last executing test programs:

5m29.338459687s ago: executing program 2 (id=148):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000005600230f000000000000000007"], 0x18}}, 0x0)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x10020, 0x0, 0x0)

5m29.14620637s ago: executing program 2 (id=152):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1a0a, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r1 = fcntl$dupfd(r0, 0x406, r0)
write$vhost_msg_v2(r1, &(0x7f0000002380)={0x2, 0x0, {&(0x7f0000002280)=""/74, 0x4a, 0x0, 0x3, 0x3}}, 0x48)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000400)=0x10, 0x4)
shutdown(r0, 0x1)

5m28.898262995s ago: executing program 2 (id=156):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
r1 = io_uring_setup(0x669, &(0x7f0000007940))
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd)
epoll_create1(0x80000)
read(r0, 0x0, 0x0)

5m28.566114084s ago: executing program 2 (id=160):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x84000, 0x0)

5m27.61800549s ago: executing program 2 (id=172):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = io_uring_setup(0x5594, &(0x7f0000000100)={0x0, 0x10000000, 0x1, 0x0, 0x1d2})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

5m27.142120208s ago: executing program 2 (id=179):
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)
syz_clone(0x3400, 0x0, 0x0, 0x0, 0x0, 0x0)

5m26.633233809s ago: executing program 32 (id=179):
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)
syz_clone(0x3400, 0x0, 0x0, 0x0, 0x0, 0x0)

5m12.839021997s ago: executing program 5 (id=182):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x84000, 0x0)

5m11.786161789s ago: executing program 5 (id=349):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r0=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r0, 0x8000000000000003, {}, 0x2}, 0x18)
r1 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000080))
sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)

5m11.514114005s ago: executing program 5 (id=352):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0x5, 0x3, 0x2, {0x2, @sliced={0xfffa, [0x2, 0x4, 0x8000, 0xa, 0x5, 0xa, 0x1, 0x1, 0x9, 0xe, 0xffff, 0x6, 0x7, 0x6, 0x6, 0x0, 0x5, 0x0, 0x6, 0x8000, 0x0, 0xfffc, 0xe6, 0xd, 0x9, 0xfff2, 0xf6d, 0x1, 0x31, 0x0, 0x1, 0x735e, 0x1, 0x8, 0x31, 0x68, 0x6, 0x4, 0x9, 0x9, 0x0, 0x81, 0x1ff, 0x4191, 0x6, 0x101, 0x8, 0x44], 0x6}}, 0x8})

5m10.945917472s ago: executing program 33 (id=352):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0x5, 0x3, 0x2, {0x2, @sliced={0xfffa, [0x2, 0x4, 0x8000, 0xa, 0x5, 0xa, 0x1, 0x1, 0x9, 0xe, 0xffff, 0x6, 0x7, 0x6, 0x6, 0x0, 0x5, 0x0, 0x6, 0x8000, 0x0, 0xfffc, 0xe6, 0xd, 0x9, 0xfff2, 0xf6d, 0x1, 0x31, 0x0, 0x1, 0x735e, 0x1, 0x8, 0x31, 0x68, 0x6, 0x4, 0x9, 0x9, 0x0, 0x81, 0x1ff, 0x4191, 0x6, 0x101, 0x8, 0x44], 0x6}}, 0x8})

4m24.197723974s ago: executing program 1 (id=778):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x400, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x3, ':'}]}}}}}}}}, 0x0)

4m23.431747174s ago: executing program 1 (id=781):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0xfc}}, 0x0)
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd120028000000140000086034973e02e706"], 0xfdef)

4m22.321276712s ago: executing program 1 (id=785):
r0 = socket(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg$unix(r0, &(0x7f0000008f40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000004740)=""/199, 0xc7}, {&(0x7f0000004840)=""/220, 0xdc}, {&(0x7f0000004940)=""/255, 0xff}, {&(0x7f0000004a40)=""/159, 0x9f}, {&(0x7f0000004b00)=""/213, 0xd5}, {&(0x7f0000004c00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/215, 0xd7}], 0x7}}], 0x1, 0x0, 0x0)
write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80c296f8528f912210", 0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001400)=@delchain={0x34, 0x65, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xd, 0x4}, {0xe, 0x3}, {0x8, 0xfff1}}, [@TCA_CHAIN={0x8, 0xb, 0x400}, @TCA_RATE={0x6, 0x5, {0x1}}]}, 0x34}}, 0x2004c890)

4m22.029743497s ago: executing program 1 (id=787):
unshare(0x2c020400)
unshare(0x28060400)

4m21.665960498s ago: executing program 1 (id=789):
ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x89ee, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4891a, 0xa}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x10}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x6000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdc03, {0x0, 0x0, 0x0, r2, 0x8248, 0x2416}}, 0x20}}, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

4m19.718924364s ago: executing program 1 (id=800):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000080)})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x3}, 0x5})
r0 = syz_open_dev$swradio(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x2, 0x2, {0xb, @win={{0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)

4m4.386104583s ago: executing program 34 (id=800):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000080)})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x3}, 0x5})
r0 = syz_open_dev$swradio(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x2, 0x2, {0xb, @win={{0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)

3m28.325672057s ago: executing program 7 (id=1082):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0xffffffff, "421ae3753785251500e9e29b00"})
socket$kcm(0x11, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$xdp(0x2c, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x400000000000004)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
pipe(&(0x7f0000000d00))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000000c0), 0x106, 0xa}}, 0x20)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000100)="10000000246802003199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0xff}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e", 0xfc1}], 0x3)

3m27.783380255s ago: executing program 7 (id=1085):
r0 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_buf(r0, 0x0, 0x8008000000013, &(0x7f00000003c0)="17", 0x1)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)

