last executing test programs:

6m41.019956484s ago: executing program 1 (id=789):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x80000000000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m40.927107532s ago: executing program 1 (id=790):
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x200080, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000030000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
connect$inet6(r0, &(0x7f0000000380)={0xa, 0x4e23, 0xaec, @loopback, 0x6096}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r6 = socket$key(0xf, 0x3, 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x80080, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xbe)
sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xff7ffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x4040010)
signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x5]}, 0x8)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r8, 0x3ba0, &(0x7f0000000280)={0x48})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r8, 0x3ba0, &(0x7f0000000540)={0x48, 0x1, 0x0, 0x0, 0xfffffffffffffffc, 0x8000000000000000})

6m38.176479266s ago: executing program 1 (id=800):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="4606094a2f0000002c00128009000100766c616e000000001c0002800600010002000000100003800c00010007000e000800000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x5c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

6m37.948457273s ago: executing program 1 (id=801):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6m36.199736171s ago: executing program 1 (id=810):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt(0xffffffffffffffff, 0x6, 0x9, &(0x7f00000001c0)="6ac3d7b8", 0x4)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}, 0x1, 0x48}, 0x20050800)
getsockopt$sock_timeval(r2, 0x1, 0x43, 0x0, &(0x7f0000000380))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048805}, 0x0)
mlock2(&(0x7f000027f000/0x2000)=nil, 0x2000, 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
add_key$fscrypt_v1(0x0, &(0x7f0000000480), &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r4, 0x5761, &(0x7f00000001c0)=ANY=[])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x18}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010800ff623140fd0704005026010203"], 0x0)

6m35.22522679s ago: executing program 1 (id=812):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ftruncate(0xffffffffffffffff, 0x8000000000000000)
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x4e) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211", 0x15}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000080), 0x80000000, 0x40) (async)
r3 = syz_open_dev$media(&(0x7f0000000040), 0x0, 0x200) (async)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r4, 0x4b41, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000200)={0x80000000, 0x0, &(0x7f0000000180)=[{}, {{<r5=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000440)={r5, 0x0, &(0x7f00000000c0)=[{{}, {<r6=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r2, 0xc1007c01, &(0x7f00000002c0)={r6}) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = syz_open_dev$vivid(&(0x7f0000000140), 0x3, 0x2)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) (async)
ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, &(0x7f0000000480)={0xb, @raw_data="86718191bb5b6c56fec6f55425e74e8fc6bb1c6ed2d5530780b4c2a622b23c772b69813e7135ebf328347dc14960e477189f5bf59ffe826394fbc10a283045a5cbb0771aa9420e559891d3ef30d091864bf63c3a36fc418b06a52fbb649bb6f5892de1b937152cb93576c1c5df9be6565839124cf50b7bb3e961c18818d60287f481cf15166068c4dcd51e7ed51bbd1e880e6eb2fd9cf259731eb5da5c253f7d123fadebbecc27bf9592f7f4654e873bf9119ff173ae20bc12156f71b5ac5e9a7e3d75aa17e18c1a"})
syz_io_uring_submit(0x0, 0x0, &(0x7f000001f500)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) (async)
io_uring_enter(0xffffffffffffffff, 0x47f5, 0x6021, 0x0, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)

6m34.942561843s ago: executing program 32 (id=812):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ftruncate(0xffffffffffffffff, 0x8000000000000000)
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x4e) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211", 0x15}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000080), 0x80000000, 0x40) (async)
r3 = syz_open_dev$media(&(0x7f0000000040), 0x0, 0x200) (async)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r4, 0x4b41, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000200)={0x80000000, 0x0, &(0x7f0000000180)=[{}, {{<r5=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000440)={r5, 0x0, &(0x7f00000000c0)=[{{}, {<r6=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r2, 0xc1007c01, &(0x7f00000002c0)={r6}) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = syz_open_dev$vivid(&(0x7f0000000140), 0x3, 0x2)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) (async)
ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, &(0x7f0000000480)={0xb, @raw_data="86718191bb5b6c56fec6f55425e74e8fc6bb1c6ed2d5530780b4c2a622b23c772b69813e7135ebf328347dc14960e477189f5bf59ffe826394fbc10a283045a5cbb0771aa9420e559891d3ef30d091864bf63c3a36fc418b06a52fbb649bb6f5892de1b937152cb93576c1c5df9be6565839124cf50b7bb3e961c18818d60287f481cf15166068c4dcd51e7ed51bbd1e880e6eb2fd9cf259731eb5da5c253f7d123fadebbecc27bf9592f7f4654e873bf9119ff173ae20bc12156f71b5ac5e9a7e3d75aa17e18c1a"})
syz_io_uring_submit(0x0, 0x0, &(0x7f000001f500)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r1, 0x0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) (async)
io_uring_enter(0xffffffffffffffff, 0x47f5, 0x6021, 0x0, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)

7.96411753s ago: executing program 4 (id=2460):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"])
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080))
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="781002000000025f"], 0x0, 0x0, 0x0, 0x0}, 0x0)

6.867147718s ago: executing program 2 (id=2468):
unshare(0x26000400)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6000000010000304f500"/20, @ANYRES32=0x0, @ANYBLOB="ef050000000000003000128009000100766c616e00000000200002800c0002000a0000001f00000006000100", @ANYRES32], 0x60}, 0x1, 0x0, 0x0, 0x4004014}, 0x4000000)
r3 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x70bd2a, 0xffffffff, {0x7, r4}, [@MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x1, 0x3, 0x3, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}]}, 0x38}}, 0x4008cc0)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x89f0, &(0x7f0000000140)={'bridge0\x00', &(0x7f0000000300)=@ethtool_eeprom={0xb, 0x0, 0x5}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0xfffffe83, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, 0x8, 0x0, 0x0}}, 0x10)

5.839872759s ago: executing program 2 (id=2470):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="b8000000150001000000000000030000e00000020000000000000000000000000000000000000003000000000000000000000000000000000a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000300"/33], 0xb8}}, 0x0)

5.551465417s ago: executing program 2 (id=2471):
r0 = syz_open_dev$loop(&(0x7f0000002300), 0x2, 0x8040)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000002340), 0x2, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
socket$inet6_sctp(0xa, 0x801, 0x84)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x180, 0x0)
r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x80, 0x100, 0x2, 0x335}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0x3, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{0x0}], 0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20)
getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, <r8=>0x0}, &(0x7f00000003c0)=0x14)
r9 = syz_open_procfs(0x0, &(0x7f0000000400)='net/tcp6\x00')
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001740)={r5, 0x20, &(0x7f00000004c0)={&(0x7f0000000680)=""/141, 0x8d, <r10=>0x0, &(0x7f0000000740)=""/4096, 0x1000}}, 0x10)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0xc00e}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x4000000, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x78, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0xb}, @NFTA_SET_ELEM_EXPRESSIONS={0x3c, 0xb, 0x0, 0x1, [{0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0x4, 0x2}, @val={0x4}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xfc}}, 0x0)
r12 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000001780), 0x800, 0x0)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001800)=@generic={&(0x7f00000017c0)='./file0\x00', 0x0, 0x8}, 0x18)
ioctl$F2FS_IOC_FLUSH_DEVICE(r13, 0x4008f50a, &(0x7f00000022c0)={0x5, 0x1})
r14 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r14, &(0x7f0000000180)={0x2020}, 0x2024)
lseek(r14, 0xfffffffffffffff5, 0x1)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r14, 0x84, 0x76, &(0x7f00000021c0)={<r15=>0x0, 0x5e23}, &(0x7f0000002200)=0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r14, 0x84, 0x71, &(0x7f0000002240)={r15, 0x4fb}, 0x8)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000009c0)={@ifindex, 0xffffffffffffffff, 0xb, 0x24}, 0x20)
r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r9)
sendmsg$IPVS_CMD_SET_SERVICE(r14, &(0x7f0000002280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20804040}, 0xc, &(0x7f0000000300)={&(0x7f0000001b40)={0x184, r16, 0x10, 0x70bd2c, 0x25dfdbf8, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9e}, @IPVS_CMD_ATTR_DAEMON={0x88, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010100}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x29}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfff}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x21}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_DEST={0x58, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4b}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4008030}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000001940)={0xe, 0xc, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000000000000d428000018400000fcffffff000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000007580500008000000850000003d0000009500000000000000e8b01ffdfd7193fe96c15984328f6578c82cff21c69fddccb0cc48464fd46d975353431101e437e36dc43953af8b87e757fd63e7d143f5a95233db2aac69b125dc66b0ebce1ca383b868289ecfff8b20f40028f1baee3cbe50591dd81b5c7c3e0e369ad611ce5600ae1045baed835dc1b64bac6963c4b3d76419c20359a76d6c796a02e3aa624b74e6cad02474c28f2cd1a31b81b8154aef9aa737be123c2ae3db27516ae6650619d3437f21d91fc7dded39fab17fe2718a63d0610552"], &(0x7f0000000280)='GPL\x00', 0x7f, 0x0, 0x0, 0x41000, 0xa5, '\x00', r8, @fallback=0x3c, r9, 0x8, &(0x7f0000000440)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000480)={0x2, 0x3, 0x3, 0x7}, 0x10, r10, 0xffffffffffffffff, 0x0, &(0x7f0000001840)=[r12, 0xffffffffffffffff, 0x1, r13], 0x0, 0x10, 0x667}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r10}, 0x94)
io_uring_enter(r2, 0x47be, 0x8000000, 0x0, 0x0, 0x0)

5.314952357s ago: executing program 4 (id=2472):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000003, 0x10031, 0xffffffffffffffff, 0xe51d7000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000001580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001540)={&(0x7f0000000480)={0x14, r5, 0x20, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}}, 0x801)
sendmmsg$alg(r3, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x30}, {0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)="4474416a514582895378ab54a05024b93272feb2bf73eec34f9c0523606db9268031f869059ac084f7d4977a9b7f816e06e042347adfa958352974e30bf9e84a826f6b3cc5d875edb0d36060dd5e81daf46753c1c1fd88932ad3dd45507e8e5e043ccdb3cbff5a2a2b014f6b9906bb2aefd705095910b92d68fe79805b277e87130b0b92cffdf1f296d6d115bd0f130bbf1a6f4d733bc035fc0708d5c1ab6c56de6eaf5bb3495385a6ca3fda0425cb9e189889656199c2f6a1ba292950d79677d1046193c6f1fd8676183a51a0aa3801261d39de34cc6b13f64c01f1e8295040d8a9e5638c73ac98a9556531ca7d30ea333300590b37e6d88bb6ceebf95a75729d3f655205009f9538d755582da60f68f6588406fcb544defd9b9ad90b64fe127012308f6cb237898aaa5608d98f7fa90c1f3e7284f464ca2a2ad99edc8e83870f6a946c6206c2d4bb386a0421d46ec37567962d408005426d5b0564b26a5231ed7250e738efc2b6a1b4a2822ca7e93ee40537287300baa0b99e03e95187f0e20d3edad6c26303ab0978088e6d72e91595e019b0b771bf69dcf1abd7ba6db559c557ecf8c4b0da7d14dc17f5736bc72e337df195efa887fb2ce29bc43f5af3b46197cbf4e58b0b65b6cffd18d6db132967c26258d9a566c48b3708f7e802cd9ca2d71fd067bf3efc9708c1b108ef7a6049df62d03b02d77d9ec9026c17900d193b0307cb1f15280bf1fb7fc53127a8245a5c10b3da98ddc1d720b1684493b577424410b39e63f09d5e653a1753a87f6c8e460dac82047a4249d56b62241079b9e7870b062dd2b9feb01dd7f9ccd059d1bca547dfe2479ec3086775365f9603b337b7d2e872c20a58ba18afa5b4d72485a4eb250f5a26b21153a7d803efe6ce6a6fdc6f3cc33485b27450199f69d3f6f6c3507255b56cbc39d47e5c138855bd6c84011cde882c5f703d3c5289363c48aac01819adf54c430551f121677401cacb6a0131bd9549d3b3fd7c4e34cafa85e28c67a124049fb97463304f583f5462273572543255ca97fc9a5c4cc606fb0e8db71125920b28f53a049fdd835d754658cef83a151a8e887d47dda40691e32f25b2c5696965e10cc9c51b25d09dc89f7928bbefd7a5d71f53d9117251137c95dc947c2345800a76e6e95f562340a3e9581673a999202e9d2397af0636e054faadece7e1173e13aa44b47e08d1544142f61021f74ddf81ddd69a5ec0a3dc6efffa0cbcbece9db6a007f455f2bb0ab2ea9497d57a91c292b03cbcaaafb1926e8fda89ae4ef43127feb0dc4eeff52eec5b066058bcd45c784178713e837de7f61833d41b2e5c5f8e6ecccb43a105f3896d351d10ff519cb703e5baf3744e0f5e40aed1a229a5be4fea8c5100659fbcbadd9320673d6488084ac3ed6bbfbccb296af8074e220ba3153473ee46340734bc54d3e5a309e942e6a509161b9551ef24a479d6c08e2abea28ab560e2a1e361849890bd7db94ff57146c399c234fbabb1f2073b8b14c87c0c9caa8ae1085a54e01937b4b44c8a04be060eefab115f13ba0432377843e49cf7ac3bed9a1c1ec6ed6d36b0f4b3002d661e9c3f34443af9fc659c5321d5d2e6bc42b4f64cc7043692e5413e1c6f5c328e54ff6d2f6c45638a1e78dba481fd953cd4fa11280dd4c20b28776295b47bc6ea25afcdb447bbc588bd17aba8379f1cfa3b4adfe775e214eba950eaa603a01f69e629e57ae955dd180e112042205a784fc9568c92f66434ddc8b08a40deecd944025edd6ba0cf72b2b1a0e392bcf3d044411e41497f47128996eff9242dab37038571b041cf6a437c6615ebfe51ff3686ebf7fb38830952b9f00e7a087e237491558731ae176cdee76724f85ea1beeeaee5aaf3e81b74500ed8277a90be699314093607d7a80f56626ed049d94657b3f9f90aaecd2f6ed45913d22b728d5e722475f41992a0ad02f51320fb1a5e18e13930e4b86504e10298768e5843f87baa05101bc6689dda81cc6e7abd6161f067a9753d5ec452ace94de234eb843ea12c33606ca9185eed28bcb8155e43acf38f702eda2dd5869cfd087fce38a2f61720f9d0d6a89f8a515013e6b60ca875a157c071da7ed736f308c7ada5e69bd4e2ec288c85003c4488d3c4b7525ed9341014d8f4dfadcc60cebbcdb912f8a067196c11bcb35dc5c7673e2abc6a0a27818d39a6d050b45247c3f3b1b18425eb50edb7396ca6ea6f8692679368c1b1a4ad3c735e1da788974ed327bb7a878b36c229c63872d215b2a5e79dba06df769d9b627ec888f87c3bdedccbaa35547353c3893d59031026431e1e9278d3e993b99c4b00fddad5d6ba7502329a86d09db469538928fdc9a7ec60b093f4a0b21a6c0c758746b09bfdcfc3f1bb9a04222e09ec66ae6eb764e96f236566ed7f1aac2f69da99d86e4d06c63624db96f369091143da59ae0d6e0f720f7f9963a5d2ef0e75dcd363aec7226fa4c1e3365425d27c05a72fabc0de09eb1d9a7e273f884a68986a1fc1229ead0d100694fb3b19e81355fbfa3987c194f588265779e564bb2f3f8313a85b9c9ad2a7dc53e77ba7110ec8a0f620cfb6cb9da724db02c2d2c74646c83d8090f838e0d3bb6f3043f3028f91878076bdfa122867c086d95b5d1a482a926e0857b31c95fab77133aa0003a348d365043938394ca6225932c02152c452f90f2950fe48a94d71d883874ef111dd10dc56840c84ee2753e999bf7e2e3f7257026fd2f0b1c360b1be6b1c1a42d8d6a089907db872a6de1954296b4dfc7561a060a879653218def8bf79c0ab8c3a8ddbff0fcc87dfa6733819eeb6ee83682a24138993c5d41354121810f2fd16e8891fe2e47f7430c049258e51b01287346c6d51a5e91ea25c9706e7615b2b0c880ac49d7f2dccb60bfb39c34c10995c9506e56c2914b5961a91852ed6471e07b246607de47f043c2524f7ef399e875086b01f6167fb4e8d0191b0eb88a8a96e9b2833f1c90691347d69a67f2783a1cd379fa55f74556ac773f7238e3feb54fd826196a42bbcb578e4fc38e22e9eb427853182793555ee8a800f9ad30ab6e60ca2b209337bcf3a6dcf3bb404414438f29f4e516ffafd0ca4d2c24e0f63214ab5f16939907441e8a357abfe6bc44b92b7de3a55681188faf45182a9c4897ddfa1bffe9ff963b89fa9503770719363536429858ed9d9e4a34255a9a6d39fbe54a3edbbb34d10533bb134c4e706b8c20c69235d106593807d43f3b204c09274df1b749b1bdb080ad28ec6c2fef3677b085a7663a49d0ccd3392ec2fd6cfb6b61aab9f6f609379982328a6992ae9d4a8372c7c8e1ac32baca274e0e6072d445e7003562ee0ca21460539ab9b10d72b11f212060548f41367b49f4584fda2bb406bb422329adfe736e95f4f994e9c73a4a7833c06753f00c7578820c04f205dd5afc3ef2527a249eb208c32a4eb9c96dd7d2c536bf08ac474081b418babe5473447c88327cec72cf510350b9348276ac13c93df84d742e8285e7d9d0f1c3115c44f36ffb1a059a24ac2469b74dbdb84abd0a4f3b90ec849610148f6c210f4f9e15565423a62e45de5699169a9923f921eed931645be231f0105fe12e5825322d205e540c3e6a1e34bf323220c062e2be070547d14fbc3546e3ceb6cbe8278b3120843e75262b36993acda062549c586a53a82d5c483ea263f6c377cb8b23adbd1bf1fb59b71ff43a0dc62bd067559de56e5a56fc37f85b340e861d1b1837233561d7b1ccba3c721e01ebf9a7e484ab3559d00bb079fc3f39dcd04f1d5c824e491ab59ca9c835abe04047cac17b089bee52636730f878f9e9879221ee29073443f4b1955865db99055a98684e80bd268e9017e682887431c97bd842c2e228813bfbebef5762902fe9da1427ad5f24ad0caecd467822bd6ae90d542563647e6926ab87357fded8a9884ced184abc7513932d3f5b393a95de2698a3b53b8b8f560ddd3dffc4fd5326407a55ca91051469eb589e320952cf82add3f44a6cbd190ac0b8130521c0d5e7bf3178d23dd3015dc077732c8752b3b980dd60283acf8e983da48273e8911933d62f1a0fb64bf6afde83be27dc601047fc0e4d015c2c607cdbd7259408a9e888f85ceae23d0a4eaee3cb194dfc169af9455720bef714dff00ce003d6f1b9b185b17c5739e1cbf9ccd1bbe27e8e560af066078e463b345f5e72fe87c6453d9a9d5a3d224be2ebabb853752521f9d7a712144f5ee0a818ac613d49e24b103086e7a06f70c1d7bcb952cba43fbc46ab529ca5526c103caf64f207f8edcfa8f2474c2cf1c07e741d3ddc410960bde4787b1fea09f0f5c2f900f8580fb571c825bd652f39e95cf9ce023b69c70b263d391be5ac385426cc642670bedec8994c0efce42ec23dab882a7553b7caf74e960e557bf7d3c0d4f33d129f6316cb96c2b5a8821029f40ab15eb8b07716d5e6cfcac3195426003867db7e23d02ce7ba66367e45072e306dd1bf1f2e73e11ef6e3c4ef2f6cb713b6da54858fdf67f98e64175d343413079303936d3a43a50d602f206c258c74e412b50569a6e8d3b73c359e4a34fe2c336ebd80c244ccdd4583fe4d98ce9be04a3d641a0ed12a3b36f1ec2649c513f04906c52cb3e1cb0d5592c50c6fb0b470ae8e2e6a0af27d7130d9848c4732dced1d2d9b353b43546b502eb811fc20d3bf13bea78b5181d0f29eb913b011807a82723f76802f9f887ff6380a3c6786e0f77cbc4f125f3e2755b65288cd68f5cfc05ff185e101232f8c2530bc0969d5e172f7a1000693abff3f00672d7eb7ddb8e4ec1b816840a5bca27204d15883cf2ac3df3f8630b4c68da5169ae422e11383a9f0a14d8c45597c7e6ee11d25c92c28fb78ad1aeac9efd686e640c7b9ac9e60d5894189dba245f7428470e117d0de01943b3252922baaeec628f601386432449684aa5eabb5483aa70b83ac55e646433b3d8f9b1e0dae1be2715e3de6c6812b86d28747a2c8e29c33792308772f9f1c44af401ba51cc0c1cee4474c7692213d1baa804a1836ecbe5fffbf3f9f8cbd4a6b335861fa93be31dc31a56c52af466df60af6aa5343a4f6f6148880cac225dfd9631a5822e15cd96abb0668812407e651c95478f8751ae257120d0deb6a0e582bd08ca0ead3092c0d4bce33035586c7b1f16bbe3dd2d4a56ffce4efa89e91e7b9eabf049250a8a562143a3a9ecdb2f90410d8fd986c2e9d88db43d3f0089d4be7d0bd05640d04383507baf00a19e7ee66a700c7903e81baddd58c4f1d35a46231ba8c8e9c7b156cc2e957268999f107f59eec911b4292c1b4bce8b0d441c86854cefc85dccf8575226161ca2aaaed6473990f4eaa4c718f3ae955131d1633484f3dacebcd32985a85c1dd4a55ab53a223d7b2d388ef5065df3f0377a8ac1e96212e6f95b3cf1fb0659c255d89c48ad97dd9e0d9243f508b87602ff2f5114b36a8336f10b9246dd03de800aeda8fe62628d038370c04bc6a2efd7002d841e88894efe7be73eaf29c23309699551e36fb75497bc1dc3e27748c2c03e02f342945eb70a8f71fbfa3c7341910a4f139092459f9513f3421e9189baa1e769215aeba65c05feb5cd6937443eb64113cf5d85dabd9669e16972c805d75c3b459e00b6ad607b7075b3c3dc0bb4502fb06fafe895e4d3be4df4237b7eed7caafba58b4b4d725252d55d1d047d85f910ba1e7d56258f60c78db364bf3d4037e978346c3e8ed20b3ea189a1308757bb11ecfbb8718c190c7889e1339eaef06b2e51b33bce7ed663a54ff33ce269ec", 0x1000}, {&(0x7f0000000100)="beae0a52acb8d1b4afbf9b6bbf9487b33c007c6170d650ed6d25b330cd5ae16c9764cc2093f7b11d99bc0a14960e077ce69ac2ad568fbdd53dcd67b4e7649f694f97ef4332529ffe55099528be26026160268a23ecdab66659a6003a63188568f75922f50e21afc3ab4b6a9ebbca9db772708d28774418420910b43d3a212af9aaa0bf073ba39485067b8fa9650f94f7b4b4df43e388a41712fb339dc1ba8d709e0b7cd5c41b5f4da3fd19dbda024ab89a8e2a8640d51de4577f7a9cc290", 0xbe}, {&(0x7f00000003c0)="5e773d6248d67daac4a62bff2c4209894f481ec6b746b6d5d31b2cfbb5d98dd0b3a4143a4fae1732290d06b78bd334303dc2b2cea4e6db246c34dba0a568fa8943f55dffbc81b2336933e0538c5a48e0715b6de5525d492cd4c91c53c85f02e908", 0x61}], 0x3, &(0x7f0000000240)=[@iv={0xa8, 0x117, 0x2, 0x8d, "5a022bd99847f59232c2381143f33bd43160b7075df6e810b8f0378a17b252a9fede854289a44f0ee01cade44642db8c35e1f6403a38ffcc4363d4c8f0c3bb286da0745a791f582d37776048da4533574175159eac0612c182dc3632621348b5f165c1f4b5861962c51f8cb2cfcce8c0fb61b484461f6567316ab4623221bd002884c74ccb432a5ba51fdf292a"}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2}], 0xd8}], 0x2, 0x40804)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

