1 as /devices/virtual/input/input74
[  980.699675][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  980.754560][   T24] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  980.764065][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.788227][   T24] usb 2-1: Product: syz
[  980.817810][   T24] usb 2-1: Manufacturer: syz
[  980.831153][   T24] usb 2-1: SerialNumber: syz
[  980.936262][   T24] usb 2-1: config 0 descriptor??
[  981.339876][T11027] usb 1-1: USB disconnect, device number 4
[  981.382742][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  981.391108][T16550] Bluetooth: hci3: command tx timeout
[  981.453988][   T24] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  981.598453][   T24] usb 2-1: USB disconnect, device number 26
[  981.630037][ T5967] udevd[5967]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  982.017089][T17241] chnl_net:caif_netlink_parms(): no params data found
[  982.422724][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  983.079496][T17241] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.122812][T17241] bridge0: port 1(bridge_slave_0) entered disabled state
[  983.141501][T17241] bridge_slave_0: entered allmulticast mode
[  983.161033][T17241] bridge_slave_0: entered promiscuous mode
[  983.189263][T17241] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.202869][T17241] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.222987][T17241] bridge_slave_1: entered allmulticast mode
[  983.245798][T17241] bridge_slave_1: entered promiscuous mode
[  983.273362][T17285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3008'.
[  983.462693][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  983.481769][T17241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  983.510755][T16550] Bluetooth: hci3: command tx timeout
[  983.539424][T17241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  983.716258][T17241] team0: Port device team_slave_0 added
[  983.757268][T17241] team0: Port device team_slave_1 added
[  983.913301][T17313] [U] 5ѨD��Ս���
[  983.918061][T17313] [U] �DL�Y�>D@���
[  983.933867][T17314] FAULT_INJECTION: forcing a failure.
[  983.933867][T17314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  983.959703][T17313] [U] 
[  983.962498][T17313] [U] 
[  983.965247][T17313] [U] 
[  983.971014][T17314] CPU: 1 UID: 0 PID: 17314 Comm: syz.4.3011 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  983.971043][T17314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  983.971056][T17314] Call Trace:
[  983.971065][T17314]  <TASK>
[  983.971073][T17314]  dump_stack_lvl+0x189/0x250
[  983.971110][T17314]  ? __pfx____ratelimit+0x10/0x10
[  983.971142][T17314]  ? __pfx_dump_stack_lvl+0x10/0x10
[  983.971172][T17314]  ? __pfx__printk+0x10/0x10
[  983.971189][T17314]  ? __might_fault+0xb0/0x130
[  983.971212][T17314]  should_fail_ex+0x414/0x560
[  983.971236][T17314]  _copy_from_user+0x2d/0xb0
[  983.971251][T17314]  ___sys_recvmsg+0x12e/0x510
[  983.971277][T17314]  ? __pfx____sys_recvmsg+0x10/0x10
[  983.971319][T17314]  ? __might_fault+0xb0/0x130
[  983.971336][T17314]  do_recvmmsg+0x307/0x770
[  983.971362][T17314]  ? __pfx_do_recvmmsg+0x10/0x10
[  983.971390][T17314]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  983.971433][T17314]  __x64_sys_recvmmsg+0x190/0x240
[  983.971457][T17314]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  983.971481][T17314]  ? do_syscall_64+0xbe/0x3b0
[  983.971498][T17314]  do_syscall_64+0xfa/0x3b0
[  983.971510][T17314]  ? lockdep_hardirqs_on+0x9c/0x150
[  983.971532][T17314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.971546][T17314]  ? clear_bhb_loop+0x60/0xb0
[  983.971565][T17314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.971584][T17314] RIP: 0033:0x7fcb0bd8e929
[  983.971598][T17314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  983.971611][T17314] RSP: 002b:00007fcb0cb0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  983.971627][T17314] RAX: ffffffffffffffda RBX: 00007fcb0bfb6080 RCX: 00007fcb0bd8e929
[  983.971639][T17314] RDX: 03ffffffffffff67 RSI: 0000200000002440 RDI: 0000000000000004
[  983.971649][T17314] RBP: 00007fcb0cb0f090 R08: 0000000000000000 R09: 0000000000000000
[  983.971658][T17314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  983.971668][T17314] R13: 0000000000000001 R14: 00007fcb0bfb6080 R15: 00007fcb0c0dfa28
[  983.971690][T17314]  </TASK>
[  984.212387][T17313] [U] 
[  984.215133][T17313] [U] 
[  984.217871][T17313] [U] 
[  984.220572][T17313] [U] 
[  984.223742][T17313] [U] 
[  984.226523][T17313] [U] 
[  984.229893][T17313] [U] 
[  984.334054][T17241] batman_adv: batadv0: Adding interface: batadv_slave_0
[  984.379508][T17241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  984.483026][T17241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  984.502721][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  984.600757][T17241] batman_adv: batadv0: Adding interface: batadv_slave_1
[  984.608129][T17241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  984.637852][T17241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  984.772353][T17311] [U] 
[  984.838384][T17241] hsr_slave_0: entered promiscuous mode
[  984.858575][T17241] hsr_slave_1: entered promiscuous mode
[  984.867127][T17241] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  984.877479][T17241] Cannot create hsr debugfs directory
[  985.283082][T11027] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  985.436165][T11027] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  985.446834][T11027] usb 6-1: config 0 interface 0 has no altsetting 0
[  985.464169][T11027] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  985.475674][T11027] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.495001][T11027] usb 6-1: Product: syz
[  985.523532][T11027] usb 6-1: Manufacturer: syz
[  985.535463][T11027] usb 6-1: SerialNumber: syz
[  985.543852][T16550] Bluetooth: hci3: command tx timeout
[  985.543897][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  985.577215][T11027] usb 6-1: config 0 descriptor??
[  985.598958][T17241] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  985.646593][T11027] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  985.663823][T11027] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  985.681881][T11027] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  985.692566][T11027] usb 6-1: media controller created