3m26.297211878s ago: executing program 7 (id=1094):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001e00), 0xffffffffffffffff)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e40)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40040c0)

3m26.002736166s ago: executing program 7 (id=1097):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r1, 0x5, 0xfffffffc, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x24}}, 0x0)

3m25.650095472s ago: executing program 7 (id=1100):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="080026009015000008005700"], 0x2c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r4, 0x111, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}]}, 0x28}, 0x1, 0x0, 0x0, 0x20010}, 0x24008044)

3m25.304133842s ago: executing program 7 (id=1103):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000080)})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x3}, 0x5})
r0 = syz_open_dev$swradio(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x2, 0x2, {0xb, @win={{0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r1, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)

3m9.930459752s ago: executing program 35 (id=1103):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000080)})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x3}, 0x5})
r0 = syz_open_dev$swradio(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x2, 0x2, {0xb, @win={{0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r1, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000000306010800000000000000000600000705000100070000000500010007000000050001000700000005000100070000000900020073797a3000000000050001000700000005000100070000000900020073797a30000000000900020073797a30000000000900020073797a31"], 0x74}, 0x1, 0x0, 0x0, 0x80c1}, 0x50)

13.162835492s ago: executing program 8 (id=1986):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000202073250000000000202020db1af8ff00000000bfa1fb0fffff"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
add_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000001c0)="bd00ee9a611331544810ef14d674686ad25ab936676ef8693b5f11425ecee7ffc5e7e867180c1aa87d665d2a57ab7204ee95685d98687d3b56086fb99f2d1776e117e37984c89a434de5131217b350c3912324ecdc119a3c6f384dbaaccc6a77400668f9909c1714b853d8f968efeb2ff98e8031fef243e54ec202d69d8e3f69d88ebca0704b0ed13de20bdb0363708e1a01f71b54370bd50a4583a3b3d167138b5f4f60e04b9601b97f7dcbcfb435de3010501b25dfd4b795170b03bc244f549c8b4896b9ece5076c1112f33afebae3a5f7c2dc4d9e5e0205083a6c46cc2ca81651b756d203d9aa77162e612ddccc8fc517ddc22759379d", 0xf8, 0xfffffffffffffffb)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x4}]})
signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r0=>0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x6c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80042, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd16c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x7fff]}})
ioctl$BLKRASET(r3, 0x1262, &(0x7f0000000040)=0x1)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f0000000100)={0x0, 0x5, 0x1, 'queue0\x00', 0x1})
setsockopt$IP_VS_SO_SET_EDITDEST(r4, 0x0, 0x489, &(0x7f00000002c0)={{0x32, @loopback, 0x4e24, 0x0, 'rr\x00', 0x2, 0x5, 0x40}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 0x57b9, 0x7, 0x6}}, 0x44)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000340)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000000c0)="01", 0x24}])

8.554033524s ago: executing program 6 (id=1996):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0xbf7f)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
r3 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb8, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x5, 0x6, 0x2, 0x0, 0x8, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x2c, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x7}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x7}]}]}]}}]}, 0xb8}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x2c, r1, 0x5, 0x0, 0xb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_PBSS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x0)

8.305946062s ago: executing program 8 (id=1997):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_PORT_DST_MAX={0x6, 0x5a, 0x4e22}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4811}, 0x2008c014)

5.433329707s ago: executing program 0 (id=1998):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000001e80)=[{0x0}, {&(0x7f0000000440)=""/14, 0xe}], 0x2}}], 0x1, 0x600100a2, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000540), 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "000000000000001e"}, 0x10}}, 0x4040)

5.275225569s ago: executing program 6 (id=2001):
r0 = socket(0x0, 0x80000, 0x9)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x401, 0x3, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x190, 0xf1f80502f07a58b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40010}, 0x240080c1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000180001002bbd700000000000020000040000fd0900110000060015000200000014001680100008800c000380"], 0x38}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000013, &(0x7f00000003c0)="17", 0x1)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={<r4=>0x0})
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
write$vga_arbiter(r5, &(0x7f0000000280)=ANY=[@ANYBLOB='decodes me'], 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r4, 0x2, r0, 0xfffffffb, 0x80000})
r6 = socket(0x1e, 0x2, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r6)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)

5.160110757s ago: executing program 8 (id=2002):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='l%\x86\xce6\xdb\f\xcf\x19|\xc9O\x7f\xce\x8f\x7f\x1c\xeay\x06\x00\x00\x00\a0\r\x13\xaa\x84r\xd7^\xe82\x0f\x1a\xf1\x02\x00\x1e&{\xee2\x95I\xca\xbevl\x12\xb6 \xd4')
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad44b6c5820fae9d6dcd3292ea54c7beef91", 0x12)
r3 = accept4(r2, 0x0, 0x0, 0x800)
recvmmsg(r3, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0x9c}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/178, 0xb2}, {&(0x7f0000000580)=""/130, 0x82}, {&(0x7f0000000440)=""/81, 0x51}], 0x3}, 0x101}], 0x2, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff8}]})
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
r5 = fanotify_init(0x200, 0x101000)
r6 = dup(r5)
ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x1, 0xffffff79, 0x5})
syz_usb_connect$uac1(0x0, 0xda, &(0x7f0000000c00)=ANY=[@ANYBLOB="1201b0c63e0739086b1d01014000010203010902c80003"], &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0})
fanotify_init(0x200, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000050)
dup(0xffffffffffffffff)
syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x33f8, 0x10100}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})