5.161314724s ago: executing program 2 (id=2473):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000480900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340", @ANYRES8=r0], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024)

4.991569109s ago: executing program 2 (id=2474):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES32=0x0], 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0)
r0 = syz_io_uring_setup(0x80066d, &(0x7f0000000240)={0x0, 0xb5fc, 0x4000, 0x0, 0x8c}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast2, 0xfffffffe}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0xa2, &(0x7f00000002c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x94, 0x0, 0x0, 0x78, 0x6, 0x0, @rand_addr=0x64010101, @remote}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x11, 0x2, 0x0, 0x0, 0x0, {[@generic={0x8, 0x4, '}B'}, @sack={0x5, 0x16, [0x1, 0x7, 0x7, 0x0, 0x1]}, @exp_fastopen={0xfe, 0x5, 0xf989, '2'}, @exp_smc={0xfe, 0x6}, @generic={0xfe, 0x9, "e7c69b89d8b00d"}]}}, {"330369e34cf8db80360c5cb13de27d3282224363214db6692b689a25738d98e7ad5820da14a96ecfb18f8ac3a59a323ebfc0f46667271c89807e3332"}}}}}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x5c, r6, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x5c}}, 0x0)
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r9, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r9, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r9, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r9, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

4.549273996s ago: executing program 0 (id=2480):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x10)
syz_usb_connect(0x5, 0x64, 0x0, 0x0)
r2 = dup(r0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_PMU_CAPABILITY(r6, 0x4068aea3, &(0x7f0000000040)={0xd4, 0x0, 0x7})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mremap(&(0x7f000086e000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000119000/0x2000)=nil)
write$binfmt_aout(r2, 0x0, 0xffffffdb)

4.031856507s ago: executing program 4 (id=2484):
socket(0x2b, 0x80801, 0x1)
r0 = userfaultfd(0x80001)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000000)={0x6, 'lo\x00', {0x1}, 0x4})
close_range(r0, r0, 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x74)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
syz_fuse_handle_req(r2, 0x0, 0x0, &(0x7f0000009600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x4, 0x44, 0x10, 0x20, 0x13d8, 0x11, 0x36f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0x7f, 0x0, 0x4, [{{0x9, 0x4, 0x9e, 0x1, 0x0, 0x68, 0xf9, 0x47, 0x8f}}]}}]}}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000100000100c2800008000500feffff7f08000500", @ANYRES32=r6, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

3.573570799s ago: executing program 0 (id=2487):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000002900000005000000", 0xfe60)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000000000001005817f541a97fb19300103270000100000000000000095000000da4c5908"], 0x20, 0xe000}, 0x5}], 0x1, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r5=>0x0]}, &(0x7f0000000040)=0x8)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xfffffffc}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x20000000)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000140)={r5, 0xff4d, 0x1}, 0x8)
r7 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100), &(0x7f0000000140))
r8 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, 0x0, &(0x7f0000000180))
io_uring_enter(r7, 0x3516, 0x0, 0x4, 0x0, 0x0)
r9 = syz_io_uring_setup(0x46c8, &(0x7f0000000080)={0x0, 0xda8, 0x40, 0x3, 0xfffffffd, 0x0, r7}, &(0x7f0000000140)=<r10=>0x0, &(0x7f0000000040)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xb5b, 0x0})
syz_emit_ethernet(0x7e, &(0x7f0000000040)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1={0xff, 0x0, '\x00', 0x0}, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r12=>r0, {0xee01, 0xee01}}, './file0\x00'})
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
quotactl_fd$Q_SETQUOTA(r12, 0xffffffff80000801, r13, &(0x7f00000002c0)={0x8, 0x7, 0x5, 0x5790, 0xfffffffffffffffe, 0x9e2a, 0x4, 0x7, 0x77466332})
io_uring_enter(r9, 0x7a98, 0x0, 0x0, 0x0, 0x0)
getsockopt(r2, 0x200000000114, 0x271c, 0x0, &(0x7f0000000040))

3.370815593s ago: executing program 0 (id=2488):
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x802c550a, &(0x7f00000002c0)=@urb_type_iso={0x0, {0x1, 0x1}, 0x80000000, 0x1, 0x0, 0x0, 0x7e, 0x2, 0x0, 0xffff0001, 0x5, 0x0})
modify_ldt$write(0x1, &(0x7f00000000c0)={0x9, 0x20000800, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
pipe2$watch_queue(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x80)
dup(r0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x2, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'}) (async)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) (async)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
move_pages(0x0, 0x3, &(0x7f0000000080)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000f87000/0x4000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000003cc0), 0x1, 0x2)
ioctl$VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000040)=@fd={0xd, 0x7, 0x4, 0x8, 0x5, {}, {0x1, 0x2, 0x8, 0xb, 0xfd, 0x8, "b8d126e3"}, 0x106, 0x4, {}, 0x71136d02}) (async)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000040))
openat$cgroup_ro(r1, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x0, 0x0)

2.973759717s ago: executing program 3 (id=2489):
mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0) (async, rerun: 64)
open(&(0x7f0000000040)='./bus/file0\x00', 0xaa583, 0x1eb) (rerun: 64)

2.941366344s ago: executing program 3 (id=2490):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040), 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x77f69805, 0xb000, 0x200002})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x8000000, 0x10000})
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r3, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2002b000103000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]})
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x54, r5, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x24}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x1d}}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xb66}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x636}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40040d4}, 0x15)
close_range(r4, 0xffffffffffffffff, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r2, 0x29, 0xc8, &(0x7f0000004240)=0x1000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r6, &(0x7f00000079c0)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a748000b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad507888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de231070000000000004e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b763f455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acb70300007f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b967e1350e59b0000e40a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720f010000000000008027a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d000000000000000088cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e40fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef17221312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682c6010000000000006abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2000023ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303e6936a33bae5cbc96b29a5c724d5b50e1614144c2acd031590de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424af70660456387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/228, 0xe4}, 0x5}], 0x1, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000})
socket$key(0xf, 0x3, 0x2)

2.799181501s ago: executing program 4 (id=2492):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}, {0x0}], 0x2)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100ffffff8000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

2.798774334s ago: executing program 5 (id=2493):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r1, &(0x7f0000000300)='H', 0x1, 0x1000000000000, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)

2.708264813s ago: executing program 4 (id=2494):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140), 0x14)

2.644786191s ago: executing program 5 (id=2495):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001400000000000000003"], 0x118}, 0x1, 0x0, 0x2000000}, 0x0)

2.599770252s ago: executing program 4 (id=2496):
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001000030426bdb3fe989122e65ed40000", @ANYRES32=0x0, @ANYBLOB], 0x38}}, 0x440088c4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa300000000f1000703000028feffff7a0af0fff8ffffff61a4f0ff000000001d040000000000001c000000000000007504000001ed0a0064000000170000000c040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29fa9ec35866a96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080)
r3 = socket$kcm(0xa, 0x3, 0x3a)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000040)={0x0, 0xfcf, 0x1}, 0x8)
sendmsg$kcm(r3, &(0x7f00000031c0)={&(0x7f00000006c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000b40)="b564", 0x2}], 0x1, &(0x7f0000000580)=ANY=[@ANYBLOB="18"], 0x18}, 0x8080)
sendmsg$kcm(r3, &(0x7f0000000440)={&(0x7f0000000100)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)='S\x00', 0x2}], 0x1, 0x0, 0x0, 0x900}, 0x0)

2.583978917s ago: executing program 5 (id=2497):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000110000000008"], 0x40}, 0x20000000)

2.550479673s ago: executing program 5 (id=2498):
r0 = syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d0502002723010203010902484002e2ff"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x380a}}, 0x0, 0x0}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
fcntl$getflags(r2, 0x40a)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x10)
r4 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000001c0)={&(0x7f0000000140)=@qipcrtr={0x2a, 0xffffffff}, 0x80, 0x0}, 0x0)
sendmsg$kcm(r4, &(0x7f0000001540)={&(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0)
r5 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0xff73, 0x8, 0x1, 0x39f}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x11c, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xffffffffffffffdc}], 0x1})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001280)={{{@in6=@local, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@private1}, 0x0, @in=@private}}, &(0x7f0000001380)=0xe8)
read$FUSE(r2, &(0x7f0000002900)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
newfstatat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0\x00', &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001480)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000400)="02ecf908e58d1f80be2c3dadebf9b4926c1f1091339149ea01bad363058e805a343edf16039297f4347bf80015932b4fe36d58de36a02f4a8a38a06164fdc75692e2d845df363e0440c6232be5b835df3ee7b12ff5df7451b0d19b3f8bfe73f1e7ae15e4c800e4dca3746e8e7cc246174e3298a57c91ea468c917dddda7023274964310e506e2653ce975d50bdc50b47d4137ab9e1091412c6b8e99040cf99818fb8d3b03bd0543d065165c2f5cc761ec914757408", 0xb5}, {&(0x7f00000004c0)="efbacb1ec0af6196990756a1ac10cbc1fa09aeb584410d4017263d5c6263a356d7a1d22b76bff1636bd3f29ab1b359546de82230e97a488b118adc78f3addb2ed774df255029b6c054034c6a60f9d304bf74b32f7ba027190905d0ea6d0b00e93c1e700ee5a3c12bdbe154bf4965e4f51da2b637d6f3c54c9628e97a28d64b418f4e1730bcc8909a3dd426f25a72bfa3b7cd5797c69bd025ae97125cc0fe333a", 0xa0}, {&(0x7f0000000580)="ff268b62c4b473fe09f72f6f", 0xc}, {&(0x7f00000006c0)="9637b0e1706fa1469227b512f08627fdbe50ca3a17d484ad594b90247a40ff796ce3f03d4eabbe89d050ebe2d38c7f82f8a45b2641f461b2296aa2e4bbbb3c70a25e4e0afad629b7051057090f430905ffe595f0eb4064c69dc30879fe2c7bc6314e99d9a5d0dcc5a1ddb3f977910c0cd638a0565d640b71946d57165805e2c02ca1248fa9818ec34b2bc474f9c68a110055caac99f2f0b561b19cc158bf6ed551988cc6fc47375698eb3f471b5e5b0aaa7efcf7e0cb", 0xb6}, {&(0x7f00000005c0)="c5d78fdb9a667c41c08b9f66eca8da9c493d70c984278779dc1870ed1f43", 0x1e}, {&(0x7f0000000780)="9b4a1d579a54fc2e5e71129acb3af6e63835f4649d72937f9b6951d212a89ff8e9df7ff1676d74f7f9db1dcfe3c505329b401a7046ad199bc6313ba5ad815c96ba4c06240220fed3e4f58afb41dc8c8fecbf6e0579a0dad0e1b793e18d97ceb0862ae61353a3adde5c90067fdb13e11f4a17366c8cd7b0", 0x77}], 0x6, &(0x7f0000000b40)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [r5, r2, r3, r3, 0xffffffffffffffff, r1, r2]}}, @rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c}}], 0x88, 0x20000080}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000c00)="6d92c81a8bd2ab887f29f6b3d56cda82444706fdd91ac1050f98ce2be72da50ec63473350169721bcd1a4f0ce9c6f6dfed4e7c160e26161b02782bb1886a081457976a2153df0d7bb662e27500c7ad1bb98642e4841c6282faba93f16f9d55a92af257dbec566ab2d6fff8ae1b7b968c79f5ff983714cdb25252cae858ea1c29777f1056e25dd74b5577e98d2dbc992d253456e20d29c5ec2a47902387a20949f489df905302f9c6959cc525bfb1d020abe48e7849", 0xb5}, {&(0x7f0000000cc0)="416d2bb718d18620e738c4cfc5725caedce8794b8053803fe5d21ba8ac06898c0687b6727341a7cc80f829cf9ef83b88e09617f939db6c2c26772da4fb54a23f9601380e532c7baa553ee9e570df57a6667dbeca5081a1b049aeb31214a27355693b7f599eba75a592457f355e8cbd4af00283e51c9ee880395ce6b4404a3ff9b4b54737eea0472ab6984e4380d9931473d09414ff5a3bca83a4985b8af2", 0x9e}, {&(0x7f0000000d80)="9dc3cafc6717e3d2639b49bdfdf41a76da9730e64fe583bac227246d9a94112559c862c917367b3623c6cfaedfcd4054efec5c0fbd813e8fb26b80", 0x3b}, {&(0x7f0000000dc0)="7c24d2780720ae6b872a36979e", 0xd}, {&(0x7f0000000e00)}], 0x5, &(0x7f0000001580)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r1, @ANYBLOB="180000e2ffffffff0000000001004100", @ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="34000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYRES32=r4, @ANYRES32, @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r8, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32=0xee00, @ANYRES32=r10, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1], 0x100, 0x10}}], 0x2, 0x90)
sendmsg$nl_route_sched_retired(r3, 0x0, 0x400c800)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000080)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x1c)
r11 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x0)
listen(r3, 0x5)
ioctl$CEC_ADAP_S_LOG_ADDRS(r11, 0xc05c6104, &(0x7f00000002c0)={"78d9f547", 0x4, 0xa, 0x7, 0x9, 0x9, "8ea78b05f98c650517475af8561a4e", "417ec1f1", "a9eb51a5", "3671dbc7", ["c2781fef12471030dcbf398a", "c390abe9b34785a8e60cf90e", "456532851fbe72e7f3e7e4a0", "69ac8292a1514ed496d6bbed"]})