[  985.833327][T11027] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  986.192105][T11027] DVB: Unable to find symbol tda10046_attach()
[  986.277664][T11027] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  986.295311][T11027] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  986.471610][   T30] audit: type=1326 audit(1750487340.216:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.592735][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  986.633040][   T30] audit: type=1326 audit(1750487340.216:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.677863][T17241] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  986.776873][   T30] audit: type=1326 audit(1750487340.256:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.800674][   T30] audit: type=1326 audit(1750487340.276:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.874968][   T30] audit: type=1326 audit(1750487340.286:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.877131][T17241] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  986.900154][   T30] audit: type=1326 audit(1750487340.286:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.934685][T11023] usb 2-1: new low-speed USB device number 27 using dummy_hcd
[  986.945884][   T30] audit: type=1326 audit(1750487340.286:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.971738][   T30] audit: type=1326 audit(1750487340.286:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  986.997944][T11027] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  987.013952][T11027] usb 6-1: USB disconnect, device number 95
[  987.028737][   T30] audit: type=1326 audit(1750487340.286:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  987.057440][   T30] audit: type=1326 audit(1750487340.306:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.1.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f374cf8e929 code=0x7ffc0000
[  987.080825][T11023] usb 2-1: device descriptor read/64, error -71
[  987.252321][T17241] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  987.339782][T11023] usb 2-1: new low-speed USB device number 28 using dummy_hcd
[  987.402960][T11024] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  987.482789][T11023] usb 2-1: device descriptor read/64, error -71
[  987.505445][T17353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3022'.
[  987.557967][T17241] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  987.563376][T11024] usb 5-1: Using ep0 maxpacket: 8
[  987.575321][T11024] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  987.598622][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  987.613527][T11023] usb usb2-port1: attempt power cycle
[  987.619864][T17241] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  987.622145][T11024] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  987.626699][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  987.646421][T16550] Bluetooth: hci3: command tx timeout
[  987.656573][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  987.668317][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  987.681731][T11024] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  987.690367][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  987.705717][T11024] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  987.721899][T17241] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  987.729023][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  987.748784][T17241] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  987.755868][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  987.775436][T11024] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  987.783618][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  987.795154][T11024] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  987.815087][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  987.841547][T11024] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  987.878586][T11024] usb 5-1: string descriptor 0 read error: -22
[  987.885436][T11024] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  987.897386][T11024] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.950019][T11024] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  987.975360][T11023] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[  988.024249][T11023] usb 2-1: device descriptor read/8, error -71
[  988.085728][T17241] 8021q: adding VLAN 0 to HW filter on device bond0
[  988.111505][T17241] 8021q: adding VLAN 0 to HW filter on device team0
[  988.140371][ T8085] bridge0: port 1(bridge_slave_0) entered blocking state
[  988.147658][ T8085] bridge0: port 1(bridge_slave_0) entered forwarding state
[  988.165256][ T8085] bridge0: port 2(bridge_slave_1) entered blocking state
[  988.172465][ T8085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  988.269093][T17241] 8021q: adding VLAN 0 to HW filter on device batadv0
[  988.277575][T11023] usb 2-1: new low-speed USB device number 30 using dummy_hcd
[  988.304550][T11023] usb 2-1: device descriptor read/8, error -71
[  988.349326][T17241] veth0_vlan: entered promiscuous mode
[  988.377881][T17241] veth1_vlan: entered promiscuous mode
[  988.419404][T17241] veth0_macvtap: entered promiscuous mode
[  988.434794][T11023] usb usb2-port1: unable to enumerate USB device
[  988.446042][T17241] veth1_macvtap: entered promiscuous mode
[  988.469494][T17241] batman_adv: batadv0: Interface activated: batadv_slave_0
[  988.495252][T17241] batman_adv: batadv0: Interface activated: batadv_slave_1
[  988.516183][T17241] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  988.545274][T17241] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  988.555462][T17241] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  988.565589][T17241] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  988.662860][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  989.058013][T16284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  989.088199][T16284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  989.199185][T17376] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3027'.