4.257744274s ago: executing program 0 (id=2004):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500070000000c00168008"], 0x38}}, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="04010000100001000000000000fbfffffe020000000000000000000000000001fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="ac1414aa000000000000000000000000000000002b000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000090000000000000000000000000000000000000000000000a40000000000000000000000000000000000000000000000000000000000000000000000020004026000000014000e00fc020000000000000000000000000002"], 0x104}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f00000000c0)={0x1, 0x40, 0x6, &(0x7f0000000080)={0x1f, "b30a69283a9587dfa6434e07f695f3984820a74426495306bbced9189f724c0546"}})
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000200)={&(0x7f00000001c0)=[{0x63, 0x200, 0x0, 0x0}], 0x1})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x9, 0x0, 0x5, 0xbc], 0xeeee8000, 0x8340})
pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r6, 0x7a6, &(0x7f0000000400)={0x4, 0x4, 0x0, 0x1, 0xf696, 0x80})
r7 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file0\x00', 0x82, 0x48000, 0x12345})
io_uring_enter(r7, 0x48e9, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff9}]})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000280)=@x86={0x0, 0x2, 0xa, 0x0, 0xfb8, 0x70, 0xd, 0x3, 0x9, 0x8, 0x3, 0x4, 0x0, 0x984, 0xe, 0x2, 0x7, 0x6, 0x9, '\x00', 0x2, 0xa61f})
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000300)={0x81, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.257494902s ago: executing program 6 (id=2005):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x9, 0x0, 0x5, 0x2], 0xeeee8000, 0x8340})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000280)=@arm64={0x1, 0x7, 0x59, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x10d)

3.613355318s ago: executing program 4 (id=2006):
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @remote}, 0x4}, 0x1c)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x1e, 0x3}, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000000)={@in={{0x2, 0x4e20, @private=0xa010100}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e63, 0x1ff, @loopback={0x1000000}, 0x23}, 0x1c)

3.576903217s ago: executing program 6 (id=2007):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
sendfile64(r0, r0, &(0x7f0000000240)=0x5780, 0x81)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='coredump_filter\x00')
preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000300)=""/13, 0xd}, {0x0}], 0x2, 0x5, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
openat$yama_ptrace_scope(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000001"])
ioctl$KVM_GET_MSRS_cpu(r6, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x48e, 0x0, 0x100000001}]})

3.033882004s ago: executing program 6 (id=2008):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000580), &(0x7f00000005c0), 0x2, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r1}, &(0x7f0000000400)=<r2=>0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
wait4(r1, 0x0, 0x80000000, 0x0)
ptrace$peeksig(0x4209, r3, &(0x7f0000000000)={0x82c, 0x0, 0xffffffffffffffa6}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r4, &(0x7f0000006cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f00000028c0)=""/191, 0xfc29}], 0x1}}], 0x3, 0x400122a0, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socket$kcm(0x29, 0x0, 0x0)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000bd02c440560831ac1e93010203010902120081000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000380)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="400b15"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
process_madvise(r7, &(0x7f0000000200)=[{&(0x7f0000000000)='x', 0x1}, {&(0x7f0000000280)='!', 0x1}], 0x2, 0x12, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/86, 0x56}, {&(0x7f0000000140)=""/73, 0x49}, {&(0x7f00000002c0)=""/222, 0xde}], 0x3, &(0x7f00000001c0)=""/180, 0xb4}, 0x40000342)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
waitid(0x0, r3, &(0x7f0000000440), 0x1, &(0x7f00000004c0))
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000040)="42d7", 0xfffff, 0xfffffffffffffffe)

2.608359567s ago: executing program 4 (id=2009):
io_setup(0x222, &(0x7f0000000180)=<r0=>0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0)
io_submit(r0, 0x2, &(0x7f0000000080)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6417, r1, &(0x7f00000002c0)="ab", 0x1, 0x6ed}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x89, r1, 0x0, 0x0, 0x1, 0x2000}])

2.399351901s ago: executing program 4 (id=2010):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x12)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x2000000, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r2, 0x0, 0x0, 0x20044000)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e1c, @empty}, 0x10)

1.785978s ago: executing program 4 (id=2011):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x8f, 0x0, 0x3}]})
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x1800000, 0x3})
symlink(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x0, 0x0, 0x2000400, 0x6})

1.76820564s ago: executing program 0 (id=2012):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_PORT_DST_MAX={0x6, 0x5a, 0x4e22}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4811}, 0x2008c014)

1.293345276s ago: executing program 8 (id=2015):
r0 = socket$unix(0x1, 0x1, 0x0)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000), &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000080)={0x14, 0x0, 0x6})
r2 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r4, 0x2, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xc, 0x25}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4004051)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0x10, &(0x7f0000000380)={&(0x7f0000000300)=@canfd={{0x3, 0x0, 0x1, 0x1}, 0x16, 0x2, 0x0, 0x0, "c85c2ef727ad6d767b2d8688b6423960d3bf6709c38e00b203524d195d17c78aa081c8eec959ddedba49f6ca854212eafc285eb030dd334f445d9c93f01fca58"}, 0x48}, 0x1, 0x0, 0x0, 0x4800}, 0x800)
r6 = creat(&(0x7f0000000400)='./file0\x00', 0xb1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000440)={0x10004, 0x2, 0xffff1000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$NS_GET_OWNER_UID(r6, 0xb704, &(0x7f0000000500)=<r7=>0x0)
getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0, <r9=>0x0}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f0000000640)=0xe4)
lstat(&(0x7f0000000680)='./file1\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
fstat(r0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
stat(&(0x7f00000007c0)='./file0/file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000880)={0x0, 0x0, <r13=>0x0}, &(0x7f00000008c0)=0xc)
r14 = getegid()
r15 = getegid()
lstat(&(0x7f0000000900)='./file0/../file0\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0})
getresgid(&(0x7f00000009c0), &(0x7f0000000a00), &(0x7f0000000a40)=<r17=>0x0)
r18 = getegid()
lsetxattr$system_posix_acl(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {0x1, 0x2}, [{0x2, 0xd, r7}, {0x2, 0x2, r9}, {0x2, 0x1, r10}, {0x2, 0x0, r11}, {0x2, 0x2, r12}], {0x4, 0x2}, [{0x8, 0x4, r13}, {0x8, 0x2, r14}, {0x8, 0x1}, {0x8, 0xb, r15}, {0x8, 0x5, r16}, {0x8, 0x0, r17}, {0x8, 0x1, r18}, {0x8, 0x7, 0xffffffffffffffff}], {0x10, 0x4}}, 0x8c, 0x2)
r19 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000b40), 0x4000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=@bloom_filter={0x1e, 0xff, 0x9, 0x10, 0x2000, r19, 0x1000, '\x00', 0x0, r6, 0x3, 0x5, 0x5, 0x9}, 0x50)
quotactl$Q_GETNEXTQUOTA(0x0, &(0x7f0000000c00)=@filename='./file1\x00', r7, &(0x7f0000000c40))
r20 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(r20, &(0x7f0000001140)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001100)={&(0x7f0000000d40)={0x39c, 0x0, 0x420, 0x70bd2b, 0x25dfdbfc, {}, [{{0x8, 0x1, r8}, {0x1e0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5dcd800}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7f}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x399}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r8}, {0x198, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9bf}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}]}, 0x39c}, 0x1, 0x0, 0x0, 0x40010}, 0x41)