1.980009267s ago: executing program 3 (id=2499):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000fe0f00001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="080004"], 0x54}, 0x1, 0xba01, 0xfe0f000000000000, 0x4010}, 0x4000000)

1.875396147s ago: executing program 2 (id=2500):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xd6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x0, 0xfe}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x40, 0x23, 0x5, {0x5, 0x10, "fdb754"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.848352271s ago: executing program 3 (id=2501):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VDPA_GET_CONFIG(r0, 0x8008af73, &(0x7f0000000040)={0x0, 0x20, ""/32}) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) (async)
listen(r3, 0xfffffffc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r6, 0x7}, 0x14}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r7, 0x0) (async)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000040)=0x9) (async)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000080)=0x7)

1.739535148s ago: executing program 5 (id=2502):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r3, 0x47fa, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="b000000016007f029e78f6030f7a0a762353bfb89fd8c902317bab30f89f080aaaaeb9d8091c815dcf03e14e877733fff4fe20a5be870f576b162e7de2d02673e789a4950c9cdc206e086fd0dc8ca9afcd9d522ac78876a4595146add31b35355848794ca3f8b38aef1e114ab9fb0200000000000000a3b0c81c6f8144e74fe13b80ca46c1a6c04ad73c9d44b605f90000", 0x91}, {&(0x7f00000000c0)}], 0x2}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0xc1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000400)={<r9=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r8, &(0x7f0000000580)={0x16, 0x98, 0xfa00, {&(0x7f0000000200), 0x4, r9, 0x1c, 0x1, @in6={0xa, 0x4e23, 0x5, @private0}}}, 0xa0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r10=>0x0})
bind$can_j1939(r7, &(0x7f0000000340)={0x1d, r10, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r7, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r12, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0xec, r11, 0x321, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xac, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0xffffffb6, 0x1, 0x4}]}, {0x6, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0xfffffed8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4c811}, 0x4)
setsockopt$SO_J1939_ERRQUEUE(r7, 0x6b, 0x4, &(0x7f0000000100)=0x1, 0x4)
r13 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r13, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r14=>0x0})
bind$can_j1939(r13, &(0x7f0000000300)={0x1d, r14, 0x2, {0x0, 0xf0}, 0xc295a7c9ee09b05c}, 0x18)
sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r10, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

614.507771ms ago: executing program 5 (id=2503):
socket(0x2b, 0x80801, 0x1)
r0 = userfaultfd(0x80001)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000000)={0x6, 'lo\x00', {0x1}, 0x4})
close_range(r0, r0, 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x74)
ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
syz_fuse_handle_req(r2, 0x0, 0x0, &(0x7f0000009600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x4, 0x44, 0x10, 0x20, 0x13d8, 0x11, 0x36f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0x7f, 0x0, 0x4, [{{0x9, 0x4, 0x9e, 0x1, 0x0, 0x68, 0xf9, 0x47, 0x8f}}]}}]}}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000100000100c2800008000500feffff7f08000500", @ANYRES32=r6, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

345.230727ms ago: executing program 3 (id=2504):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="4606094a2f00ffef2c00128009000100766c616e000000001c0002800600010002000000100003800c00010007000e000800000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x5c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

280.026587ms ago: executing program 0 (id=2505):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40010000000a01030000000000000000010000000900010073797a310000000008000240000000030c13044000000000000000040900010073797a3100000000000106004e0808c056396edeb5e83e25e4c83bbdc06ca5ab6c4ea9f5df19f7281729739bf75b824e83ec76c33100b3178790ffb5c96d57d57bd7039737fd958e7824944edd8b87430b9ae00686daeb06fefc75a09ba09490430ed57ca26e538e907cb6a88c6397d662a490477b59a636d9c503d1e7e83cece7932e7634ef2d1fab3097369bf003b5e51e676a8c6d17efdc0a4de627edc45a765bed770a8f373b49218fc25ed7aa59dbcbbe9882749e4ba00c8e7ffffa11a104ce3aed36f716d9fbe0ec0bc01546e0ab4f71f63f42ed4a5ef10ff229ecc7b4c455af7b288235491e4d0d65b65c692663b030d892a2bb59be12e21fd9102c7e719c4fb8b5dce93240000000030a01020000000000000000010000040900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000030000000050a01020000000000000000010000040c00024000000000000000010900010073797a31000000000400048014000000020a010200000000000000000000000314000000110001"], 0x1ec}}, 0x8054)

186.970187ms ago: executing program 0 (id=2506):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140), 0x14)

65.601214ms ago: executing program 0 (id=2507):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010d80402f0000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000180)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0xf0f026, 0xffffbfff, '\x00', @p_u32=0x0}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0xb, {[@global=@item_012={0x2, 0x1, 0x6, "0cbb"}, @main=@item_012={0x2, 0x0, 0xa, 'P\x00'}, @main=@item_4={0x3, 0x0, 0xc, "81a52deb"}]}}, 0x0}, 0x0)
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="129c0904000702070101ff0905010200ff2a0bd60907820220000a0002"], &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x6, 0x81, 0xfa, 0x20, 0x53}, 0xe0, &(0x7f00000002c0)={0x5, 0xf, 0xe0, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0xcb, 0x10, 0x1, "70f278a9af529548e2ec6a2155a7eaaec84ea56badc03d408a147052e3abd817080c94946711eaa584c402a500cb71366c5eaea6eed7552000a289193df34be07272320f437140a23faa50d2a65d04ed7ebd6b1c491b6198c415e16943b3772bb0f1f4efa2c501424901c9ac0ee4506f47ac7bc6641a1e62136963249ff72e2be73241819ae78df0f716e57be201205e9e8decc7315c789d4ee3e69241207d2a9865214fbf135e7aa29559cb9917739b15fc111b02e9c2097b38e84dca579a625617d69d0853bba7"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x6, 0x1, 0x4000}]}, 0x8, [{0x60, &(0x7f0000000080)=@string={0x60, 0x3, "a209589db1b40e80ce534d211c6e8c91a969f8a3a890aac7c105f959838e4c8d5a5bb6cdd07b4c10c4adf5ca4bbb552580e5c44390c91474fea00d9eca432656e8b364fd37d42456cf46a42fb91e1b915cd1befaa819222a7a8e5d7d20b0"}}, {0x6f, &(0x7f0000000580)=ANY=[@ANYBLOB="6f833792e1bb00000000000020014293a071ba7e438367c944b0ee10c8c8bcbf1f0a28054f11128c27f2f1a9c3e22100764deb50cd3979fa358d768a03f497f2de7e6db267cec72bb2c2e44647f922f4b3dd6b4ffd443c4a01e28087b6acc1deea78dba2ecde7f8dfa8fdd077f48ca2dc4dba800a9994766d8951d28be840d2bcb1931"]}, {0x0, 0x0}, {0xe, &(0x7f0000000140)=@string={0xe, 0x3, "5cb311646e35b4b237453782"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x44b}}, {0xa5, &(0x7f0000000400)=@string={0xa5, 0x3, "d223adc98c9c51c57b755ae6952e3c911f3634f5c0fcfc5bed225ae2c12ee46f233647aeda85523a1915d4352d549c4bbd5a1b2217cc6dddba4c6108895c24bc601765a0f0da17c9172cb4d817e40e451927eafc659d728c88c91343eb42627f08ff92557c31a1a24feacc200de617e1c4cccc76c4fcff50f5c95f6f4161e685a2b336630f83eaced7f49a987fd38c489611262e3fe04dbd82a52fd9a764a3ce2baa50"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x419}}]})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010d80402f0000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) (async)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000180)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0xf0f026, 0xffffbfff, '\x00', @p_u32=0x0}}) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0xb, {[@global=@item_012={0x2, 0x1, 0x6, "0cbb"}, @main=@item_012={0x2, 0x0, 0xa, 'P\x00'}, @main=@item_4={0x3, 0x0, 0xc, "81a52deb"}]}}, 0x0}, 0x0) (async)
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="129c0904000702070101ff0905010200ff2a0bd60907820220000a0002"], &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x6, 0x81, 0xfa, 0x20, 0x53}, 0xe0, &(0x7f00000002c0)={0x5, 0xf, 0xe0, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0xcb, 0x10, 0x1, "70f278a9af529548e2ec6a2155a7eaaec84ea56badc03d408a147052e3abd817080c94946711eaa584c402a500cb71366c5eaea6eed7552000a289193df34be07272320f437140a23faa50d2a65d04ed7ebd6b1c491b6198c415e16943b3772bb0f1f4efa2c501424901c9ac0ee4506f47ac7bc6641a1e62136963249ff72e2be73241819ae78df0f716e57be201205e9e8decc7315c789d4ee3e69241207d2a9865214fbf135e7aa29559cb9917739b15fc111b02e9c2097b38e84dca579a625617d69d0853bba7"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x6, 0x1, 0x4000}]}, 0x8, [{0x60, &(0x7f0000000080)=@string={0x60, 0x3, "a209589db1b40e80ce534d211c6e8c91a969f8a3a890aac7c105f959838e4c8d5a5bb6cdd07b4c10c4adf5ca4bbb552580e5c44390c91474fea00d9eca432656e8b364fd37d42456cf46a42fb91e1b915cd1befaa819222a7a8e5d7d20b0"}}, {0x6f, &(0x7f0000000580)=ANY=[@ANYBLOB="6f833792e1bb00000000000020014293a071ba7e438367c944b0ee10c8c8bcbf1f0a28054f11128c27f2f1a9c3e22100764deb50cd3979fa358d768a03f497f2de7e6db267cec72bb2c2e44647f922f4b3dd6b4ffd443c4a01e28087b6acc1deea78dba2ecde7f8dfa8fdd077f48ca2dc4dba800a9994766d8951d28be840d2bcb1931"]}, {0x0, 0x0}, {0xe, &(0x7f0000000140)=@string={0xe, 0x3, "5cb311646e35b4b237453782"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x44b}}, {0xa5, &(0x7f0000000400)=@string={0xa5, 0x3, "d223adc98c9c51c57b755ae6952e3c911f3634f5c0fcfc5bed225ae2c12ee46f233647aeda85523a1915d4352d549c4bbd5a1b2217cc6dddba4c6108895c24bc601765a0f0da17c9172cb4d817e40e451927eafc659d728c88c91343eb42627f08ff92557c31a1a24feacc200de617e1c4cccc76c4fcff50f5c95f6f4161e685a2b336630f83eaced7f49a987fd38c489611262e3fe04dbd82a52fd9a764a3ce2baa50"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x419}}]}) (async)

0s ago: executing program 3 (id=2508):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r1, &(0x7f0000000300)='H', 0x1, 0x10000000000000, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)

kernel console output (not intermixed with test programs):