[  989.234429][T17376] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3027'.
[  989.281296][T16284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  989.309687][T16284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  989.504788][T17378] binder: 17377:17378 ioctl c0306201 2000000003c0 returned -14
[  989.702735][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  990.208346][   T24] usb 5-1: USB disconnect, device number 121
[  990.372419][T17397] bridge_slave_0: left allmulticast mode
[  990.446767][T17397] bridge_slave_0: left promiscuous mode
[  990.613052][T17397] bridge0: port 1(bridge_slave_0) entered disabled state
[  990.742748][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  990.893480][   T24] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  990.959727][T17397] bridge_slave_1: left allmulticast mode
[  990.992928][T17397] bridge_slave_1: left promiscuous mode
[  991.028718][T17397] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.133461][   T24] usb 5-1: Using ep0 maxpacket: 32
[  991.176547][   T24] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  991.198622][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  991.211008][T17397] bond0: (slave bond_slave_0): Releasing backup interface
[  991.223889][T17406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3034'.
[  991.253034][   T24] usb 5-1: config 0 descriptor??
[  991.297097][   T24] as10x_usb: device has been detected
[  991.310109][   T24] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  991.333704][T17397] bond0: (slave bond_slave_1): Releasing backup interface
[  991.473611][T17397] team0: Port device team_slave_0 removed
[  991.506598][   T24] usb 5-1: DVB: registering adapter 3 frontend 0 (nBox DVB-T Dongle)...
[  991.615725][   T24] as10x_usb: error during firmware upload part1
[  991.617600][T17397] team0: Port device team_slave_1 removed
[  991.661578][   T24] Registered device nBox DVB-T Dongle
[  991.782721][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  991.797883][T17397] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  991.933322][T17397] batman_adv: batadv0: Removing interface: batadv_slave_0
[  991.994014][T17397] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  992.016219][T17412] loop2: detected capacity change from 0 to 7
[  992.023587][T17412] buffer_io_error: 4 callbacks suppressed
[  992.023600][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.057825][T17397] batman_adv: batadv0: Removing interface: batadv_slave_1
[  992.085596][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.155870][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.206829][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.237745][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.272856][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.300623][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.334670][T17412] ldm_validate_partition_table(): Disk read failed.
[  992.365795][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.397863][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.437419][   T24] usb 5-1: USB disconnect, device number 122
[  992.481423][T17414] futex_wake_op: syz.5.3035 tries to shift op by -33; fix this program
[  992.496116][T17414] netdevsim netdevsim5: Direct firmware load for .
[  992.496116][T17414]  failed with error -2
[  992.511620][T17414] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  992.511620][T17414] 
[  992.521746][T17412] Buffer I/O error on dev loop2, logical block 0, async page read
[  992.603211][T17412] Dev loop2: unable to read RDB block 0
[  992.754866][   T24] Unregistered device nBox DVB-T Dongle
[  992.757076][   T24] as10x_usb: device has been disconnected
[  992.782251][T17412]  loop2: unable to read partition table
[  992.813299][T17412] loop2: partition table beyond EOD, truncated
[  992.819673][T17412] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  992.829022][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  993.226836][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.235600][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  993.412884][   T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  993.576151][   T24] usb 3-1: Using ep0 maxpacket: 16
[  993.592101][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  993.632889][T11028] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  993.662379][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  993.699045][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  993.769131][   T24] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  993.794528][T11028] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  993.811427][T11028] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  993.828200][T11028] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  993.828205][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  993.830001][T11028] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  993.862782][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  993.893487][T11028] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  993.904716][   T24] usb 3-1: config 0 descriptor??