1.248409118s ago: executing program 0 (id=2016):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000480)={0x0, {0x2, 0x4e20, @loopback}, {0x2, 0x4e20, @private=0xa010102}, {0x2, 0x4e24, @remote}, 0x308, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000040)='tunl0\x00', 0x57, 0xfffffffffffffffe, 0x8})
r1 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0xb05, 0x18c6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xc, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x7, 0x6, 0x8}}]}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_connect(0x2, 0x86b, &(0x7f0000000f80)=ANY=[@ANYRESOCT=r1], &(0x7f0000000140)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0x40, 0x6, 0x1, 0xdf, 0x81}, 0x19, &(0x7f0000000300)=ANY=[@ANYBLOB="050f19000114100404f119914d716f253209eb52fe16c0e15b1f31d89e22339aa014cade7297fd22545ee85cb3d6378da3378e7299e669321b785cca59a04b6125447cd1c4cf33a68f4b9bc15225345921ba84cfc4e9ae4d0aeae00ed89c3c326da7a15f8201acd11fe3495408570a49185a6e319e095010f5c950c18d9b4e3c8cda908c043e2c76b6b7275b915ce767b82ef0fa87691ab414163a4a98e5911f26ec8dfe83df2338a714cc4754cceb8f6dc7c873caee2893bf62821ea20f83d7097383ed02b922da0608b09d299ea6b1e2f0ec1d8fba24602343106bee60399c63c55d3badbb2f20cceb29a8a5a7d06513f5858a04d2f6cc47c5f52c85a2675bb237b4c47b1fc087da11f137dbbbe409d2a8e98a2f46c029d7c19d5f41db2b4f31d808eb7bc16d3005b80c146a45b230cc48fee763c35a9fad7353d20903984155f09dfb29acdee5fb74c833ca1fc21efdf5c340c7aa5d15a15383b7dc071d0805713e13"], 0x3, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x458}}, {0xcd, &(0x7f0000000200)=@string={0xcd, 0x3, "8df1d30da4f6669d096365d9f07e10b889b2905e0cc529c8e46b1db41b80627cd745ff05dab1dcf01021dc64f1bac43305050c966395b248af61825dc33e0d90741b4e67c9ec4731f7f5e4b33e3a3f039b2721986f6911770f50a8f3d48e1c0522b88b5df61f0af6596c39152d7f23061d5dccec133fcac25966b288b8b191238c8e37acd381cf432e2cdc7a1f8fc8ea36a361817da1d05f48feb1cfa21d09220e3d872ed6014433659bc5a50139d786a98cd9ba4464063614d0f30ae332ef0d20e234abe2eecf05be8603"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0xc1a}}]})
syz_usb_control_io$hid(r1, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002208000000aa8cc8a9"], 0x0}, 0x0)

1.030000922s ago: executing program 4 (id=2017):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000001000010025bd7000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="1008040003000000080004000001000008002b80040001"], 0x30}, 0x1, 0x1f, 0x0, 0x11}, 0x4000000)

1.029617918s ago: executing program 8 (id=2018):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x3fe, 0x3, 0x4}, 0x51, [0x68d9, 0x5, 0x9, 0x8a4, 0x2, 0x3, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x105, 0x3c6, 0xa, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x0, 0x1, 0x4, 0xffff, 0xe, 0xb, 0x90, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe7c, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0xa, 0x2, 0x5, 0x9, 0x5, 0x9, 0x0, 0x3a26, 0x1000, 0x57f5, 0x2, 0x6, 0x7ff, 0xb8547353], [0x80000000, 0xffffffff, 0x4, 0x0, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x4, 0x99d, 0x8, 0x0, 0xd, 0x5, 0x0, 0x6e38, 0x8000, 0xa, 0x2, 0x3, 0x0, 0x2, 0x7, 0x4, 0xd, 0x80000009, 0xfff, 0x4, 0x0, 0x40, 0x1, 0x6, 0x6, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a17, 0x0, 0x9, 0x7, 0x9, 0xffffffff, 0x1, 0x9, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x0, 0x0, 0x1, 0xfffffffe, 0x7, 0x0, 0x9, 0x8c0, 0x9, 0x8000002, 0x9, 0x7, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0x10], [0x0, 0x896, 0x8, 0x246d, 0x6, 0xfe, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x800009, 0x80000001, 0x9, 0x8000000b, 0x2, 0x7, 0x1, 0x80000000, 0x2, 0x7ff, 0x3ff, 0x0, 0x2, 0x9, 0x100, 0x2, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x1000, 0x1000, 0xfffffffe, 0x15, 0x8002, 0x7, 0x81, 0x5, 0x7, 0xfffffffc, 0x7, 0x6, 0xeff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
syncfs(r0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})