782][T12819]  do_syscall_64+0xfa/0x3b0
[  538.184794][T12819]  ? lockdep_hardirqs_on+0x9c/0x150
[  538.184806][T12819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.184816][T12819]  ? clear_bhb_loop+0x60/0xb0
[  538.184829][T12819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.184839][T12819] RIP: 0033:0x7f89b6f8ebe9
[  538.184850][T12819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.184859][T12819] RSP: 002b:00007f89b7d1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  538.184872][T12819] RAX: ffffffffffffffda RBX: 00007f89b71b5fa0 RCX: 00007f89b6f8ebe9
[  538.184879][T12819] RDX: 0000200000000180 RSI: 000000004048aecb RDI: 0000000000000006
[  538.184886][T12819] RBP: 00007f89b7d1f090 R08: 0000000000000000 R09: 0000000000000000
[  538.184893][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.184899][T12819] R13: 00007f89b71b6038 R14: 00007f89b71b5fa0 R15: 00007f89b72dfa28
[  538.184915][T12819]  </TASK>
[  538.184987][T12819] ERROR: Out of memory at tomoyo_realpath_from_path.
[  538.234427][ T5960] usb usb4-port1: attempt power cycle
[  538.646689][T12813] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1841'.
[  539.030772][T12827] vlan2: entered allmulticast mode
[  539.043575][T12827] veth0_to_bond: entered allmulticast mode
[  539.184123][ T5960] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  539.224494][ T5960] usb 4-1: device descriptor read/8, error -71
[  539.464260][ T5960] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  539.502654][ T5960] usb 4-1: device descriptor read/8, error -71
[  539.566114][T12843] openvswitch: netlink: Multiple metadata blocks provided
[  539.645613][ T5960] usb usb4-port1: unable to enumerate USB device
[  539.745024][   T13] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96
[  539.802003][T12848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  539.813008][T12848] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  539.821030][  T983] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  540.005045][  T983] usb 5-1: Using ep0 maxpacket: 32
[  540.013039][  T983] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84
[  540.028098][  T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  540.240076][  T983] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16
[  540.250386][  T983] usb 5-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3
[  540.259149][  T983] usb 5-1: Product: syz
[  540.263558][  T983] usb 5-1: Manufacturer: syz
[  540.270491][  T983] usb 5-1: SerialNumber: syz
[  540.280407][  T983] usb 5-1: config 0 descriptor??
[  540.307416][  T983] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  540.529854][   T36] usb 5-1: Failed to submit usb control message: -71
[  540.530316][  T983] usb 5-1: USB disconnect, device number 104
[  540.548957][   T36] usb 5-1: unable to send the bmi data to the device: -71
[  540.596769][   T36] usb 5-1: unable to get target info from device
[  540.613677][   T36] usb 5-1: could not get target info (-71)
[  540.624336][   T36] usb 5-1: could not probe fw (-71)
[  540.705936][T12861] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  540.899599][T12866] FAULT_INJECTION: forcing a failure.
[  540.899599][T12866] name failslab, interval 1, probability 0, space 0, times 0
[  540.912999][T12866] CPU: 0 UID: 0 PID: 12866 Comm: syz.2.1857 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  540.913022][T12866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  540.913029][T12866] Call Trace:
[  540.913034][T12866]  <TASK>
[  540.913039][T12866]  dump_stack_lvl+0x189/0x250
[  540.913057][T12866]  ? __pfx____ratelimit+0x10/0x10
[  540.913077][T12866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  540.913088][T12866]  ? __pfx__printk+0x10/0x10
[  540.913104][T12866]  ? __pfx___might_resched+0x10/0x10
[  540.913114][T12866]  ? fs_reclaim_acquire+0x7d/0x100
[  540.913131][T12866]  should_fail_ex+0x414/0x560
[  540.913145][T12866]  should_failslab+0xa8/0x100
[  540.913161][T12866]  __kmalloc_noprof+0xcb/0x4f0
[  540.913174][T12866]  ? tomoyo_encode+0x28b/0x550
[  540.913190][T12866]  tomoyo_encode+0x28b/0x550
[  540.913206][T12866]  tomoyo_realpath_from_path+0x58d/0x5d0
[  540.913222][T12866]  ? tomoyo_domain+0xd9/0x130
[  540.913238][T12866]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  540.913250][T12866]  tomoyo_path_number_perm+0x1e8/0x5a0
[  540.913263][T12866]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  540.913283][T12866]  ? __lock_acquire+0xab9/0xd20
[  540.913308][T12866]  ? __fget_files+0x2a/0x420
[  540.913324][T12866]  ? __fget_files+0x2a/0x420
[  540.913337][T12866]  ? __fget_files+0x3a0/0x420
[  540.913350][T12866]  ? __fget_files+0x2a/0x420
[  540.913366][T12866]  security_file_ioctl+0xcb/0x2d0
[  540.913379][T12866]  __se_sys_ioctl+0x47/0x170
[  540.913392][T12866]  do_syscall_64+0xfa/0x3b0
[  540.913404][T12866]  ? lockdep_hardirqs_on+0x9c/0x150
[  540.913416][T12866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.913425][T12866]  ? clear_bhb_loop+0x60/0xb0
[  540.913437][T12866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.913447][T12866] RIP: 0033:0x7f89b6f8ebe9
[  540.913458][T12866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.913467][T12866] RSP: 002b:00007f89b7d1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  540.913478][T12866] RAX: ffffffffffffffda RBX: 00007f89b71b5fa0 RCX: 00007f89b6f8ebe9
[  540.913486][T12866] RDX: 0000200000000180 RSI: 000000004048aecb RDI: 0000000000000006
[  540.913493][T12866] RBP: 00007f89b7d1f090 R08: 0000000000000000 R09: 0000000000000000
[  540.913499][T12866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.913505][T12866] R13: 00007f89b71b6038 R14: 00007f89b71b5fa0 R15: 00007f89b72dfa28
[  540.913520][T12866]  </TASK>
[  540.913535][T12866] ERROR: Out of memory at tomoyo_realpath_from_path.
[  541.925932][T12879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1862'.
[  541.978562][  T983] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  542.086166][   T10] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  542.166783][  T983] usb 3-1: unable to get BOS descriptor or descriptor too short
[  542.175737][  T983] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  542.185328][  T983] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  542.197687][  T983] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  542.218334][  T983] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  542.246749][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.254060][   T10] usb 4-1: Using ep0 maxpacket: 16
[  542.256031][  T983] usb 3-1: Product: syz
[  542.265533][  T983] usb 3-1: Manufacturer: syz
[  542.270400][  T983] usb 3-1: SerialNumber: syz
[  542.273133][   T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  542.286196][   T10] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  542.322648][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  542.355411][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  542.365060][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.386416][   T10] usb 4-1: Product: �
[  542.396989][   T10] usb 4-1: Manufacturer: и
[  542.409966][   T10] usb 4-1: SerialNumber: �瘊޸ﲡ擮拉䮛
[  542.435246][   T10] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  542.465926][   T10] usb 4-1: no configuration chosen from 1 choice
[  542.517780][  T983] usb 3-1: 0:2 : does not exist
[  542.575867][  T983] usb 3-1: USB disconnect, device number 99
[  542.901786][T12895] ptrace attach of "./syz-executor exec"[5883] was attempted by "./syz-executor exec"[12895]
[  543.028099][T12893] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  543.309557][T12897] FAULT_INJECTION: forcing a failure.
[  543.309557][T12897] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.412869][T12897] CPU: 0 UID: 0 PID: 12897 Comm: syz.2.1869 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  543.412896][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  543.412908][T12897] Call Trace:
[  543.412916][T12897]  <TASK>
[  543.412924][T12897]  dump_stack_lvl+0x189/0x250
[  543.412951][T12897]  ? __pfx____ratelimit+0x10/0x10
[  543.412969][T12897]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.412981][T12897]  ? __pfx__printk+0x10/0x10
[  543.412995][T12897]  ? __might_fault+0xb0/0x130
[  543.413015][T12897]  should_fail_ex+0x414/0x560
[  543.413030][T12897]  _copy_from_user+0x2d/0xb0
[  543.413040][T12897]  kvm_arch_vcpu_ioctl+0x112d/0x2a80
[  543.413058][T12897]  ? __lock_acquire+0xab9/0xd20
[  543.413075][T12897]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  543.413091][T12897]  ? __lock_acquire+0xab9/0xd20
[  543.413116][T12897]  ? is_bpf_text_address+0x26/0x2b0
[  543.413133][T12897]  ? is_bpf_text_address+0x292/0x2b0
[  543.413147][T12897]  ? is_bpf_text_address+0x26/0x2b0
[  543.413162][T12897]  ? kernel_text_address+0xa5/0xe0
[  543.413176][T12897]  ? __kernel_text_address+0xd/0x40
[  543.413188][T12897]  ? unwind_get_return_address+0x4d/0x90
[  543.413200][T12897]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  543.413213][T12897]  ? arch_stack_walk+0xfc/0x150
[  543.413232][T12897]  ? __pfx_stack_trace_save+0x10/0x10
[  543.413245][T12897]  ? stack_depot_save_flags+0x40/0x860
[  543.413266][T12897]  ? __lock_acquire+0xab9/0xd20
[  543.413283][T12897]  ? __mutex_trylock_common+0x153/0x260
[  543.413296][T12897]  ? __pfx___mutex_trylock_common+0x10/0x10
[  543.413309][T12897]  ? rcu_is_watching+0x15/0xb0
[  543.413320][T12897]  ? trace_contention_end+0x39/0x120
[  543.413330][T12897]  ? __mutex_lock+0x335/0x1360
[  543.413347][T12897]  ? kasan_quarantine_put+0xdd/0x220
[  543.413362][T12897]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  543.413377][T12897]  ? __pfx___mutex_lock+0x10/0x10
[  543.413393][T12897]  ? do_vfs_ioctl+0xbe8/0x1430
[  543.413407][T12897]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  543.413420][T12897]  kvm_vcpu_ioctl+0x74d/0xe90
[  543.413436][T12897]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  543.413447][T12897]  ? __lock_acquire+0xab9/0xd20
[  543.413471][T12897]  ? __fget_files+0x2a/0x420
[  543.413487][T12897]  ? __fget_files+0x2a/0x420
[  543.413500][T12897]  ? __fget_files+0x3a0/0x420
[  543.413513][T12897]  ? __fget_files+0x2a/0x420
[  543.413529][T12897]  ? bpf_lsm_file_ioctl+0x9/0x20
[  543.413541][T12897]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  543.413553][T12897]  __se_sys_ioctl+0xfc/0x170
[  543.413566][T12897]  do_syscall_64+0xfa/0x3b0
[  543.413579][T12897]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.413590][T12897]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.413600][T12897]  ? clear_bhb_loop+0x60/0xb0
[  543.413612][T12897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.413622][T12897] RIP: 0033:0x7f89b6f8ebe9
[  543.413632][T12897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.413642][T12897] RSP: 002b:00007f89b7d1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  543.413659][T12897] RAX: ffffffffffffffda RBX: 00007f89b71b5fa0 RCX: 00007f89b6f8ebe9
[  543.413667][T12897] RDX: 0000200000000180 RSI: 000000004048aecb RDI: 0000000000000006
[  543.413673][T12897] RBP: 00007f89b7d1f090 R08: 0000000000000000 R09: 0000000000000000
[  543.413680][T12897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.413686][T12897] R13: 00007f89b71b6038 R14: 00007f89b71b5fa0 R15: 00007f89b72dfa28
[  543.413702][T12897]  </TASK>
[  544.198817][T12904] input: syz0 as /devices/virtual/input/input22
[  544.411652][T12910] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  544.500285][T12912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1873'.
[  544.798595][T12918] vlan3: entered allmulticast mode
[  544.853275][   T10] usb 4-1: USB disconnect, device number 107
[  545.285315][ T5940] usb 3-1: new full-speed USB device number 100 using dummy_hcd
[  545.687418][ T5940] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  545.702260][ T5940] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  545.779529][ T5940] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  545.852603][ T5940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  545.864150][ T5940] usb 3-1: SerialNumber: syz
[  546.000783][T12938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1881'.
[  546.022298][T12938] vlan2: entered allmulticast mode
[  546.220970][ T5940] usb 3-1: 0:2 : does not exist
[  546.237276][ T5940] usb 3-1: unit 5: unexpected type 0x0a
[  546.248633][T12942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  546.276322][T12942] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  546.315123][ T5940] usb 3-1: USB disconnect, device number 100
[  546.648017][T12945] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1884'.
[  546.747955][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1886'.
[  546.760988][T12950] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  546.770383][T12950] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  547.003459][T12959] ptrace attach of "./syz-executor exec"[5886] was attempted by "./syz-executor exec"[12959]
[  547.115525][T12962] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[12962]
[  547.596620][T12971] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1894'.
[  547.834079][T12971] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1894'.
[  548.145474][T12978] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1896'.
[  548.304199][   T43] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  548.489243][   T43] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  548.549686][   T43] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  548.549714][   T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  548.549760][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  548.549783][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  548.559873][   T43] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  548.559902][   T43] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  548.762450][   T43] usb 5-1: Product: syz
[  548.780654][   T43] usb 5-1: Manufacturer: syz
[  548.851801][   T43] cdc_wdm 5-1:1.0: skipping garbage
[  548.858362][   T43] cdc_wdm 5-1:1.0: skipping garbage
[  548.873001][   T43] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  548.889499][   T43] cdc_wdm 5-1:1.0: Unknown control protocol
[  549.285615][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  549.292482][   T43] usb 5-1: USB disconnect, device number 105
[  549.292488][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  549.304661][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  550.166084][T13011] loop2: detected capacity change from 0 to 7
[  550.218581][ T5882] Dev loop2: unable to read RDB block 7
[  550.225115][ T5882]  loop2: unable to read partition table
[  550.235824][ T5882] loop2: partition table beyond EOD, truncated
[  550.281375][T13011] Dev loop2: unable to read RDB block 7
[  550.310054][T13011]  loop2: unable to read partition table
[  550.351861][T13011] loop2: partition table beyond EOD, truncated
[  550.406594][T13011] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  550.664656][T13031] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1912'.
[  550.673631][  T983] usb 5-1: new full-speed USB device number 106 using dummy_hcd
[  551.741458][T13053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.806955][T13053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.966535][T13059] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1923'.
[  552.149837][T13061] netlink: 'syz.4.1924': attribute type 1 has an invalid length.
[  552.286213][T13061] 8021q: adding VLAN 0 to HW filter on device bond3
[  552.314532][T13067] netlink: 'syz.2.1926': attribute type 2 has an invalid length.
[  552.696668][T13076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.706059][T13076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.718877][T13076] sctp: [Deprecated]: syz.5.1928 (pid 13076) Use of struct sctp_assoc_value in delayed_ack socket option.
[  552.718877][T13076] Use struct sctp_sack_info instead
[  552.845971][ T5920] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  553.029995][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  553.048278][ T5920] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3
[  553.059420][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.076458][ T5920] usb 4-1: Product: syz
[  553.099719][ T5920] usb 4-1: Manufacturer: syz
[  553.173484][ T5920] usb 4-1: SerialNumber: syz
[  553.244125][ T5920] usb 4-1: config 0 descriptor??
[  553.277846][ T5920] kvaser_usb 4-1:0.0: error -ENODEV: Cannot get usb endpoint(s)
[  553.481448][   T10] usb 4-1: USB disconnect, device number 108
[  554.434069][   T10] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  554.474184][ T5920] usb 4-1: new full-speed USB device number 109 using dummy_hcd
[  554.656878][ T5920] usb 4-1: config 1 interface 0 has no altsetting 0
[  554.667985][ T5920] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  554.730753][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  554.745895][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.754864][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  554.777017][ T5920] usb 4-1: Product: syz
[  554.782993][ T5920] usb 4-1: Manufacturer: syz
[  554.789048][   T10] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  554.799506][ T5920] usb 4-1: SerialNumber: syz
[  554.805492][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.895693][   T10] usb 3-1: config 0 descriptor??
[  555.469420][ T5920] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 109 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  555.491227][ T5920] usb 4-1: USB disconnect, device number 109
[  555.507120][ T5920] usblp0: removed
[  555.614964][   T43] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  555.773976][   T43] usb 5-1: Using ep0 maxpacket: 16
[  555.785704][   T43] usb 5-1: config 0 has an invalid interface number: 194 but max is 0
[  555.794429][   T43] usb 5-1: config 0 has no interface number 0
[  555.805127][   T43] usb 5-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=b4.25
[  555.819307][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.827439][   T43] usb 5-1: Product: syz
[  555.831743][   T43] usb 5-1: Manufacturer: syz
[  555.836506][   T43] usb 5-1: SerialNumber: syz
[  555.843031][   T43] usb 5-1: config 0 descriptor??
[  555.854268][   T43] cypress_cy7c63 5-1:0.194: Cypress CY7C63xxx device now attached
[  555.936371][T13094] sctp: [Deprecated]: syz.2.1933 (pid 13094) Use of struct sctp_assoc_value in delayed_ack socket option.
[  555.936371][T13094] Use struct sctp_sack_info instead
[  555.944190][ T5920] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  556.051190][   T10] usb 5-1: USB disconnect, device number 107
[  556.059734][   T10] cypress_cy7c63 5-1:0.194: Cypress CY7C63xxx device now disconnected
[  556.094575][ T5920] usb 4-1: device descriptor read/64, error -71
[  556.335185][ T5920] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  556.385732][T13124] FAULT_INJECTION: forcing a failure.
[  556.385732][T13124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  556.399879][T13124] CPU: 0 UID: 0 PID: 13124 Comm: syz.5.1945 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  556.399898][T13124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.399905][T13124] Call Trace:
[  556.399909][T13124]  <TASK>
[  556.399915][T13124]  dump_stack_lvl+0x189/0x250
[  556.399934][T13124]  ? __pfx____ratelimit+0x10/0x10
[  556.399949][T13124]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.399961][T13124]  ? __pfx__printk+0x10/0x10
[  556.399975][T13124]  ? __might_fault+0xb0/0x130
[  556.399994][T13124]  should_fail_ex+0x414/0x560
[  556.400014][T13124]  _copy_from_iter+0x1db/0x16f0
[  556.400038][T13124]  ? policy_nodemask+0x27c/0x720
[  556.400059][T13124]  ? __pfx__copy_from_iter+0x10/0x10
[  556.400086][T13124]  ? set_page_refcounted+0xa0/0x1e0
[  556.400108][T13124]  ? page_copy_sane+0x4e/0x280
[  556.400131][T13124]  copy_page_from_iter+0xdd/0x170
[  556.400157][T13124]  tun_get_user+0x1d7b/0x3e20
[  556.400187][T13124]  ? tun_get_user+0x6f6/0x3e20
[  556.400209][T13124]  ? aa_file_perm+0x44d/0x1550
[  556.400224][T13124]  ? __pfx_tun_get_user+0x10/0x10
[  556.400237][T13124]  ? _parse_integer_limit+0x1ae/0x1f0
[  556.400254][T13124]  ? __lock_acquire+0xab9/0xd20
[  556.400272][T13124]  ? ref_tracker_alloc+0x318/0x460
[  556.400283][T13124]  ? __lock_acquire+0xab9/0xd20
[  556.400297][T13124]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  556.400312][T13124]  ? tun_get+0x1c/0x2f0
[  556.400327][T13124]  ? tun_get+0x1c/0x2f0
[  556.400340][T13124]  ? tun_get+0x1c/0x2f0
[  556.400355][T13124]  tun_chr_write_iter+0x113/0x200
[  556.400370][T13124]  vfs_write+0x548/0xa90
[  556.400386][T13124]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  556.400400][T13124]  ? __pfx_vfs_write+0x10/0x10
[  556.400417][T13124]  ? __fget_files+0x2a/0x420
[  556.400436][T13124]  ksys_write+0x145/0x250
[  556.400450][T13124]  ? __pfx_ksys_write+0x10/0x10
[  556.400469][T13124]  ? do_syscall_64+0xbe/0x3b0
[  556.400494][T13124]  do_syscall_64+0xfa/0x3b0
[  556.400513][T13124]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.400532][T13124]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.400550][T13124]  ? clear_bhb_loop+0x60/0xb0
[  556.400564][T13124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.400574][T13124] RIP: 0033:0x7f293998d69f
[  556.400585][T13124] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  556.400594][T13124] RSP: 002b:00007f293a8a0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  556.400606][T13124] RAX: ffffffffffffffda RBX: 00007f2939bb5fa0 RCX: 00007f293998d69f
[  556.400614][T13124] RDX: 000000000000003e RSI: 00002000000056c0 RDI: 00000000000000c8
[  556.400620][T13124] RBP: 00007f293a8a0090 R08: 0000000000000000 R09: 0000000000000000
[  556.400627][T13124] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[  556.400633][T13124] R13: 00007f2939bb6038 R14: 00007f2939bb5fa0 R15: 00007f2939cdfa28
[  556.400654][T13124]  </TASK>
[  556.739795][T13126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  556.749546][T13126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  556.757905][ T5920] usb 4-1: device descriptor read/64, error -71
[  556.834968][T13128] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1947'.
[  556.874274][ T5920] usb usb4-port1: attempt power cycle
[  556.991273][T13134] syzkaller1: entered promiscuous mode
[  556.997097][T13134] syzkaller1: entered allmulticast mode
[  557.062118][   T43] usb 3-1: USB disconnect, device number 101
[  557.213985][ T5920] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  557.223401][T13138] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[13138]
[  557.234754][ T5920] usb 4-1: device descriptor read/8, error -71
[  557.272638][ T5987] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  557.417600][T13141] loop2: detected capacity change from 0 to 7
[  557.436644][ T5918] Dev loop2: unable to read RDB block 7
[  557.442223][ T5918]  loop2: unable to read partition table
[  557.534631][ T5920] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[  557.587407][ T5987] usb 5-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  557.597452][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.605833][ T5920] usb 4-1: device descriptor read/8, error -71
[  557.613306][ T5987] usb 5-1: Product: syz
[  557.618173][ T5987] usb 5-1: Manufacturer: syz
[  557.622991][ T5918] loop2: partition table beyond EOD, truncated
[  557.623053][ T5987] usb 5-1: SerialNumber: syz
[  557.637608][T13141] Dev loop2: unable to read RDB block 7
[  557.643329][T13141]  loop2: unable to read partition table
[  557.649751][T13141] loop2: partition table beyond EOD, truncated
[  557.720796][ T5920] usb usb4-port1: unable to enumerate USB device
[  557.764539][T13141] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  557.817825][ T5987] usb 5-1: config 0 descriptor??
[  557.833640][ T5987] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  557.927159][T13144] netlink: 'syz.0.1953': attribute type 1 has an invalid length.
[  558.101399][T13144] 8021q: adding VLAN 0 to HW filter on device bond3
[  558.230145][ T5987] sonixb 5-1:0.0: Error reading register 00: -71
[  558.265925][ T5987] usb 5-1: USB disconnect, device number 108