[  993.922060][T11028] usb 1-1: Manufacturer: syz
[  994.004297][T11028] usb 1-1: config 0 descriptor??
[  994.397403][   T24] shield 0003:0955:7214.002E: unknown main item tag 0x0
[  994.422355][T11024] usb 1-1: USB disconnect, device number 5
[  994.470306][   T24] shield 0003:0955:7214.002E: unknown main item tag 0x0
[  994.483136][   T24] shield 0003:0955:7214.002E: unknown main item tag 0x0
[  994.490653][   T24] shield 0003:0955:7214.002E: unknown main item tag 0x0
[  994.497848][   T24] shield 0003:0955:7214.002E: unknown main item tag 0x0
[  994.536120][   T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input76
[  994.549764][T17427] random: crng reseeded on system resumption
[  994.675498][   T24] shield 0003:0955:7214.002E: Registered Thunderstrike controller
[  994.710654][   T24] shield 0003:0955:7214.002E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  994.912680][    C1] gre0 selects TX queue 0, but real number of TX queues is 0
[  994.982834][   T24] usb 3-1: USB disconnect, device number 3
[  994.990073][ T5893] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  995.021052][ T5893] shield 0003:0955:7214.002E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  995.034698][   T24] ------------[ cut here ]------------
[  995.040308][   T24] workqueue: work disable count underflowed
[  995.046334][   T24] WARNING: CPU: 1 PID: 24 at kernel/workqueue.c:4328 enable_work+0x2b1/0x2c0
[  995.055167][   T24] Modules linked in:
[  995.059769][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  995.071711][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  995.081907][   T24] Workqueue: usb_hub_wq hub_event
[  995.087008][   T24] RIP: 0010:enable_work+0x2b1/0x2c0
[  995.092263][   T24] Code: 41 5e 41 5f 5d e9 3f 01 de 09 cc e8 79 2f db 09 e8 64 24 35 00 c6 05 4b c6 ff 0d 01 90 48 c7 c7 e0 e4 89 8b e8 00 cf f8 ff 90 <0f> 0b 90 90 e9 69 ff ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90
[  995.111923][   T24] RSP: 0000:ffffc900001e7060 EFLAGS: 00010046
[  995.118025][   T24] RAX: f9ed6c2f6f416600 RBX: ffff88801177a730 RCX: 0000000000100000
[  995.126017][   T24] RDX: ffffc9001c4aa000 RSI: 0000000000009b06 RDI: 0000000000009b07
[  995.134007][   T24] RBP: ffffc900001e7120 R08: ffffc900001e6d87 R09: 1ffff9200003cdb0
[  995.142000][   T24] R10: dffffc0000000000 R11: fffff5200003cdb1 R12: 1ffff9200003ce10
[  995.150003][   T24] R13: dffffc0000000000 R14: 0000000000000000 R15: 001fffffffc00001
[  995.157999][   T24] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  995.166947][   T24] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  995.173548][   T24] CR2: 000000110c33ba82 CR3: 000000006adac000 CR4: 00000000003526f0
[  995.181543][   T24] DR0: 000000000000004b DR1: 0000000000000000 DR2: 0000000000000000
[  995.189537][   T24] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  995.197529][   T24] Call Trace:
[  995.200824][   T24]  <TASK>
[  995.203795][   T24]  ? __pfx_enable_work+0x10/0x10
[  995.208759][   T24]  ? __thermal_zone_cdev_unbind+0x46b/0x4a0
[  995.214765][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  995.219998][   T24]  __cancel_work_sync+0xf7/0x110
[  995.224961][   T24]  thermal_zone_device_unregister+0x210/0x380
[  995.231060][   T24]  power_supply_unregister+0xf9/0x140
[  995.236449][   T24]  ? __pfx_shield_remove+0x10/0x10
[  995.241586][   T24]  shield_remove+0x72/0x120
[  995.246114][   T24]  hid_device_remove+0x228/0x370
[  995.251075][   T24]  ? __pfx_hid_device_remove+0x10/0x10