988.56697ms ago: executing program 6 (id=2019):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x803, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x54, 0x2, [@TCA_BASIC_ACT={0x50, 0x3, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0xffff, 0x3f, 0x2, 0x6}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x78, 0xfa}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x4)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00f8585100001000010700000000000000000a0010000600010035"], 0x1c}}, 0x20000080)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

859.780223ms ago: executing program 4 (id=2020):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x4, &(0x7f0000000140)={[{}]})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x3}, 0xfe}, 0x18)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000540)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r3)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000000)={0x0, 0xa7, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r6, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @private=0x7fffffff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000)
r7 = syz_open_dev$video(&(0x7f0000000b40), 0x7, 0x28000)
preadv(r7, &(0x7f0000001200)=[{&(0x7f0000000c00)=""/113, 0x71}], 0x1, 0x4, 0xb)
ioctl$VIDIOC_LOG_STATUS(r7, 0x5646, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x30, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x6b}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x4000, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)

745.666ms ago: executing program 8 (id=2021):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$pppoe(0x18, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
socket(0x10, 0x5, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r1, &(0x7f0000001900)={0x0, 0xffffffea, 0x0}, 0x20040005)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)
socket(0x80000000000000a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
socket(0x200000000000011, 0x2, 0xd)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0xffffffffffffff66, &(0x7f0000009a40)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES32=r3, @ANYRESOCT=r0], 0xc4}}, 0x81)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)

391.876015ms ago: executing program 3 (id=2022):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES16=r0], 0x5c}, 0x1, 0x0, 0xfcffff, 0x4000800}, 0x140cc014)

319.234403ms ago: executing program 3 (id=2023):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000088a800008100000086dd605f106000442f00fc000000000200000000000000000000ff020000000000000000000000000001242022eb"], 0x0)

222.074784ms ago: executing program 3 (id=2024):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000029000000180001801400020073797a5f74756e"], 0x2c}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast1, 0x0, 0x0, 0x0, 0x80, 0x0, 0x140192})

207.693233ms ago: executing program 3 (id=2025):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {}, {0x0, 0x9}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x3}, {0x0, 0x0, 0x800}, 0x200, 0x0, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x4000)

140.174879ms ago: executing program 3 (id=2026):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_PORT_DST_MAX={0x6, 0x5a, 0x4e22}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4811}, 0x2008c014)

26.187041ms ago: executing program 0 (id=2027):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(twofish-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="a95c55c7cb4a9362a5ce533229c8eec8", 0x18)

11.755935ms ago: executing program 0 (id=2028):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r0, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x2c000811)
connect$inet(r0, 0x0, 0x0)

0s ago: executing program 3 (id=2029):
r0 = epoll_create(0xffffffff)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000003c0)={0x4})
poll(&(0x7f0000000000)=[{r0, 0x80}], 0x1, 0x5)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x8a, 0x3})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000680)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{0x5, 0xffffffff}, {0xfffffff9}]}})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={<r4=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, r4, 0x9dffffff}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, {0xa, 0x4e20, 0x7, @empty, 0x81}, r4, 0x8000}}, 0x48)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder1\x00', 0x0, 0x0)
r5 = syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x204040)
openat$vim2m(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f20c06635000001000f22c00f01c36565d8046766660f388129a5660fd9430d0f3a0fcc35f20f38f14029f20fc24686490e", 0x32}], 0x1, 0x8, 0x0, 0x0)
syz_usb_connect(0x5, 0x3d, &(0x7f0000000e80)=ANY=[@ANYBLOB="12011001b1fb66101e090300bb350102030109022b0001080540040904ce01026fda0d000705f71f22810b09050c02000201034009f89992a3296e1fe4"], 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18696315fd4bd81708fb3c00000000000011a900e70000000000c70000000000"], &(0x7f0000000240)='GPL\x00', 0x3, 0xfe1f, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r8, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000172000/0x1000)=nil, 0x2000, 0x1})
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
openat2(r9, &(0x7f0000000ec0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000001c0)={0x40000, 0x0, 0x12}, 0x18)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