[  558.392471][T13156] ptrace attach of "./syz-executor exec"[5886] was attempted by "./syz-executor exec"[13156]
[  559.366594][ T5987] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  559.513998][ T5920] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[  559.533992][ T5987] usb 5-1: Using ep0 maxpacket: 16
[  559.543822][ T5987] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  559.560084][T13178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  559.567736][ T5987] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  559.578113][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.587539][T13178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  559.595037][ T5987] usb 5-1: config 0 descriptor??
[  559.609826][T13178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  559.632273][T13178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  559.684407][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  559.760899][ T5920] usb 4-1: unable to get BOS descriptor or descriptor too short
[  559.804796][ T5920] usb 4-1: unable to read config index 0 descriptor/start: -71
[  559.821282][ T5920] usb 4-1: can't read configurations, error -71
[  560.032701][ T5987] mcp2221 0003:04D8:00DD.0023: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  560.223594][T13182] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1965'.
[  560.435943][T13173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  560.454574][T13173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  560.502584][ T5987] usb 5-1: USB disconnect, device number 109
[  560.859648][T13201] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1972'.
[  561.108349][T13210] tipc: Started in network mode
[  561.113617][T13210] tipc: Node identity d65baa53c739, cluster identity 4711
[  561.123697][T13210] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  561.136705][T13210] tipc: Resetting bearer <eth:syzkaller0>
[  561.147698][T13210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  561.161249][T13210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.208473][T13209] tipc: Disabling bearer <eth:syzkaller0>
[  561.298402][T13215] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1976'.
[  561.350950][ T5920] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  561.544143][ T5920] usb 5-1: Using ep0 maxpacket: 8
[  561.551063][ T5920] usb 5-1: config 150 has an invalid interface number: 253 but max is 1
[  561.562597][ T5920] usb 5-1: config 150 has an invalid interface number: 77 but max is 1
[  561.581499][ T5920] usb 5-1: config 150 has no interface number 0
[  561.588715][T13229] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1981'.
[  561.598347][ T5920] usb 5-1: config 150 has no interface number 1
[  561.605419][ T5920] usb 5-1: config 150 interface 253 has no altsetting 0
[  561.614528][ T5920] usb 5-1: config 150 interface 77 has no altsetting 0
[  561.623636][ T5920] usb 5-1: New USB device found, idVendor=12d1, idProduct=b193, bcdDevice=45.bc
[  561.634222][   T24] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  561.637845][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.670026][ T5920] usb 5-1: Product: syz
[  561.684411][ T5920] usb 5-1: Manufacturer: syz
[  561.689065][ T5920] usb 5-1: SerialNumber: syz
[  561.907696][ T5920] option 5-1:150.253: GSM modem (1-port) converter detected
[  561.915159][   T24] usb 3-1: Using ep0 maxpacket: 32
[  562.096707][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  562.175313][   T24] usb 3-1: unable to read config index 0 descriptor/start: -71
[  562.184299][   T24] usb 3-1: can't read configurations, error -71
[  562.719065][T13250] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1986'.
[  562.822840][T13251] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1986'.
[  562.950377][T13255] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[13255]
[  563.169455][T13258] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1988'.
[  563.199941][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  563.207019][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  563.932661][T13264] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1992'.
[  563.981884][T13266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.019138][T13266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.109776][ T5920] usb 5-1: USB disconnect, device number 110
[  564.124472][ T5920] option 5-1:150.253: device disconnected
[  564.282646][T13279] fuse: Bad value for 'fd'
[  564.524009][ T5920] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  564.676720][ T5920] usb 5-1: Using ep0 maxpacket: 8
[  564.687579][ T5920] usb 5-1: config 127 has an invalid interface number: 171 but max is 1
[  564.698821][ T5920] usb 5-1: config 127 has no interface number 1
[  564.708828][ T5920] usb 5-1: config 127 interface 0 altsetting 10 endpoint 0xA has invalid wMaxPacketSize 0
[  564.726187][ T5920] usb 5-1: config 127 interface 171 has no altsetting 0
[  564.739935][ T5920] usb 5-1: config 127 interface 0 has no altsetting 0
[  564.752588][ T5920] usb 5-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  564.762415][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.775124][ T5920] usb 5-1: Product: syz
[  564.781429][ T5920] usb 5-1: Manufacturer: syz
[  564.796499][ T5920] usb 5-1: SerialNumber: syz
[  564.967854][T13303] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  565.082689][   T30] audit: type=1326 audit(1754513456.658:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.128820][   T30] audit: type=1326 audit(1754513456.688:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.151650][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.159779][   T30] audit: type=1326 audit(1754513456.688:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.183205][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.190816][   T30] audit: type=1326 audit(1754513456.688:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.213481][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.221425][   T10] IPVS: starting estimator thread 0...
[  565.223787][   T30] audit: type=1326 audit(1754513456.688:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.249798][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.269993][   T30] audit: type=1326 audit(1754513456.688:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.308564][   T30] audit: type=1326 audit(1754513456.688:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.328908][T13312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2004'.
[  565.331391][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.342529][T13312] netlink: 'syz.3.2004': attribute type 10 has an invalid length.
[  565.349134][   T30] audit: type=1326 audit(1754513456.688:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.377789][T13312] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.385895][T13310] IPVS: using max 34 ests per chain, 81600 per kthread
[  565.412729][T13312] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.420303][T13312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.427791][   T30] audit: type=1326 audit(1754513456.688:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.450613][    C1] vkms_vblank_simulate: vblank timer overrun
[  565.468689][T13312] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  565.532442][T13313] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  565.544553][   T30] audit: type=1326 audit(1754513456.688:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13276 comm="syz.4.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x7ffc0000
[  565.556046][T13313] ip6gretap1: entered promiscuous mode
[  565.653651][T13316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2005'.
[  565.784825][T13320] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2007'.
[  565.869997][T13322] sctp: [Deprecated]: syz.3.2008 (pid 13322) Use of struct sctp_assoc_value in delayed_ack socket option.
[  565.869997][T13322] Use struct sctp_sack_info instead
[  566.484113][ T5987] usb 3-1: new full-speed USB device number 104 using dummy_hcd
[  566.695998][ T5987] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  566.710839][T13345] QAT: Invalid ioctl 21531
[  566.716354][ T5987] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  566.728805][ T5987] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  566.742562][ T5987] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  566.752070][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.793746][ T5987] usb 3-1: config 0 descriptor??
[  566.799756][T13336] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  566.913999][   T43] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  567.066203][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  567.077928][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  567.088027][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  567.140439][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  567.203608][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.243085][   T43] usb 4-1: config 0 descriptor??
[  567.260005][ T5920] xr_serial 5-1:127.171: xr_serial converter detected
[  567.267948][   T43] em28xx 4-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  567.295943][ T5920] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  567.351396][ T5920] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  567.414693][ T5920] usb 5-1: USB disconnect, device number 111
[  567.434623][ T5920] xr_serial 5-1:127.171: device disconnected
[  567.490016][ T5987] aureal 0003:0755:2626.0024: unknown main item tag 0x6
[  567.508070][T13357] netlink: 'syz.4.2015': attribute type 2 has an invalid length.
[  567.530146][ T5987] aureal 0003:0755:2626.0024: report_id 0 is invalid
[  567.554942][ T5987] aureal 0003:0755:2626.0024: item 0 2 1 8 parsing failed
[  567.567108][ T5987] aureal 0003:0755:2626.0024: probe with driver aureal failed with error -22
[  567.670027][ T5987] usb 4-1: USB disconnect, device number 116
[  568.553053][T13379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.605624][T13379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.619749][T13379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.648192][T13379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.764051][   T43] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  568.914522][   T43] usb 4-1: Using ep0 maxpacket: 32
[  569.095525][   T43] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  569.105173][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.120350][   T43] usb 4-1: config 0 descriptor??
[  569.148289][   T43] as10x_usb: device has been detected
[  569.165467][   T43] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  569.220405][   T43] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  569.243782][ T5987] usb 3-1: USB disconnect, device number 104
[  569.324138][  T983] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  569.384772][T13377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.397026][T13377] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.499375][   T43] as10x_usb: error during firmware upload part1
[  569.618638][  T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  569.630813][   T43] Registered device nBox DVB-T Dongle
[  569.657831][  T983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  569.746559][  T983] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  569.784873][  T983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.898763][T13391] input: syz0 as /devices/virtual/input/input24
[  569.930069][T13391] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2027'.
[  569.974200][   T43] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  570.024058][  T983] usb 5-1: config 0 descriptor??
[  570.146280][   T43] usb 3-1: Using ep0 maxpacket: 32
[  570.204679][T13394] nvme_fabrics: unknown parameter or missing value '
œ	«
' in ctrl creation request
[  570.270710][   T43] usb 3-1: unable to get BOS descriptor or descriptor too short
[  570.282453][   T43] usb 3-1: unable to read config index 0 descriptor/start: -71
[  570.294347][   T43] usb 3-1: can't read configurations, error -71
[  570.990198][T13405] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  571.047566][T13405] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  571.102915][T13383] sctp: [Deprecated]: syz.4.2023 (pid 13383) Use of struct sctp_assoc_value in delayed_ack socket option.
[  571.102915][T13383] Use struct sctp_sack_info instead
[  571.131185][T13405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.140692][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.170274][T13405] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.233217][T13400] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.272199][T13405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.294629][ T3542] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  571.294810][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.372141][T13405] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.373977][T13400] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2030'.
[  571.399242][ T5987] usb 4-1: USB disconnect, device number 117
[  571.419529][ T5987] Unregistered device nBox DVB-T Dongle
[  571.420531][ T5987] as10x_usb: device has been disconnected
[  571.438849][ T3542] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  571.474847][ T3542] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  571.500579][ T3542] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  571.779410][T13418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.830394][T13418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  571.904262][ T5987] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  572.064029][ T5987] usb 3-1: Using ep0 maxpacket: 8
[  572.082482][ T5987] usb 3-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice= 3.0e
[  572.107375][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.139963][ T5987] usb 3-1: config 0 descriptor??
[  572.356284][ T5987] usb 3-1: USB disconnect, device number 107
[  572.373940][   T43] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  572.538423][   T43] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  572.557329][   T43] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  572.566676][   T43] usb 4-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config
[  572.580207][   T43] usb 4-1: config 220 has no interface number 2
[  572.590861][   T43] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  572.605657][   T43] usb 4-1: config 220 interface 0 has no altsetting 0
[  572.612516][   T43] usb 4-1: config 220 interface 76 has no altsetting 0
[  572.622375][   T43] usb 4-1: config 220 interface 1 has no altsetting 0
[  572.640212][   T43] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  572.652825][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.664002][   T43] usb 4-1: Product: syz
[  572.672246][   T43] usb 4-1: Manufacturer: syz
[  572.678407][   T43] usb 4-1: SerialNumber: syz
[  572.974186][ T5987] usb 5-1: USB disconnect, device number 112
[  573.278488][   T43] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  573.285336][   T43] usb 4-1: No valid video chain found.
[  573.291778][   T43] usb 4-1: selecting invalid altsetting 0
[  573.934523][   T43] usb 4-1: selecting invalid altsetting 0
[  574.058255][   T43] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  574.064371][ T5987] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  574.082054][   T43] usb 4-1: USB disconnect, device number 118
[  574.190032][   T24] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  574.241689][ T5987] usb 5-1: Using ep0 maxpacket: 32
[  574.344209][ T5987] usb 5-1: unable to get BOS descriptor or descriptor too short
[  574.355389][ T5987] usb 5-1: unable to read config index 0 descriptor/start: -71
[  574.364373][   T24] usb 3-1: Using ep0 maxpacket: 16
[  574.369708][ T5987] usb 5-1: can't read configurations, error -71
[  574.408704][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  574.420846][   T24] usb 3-1: config 0 has no interfaces?
[  574.430344][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  574.443315][   T24] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  574.452849][   T24] usb 3-1: Manufacturer: syz
[  574.475747][   T24] usb 3-1: config 0 descriptor??
[  574.964454][T13458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.029298][T13458] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.226024][T13462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2046'.
[  575.285822][   T43] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  575.584048][   T43] usb 4-1: Using ep0 maxpacket: 16
[  575.630222][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  575.926489][   T43] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00
[  575.992646][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.110422][   T43] usb 4-1: config 0 descriptor??
[  577.208910][   T24] usb 3-1: USB disconnect, device number 108
[  577.236848][   T43] kye 0003:0458:0087.0026: reserved main item tag 0xd
[  577.468519][   T43] kye 0003:0458:0087.0026: unexpected long global item
[  577.524469][   T43] kye 0003:0458:0087.0026: parse failed
[  577.579501][   T43] kye 0003:0458:0087.0026: probe with driver kye failed with error -22
[  578.756649][T13488] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2054'.
[  578.776192][T13488] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2054'.
[  578.799895][T13488] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2054'.
[  578.919820][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  578.919840][   T30] audit: type=1326 audit(1754513470.498:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13489 comm="syz.2.2049" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f89b6f8ebe9 code=0x0
[  579.062624][ T5920] usb 4-1: USB disconnect, device number 119
[  579.144443][T13501] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2058'.
[  579.159131][T13501] fuse: Unknown parameter '00000000000000000007'
[  579.203670][T13503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.214479][T13503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.234232][ T5954] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  579.410781][ T5954] usb 5-1: Using ep0 maxpacket: 8
[  579.427803][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  579.454069][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  579.480597][ T5954] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  579.529516][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  579.553353][ T5954] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  579.571333][ T5954] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  579.594172][   T43] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  579.670212][ T5954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.743996][   T43] usb 3-1: Using ep0 maxpacket: 16
[  579.750971][T13505] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  579.814252][ T5954] usb 5-1: config 0 descriptor??
[  579.874771][   T43] usb 3-1: unable to get BOS descriptor or descriptor too short
[  579.892716][   T43] usb 3-1: unable to read config index 0 descriptor/start: -71
[  579.910842][   T51] Bluetooth: hci5: urb ffff888057ba8c00 submission failed (90)
[  579.918943][   T43] usb 3-1: can't read configurations, error -71
[  580.067533][T13495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.095347][T13495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.118241][ T5983] usb 5-1: USB disconnect, device number 115
[  581.114358][T13523] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2066'.
[  581.123475][T13523] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2066'.
[  581.172537][T13523] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2066'.
[  581.804360][   T24] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  581.964036][   T24] usb 3-1: Using ep0 maxpacket: 32
[  582.056596][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  582.068462][   T24] usb 3-1: config 0 has no interface number 0
[  582.076205][   T24] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  582.087826][   T24] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  582.102117][   T24] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  582.118869][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.143786][   T24] usb 3-1: config 0 descriptor??
[  582.284081][ T5987] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  582.369689][T13530] sctp: [Deprecated]: syz.2.2067 (pid 13530) Use of int in max_burst socket option deprecated.
[  582.369689][T13530] Use struct sctp_assoc_value instead
[  582.445984][ T5987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  582.457833][ T5987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  582.504002][ T5987] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  582.513203][ T5987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.536928][ T5987] usb 4-1: config 0 descriptor??
[  582.812095][   T24] input: HID 28bd:0094 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0094.0027/input/input25
[  582.883806][T13544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.897476][T13544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.921451][   T24] uclogic 0003:28BD:0094.0027: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.2-1/input1
[  583.018766][   T24] usb 3-1: USB disconnect, device number 111
[  583.068218][T13545] fido_id[13545]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  583.621683][T13541] sctp: [Deprecated]: syz.3.2072 (pid 13541) Use of struct sctp_assoc_value in delayed_ack socket option.
[  583.621683][T13541] Use struct sctp_sack_info instead
[  583.672989][T13554] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2076'.
[  584.317397][T13559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.329056][T13559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.531436][T13563] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2078'.
[  584.540919][T13563] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2078'.
[  584.553437][T13563] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2078'.
[  584.805509][T13572] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[13572]
[  584.948887][ T5987] usb 4-1: USB disconnect, device number 120
[  585.646828][T13591] netlink: 'syz.3.2087': attribute type 2 has an invalid length.
[  585.753958][   T43] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  585.923921][   T43] usb 5-1: Using ep0 maxpacket: 32
[  585.933991][   T43] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=4d.52
[  585.943505][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.951670][   T43] usb 5-1: Product: syz
[  585.963811][   T43] usb 5-1: Manufacturer: syz
[  585.975840][   T43] usb 5-1: SerialNumber: syz
[  586.162640][T13598] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2090'.
[  586.171917][T13598] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2090'.
[  586.197055][T13589] batadv_slave_0: entered promiscuous mode
[  586.204080][T13587] batadv_slave_0: left promiscuous mode
[  586.224343][   T43] usb_ehset_test 5-1:84.0: probe with driver usb_ehset_test failed with error -32
[  586.250036][T13598] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2090'.
[  586.260894][   T43] usb 5-1: USB disconnect, device number 116
[  586.499162][T13607] ptrace attach of "./syz-executor exec"[5885] was attempted by "./syz-executor exec"[13607]
[  586.608129][T13609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.629347][T13609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.678201][T13609] sctp: [Deprecated]: syz.5.2093 (pid 13609) Use of struct sctp_assoc_value in delayed_ack socket option.
[  586.678201][T13609] Use struct sctp_sack_info instead
[  586.995501][   T30] audit: type=1326 audit(1754513478.578:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13615 comm="syz.4.2096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f495438ebe9 code=0x0
[  587.739495][T13619] loop2: detected capacity change from 0 to 7
[  587.747913][T13619] Dev loop2: unable to read RDB block 7
[  587.753667][T13619]  loop2: unable to read partition table
[  587.760602][T13619] loop2: partition table beyond EOD, truncated