[  995.256640][   T24]  device_release_driver_internal+0x46c/0x7c0
[  995.262740][   T24]  bus_remove_device+0x34d/0x410
[  995.267710][   T24]  device_del+0x511/0x8e0
[  995.272065][   T24]  ? __pfx_device_del+0x10/0x10
[  995.276949][   T24]  hid_destroy_device+0x6b/0x1b0
[  995.282001][   T24]  usbhid_disconnect+0x9f/0xc0
[  995.286790][   T24]  usb_unbind_interface+0x26e/0x8f0
[  995.292022][   T24]  ? __pfx_usb_unbind_interface+0x10/0x10
[  995.297763][   T24]  device_release_driver_internal+0x4d9/0x7c0
[  995.303865][   T24]  bus_remove_device+0x34d/0x410
[  995.308843][   T24]  device_del+0x511/0x8e0
[  995.313202][   T24]  ? kfree+0x18e/0x440
[  995.317302][   T24]  ? __pfx_device_del+0x10/0x10
[  995.322174][   T24]  ? kobject_put+0x446/0x480
[  995.326791][   T24]  usb_disable_device+0x3e9/0x8a0
[  995.331869][   T24]  usb_disconnect+0x330/0x910
[  995.336583][   T24]  hub_event+0x1cdb/0x4a00
[  995.341059][   T24]  ? do_raw_spin_lock+0x121/0x290
[  995.346107][   T24]  ? register_lock_class+0x51/0x320
[  995.351345][   T24]  ? __pfx_hub_event+0x10/0x10
[  995.356140][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.361897][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  995.367127][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.372893][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.378680][   T24]  process_scheduled_works+0xae1/0x17b0
[  995.384315][   T24]  ? __pfx_process_scheduled_works+0x10/0x10
[  995.390361][   T24]  worker_thread+0x8a0/0xda0
[  995.395024][   T24]  kthread+0x70e/0x8a0
[  995.399139][   T24]  ? __pfx_worker_thread+0x10/0x10
[  995.404278][   T24]  ? __pfx_kthread+0x10/0x10
[  995.408892][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  995.414116][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  995.419340][   T24]  ? __pfx_kthread+0x10/0x10
[  995.423952][   T24]  ret_from_fork+0x3f9/0x770
[  995.428570][   T24]  ? __pfx_ret_from_fork+0x10/0x10
[  995.433800][   T24]  ? __switch_to_asm+0x39/0x70
[  995.438590][   T24]  ? __switch_to_asm+0x33/0x70
[  995.443371][   T24]  ? __pfx_kthread+0x10/0x10
[  995.447981][   T24]  ret_from_fork_asm+0x1a/0x30
[  995.452806][   T24]  </TASK>
[  995.455867][   T24] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  995.463167][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  995.475076][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  995.485186][   T24] Workqueue: usb_hub_wq hub_event
[  995.490276][   T24] Call Trace:
[  995.493591][   T24]  <TASK>
[  995.496557][   T24]  dump_stack_lvl+0x99/0x250
[  995.501199][   T24]  ? __asan_memcpy+0x40/0x70
[  995.505827][   T24]  ? __pfx_dump_stack_lvl+0x10/0x10
[  995.511072][   T24]  ? __pfx__printk+0x10/0x10
[  995.515713][   T24]  panic+0x2db/0x790
[  995.519646][   T24]  ? __pfx_panic+0x10/0x10
[  995.524083][   T24]  ? show_trace_log_lvl+0x4fb/0x550
[  995.529316][   T24]  ? ret_from_fork_asm+0x1a/0x30
[  995.534277][   T24]  __warn+0x31b/0x4b0
[  995.538288][   T24]  ? enable_work+0x2b1/0x2c0
[  995.542916][   T24]  ? enable_work+0x2b1/0x2c0
[  995.547539][   T24]  report_bug+0x2be/0x4f0
[  995.551919][   T24]  ? enable_work+0x2b1/0x2c0
[  995.556534][   T24]  ? enable_work+0x2b1/0x2c0
[  995.561142][   T24]  ? enable_work+0x2b3/0x2c0
[  995.565755][   T24]  handle_bug+0x84/0x160
[  995.570023][   T24]  exc_invalid_op+0x1a/0x50
[  995.574551][   T24]  asm_exc_invalid_op+0x1a/0x20
[  995.579423][   T24] RIP: 0010:enable_work+0x2b1/0x2c0