349][T11664]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  383.959374][T11664] RIP: 0023:0xf706e539
[  383.959392][T11664] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  383.959410][T11664] RSP: 002b:00000000f505e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  383.959433][T11664] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  383.959447][T11664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  383.959458][T11664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  383.959469][T11664] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  383.959482][T11664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  383.959513][T11664]  </TASK>
[  383.962379][  T121] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  384.020678][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  384.040164][T11665] syzkaller1: entered promiscuous mode
[  384.043767][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  384.066370][T11665] syzkaller1: entered allmulticast mode
[  384.286974][T11672] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1768'.
[  384.298379][  T121] usb 4-1: device descriptor read/8, error -71
[  384.537808][  T121] usb 4-1: new low-speed USB device number 31 using dummy_hcd
[  384.599449][  T121] usb 4-1: device descriptor read/8, error -71
[  384.612143][T11682] FAULT_INJECTION: forcing a failure.
[  384.612143][T11682] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.646941][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.8.1773 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  384.646974][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  384.646987][T11682] Call Trace:
[  384.646996][T11682]  <TASK>
[  384.647006][T11682]  dump_stack_lvl+0x189/0x250
[  384.647038][T11682]  ? __pfx____ratelimit+0x10/0x10
[  384.647060][T11682]  ? __pfx_dump_stack_lvl+0x10/0x10
[  384.647085][T11682]  ? __pfx__printk+0x10/0x10
[  384.647130][T11682]  should_fail_ex+0x414/0x560
[  384.647170][T11682]  _copy_from_user+0x2d/0xb0
[  384.647201][T11682]  alg_setkey+0xb8/0x190
[  384.647236][T11682]  alg_setsockopt+0x3da/0x4a0
[  384.647268][T11682]  ? __pfx_alg_setsockopt+0x10/0x10
[  384.647300][T11682]  do_sock_setsockopt+0x179/0x1b0
[  384.647332][T11682]  __ia32_sys_setsockopt+0x13f/0x1b0
[  384.647371][T11682]  __do_fast_syscall_32+0xb6/0x2b0
[  384.647396][T11682]  ? lockdep_hardirqs_on+0x9c/0x150
[  384.647426][T11682]  do_fast_syscall_32+0x34/0x80
[  384.647450][T11682]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.647476][T11682] RIP: 0023:0xf711e539
[  384.647493][T11682] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  384.647514][T11682] RSP: 002b:00000000f510e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  384.647545][T11682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117
[  384.647559][T11682] RDX: 0000000000000001 RSI: 0000000080000100 RDI: 0000000000000010
[  384.647572][T11682] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.647584][T11682] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  384.647596][T11682] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.647627][T11682]  </TASK>
[  384.861695][  T121] usb usb4-port1: unable to enumerate USB device
[  385.041688][T11693] fuse: Unknown parameter 'user_i00000000000000000000'
[  385.552774][T11706] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1780'.
[  385.966262][T11710] random: crng reseeded on system resumption
[  386.074992][T11719] FAULT_INJECTION: forcing a failure.
[  386.074992][T11719] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.156862][T11719] CPU: 1 UID: 0 PID: 11719 Comm: syz.0.1786 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  386.156900][T11719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.156914][T11719] Call Trace:
[  386.156923][T11719]  <TASK>
[  386.156933][T11719]  dump_stack_lvl+0x189/0x250
[  386.156965][T11719]  ? __pfx____ratelimit+0x10/0x10
[  386.156987][T11719]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.157013][T11719]  ? __pfx__printk+0x10/0x10
[  386.157044][T11719]  ? __might_fault+0xb0/0x130
[  386.157085][T11719]  should_fail_ex+0x414/0x560
[  386.157124][T11719]  _copy_from_user+0x2d/0xb0
[  386.157155][T11719]  binder_ioctl_write_read+0x124/0xa040
[  386.157196][T11719]  ? is_bpf_text_address+0x292/0x2b0
[  386.157227][T11719]  ? is_bpf_text_address+0x26/0x2b0
[  386.157261][T11719]  ? kernel_text_address+0xa5/0xe0
[  386.157292][T11719]  ? __kernel_text_address+0xd/0x40
[  386.157320][T11719]  ? unwind_get_return_address+0x4d/0x90
[  386.157345][T11719]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  386.157372][T11719]  ? arch_stack_walk+0xfc/0x150
[  386.157410][T11719]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  386.157434][T11719]  ? stack_trace_save+0x9c/0xe0
[  386.157462][T11719]  ? stack_depot_save_flags+0x40/0x900
[  386.157506][T11719]  ? kasan_save_track+0x4f/0x80
[  386.157528][T11719]  ? kasan_save_track+0x3e/0x80
[  386.157552][T11719]  ? kasan_save_free_info+0x46/0x50
[  386.157578][T11719]  ? __kasan_slab_free+0x62/0x70
[  386.157602][T11719]  ? kfree+0x18e/0x440
[  386.157626][T11719]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  386.157648][T11719]  ? security_file_ioctl_compat+0xcb/0x2d0
[  386.157670][T11719]  ? __ia32_compat_sys_ioctl+0x128/0x840
[  386.157694][T11719]  ? __do_fast_syscall_32+0xb6/0x2b0
[  386.157716][T11719]  ? do_fast_syscall_32+0x34/0x80
[  386.157737][T11719]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.157774][T11719]  ? __lock_acquire+0xab9/0xd20
[  386.157803][T11719]  ? binder_debug+0x13f/0x1b0
[  386.157830][T11719]  ? __pfx_binder_debug+0x10/0x10
[  386.157853][T11719]  ? do_raw_spin_lock+0x121/0x290
[  386.157897][T11719]  ? _raw_spin_unlock+0x28/0x50
[  386.157927][T11719]  ? binder_get_thread+0x178/0x6d0
[  386.157958][T11719]  binder_ioctl+0x3e0/0x19c0
[  386.157986][T11719]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  386.158012][T11719]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  386.158041][T11719]  ? do_vfs_ioctl+0xbe8/0x1430
[  386.158065][T11719]  ? __pfx_binder_ioctl+0x10/0x10
[  386.158090][T11719]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  386.158130][T11719]  ? __lock_acquire+0xab9/0xd20
[  386.158207][T11719]  ? __fget_files+0x2a/0x420
[  386.158245][T11719]  ? __fget_files+0x3a0/0x420
[  386.158275][T11719]  ? __fget_files+0x2a/0x420
[  386.158310][T11719]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  386.158342][T11719]  __ia32_compat_sys_ioctl+0x543/0x840
[  386.158372][T11719]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  386.158400][T11719]  ? __fget_files+0x3a0/0x420
[  386.158439][T11719]  ? fput+0xa0/0xd0
[  386.158460][T11719]  ? ksys_write+0x22a/0x250
[  386.158499][T11719]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.158523][T11719]  __do_fast_syscall_32+0xb6/0x2b0
[  386.158547][T11719]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.158578][T11719]  do_fast_syscall_32+0x34/0x80