[  587.767127][T13619] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  588.118812][T13633] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2102'.
[  588.128527][T13633] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2102'.
[  588.139388][T13633] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2102'.
[  588.352233][T13638] tipc: Invalid UDP bearer configuration
[  588.352269][T13638] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  589.351288][T13649] loop2: detected capacity change from 0 to 7
[  589.362805][T13649] Dev loop2: unable to read RDB block 7
[  589.370033][T13649]  loop2: unable to read partition table
[  589.376805][T13649] loop2: partition table beyond EOD, truncated
[  589.383131][T13649] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  589.590216][T13657] netlink: 408 bytes leftover after parsing attributes in process `syz.3.2109'.
[  589.943999][   T24] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  589.962617][T13668] FAULT_INJECTION: forcing a failure.
[  589.962617][T13668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  589.987194][T13668] CPU: 1 UID: 0 PID: 13668 Comm: syz.5.2115 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  589.987245][T13668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  589.987269][T13668] Call Trace:
[  589.987286][T13668]  <TASK>
[  589.987298][T13668]  dump_stack_lvl+0x189/0x250
[  589.987323][T13668]  ? __pfx____ratelimit+0x10/0x10
[  589.987345][T13668]  ? __pfx_dump_stack_lvl+0x10/0x10
[  589.987366][T13668]  ? __pfx__printk+0x10/0x10
[  589.987390][T13668]  ? __might_fault+0xb0/0x130
[  589.987424][T13668]  should_fail_ex+0x414/0x560
[  589.987450][T13668]  _copy_from_user+0x2d/0xb0
[  589.987468][T13668]  __sys_bpf+0x1ed/0x870
[  589.987491][T13668]  ? __pfx___sys_bpf+0x10/0x10
[  589.987522][T13668]  ? ksys_write+0x1e1/0x250
[  589.987557][T13668]  ? __pfx_ksys_write+0x10/0x10
[  589.987576][T13668]  ? rcu_is_watching+0x15/0xb0
[  589.987600][T13668]  __x64_sys_bpf+0x7c/0x90
[  589.987622][T13668]  do_syscall_64+0xfa/0x3b0
[  589.987642][T13668]  ? lockdep_hardirqs_on+0x9c/0x150
[  589.987661][T13668]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.987678][T13668]  ? clear_bhb_loop+0x60/0xb0
[  589.987700][T13668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.987717][T13668] RIP: 0033:0x7f293998ebe9
[  589.987733][T13668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.987748][T13668] RSP: 002b:00007f293a8a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  589.987767][T13668] RAX: ffffffffffffffda RBX: 00007f2939bb5fa0 RCX: 00007f293998ebe9
[  589.987780][T13668] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 000000000000000f
[  589.987792][T13668] RBP: 00007f293a8a0090 R08: 0000000000000000 R09: 0000000000000000
[  589.987804][T13668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.987815][T13668] R13: 00007f2939bb6038 R14: 00007f2939bb5fa0 R15: 00007f2939cdfa28
[  589.987843][T13668]  </TASK>
[  590.411942][   T24] usb 4-1: config 0 has no interfaces?
[  590.429807][   T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  590.439875][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.448306][   T24] usb 4-1: Product: syz
[  590.452714][   T24] usb 4-1: Manufacturer: syz
[  590.457864][   T24] usb 4-1: SerialNumber: syz
[  590.465913][   T24] usb 4-1: config 0 descriptor??
[  590.693785][T13680] ptrace attach of "./syz-executor exec"[9738] was attempted by "./syz-executor exec"[13680]
[  591.804147][ T5987] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  591.976752][ T5987] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  592.003640][ T5987] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  592.022022][ T5987] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  592.032018][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=226, SerialNumber=255
[  592.137784][ T5987] usb 3-1: Product: syz
[  592.142167][ T5987] usb 3-1: SerialNumber: syz
[  592.153009][ T5987] usb 3-1: config 0 descriptor??
[  592.172246][ T5987] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  592.743518][   T24] usb 4-1: USB disconnect, device number 121
[  593.112688][   T30] audit: type=1326 audit(1754513484.688:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13700 comm="syz.0.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  593.161464][ T5954] usb 3-1: USB disconnect, device number 112
[  593.313039][   T30] audit: type=1326 audit(1754513484.688:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13700 comm="syz.0.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  593.400937][   T30] audit: type=1326 audit(1754513484.688:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13700 comm="syz.0.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8a3ed2add9 code=0x7ffc0000
[  593.514046][   T30] audit: type=1326 audit(1754513484.688:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13700 comm="syz.0.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8a3ed2add9 code=0x7ffc0000
[  593.607734][   T30] audit: type=1326 audit(1754513484.688:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13700 comm="syz.0.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  594.110448][T13728] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  594.308023][T13730] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  594.446185][T13732] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2132'.
[  595.574304][ T5987] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  595.735450][ T5987] usb 3-1: Using ep0 maxpacket: 8
[  596.324091][ T5987] usb 3-1: config 0 has an invalid interface number: 175 but max is 0
[  596.363956][ T5987] usb 3-1: config 0 has no interface number 0
[  596.414977][ T5987] usb 3-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=bc.ed
[  596.434888][ T5987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.463380][ T5987] usb 3-1: Product: syz
[  596.476371][ T5987] usb 3-1: Manufacturer: syz
[  596.511130][ T5987] usb 3-1: SerialNumber: syz
[  596.560625][ T5987] usb 3-1: config 0 descriptor??
[  596.972597][T13772] loop2: detected capacity change from 0 to 7
[  597.032344][T13772] Dev loop2: unable to read RDB block 7
[  597.050491][T13772]  loop2: unable to read partition table
[  597.071120][T13772] loop2: partition table beyond EOD, truncated
[  597.099119][ T5987] usbserial_generic 3-1:0.175: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  597.141296][T13772] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  597.156748][ T5987] usbserial_generic 3-1:0.175: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  597.184219][ T5987] usbserial_generic 3-1:0.175: device has no bulk endpoints
[  597.229095][ T5987] safe_serial 3-1:0.175: safe_serial converter detected
[  597.274890][T13780] netlink: 'syz.4.2147': attribute type 2 has an invalid length.
[  597.290473][ T5987] safe_serial 3-1:0.175: probe with driver safe_serial failed with error -22
[  597.357464][ T5987] usb 3-1: USB disconnect, device number 113
[  597.604387][T13789] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2148'.
[  597.857381][T13800] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2152'.
[  597.866761][T13800] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2152'.
[  597.895908][T13801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  597.900475][T13800] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2152'.
[  598.058541][T13807] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2156'.
[  598.321813][T13810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2155'.
[  598.380070][T13809] tipc: Started in network mode
[  598.394222][T13809] tipc: Node identity 7f000001, cluster identity 4711
[  598.537118][T13809] tipc: Enabled bearer <udp:syz2>, priority 10
[  599.691353][ T5983] tipc: Node number set to 2130706433
[  599.987746][T13828] loop2: detected capacity change from 0 to 7
[  600.094419][T13828] Dev loop2: unable to read RDB block 7
[  600.114263][T13828]  loop2: unable to read partition table
[  600.130898][T13828] loop2: partition table beyond EOD, truncated
[  600.158047][T13828] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  601.655163][   T43] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  601.809628][   T43] usb 4-1: config 0 has no interfaces?
[  601.818846][   T43] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  601.844343][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.881460][   T43] usb 4-1: Product: syz
[  601.902967][   T43] usb 4-1: Manufacturer: syz
[  601.916541][   T43] usb 4-1: SerialNumber: syz
[  601.950371][   T43] usb 4-1: config 0 descriptor??
[  602.228958][T13860] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2170'.
[  602.627004][T13864] loop2: detected capacity change from 0 to 7
[  602.634413][T13864] Dev loop2: unable to read RDB block 7
[  602.640148][T13864]  loop2: unable to read partition table
[  602.649817][T13864] loop2: partition table beyond EOD, truncated
[  602.673949][T13864] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  603.042607][T13873] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2175'.
[  603.637443][T13873] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2175'.
[  603.897822][T13882] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2178'.
[  604.923179][T13897] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2182'.
[  604.954616][   T43] usb 4-1: USB disconnect, device number 122
[  605.362522][T13900] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  605.634605][T13905] netlink: 'syz.0.2185': attribute type 1 has an invalid length.
[  605.673554][T13907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  605.736680][T13907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.739138][T13905] 8021q: adding VLAN 0 to HW filter on device bond4
[  606.016770][T13923] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2190'.
[  606.356722][T13937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2196'.
[  607.135961][T13954] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2202'.
[  607.146941][T13954] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2202'.
[  607.157930][T13954] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2202'.
[  607.272571][T13955] netlink: 'syz.4.2200': attribute type 1 has an invalid length.
[  607.478894][T13955] 8021q: adding VLAN 0 to HW filter on device bond4
[  607.573990][ T5983] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  607.742944][T13969] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2206'.
[  607.744286][ T5954] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  607.779543][ T5983] usb 3-1: Using ep0 maxpacket: 8
[  607.792704][ T5983] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  607.801437][ T5983] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  607.816772][ T5983] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  607.827982][ T5983] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  607.838952][ T5983] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  607.863260][ T5983] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  607.930556][ T5983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.992663][ T5954] usb 4-1: config 0 has no interfaces?
[  608.034520][ T5954] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  608.054042][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.072475][ T5954] usb 4-1: Product: syz
[  608.083938][ T5954] usb 4-1: Manufacturer: syz
[  608.100729][ T5954] usb 4-1: SerialNumber: syz
[  608.157065][ T5983] usb 3-1: GET_CAPABILITIES returned 0
[  608.162602][ T5983] usbtmc 3-1:16.0: can't read capabilities
[  608.162692][ T5954] usb 4-1: config 0 descriptor??
[  608.393302][ T5983] usb 3-1: USB disconnect, device number 114
[  608.947890][T13989] IPv6: sit1: Disabled Multicast RS
[  609.043823][T13991] FAULT_INJECTION: forcing a failure.
[  609.043823][T13991] name failslab, interval 1, probability 0, space 0, times 0
[  609.169716][T13991] CPU: 1 UID: 0 PID: 13991 Comm: syz.4.2213 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  609.169745][T13991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  609.169757][T13991] Call Trace:
[  609.169765][T13991]  <TASK>
[  609.169775][T13991]  dump_stack_lvl+0x189/0x250
[  609.169802][T13991]  ? __pfx____ratelimit+0x10/0x10
[  609.169831][T13991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  609.169853][T13991]  ? __pfx__printk+0x10/0x10
[  609.169882][T13991]  ? __pfx___might_resched+0x10/0x10
[  609.169905][T13991]  should_fail_ex+0x414/0x560
[  609.169931][T13991]  should_failslab+0xa8/0x100
[  609.169958][T13991]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  609.169983][T13991]  ? __alloc_skb+0x112/0x2d0
[  609.170010][T13991]  __alloc_skb+0x112/0x2d0
[  609.170037][T13991]  tcp_stream_alloc_skb+0x3d/0x340
[  609.170060][T13991]  tcp_sendmsg_locked+0xf38/0x5620
[  609.170135][T13991]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  609.170153][T13991]  ? __local_bh_enable_ip+0x12d/0x1c0
[  609.170176][T13991]  ? __local_bh_enable_ip+0x12d/0x1c0
[  609.170207][T13991]  tcp_sendmsg+0x2f/0x50
[  609.170227][T13991]  __sock_sendmsg+0x19c/0x270
[  609.170249][T13991]  __sys_sendto+0x3bd/0x520
[  609.170273][T13991]  ? __pfx___sys_sendto+0x10/0x10
[  609.170292][T13991]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  609.170327][T13991]  ? __fget_files+0x3a0/0x420
[  609.170363][T13991]  ? ksys_write+0x22a/0x250
[  609.170389][T13991]  ? __pfx_ksys_write+0x10/0x10
[  609.170409][T13991]  ? rcu_is_watching+0x15/0xb0
[  609.170434][T13991]  __x64_sys_sendto+0xde/0x100
[  609.170461][T13991]  do_syscall_64+0xfa/0x3b0
[  609.170482][T13991]  ? lockdep_hardirqs_on+0x9c/0x150
[  609.170504][T13991]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.170522][T13991]  ? clear_bhb_loop+0x60/0xb0
[  609.170545][T13991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.170564][T13991] RIP: 0033:0x7f495438ebe9
[  609.170581][T13991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  609.170597][T13991] RSP: 002b:00007f4955168038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  609.170617][T13991] RAX: ffffffffffffffda RBX: 00007f49545b5fa0 RCX: 00007f495438ebe9
[  609.170630][T13991] RDX: 0000000000000381 RSI: 00002000000004c0 RDI: 0000000000000003
[  609.170642][T13991] RBP: 00007f4955168090 R08: 0000000000000000 R09: 0000000000000000
[  609.170659][T13991] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001
[  609.170671][T13991] R13: 00007f49545b6038 R14: 00007f49545b5fa0 R15: 00007f49546dfa28
[  609.170701][T13991]  </TASK>
[  609.427381][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.367925][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2217'.
[  610.388419][   T30] audit: type=1326 audit(1754513501.938:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  610.411044][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.420693][   T30] audit: type=1326 audit(1754513501.938:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  610.443363][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.454805][   T30] audit: type=1326 audit(1754513501.948:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  610.477272][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.924144][ T5960] usb 4-1: USB disconnect, device number 123
[  610.968157][   T30] audit: type=1326 audit(1754513501.948:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  610.990747][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.050886][   T30] audit: type=1326 audit(1754513501.948:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.073445][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.134249][   T30] audit: type=1326 audit(1754513501.948:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.157081][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.224067][   T30] audit: type=1326 audit(1754513501.948:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.297747][   T30] audit: type=1326 audit(1754513501.948:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.363005][   T30] audit: type=1326 audit(1754513501.948:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.439238][   T30] audit: type=1326 audit(1754513501.948:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14007 comm="syz.0.2217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f8a3ed8ebe9 code=0x7ffc0000
[  611.477576][T14020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.489349][T14020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.797230][T14027] usb usb8: usbfs: process 14027 (syz.4.2222) did not claim interface 0 before use
[  613.183967][   T43] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[  613.364083][   T43] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  613.373293][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.383426][   T43] usb 4-1: Product: syz
[  613.391057][   T43] usb 4-1: Manufacturer: syz
[  613.397209][   T43] usb 4-1: SerialNumber: syz
[  613.412137][   T43] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  613.443167][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  614.072404][T14035] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2224'.
[  614.174004][ T5960] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  614.445737][ T5960] usb 5-1: Using ep0 maxpacket: 16
[  614.469572][ T5960] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  614.482575][ T5960] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  614.500405][ T5960] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  614.512051][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.563961][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  614.569423][ T5960] usb 5-1: Product: syz
[  614.579412][   T24] ath9k_htc: Failed to initialize the device
[  614.587974][ T5960] usb 5-1: Manufacturer: syz
[  614.603176][ T5960] usb 5-1: SerialNumber: syz
[  614.738988][   T24] usb 4-1: ath9k_htc: USB layer deinitialized
[  614.912146][T14057] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2232'.
[  615.039509][ T5960] usb 5-1: 0:2 : does not exist
[  615.061301][ T5960] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  615.098903][T14067] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  615.157768][ T5960] usb 5-1: USB disconnect, device number 117
[  615.278436][T14069] netlink: 'syz.5.2235': attribute type 2 has an invalid length.
[  615.331420][T14069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.455295][T14069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.496049][T14070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.519526][T14070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.570882][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  615.612745][T14072] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2236'.
[  615.627490][T14069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.734807][T14069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.905208][T14080] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2239'.
[  615.922368][T14081] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2236'.
[  615.952321][   T24] usb 4-1: USB disconnect, device number 124
[  616.314750][   T30] kauditd_printk_skb: 45 callbacks suppressed
[  616.314900][   T30] audit: type=1326 audit(1754513507.878:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.426142][T14093] usb usb8: usbfs: process 14093 (syz.4.2242) did not claim interface 0 before use
[  616.500839][   T30] audit: type=1326 audit(1754513507.888:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.540770][   T30] audit: type=1326 audit(1754513507.898:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.595526][ T5960] hid (null): unknown global tag 0xd
[  616.604185][ T5960] hid (null): report_id 0 is invalid
[  616.609593][ T5960] hid (null): global environment stack underflow
[  616.647532][   T30] audit: type=1326 audit(1754513507.928:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.672410][ T5960] hid-generic FD26:0001:0BB3.0029: unknown main item tag 0x5
[  616.680311][ T5960] hid-generic FD26:0001:0BB3.0029: unknown global tag 0xd
[  616.689512][ T5960] hid-generic FD26:0001:0BB3.0029: item 0 2 1 13 parsing failed
[  616.697482][   T30] audit: type=1326 audit(1754513507.928:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.733243][ T5960] hid-generic FD26:0001:0BB3.0029: probe with driver hid-generic failed with error -22
[  616.751781][   T24] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[  616.781521][   T30] audit: type=1326 audit(1754513507.928:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  616.843968][   T30] audit: type=1326 audit(1754513507.968:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff2c698d550 code=0x7ffc0000
[  616.913325][   T30] audit: type=1326 audit(1754513507.968:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff2c698e7eb code=0x7ffc0000
[  617.122880][   T30] audit: type=1326 audit(1754513507.968:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff2c698e7eb code=0x7ffc0000
[  617.240618][   T30] audit: type=1326 audit(1754513507.988:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14086 comm="syz.3.2241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  617.264304][   T24] usb 4-1: Using ep0 maxpacket: 8
[  617.273016][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[  617.296614][   T24] usb 4-1: config 9 has an invalid interface number: 5 but max is 0
[  617.323971][   T24] usb 4-1: config 9 has no interface number 0
[  617.324029][   T24] usb 4-1: config 9 interface 5 altsetting 9 endpoint 0x9 has an invalid bInterval 181, changing to 7
[  617.391482][   T24] usb 4-1: config 9 interface 5 has no altsetting 0
[  617.412172][   T24] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[  617.452381][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.481126][   T24] usb 4-1: Product: syz
[  617.494270][   T24] usb 4-1: Manufacturer: syz
[  617.498934][   T24] usb 4-1: SerialNumber: syz
[  617.977822][T14114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.017763][T14114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  618.462647][T14124] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2252'.
[  618.602790][T14128] FAULT_INJECTION: forcing a failure.
[  618.602790][T14128] name failslab, interval 1, probability 0, space 0, times 0
[  618.618273][T14128] CPU: 0 UID: 0 PID: 14128 Comm: syz.4.2253 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  618.618300][T14128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  618.618311][T14128] Call Trace:
[  618.618320][T14128]  <TASK>
[  618.618328][T14128]  dump_stack_lvl+0x189/0x250
[  618.618355][T14128]  ? __pfx____ratelimit+0x10/0x10
[  618.618377][T14128]  ? __pfx_dump_stack_lvl+0x10/0x10
[  618.618426][T14128]  ? __pfx__printk+0x10/0x10
[  618.618456][T14128]  ? __pfx___might_resched+0x10/0x10
[  618.618479][T14128]  should_fail_ex+0x414/0x560
[  618.618503][T14128]  should_failslab+0xa8/0x100
[  618.618531][T14128]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  618.618555][T14128]  ? __alloc_skb+0x112/0x2d0
[  618.618576][T14128]  ? __pfx__copy_from_iter+0x10/0x10
[  618.618603][T14128]  __alloc_skb+0x112/0x2d0
[  618.618628][T14128]  tcp_stream_alloc_skb+0x3d/0x340
[  618.618652][T14128]  tcp_sendmsg_locked+0xf38/0x5620
[  618.618727][T14128]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  618.618744][T14128]  ? __local_bh_enable_ip+0x12d/0x1c0
[  618.618767][T14128]  ? __local_bh_enable_ip+0x12d/0x1c0
[  618.618797][T14128]  tcp_sendmsg+0x2f/0x50
[  618.618816][T14128]  __sock_sendmsg+0x19c/0x270
[  618.618839][T14128]  __sys_sendto+0x3bd/0x520
[  618.618865][T14128]  ? __pfx___sys_sendto+0x10/0x10
[  618.618884][T14128]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  618.618920][T14128]  ? __fget_files+0x3a0/0x420
[  618.618956][T14128]  ? ksys_write+0x22a/0x250
[  618.618981][T14128]  ? __pfx_ksys_write+0x10/0x10
[  618.619000][T14128]  ? rcu_is_watching+0x15/0xb0
[  618.619024][T14128]  __x64_sys_sendto+0xde/0x100
[  618.619049][T14128]  do_syscall_64+0xfa/0x3b0
[  618.619070][T14128]  ? lockdep_hardirqs_on+0x9c/0x150
[  618.619090][T14128]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.619107][T14128]  ? clear_bhb_loop+0x60/0xb0
[  618.619127][T14128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.619142][T14128] RIP: 0033:0x7f495438ebe9