[  995.584651][   T24] Code: 41 5e 41 5f 5d e9 3f 01 de 09 cc e8 79 2f db 09 e8 64 24 35 00 c6 05 4b c6 ff 0d 01 90 48 c7 c7 e0 e4 89 8b e8 00 cf f8 ff 90 <0f> 0b 90 90 e9 69 ff ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90
[  995.604295][   T24] RSP: 0000:ffffc900001e7060 EFLAGS: 00010046
[  995.610409][   T24] RAX: f9ed6c2f6f416600 RBX: ffff88801177a730 RCX: 0000000000100000
[  995.618431][   T24] RDX: ffffc9001c4aa000 RSI: 0000000000009b06 RDI: 0000000000009b07
[  995.626457][   T24] RBP: ffffc900001e7120 R08: ffffc900001e6d87 R09: 1ffff9200003cdb0
[  995.634467][   T24] R10: dffffc0000000000 R11: fffff5200003cdb1 R12: 1ffff9200003ce10
[  995.642474][   T24] R13: dffffc0000000000 R14: 0000000000000000 R15: 001fffffffc00001
[  995.650494][   T24]  ? __pfx_enable_work+0x10/0x10
[  995.655468][   T24]  ? __thermal_zone_cdev_unbind+0x46b/0x4a0
[  995.661386][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  995.666616][   T24]  __cancel_work_sync+0xf7/0x110
[  995.671576][   T24]  thermal_zone_device_unregister+0x210/0x380
[  995.677677][   T24]  power_supply_unregister+0xf9/0x140
[  995.683067][   T24]  ? __pfx_shield_remove+0x10/0x10
[  995.688199][   T24]  shield_remove+0x72/0x120
[  995.692741][   T24]  hid_device_remove+0x228/0x370
[  995.697715][   T24]  ? __pfx_hid_device_remove+0x10/0x10
[  995.703214][   T24]  device_release_driver_internal+0x46c/0x7c0
[  995.709315][   T24]  bus_remove_device+0x34d/0x410
[  995.714295][   T24]  device_del+0x511/0x8e0
[  995.718661][   T24]  ? __pfx_device_del+0x10/0x10
[  995.723544][   T24]  hid_destroy_device+0x6b/0x1b0
[  995.728513][   T24]  usbhid_disconnect+0x9f/0xc0
[  995.733299][   T24]  usb_unbind_interface+0x26e/0x8f0
[  995.738532][   T24]  ? __pfx_usb_unbind_interface+0x10/0x10
[  995.744279][   T24]  device_release_driver_internal+0x4d9/0x7c0
[  995.750392][   T24]  bus_remove_device+0x34d/0x410
[  995.755381][   T24]  device_del+0x511/0x8e0
[  995.759757][   T24]  ? kfree+0x18e/0x440
[  995.763881][   T24]  ? __pfx_device_del+0x10/0x10
[  995.768756][   T24]  ? kobject_put+0x446/0x480
[  995.773378][   T24]  usb_disable_device+0x3e9/0x8a0
[  995.778443][   T24]  usb_disconnect+0x330/0x910
[  995.783161][   T24]  hub_event+0x1cdb/0x4a00
[  995.787633][   T24]  ? do_raw_spin_lock+0x121/0x290
[  995.792775][   T24]  ? register_lock_class+0x51/0x320
[  995.798016][   T24]  ? __pfx_hub_event+0x10/0x10
[  995.803099][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.808855][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  995.814102][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.820019][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  995.825800][   T24]  process_scheduled_works+0xae1/0x17b0
[  995.831431][   T24]  ? __pfx_process_scheduled_works+0x10/0x10
[  995.837474][   T24]  worker_thread+0x8a0/0xda0
[  995.842112][   T24]  kthread+0x70e/0x8a0
[  995.846205][   T24]  ? __pfx_worker_thread+0x10/0x10
[  995.851343][   T24]  ? __pfx_kthread+0x10/0x10
[  995.855957][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  995.861177][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  995.866432][   T24]  ? __pfx_kthread+0x10/0x10
[  995.871047][   T24]  ret_from_fork+0x3f9/0x770
[  995.875671][   T24]  ? __pfx_ret_from_fork+0x10/0x10
[  995.880818][   T24]  ? __switch_to_asm+0x39/0x70
[  995.885619][   T24]  ? __switch_to_asm+0x33/0x70
[  995.890404][   T24]  ? __pfx_kthread+0x10/0x10
[  995.895023][   T24]  ret_from_fork_asm+0x1a/0x30
[  995.899829][   T24]  </TASK>
[  995.903215][   T24] Kernel Offset: disabled
[  995.907560][   T24] Rebooting in 86400 seconds..