[  386.158603][T11719]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.158629][T11719] RIP: 0023:0xf7f48539
[  386.158647][T11719] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  386.158666][T11719] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  386.158689][T11719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  386.158704][T11719] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[  386.158716][T11719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.158728][T11719] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  386.158742][T11719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.158773][T11719]  </TASK>
[  386.197787][  T121] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  386.241821][T11719] binder: 11718:11719 ioctl c0306201 80000280 returned -14
[  386.477813][  T121] usb 9-1: Using ep0 maxpacket: 8
[  386.606647][  T121] usb 9-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  386.616025][  T121] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.627635][  T121] usb 9-1: Product: syz
[  386.631907][  T121] usb 9-1: Manufacturer: syz
[  386.636544][  T121] usb 9-1: SerialNumber: syz
[  386.715491][  T121] usb 9-1: config 0 descriptor??
[  386.746810][  T121] gspca_main: vc032x-2.14.0 probing 046d:0896
[  386.966390][  T121] gspca_vc032x: reg_r err -71
[  386.974028][  T121] vc032x 9-1:0.0: probe with driver vc032x failed with error -71
[  387.016438][T11732] fuse: Unknown parameter 'user_id00000000000000000000'
[  387.053904][  T121] usb 9-1: USB disconnect, device number 16
[  387.463395][ T5950] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  387.612874][T11741] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1793'.
[  387.626290][T11741] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  387.634549][T11741] IPv6: NLM_F_CREATE should be set when creating new route
[  387.647713][ T5950] usb 4-1: device descriptor read/64, error -71
[  388.007665][ T5950] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  388.174407][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  388.174426][   T30] audit: type=1326 audit(1754240935.597:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  388.243812][ T5950] usb 4-1: device descriptor read/64, error -71
[  388.389012][   T30] audit: type=1326 audit(1754240935.597:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  388.453646][   T30] audit: type=1326 audit(1754240935.597:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  388.488426][ T5950] usb usb4-port1: attempt power cycle
[  388.627800][   T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  388.800008][   T10] usb 5-1: Using ep0 maxpacket: 8
[  388.838270][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  388.838438][   T30] audit: type=1326 audit(1754240935.597:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  388.858564][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.896209][   T10] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  388.906870][T11729] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1789'.
[  388.977712][ T5950] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  388.999933][ T5950] usb 4-1: device descriptor read/8, error -71
[  389.050135][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  389.059914][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.077208][   T10] usb 5-1: Product: syz
[  389.118864][   T10] usb 5-1: Manufacturer: syz
[  389.134135][   T10] usb 5-1: SerialNumber: syz
[  389.139484][   T30] audit: type=1326 audit(1754240935.597:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  389.182173][   T10] usb 5-1: config 0 descriptor??
[  389.247164][   T30] audit: type=1326 audit(1754240935.597:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  389.287715][ T5950] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  389.342719][T11759] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1799'.
[  389.353704][ T5950] usb 4-1: device descriptor read/8, error -71
[  389.362447][   T30] audit: type=1326 audit(1754240935.597:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  389.452141][T11760] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1799'.
[  389.468196][ T5950] usb usb4-port1: unable to enumerate USB device
[  389.483355][   T30] audit: type=1326 audit(1754240935.597:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  389.584064][   T30] audit: type=1326 audit(1754240935.597:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  389.694009][   T30] audit: type=1326 audit(1754240935.597:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000
[  390.100172][T11768] FAULT_INJECTION: forcing a failure.
[  390.100172][T11768] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.143602][T11770] fuse: Unknown parameter 'user_id00000000000000000000'
[  390.151815][T11768] CPU: 0 UID: 0 PID: 11768 Comm: syz.0.1803 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  390.151845][T11768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  390.151860][T11768] Call Trace:
[  390.151868][T11768]  <TASK>
[  390.151878][T11768]  dump_stack_lvl+0x189/0x250
[  390.151910][T11768]  ? __pfx____ratelimit+0x10/0x10
[  390.151932][T11768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.151958][T11768]  ? __pfx__printk+0x10/0x10
[  390.151989][T11768]  ? __might_fault+0xb0/0x130
[  390.152037][T11768]  should_fail_ex+0x414/0x560
[  390.152077][T11768]  _copy_from_user+0x2d/0xb0
[  390.152108][T11768]  get_compat_msghdr+0xad/0x4a0
[  390.152141][T11768]  ? __pfx_get_compat_msghdr+0x10/0x10
[  390.152181][T11768]  ___sys_sendmsg+0x193/0x2a0
[  390.152212][T11768]  ? __pfx____sys_sendmsg+0x10/0x10
[  390.152277][T11768]  ? __fget_files+0x2a/0x420
[  390.152308][T11768]  ? __fget_files+0x3a0/0x420
[  390.152351][T11768]  __sys_sendmsg+0x164/0x220
[  390.152380][T11768]  ? __pfx___sys_sendmsg+0x10/0x10
[  390.152425][T11768]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.152451][T11768]  __do_fast_syscall_32+0xb6/0x2b0
[  390.152475][T11768]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.152501][T11768]  do_fast_syscall_32+0x34/0x80
[  390.152524][T11768]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.152551][T11768] RIP: 0023:0xf7f48539
[  390.152569][T11768] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  390.152588][T11768] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  390.152611][T11768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  390.152626][T11768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.152638][T11768] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.152650][T11768] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  390.152663][T11768] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.152693][T11768]  </TASK>
[  390.366147][ T5950] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  390.750628][ T5950] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  390.772924][ T5950] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.789299][T11778] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1805'.