[  618.619160][T14128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  618.619176][T14128] RSP: 002b:00007f4955168038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  618.619196][T14128] RAX: ffffffffffffffda RBX: 00007f49545b5fa0 RCX: 00007f495438ebe9
[  618.619210][T14128] RDX: 0000000000000381 RSI: 00002000000004c0 RDI: 0000000000000003
[  618.619223][T14128] RBP: 00007f4955168090 R08: 0000000000000000 R09: 0000000000000000
[  618.619235][T14128] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001
[  618.619246][T14128] R13: 00007f49545b6038 R14: 00007f49545b5fa0 R15: 00007f49546dfa28
[  618.619281][T14128]  </TASK>
[  619.002696][T14136] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2258'.
[  619.013961][   T43] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  619.101473][T14139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.102470][T14140] ptrace attach of "./syz-executor exec"[5886] was attempted by "./syz-executor exec"[14140]
[  619.112304][T14139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.176443][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  619.193977][ T5940] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  619.203182][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  619.245065][   T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  619.276208][   T24] usb 4-1: USB disconnect, device number 125
[  619.288015][   T43] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  619.343769][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.364206][   T43] usb 3-1: config 0 descriptor??
[  619.441662][ T5940] usb 5-1: Using ep0 maxpacket: 16
[  619.485863][ T5940] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  619.507209][ T5940] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  619.518863][ T5940] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  619.528495][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.536947][ T5940] usb 5-1: Product: syz
[  619.541969][ T5940] usb 5-1: Manufacturer: syz
[  619.632507][ T5940] usb 5-1: SerialNumber: syz
[  619.807589][   T43] plantronics 0003:047F:FFFF.002A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  620.001889][ T5940] usb 5-1: 0:2 : does not exist
[  620.030969][T14150] usb usb8: usbfs: process 14150 (syz.5.2262) did not claim interface 0 before use
[  620.044757][ T5940] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  620.095430][T14127] netlink: 'syz.2.2254': attribute type 32 has an invalid length.
[  620.103499][T14127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2254'.
[  620.122739][ T5940] usb 5-1: USB disconnect, device number 118
[  620.144900][T14127] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  620.267191][ T5920] usb 3-1: USB disconnect, device number 115
[  620.302806][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  620.427532][T14153] fido_id[14153]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  621.076068][T14160] can: request_module (can-proto-0) failed.
[  621.877909][T14178] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2269'.
[  621.880755][T14179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  621.914374][T14179] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  622.480412][T14196] bond0: Unable to set peer notification delay as MII monitoring is disabled
[  622.574044][ T5983] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  623.162717][ T5983] usb 3-1: no configurations
[  623.303984][ T5940] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  623.311772][   T43] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  623.397921][ T5983] usb 3-1: can't read configurations, error -22
[  623.464053][ T5940] usb 4-1: Using ep0 maxpacket: 8
[  623.553988][ T5983] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  623.678086][T14211] usb usb8: usbfs: process 14211 (syz.5.2280) did not claim interface 0 before use
[  623.755177][ T5983] usb 3-1: no configurations
[  623.807873][ T5983] usb 3-1: can't read configurations, error -22
[  623.845933][ T5983] usb usb3-port1: attempt power cycle
[  623.883440][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  623.904323][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  623.914486][   T43] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  623.923682][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.948268][   T43] usb 5-1: config 0 descriptor??
[  624.234285][ T5983] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[  624.352215][ T5983] usb 3-1: no configurations
[  624.361604][ T5983] usb 3-1: can't read configurations, error -22
[  624.494010][ T5983] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[  624.629271][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  624.635825][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  624.732544][ T5983] usb 3-1: no configurations
[  624.737514][ T5983] usb 3-1: can't read configurations, error -22
[  624.744691][ T5983] usb usb3-port1: unable to enumerate USB device
[  625.017160][T14197] sctp: [Deprecated]: syz.4.2275 (pid 14197) Use of struct sctp_assoc_value in delayed_ack socket option.
[  625.017160][T14197] Use struct sctp_sack_info instead
[  625.235618][T14223] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2283'.
[  625.330140][T14227] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2284'.
[  625.551410][T14238] loop2: detected capacity change from 0 to 7
[  625.560519][T14238] Dev loop2: unable to read RDB block 7
[  625.567217][T14238]  loop2: unable to read partition table
[  625.573306][T14238] loop2: partition table beyond EOD, truncated
[  625.581250][T14238] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  625.903970][ T5880] Bluetooth: hci1: command 0x0405 tx timeout
[  625.973135][T14216] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  625.985566][T14216] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  625.994584][T14216] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  626.002036][T14216] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  626.013600][T14216] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  626.128024][ T5983] usb 5-1: USB disconnect, device number 119
[  626.169735][T14234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.224035][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  626.258688][T14234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.317660][T14252] tipc: Started in network mode
[  626.325897][T14252] tipc: Node identity 2297fb29c5cd, cluster identity 4711
[  626.338352][T14252] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  626.348104][T14251] syzkaller0: entered promiscuous mode
[  626.354118][T14251] syzkaller0: entered allmulticast mode
[  626.617051][T14253] tipc: Resetting bearer <eth:syzkaller0>
[  626.650302][ T5940] usb 4-1: unable to get BOS descriptor or descriptor too short
[  626.676760][ T5940] usb 4-1: unable to read config index 0 descriptor/start: -71
[  626.693681][ T5940] usb 4-1: can't read configurations, error -71
[  626.743371][T14253] netlink: 'syz.4.2292': attribute type 3 has an invalid length.
[  626.757757][T14251] netlink: 'syz.4.2292': attribute type 3 has an invalid length.
[  627.044642][T14263] usb usb8: usbfs: process 14263 (syz.3.2295) did not claim interface 0 before use
[  627.120382][T14250] tipc: Resetting bearer <eth:syzkaller0>
[  627.159873][T14250] tipc: Disabling bearer <eth:syzkaller0>
[  627.253724][   T30] kauditd_printk_skb: 382 callbacks suppressed
[  627.253740][   T30] audit: type=1326 audit(1754513518.828:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.286485][   T30] audit: type=1326 audit(1754513518.838:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.308827][    C0] vkms_vblank_simulate: vblank timer overrun
[  627.319016][   T30] audit: type=1326 audit(1754513518.838:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.378358][   T30] audit: type=1326 audit(1754513518.838:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.403998][   T30] audit: type=1326 audit(1754513518.838:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.465763][   T30] audit: type=1326 audit(1754513518.838:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.489977][   T30] audit: type=1326 audit(1754513518.838:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.562246][T14269] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2298'.
[  627.595016][   T30] audit: type=1326 audit(1754513518.838:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.618921][   T30] audit: type=1326 audit(1754513518.878:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.645441][   T30] audit: type=1326 audit(1754513518.878:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14266 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b6f8ebe9 code=0x7ffc0000
[  627.647937][T14273] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2299'.
[  627.925731][T14277] syzkaller1: entered promiscuous mode
[  627.941751][T14277] syzkaller1: entered allmulticast mode
[  628.064588][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  628.066129][ T5880] Bluetooth: hci4: command 0x0406 tx timeout
[  628.070764][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  628.077224][ T5880] Bluetooth: hci2: command 0x0406 tx timeout
[  628.147400][T14285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  628.195619][T14288] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2305'.
[  628.455075][T14295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2308'.
[  629.310337][T14308] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  629.390279][T14311] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2313'.
[  629.624935][T14318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  629.643186][T14318] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  630.324798][ T5920] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  630.351699][T14329] syzkaller1: entered promiscuous mode
[  630.389618][T14329] syzkaller1: entered allmulticast mode
[  630.563292][ T5920] usb 5-1: config 8 has an invalid interface number: 220 but max is 1
[  630.611217][ T5920] usb 5-1: config 8 has an invalid interface number: 203 but max is 1
[  630.651430][ T5920] usb 5-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config
[  630.661891][T14338] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2323'.
[  630.722057][ T5920] usb 5-1: config 8 has no interface number 0
[  630.793902][ T5920] usb 5-1: config 8 has no interface number 1
[  630.804679][ T5920] usb 5-1: config 8 interface 203 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  630.838431][ T5920] usb 5-1: config 8 interface 220 has no altsetting 0
[  630.851900][ T5920] usb 5-1: config 8 interface 203 has no altsetting 0
[  630.874454][T14342] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[14342]
[  630.987735][ T5920] usb 5-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=16.fc
[  631.136771][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2324'.
[  631.169183][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.202130][ T5920] usb 5-1: Product: syz
[  631.216796][ T5920] usb 5-1: Manufacturer: syz
[  631.233929][ T5920] usb 5-1: SerialNumber: syz
[  631.507043][T14350] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  631.862336][T14354] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2327'.
[  632.386022][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  632.386037][   T30] audit: type=1326 audit(1754513523.938:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.454651][   T30] audit: type=1326 audit(1754513523.938:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.480024][   T30] audit: type=1326 audit(1754513523.938:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.526566][   T30] audit: type=1326 audit(1754513523.938:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.609523][   T30] audit: type=1326 audit(1754513523.938:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.664031][   T30] audit: type=1326 audit(1754513523.938:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.686699][   T30] audit: type=1326 audit(1754513523.938:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.711372][   T30] audit: type=1326 audit(1754513523.938:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.749707][   T30] audit: type=1326 audit(1754513523.938:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  632.810820][   T30] audit: type=1326 audit(1754513523.938:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14357 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f293998ebe9 code=0x7ffc0000
[  633.135189][ T5920] usb 5-1: USB disconnect, device number 120
[  633.293799][T14367] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2332'.
[  633.536560][T14381] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2338'.
[  633.993936][ T5920] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  634.164055][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  634.176116][ T5920] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  634.209166][ T5920] usb 5-1: config 0 has no interface number 0
[  634.232540][ T5920] usb 5-1: config 0 interface 184 has no altsetting 0
[  634.252121][ T5920] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  634.265774][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.277175][ T5920] usb 5-1: Product: syz
[  634.286740][ T5920] usb 5-1: Manufacturer: syz
[  634.291813][ T5920] usb 5-1: SerialNumber: syz
[  634.340615][ T5920] usb 5-1: config 0 descriptor??
[  634.460631][T14394] netlink: 'syz.5.2340': attribute type 10 has an invalid length.
[  634.469100][T14394] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2340'.
[  634.478830][T14394] team0: entered promiscuous mode
[  634.484229][T14394] team_slave_0: entered promiscuous mode
[  634.491103][T14394] team_slave_1: entered promiscuous mode
[  634.499227][T14394] team0: entered allmulticast mode
[  634.504702][T14394] team_slave_0: entered allmulticast mode
[  634.515071][T14394] team_slave_1: entered allmulticast mode
[  634.528772][T14397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.540376][T14397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.568228][ T5920] smsc75xx v1.0.0
[  634.580425][ T5920] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  634.600811][T14394] bridge0: port 3(team0) entered blocking state
[  634.607768][T14394] bridge0: port 3(team0) entered disabled state
[  634.632203][T14394] bridge0: port 3(team0) entered blocking state
[  634.638808][T14394] bridge0: port 3(team0) entered forwarding state
[  634.723051][ T5920] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  634.776960][T14388] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2337'.
[  635.358759][ T5954] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  636.061196][ T5954] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  636.076187][ T5954] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  636.107134][ T5954] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  636.162761][T14409] loop2: detected capacity change from 0 to 7
[  636.170347][ T5954] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  636.181050][T14409] Dev loop2: unable to read RDB block 7
[  636.187022][T14409]  loop2: unable to read partition table
[  636.195129][T14409] loop2: partition table beyond EOD, truncated
[  636.218064][T14409] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  636.230252][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.262821][ T5954] usb 4-1: Product: syz
[  636.278558][ T5954] usb 4-1: Manufacturer: syz
[  636.288450][ T5954] usb 4-1: SerialNumber: syz
[  636.344092][ T5954] usb 4-1: config 0 descriptor??
[  636.381328][T14399] raw-gadget.5 gadget.3: fail, usb_ep_enable returned -22
[  636.390131][T14399] raw-gadget.5 gadget.3: fail, usb_ep_enable returned -22
[  636.407936][ T5954] usb 4-1: ucan: probing device on interface #0
[  636.803696][T14415] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  637.014361][ T5920] usb 5-1: USB disconnect, device number 121
[  637.141743][T14417] netlink: 'syz.4.2345': attribute type 1 has an invalid length.
[  637.175480][T14417] 8021q: adding VLAN 0 to HW filter on device bond5
[  637.416967][ T5954] ucan 4-1:0.0 can0: registered device
[  637.471511][T14416] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  637.545626][ T5954] ucan 4-1:0.0 can0: firmware string: ¯ðæ¿œÓ,É»~ÜLÀ
[  637.545626][ T5954] +ͨ@VG.ઠ5ùjOÔuç\ʾ[<J‰ìÏ£º‚}<e$
[  637.545626][ T5954] ûï�kçå@Ai% M €ææÈü¤ŸŠNÖÕÈŠ&hcýÀò»mÄh·ñì
[  638.319738][T14439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  638.329148][T14439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.341998][T14439] sctp: [Deprecated]: syz.5.2347 (pid 14439) Use of struct sctp_assoc_value in delayed_ack socket option.
[  638.341998][T14439] Use struct sctp_sack_info instead
[  638.832024][ T5920] usb 4-1: USB disconnect, device number 2
[  639.070127][T14455] usb usb8: usbfs: process 14455 (syz.4.2351) did not claim interface 0 before use
[  639.613974][ T5920] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  639.754915][ T5920] usb 4-1: device descriptor read/64, error -71
[  639.994251][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  640.158207][ T5920] usb 4-1: device descriptor read/64, error -71
[  640.284360][ T5920] usb usb4-port1: attempt power cycle
[  640.727878][ T5920] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  640.773218][ T5920] usb 4-1: device descriptor read/8, error -71
[  641.029234][ T5920] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  641.064588][ T5920] usb 4-1: device descriptor read/8, error -71
[  641.113982][ T5987] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  641.220417][ T5920] usb usb4-port1: unable to enumerate USB device
[  641.294084][ T5987] usb 5-1: Using ep0 maxpacket: 16
[  641.302582][ T5987] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.344280][ T5987] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  641.353411][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.462064][ T5987] usb 5-1: config 0 descriptor??
[  641.652905][T14495] netlink: 'syz.5.2360': attribute type 1 has an invalid length.
[  641.727409][T14495] 8021q: adding VLAN 0 to HW filter on device bond2
[  641.759458][T14497] bond2: (slave vlan0): making interface the new active one
[  641.793873][T14498] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  641.915935][T14497] bond2: (slave vlan0): Enslaving as an active interface with an up link
[  642.215329][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.254062][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.272166][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.291052][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.363255][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.372055][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.403968][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.479470][T14506] usb usb8: usbfs: process 14506 (syz.5.2362) did not claim interface 0 before use
[  642.529603][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.588439][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.623367][ T5987] sony 0003:054C:0268.002C: unknown main item tag 0x0
[  642.736736][ T5987] sony 0003:054C:0268.002C: hiddev0,hidraw0: USB HID v80.09 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0
[  642.903468][ T5987] sony 0003:054C:0268.002C: failed to claim input
[  643.737728][T14525] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2370'.
[  643.984973][T14529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.024718][T14529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.081438][T14529] loop2: detected capacity change from 0 to 7
[  644.100097][T14529] Dev loop2: unable to read RDB block 7
[  644.106745][T14529]  loop2: AHDI p1 p2 p3
[  644.111232][T14529] loop2: partition table partially beyond EOD, truncated
[  644.119793][T14529] loop2: p1 start 1601398130 is beyond EOD, truncated
[  644.182165][T14529] loop2: p2 start 1702059890 is beyond EOD, truncated
[  644.219496][T14529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  644.228834][T14529] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode
[  644.243458][T14529] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode
[  644.350206][ T5954] usb 5-1: USB disconnect, device number 122
[  644.512662][ T5237] Dev loop2: unable to read RDB block 7
[  644.521952][ T5237]  loop2: AHDI p1 p2 p3
[  644.529996][ T5237] loop2: partition table partially beyond EOD, truncated
[  644.539568][ T5237] loop2: p1 start 1601398130 is beyond EOD, truncated
[  644.548106][ T5237] loop2: p2 start 1702059890 is beyond EOD, truncated
[  644.724880][   T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  644.757852][ T5237] Dev loop2: unable to read RDB block 7
[  644.763729][ T5237]  loop2: AHDI p1 p2 p3
[  644.769407][ T5237] loop2: partition table partially beyond EOD, truncated
[  644.778782][ T5237] loop2: p1 start 1601398130 is beyond EOD, truncated
[  644.793629][ T5237] loop2: p2 start 1702059890 is beyond EOD, truncated
[  644.893970][   T43] usb 4-1: Using ep0 maxpacket: 32
[  644.950165][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  644.963363][   T43] usb 4-1: unable to read config index 0 descriptor/start: -71
[  644.976520][T14555] ptrace attach of "./syz-executor exec"[5882] was attempted by "./syz-executor exec"[14555]
[  644.989632][   T43] usb 4-1: can't read configurations, error -71
[  645.334029][   T24] tipc: Node number set to 291678803
[  645.832862][T14562] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2382'.
[  645.966771][T14566] No buffer was provided with the request
[  646.289532][T14570] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2386'.
[  646.304127][T14570] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2386'.
[  646.553445][T14575] ptrace attach of "./syz-executor exec"[5886] was attempted by "./syz-executor exec"[14575]
[  647.418770][T14589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.448576][T14589] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.689323][T14598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2394'.
[  647.782094][T14601] netlink: 'syz.5.2396': attribute type 1 has an invalid length.
[  647.848482][T14601] 8021q: adding VLAN 0 to HW filter on device bond3
[  649.330675][T14623] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2403'.
[  649.415363][T14626] netlink: 'syz.5.2405': attribute type 21 has an invalid length.
[  649.423500][T14626] netlink: 'syz.5.2405': attribute type 1 has an invalid length.
[  649.465185][T14626] netlink: 'syz.5.2405': attribute type 12 has an invalid length.
[  649.473147][T14626] netlink: 'syz.5.2405': attribute type 29 has an invalid length.
[  649.491316][T14626] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2405'.
[  649.503293][T14626] netlink: 'syz.5.2405': attribute type 1 has an invalid length.
[  649.518503][T14626] netlink: 'syz.5.2405': attribute type 2 has an invalid length.
[  649.526706][T14626] netlink: 7 bytes leftover after parsing attributes in process `syz.5.2405'.
[  649.540861][T14632] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2404'.
[  650.490463][T14646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  650.492447][ T5954] hid_parser_main: 150 callbacks suppressed
[  650.492468][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.508489][T14646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  650.520850][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.524590][ T5960] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[  650.545030][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.553218][T14645] netlink: 'syz.4.2409': attribute type 4 has an invalid length.
[  650.605144][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.613566][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.641204][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.650602][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.660929][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.670681][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.679541][ T5954] hid-generic 00A0:0006:0003.002D: unknown main item tag 0x0
[  650.698368][ T5960] usb 3-1: Using ep0 maxpacket: 8
[  650.712679][ T5954] hid-generic 00A0:0006:0003.002D: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  650.727269][T14645] netlink: 'syz.4.2409': attribute type 4 has an invalid length.
[  650.761781][ T5960] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  650.845980][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.900874][ T5960] pvrusb2: Hardware description: Terratec Grabster AV400
[  650.916670][T14649] fido_id[14649]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  650.950846][ T5960] pvrusb2: **********
[  650.964029][ T5960] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  650.984979][ T5960] pvrusb2: Important functionality might not be entirely working.
[  650.993762][ T5960] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  651.017108][ T5960] pvrusb2: **********
[  651.895995][T14673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  652.001864][T14673] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  652.254431][T14672] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  652.264188][T14672] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  652.344063][ T5987] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  652.367904][ T5960] usb 3-1: USB disconnect, device number 120
[  652.374481][ T2345] pvrusb2: Invalid write control endpoint
[  653.102197][ T5987] usb 4-1: no configurations
[  653.106942][ T5987] usb 4-1: can't read configurations, error -22
[  653.264163][ T5987] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  653.357737][ T2345] pvrusb2: Invalid write control endpoint
[  653.379124][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  653.399925][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  653.455032][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  653.465503][ T2345] pvrusb2: Device being rendered inoperable
[  653.474876][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  653.483321][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  653.535907][ T5987] usb 4-1: no configurations
[  653.541110][ T5987] usb 4-1: can't read configurations, error -22
[  653.555517][ T2345] pvrusb2: Attached sub-driver cx25840
[  653.566305][ T5987] usb usb4-port1: attempt power cycle
[  653.574630][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  653.586773][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  653.934024][ T5987] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  653.992522][ T5987] usb 4-1: no configurations
[  654.015269][ T5987] usb 4-1: can't read configurations, error -22
[  654.158131][ T5987] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  654.187572][ T5987] usb 4-1: no configurations
[  654.195378][ T5987] usb 4-1: can't read configurations, error -22
[  654.211135][ T5987] usb usb4-port1: unable to enumerate USB device
[  654.274031][ T5960] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  654.414087][ T5960] usb 3-1: device descriptor read/64, error -71
[  654.654130][ T5960] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  654.674222][T14714] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2430'.
[  654.854034][ T5960] usb 3-1: device descriptor read/64, error -71
[  654.975294][ T5960] usb usb3-port1: attempt power cycle
[  655.880475][T14751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.965444][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  655.965462][   T30] audit: type=1326 audit(1754513547.548:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14752 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  655.975713][T14751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.058564][   T30] audit: type=1326 audit(1754513547.548:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14752 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  656.155370][   T30] audit: type=1326 audit(1754513547.638:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14752 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7ff2c698ebe9 code=0x7ffc0000
[  656.594182][   T43] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  656.871811][   T43] usb 5-1: no configurations
[  656.876682][   T43] usb 5-1: can't read configurations, error -22
[  657.043736][T14778] No buffer was provided with the request
[  657.054652][   T43] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[  657.219497][   T43] usb 5-1: no configurations
[  657.225857][   T43] usb 5-1: can't read configurations, error -22
[  657.233779][   T43] usb usb5-port1: attempt power cycle
[  657.398603][T14784] loop2: detected capacity change from 0 to 7
[  657.415774][ T5918] Dev loop2: unable to read RDB block 7
[  657.421587][ T5918]  loop2: unable to read partition table
[  657.435692][ T5918] loop2: partition table beyond EOD, truncated
[  657.467499][T14784] Dev loop2: unable to read RDB block 7
[  657.473262][T14784]  loop2: unable to read partition table
[  657.486337][T14784] loop2: partition table beyond EOD, truncated
[  657.514566][T14784] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  657.613938][   T43] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[  657.641038][   T43] usb 5-1: no configurations
[  657.655048][   T43] usb 5-1: can't read configurations, error -22
[  657.814184][   T43] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[  657.876205][   T43] usb 5-1: no configurations
[  657.880877][   T43] usb 5-1: can't read configurations, error -22
[  657.896001][   T43] usb usb5-port1: unable to enumerate USB device
[  658.159522][T14799] netlink: 'syz.3.2451': attribute type 1 has an invalid length.
[  658.261229][T14799] 8021q: adding VLAN 0 to HW filter on device bond3
[  658.844992][ T5920] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[  659.043939][ T5920] usb 3-1: Using ep0 maxpacket: 16
[  659.063229][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  659.092179][ T5920] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  659.164612][ T5920] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  659.213476][ T5920] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  659.226679][T14822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.260384][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.268999][T14822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.315706][ T5920] usb 3-1: config 0 descriptor??
[  659.338251][T14822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.352162][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2459'.
[  659.368333][ T5920] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input28
[  659.416225][T14822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.460745][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.512545][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.537247][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.557968][ T6011] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.573501][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.589384][T14809] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.604828][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.622499][ T5920] usb 3-1: USB disconnect, device number 124
[  659.630826][ T5222] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  659.754419][   T43] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[  660.173967][   T43] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  660.183178][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.311922][T14837] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2462'.
[  660.434944][   T43] usb 5-1: config 0 descriptor??
[  660.727766][   T43] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  660.802570][T14851] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2468'.
[  660.964411][T14851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2468'.
[  661.470865][T14859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.480222][T14859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.577707][   T43] [drm:udl_init] *ERROR* Selecting channel failed
[  661.646488][   T43] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[  661.668386][   T43] [drm] Initialized udl on minor 2
[  661.709470][   T43] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  661.722860][T14862] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2470'.
[  661.779312][   T43] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  662.012449][T14865] netlink: 'syz.2.2471': attribute type 3 has an invalid length.
[  662.020613][T14865] netlink: 'syz.2.2471': attribute type 3 has an invalid length.
[  662.090882][   T43] usb 5-1: USB disconnect, device number 127
[  662.099474][ T5940] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  662.146729][ T5940] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  662.237586][T14867] ptrace attach of "./syz-executor exec"[5883] was attempted by "./syz-executor exec"[14867]
[  662.254623][T14865] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2471'.
[  662.601121][T14874] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  662.687223][T14876] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2476'.
[  662.728476][ T5920] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[  662.798871][T14878] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2477'.
[  662.944308][ T5920] usb 3-1: device descriptor read/64, error -71
[  663.203958][ T5920] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  663.365150][ T5920] usb 3-1: device descriptor read/64, error -71
[  663.475184][ T5920] usb usb3-port1: attempt power cycle
[  663.853960][ T5940] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  663.914684][ T5920] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[  663.946684][ T5920] usb 3-1: device descriptor read/8, error -71
[  663.957311][T14900] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2486'.
[  664.004374][ T5940] usb 5-1: Using ep0 maxpacket: 32
[  664.080688][ T5940] usb 5-1: unable to get BOS descriptor or descriptor too short
[  664.095763][ T5940] usb 5-1: unable to read config index 0 descriptor/start: -71
[  664.104735][ T5940] usb 5-1: can't read configurations, error -71
[  664.204107][ T5920] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  664.237623][ T5920] usb 3-1: device descriptor read/8, error -71
[  664.354937][ T5920] usb usb3-port1: unable to enumerate USB device
[  664.683171][T14920] loop2: detected capacity change from 0 to 7
[  664.692768][T14920] Dev loop2: unable to read RDB block 7
[  664.699750][T14920]  loop2: unable to read partition table
[  664.710417][T14920] loop2: partition table beyond EOD, truncated
[  664.718276][T14920] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  664.958716][T14933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.968927][T14933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.334123][ T5940] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  665.561870][ T5940] usb 5-1: config 0 has no interfaces?
[  665.576891][ T5940] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  665.588200][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.599746][ T5940] usb 5-1: Product: syz
[  665.614502][ T5940] usb 5-1: Manufacturer: syz
[  665.619227][ T5940] usb 5-1: SerialNumber: syz
[  665.638736][ T5940] usb 5-1: config 0 descriptor??
[  666.019425][T14951] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2502'.
[  666.043990][ T5987] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  666.262598][    C0] vcan0: j1939_tp_rxtimer: 0xffff88808e65f000: rx timeout, send abort
[  666.513943][ T5987] usb 3-1: Using ep0 maxpacket: 8
[  666.521586][ T5987] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  666.533979][ T5987] usb 3-1: config 0 interface 0 has no altsetting 0
[  666.549092][ T5987] usb 3-1: New USB device found, idVendor=056a, idProduct=00d6, bcdDevice= 0.00
[  666.582786][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.607655][ T5987] usb 3-1: config 0 descriptor??
[  666.964073][T14953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.002523][T14953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.209427][T14956] netlink: 280 bytes leftover after parsing attributes in process `syz.0.2505'.
[  667.219276][T14957] netlink: 'syz.3.2504': attribute type 1 has an invalid length.
[  667.249847][ T5987] usb 3-1: USB disconnect, device number 3
[  667.370674][T14957] 8021q: adding VLAN 0 to HW filter on device bond4
[  667.505137][   T31] INFO: task kworker/1:3:5871 blocked for more than 143 seconds.
[  667.518688][   T31]       Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0
[  667.533796][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  667.545666][   T31] task:kworker/1:3     state:D stack:21784 pid:5871  tgid:5871  ppid:2      task_flags:0x4208060 flags:0x00004000
[  667.558473][   T31] Workqueue: usb_hub_wq hub_event
[  667.568095][   T31] Call Trace:
[  667.571659][   T31]  <TASK>
[  667.574975][   T31]  __schedule+0x1798/0x4cc0
[  667.579649][   T31]  ? __lock_acquire+0xab9/0xd20
[  667.589127][   T31]  ? __pfx___schedule+0x10/0x10
[  667.596152][   T31]  ? schedule+0x91/0x360
[  667.600658][   T31]  schedule+0x165/0x360
[  667.607828][   T31]  schedule_timeout+0x9a/0x270
[  667.612877][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  667.618700][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  667.626330][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  667.631830][   T31]  ? wait_for_completion+0x267/0x5d0
[  667.637824][   T31]  wait_for_completion+0x2bf/0x5d0
[  667.643162][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  667.651430][   T31]  i2c_del_adapter+0x581/0x6e0
[  667.656738][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  667.662268][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  667.670264][   T31]  ? dvb_usbv2_exit+0x85a/0x9e0
[  667.677184][   T31]  dvb_usbv2_probe+0x4ae/0x41a0
[  667.682294][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  667.688194][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[  667.695380][   T31]  usb_probe_interface+0x668/0xc30
[  667.700780][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  667.707752][   T31]  really_probe+0x26a/0x9e0
[  667.712527][   T31]  __driver_probe_device+0x18c/0x2f0
[  667.718865][   T31]  driver_probe_device+0x4f/0x430
[  667.724302][   T31]  __device_attach_driver+0x2ce/0x530
[  667.734599][   T31]  bus_for_each_drv+0x251/0x2e0
[  667.739585][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  667.746865][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  667.752535][   T31]  __device_attach+0x2b8/0x400
[  667.758007][   T31]  ? __pfx___device_attach+0x10/0x10
[  667.763405][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  667.777390][   T31]  bus_probe_device+0x185/0x260
[  667.788451][   T31]  device_add+0x7b6/0xb50
[  667.798460][   T31]  usb_set_configuration+0x1a87/0x20e0
[  667.811018][   T31]  usb_generic_driver_probe+0x8d/0x150
[  667.823217][   T31]  usb_probe_device+0x1c1/0x390
[  667.833730][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  667.845921][   T31]  really_probe+0x26a/0x9e0
[  667.851932][   T31]  __driver_probe_device+0x18c/0x2f0
[  667.857589][   T31]  driver_probe_device+0x4f/0x430
[  667.862800][   T31]  __device_attach_driver+0x2ce/0x530
[  667.868540][   T31]  bus_for_each_drv+0x251/0x2e0
[  667.874012][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  667.880116][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  667.885791][   T31]  __device_attach+0x2b8/0x400
[  667.890700][   T31]  ? __pfx___device_attach+0x10/0x10
[  667.897355][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  667.902661][   T31]  bus_probe_device+0x185/0x260
[  667.934273][ T5987] usb 5-1: USB disconnect, device number 4
[  667.973071][   T31]  device_add+0x7b6/0xb50
[  667.978142][   T31]  usb_new_device+0xa39/0x16f0
[  667.983200][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  667.991145][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  667.996858][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.002112][   T31]  hub_event+0x2958/0x4a20
[  668.007464][   T31]  ? __pfx_hub_event+0x10/0x10
[  668.012385][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  668.018480][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  668.023736][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  668.029785][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  668.037741][   T31]  process_scheduled_works+0xade/0x17b0
[  668.043598][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  668.049844][   T31]  worker_thread+0x8a0/0xda0
[  668.054676][   T31]  kthread+0x70e/0x8a0
[  668.058769][   T31]  ? __pfx_worker_thread+0x10/0x10
[  668.063975][   T31]  ? __pfx_kthread+0x10/0x10
[  668.068587][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  668.074075][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.079303][   T31]  ? __pfx_kthread+0x10/0x10
[  668.083999][   T31]  ret_from_fork+0x3fc/0x770
[  668.088666][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  668.093928][   T31]  ? __switch_to_asm+0x39/0x70
[  668.098754][   T31]  ? __switch_to_asm+0x33/0x70
[  668.103542][   T31]  ? __pfx_kthread+0x10/0x10
[  668.108241][   T31]  ret_from_fork_asm+0x1a/0x30
[  668.113039][   T31]  </TASK>
[  668.116275][   T31] 
[  668.116275][   T31] Showing all locks held in the system:
[  668.126735][   T31] 1 lock held by khungtaskd/31:
[  668.131876][   T31]  #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  668.141989][   T31] 2 locks held by getty/5624:
[  668.153557][   T31]  #0: ffff888033fbb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  668.163594][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  668.173892][   T31] 5 locks held by kworker/1:3/5871:
[  668.179126][   T31]  #0: ffff88801dea2948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  668.190701][   T31]  #1: ffffc90004067bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  668.202943][   T31]  #2: ffff8880284fe198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  668.211907][   T31]  #3: ffff88805597c198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  668.221424][   T31]  #4: ffff888031669160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  668.230976][   T31] 
[  668.233365][   T31] =============================================
[  668.233365][   T31] 
[  668.242028][   T31] NMI backtrace for cpu 1
[  668.242049][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  668.242070][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  668.242081][   T31] Call Trace:
[  668.242088][   T31]  <TASK>
[  668.242097][   T31]  dump_stack_lvl+0x189/0x250
[  668.242126][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  668.242145][   T31]  ? __pfx__printk+0x10/0x10
[  668.242176][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  668.242196][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  668.242225][   T31]  ? __pfx__printk+0x10/0x10
[  668.242253][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  668.242281][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  668.242310][   T31]  watchdog+0xf93/0xfe0
[  668.242337][   T31]  ? watchdog+0x1de/0xfe0
[  668.242365][   T31]  kthread+0x70e/0x8a0
[  668.242389][   T31]  ? __pfx_watchdog+0x10/0x10
[  668.242412][   T31]  ? __pfx_kthread+0x10/0x10
[  668.242433][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  668.242451][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.242469][   T31]  ? __pfx_kthread+0x10/0x10
[  668.242488][   T31]  ret_from_fork+0x3fc/0x770
[  668.242508][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  668.242533][   T31]  ? __switch_to_asm+0x39/0x70
[  668.242554][   T31]  ? __switch_to_asm+0x33/0x70
[  668.242575][   T31]  ? __pfx_kthread+0x10/0x10
[  668.242598][   T31]  ret_from_fork_asm+0x1a/0x30
[  668.242634][   T31]  </TASK>
[  668.242641][   T31] Sending NMI from CPU 1 to CPUs 0:
[  668.391111][    C0] NMI backtrace for cpu 0
[  668.391128][    C0] CPU: 0 UID: 0 PID: 3590 Comm: kworker/u8:12 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  668.391147][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  668.391158][    C0] Workqueue: events_unbound toggle_allocation_gate
[  668.391188][    C0] RIP: 0010:lock_is_held_type+0x10b/0x190
[  668.391210][    C0] Code: 0f 95 c0 31 db 39 c5 0f 94 c3 eb 05 bb 01 00 00 00 48 c7 c7 26 33 ba 8d e8 92 16 00 00 b8 ff ff ff ff 65 0f c1 05 35 64 27 07 <83> f8 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02
[  668.391224][    C0] RSP: 0018:ffffc9000c6ff7d8 EFLAGS: 00000057
[  668.391238][    C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: eb27536b996f5600
[  668.391249][    C0] RDX: ffff8880314b9e00 RSI: ffffffff8dba3326 RDI: ffffffff8be32600
[  668.391261][    C0] RBP: 00000000ffffffff R08: ffff88801a47b063 R09: 1ffff1100348f60c
[  668.391273][    C0] R10: dffffc0000000000 R11: ffffed100348f60d R12: 0000000000000246
[  668.391285][    C0] R13: ffff8880314b9e00 R14: ffffffff8dfe63a8 R15: 0000000000000004
[  668.391297][    C0] FS:  0000000000000000(0000) GS:ffff888125c24000(0000) knlGS:0000000000000000
[  668.391310][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  668.391322][    C0] CR2: 00005555594735c8 CR3: 000000000df36000 CR4: 00000000003526f0
[  668.391336][    C0] Call Trace:
[  668.391343][    C0]  <TASK>
[  668.391354][    C0]  smp_text_poke_batch_finish+0xcd2/0x1130
[  668.391380][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  668.391403][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[  668.391429][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  668.391451][    C0]  static_key_disable_cpuslocked+0xc5/0x1b0
[  668.391474][    C0]  static_key_disable+0x1a/0x20
[  668.391494][    C0]  toggle_allocation_gate+0x1a1/0x240
[  668.391514][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  668.391535][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  668.391554][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  668.391569][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  668.391584][    C0]  process_scheduled_works+0xade/0x17b0
[  668.391612][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  668.391641][    C0]  worker_thread+0x8a0/0xda0
[  668.391671][    C0]  kthread+0x70e/0x8a0
[  668.391690][    C0]  ? __pfx_worker_thread+0x10/0x10
[  668.391705][    C0]  ? __pfx_kthread+0x10/0x10
[  668.391723][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  668.391744][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.391760][    C0]  ? __pfx_kthread+0x10/0x10
[  668.391778][    C0]  ret_from_fork+0x3fc/0x770
[  668.391803][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  668.391822][    C0]  ? __switch_to_asm+0x39/0x70
[  668.391840][    C0]  ? __switch_to_asm+0x33/0x70
[  668.391857][    C0]  ? __pfx_kthread+0x10/0x10
[  668.391876][    C0]  ret_from_fork_asm+0x1a/0x30
[  668.391901][    C0]  </TASK>
[  668.392169][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  668.673500][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[  668.685149][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  668.695292][   T31] Call Trace:
[  668.698656][   T31]  <TASK>
[  668.701570][   T31]  dump_stack_lvl+0x99/0x250
[  668.706148][   T31]  ? __asan_memcpy+0x40/0x70
[  668.710752][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  668.715932][   T31]  ? __pfx__printk+0x10/0x10
[  668.720521][   T31]  vpanic+0x281/0x750
[  668.724646][   T31]  ? __pfx_vpanic+0x10/0x10
[  668.729223][   T31]  ? preempt_schedule+0xae/0xc0
[  668.734066][   T31]  ? preempt_schedule_common+0x83/0xd0
[  668.739618][   T31]  panic+0xb9/0xc0
[  668.743330][   T31]  ? __pfx_panic+0x10/0x10
[  668.747817][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  668.753197][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  668.759337][   T31]  watchdog+0xfd2/0xfe0
[  668.763577][   T31]  ? watchdog+0x1de/0xfe0
[  668.767889][   T31]  kthread+0x70e/0x8a0
[  668.772046][   T31]  ? __pfx_watchdog+0x10/0x10
[  668.776722][   T31]  ? __pfx_kthread+0x10/0x10
[  668.781323][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  668.786559][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.791758][   T31]  ? __pfx_kthread+0x10/0x10
[  668.796361][   T31]  ret_from_fork+0x3fc/0x770
[  668.800959][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  668.806073][   T31]  ? __switch_to_asm+0x39/0x70
[  668.810828][   T31]  ? __switch_to_asm+0x33/0x70
[  668.815572][   T31]  ? __pfx_kthread+0x10/0x10
[  668.820143][   T31]  ret_from_fork_asm+0x1a/0x30
[  668.824915][   T31]  </TASK>
[  668.828226][   T31] Kernel Offset: disabled
[  668.832538][   T31] Rebooting in 86400 seconds..