[  390.804656][ T5950] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.827697][T11778] netlink: 'syz.8.1805': attribute type 7 has an invalid length.
[  390.872079][ T5950] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  390.886164][T11778] netlink: 'syz.8.1805': attribute type 8 has an invalid length.
[  390.914664][T11778] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1805'.
[  390.926167][ T5950] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  390.941591][ T5950] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  390.954349][ T5950] usb 7-1: Manufacturer: syz
[  390.992448][ T5950] usb 7-1: config 0 descriptor??
[  391.353369][T11786] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1807'.
[  391.420403][   T10] usb 5-1: USB disconnect, device number 34
[  391.555754][ T5950] appleir 0003:05AC:8243.0012: unknown main item tag 0x0
[  391.596932][ T5950] appleir 0003:05AC:8243.0012: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  391.897022][   T43] usb 7-1: USB disconnect, device number 28
[  391.994632][T11807] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1814'.
[  392.038263][T11795] fido_id[11795]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  392.199890][T11810] fuse: Unknown parameter 'user_id00000000000000000000'
[  392.307651][ T5950] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  392.405405][T11820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1819'.
[  392.469881][ T5950] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  392.497623][ T5950] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  392.517643][ T5950] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  392.526761][ T5950] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.560755][T11807] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  392.597372][ T5950] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  392.845647][ T5950] usb 1-1: USB disconnect, device number 27
[  392.955833][T11827] FAULT_INJECTION: forcing a failure.
[  392.955833][T11827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.975261][T11827] CPU: 0 UID: 0 PID: 11827 Comm: syz.4.1822 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  392.975294][T11827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.975308][T11827] Call Trace:
[  392.975316][T11827]  <TASK>
[  392.975326][T11827]  dump_stack_lvl+0x189/0x250
[  392.975357][T11827]  ? __pfx____ratelimit+0x10/0x10
[  392.975380][T11827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.975406][T11827]  ? __pfx__printk+0x10/0x10
[  392.975436][T11827]  ? __might_fault+0xb0/0x130
[  392.975478][T11827]  should_fail_ex+0x414/0x560
[  392.975518][T11827]  _copy_from_user+0x2d/0xb0
[  392.975549][T11827]  get_compat_msghdr+0xad/0x4a0
[  392.975582][T11827]  ? __pfx_get_compat_msghdr+0x10/0x10
[  392.975621][T11827]  ___sys_sendmsg+0x193/0x2a0
[  392.975652][T11827]  ? __pfx____sys_sendmsg+0x10/0x10
[  392.975718][T11827]  ? __fget_files+0x2a/0x420
[  392.975759][T11827]  ? __fget_files+0x3a0/0x420
[  392.975802][T11827]  __sys_sendmsg+0x164/0x220
[  392.975831][T11827]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.975877][T11827]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.975903][T11827]  __do_fast_syscall_32+0xb6/0x2b0
[  392.975928][T11827]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.975957][T11827]  do_fast_syscall_32+0x34/0x80
[  392.975980][T11827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  392.976008][T11827] RIP: 0023:0xf70ee539
[  392.976026][T11827] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  392.976046][T11827] RSP: 002b:00000000f50de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  392.976068][T11827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  392.976083][T11827] RDX: 000000002008c014 RSI: 0000000000000000 RDI: 0000000000000000
[  392.976097][T11827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  392.976109][T11827] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  392.976122][T11827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  392.976153][T11827]  </TASK>
[  393.007923][   T43] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  393.196764][T11829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1814'.
[  393.387799][   T43] usb 7-1: Using ep0 maxpacket: 16
[  393.397039][   T43] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  393.409639][   T43] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  393.436634][   T43] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  393.453244][   T43] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  393.464046][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.509646][   T43] usb 7-1: Product: syz
[  393.515229][   T43] usb 7-1: Manufacturer: syz
[  393.523481][   T43] usb 7-1: SerialNumber: syz
[  393.607779][  T121] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  393.626956][T11835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1825'.
[  393.733618][T11838] ip6gre1: entered allmulticast mode
[  393.771569][  T121] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  393.782900][  T121] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  393.793058][  T121] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  393.806798][  T121] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.836221][T11831] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  393.977481][T11842] fuse: Bad value for 'fd'
[  394.122867][T11831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.136129][T11831] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.260000][T11849] FAULT_INJECTION: forcing a failure.
[  394.260000][T11849] name failslab, interval 1, probability 0, space 0, times 0
[  394.302568][T11849] CPU: 0 UID: 0 PID: 11849 Comm: syz.4.1831 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  394.302601][T11849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.302616][T11849] Call Trace:
[  394.302626][T11849]  <TASK>
[  394.302635][T11849]  dump_stack_lvl+0x189/0x250
[  394.302674][T11849]  ? __pfx____ratelimit+0x10/0x10
[  394.302696][T11849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.302722][T11849]  ? __pfx__printk+0x10/0x10
[  394.302759][T11849]  ? __pfx___might_resched+0x10/0x10
[  394.302785][T11849]  should_fail_ex+0x414/0x560
[  394.302826][T11849]  should_failslab+0xa8/0x100
[  394.302860][T11849]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  394.302890][T11849]  ? __alloc_skb+0x112/0x2d0
[  394.302919][T11849]  __alloc_skb+0x112/0x2d0
[  394.302947][T11849]  netlink_sendmsg+0x5c6/0xb30
[  394.302982][T11849]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.303010][T11849]  ? __import_iovec+0x5d4/0x7f0
[  394.303036][T11849]  ? aa_sock_msg_perm+0x94/0x160
[  394.303067][T11849]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  394.303087][T11849]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.303112][T11849]  __sock_sendmsg+0x219/0x270
[  394.303150][T11849]  ____sys_sendmsg+0x505/0x830
[  394.303183][T11849]  ? __pfx_____sys_sendmsg+0x10/0x10
[  394.303228][T11849]  ___sys_sendmsg+0x21f/0x2a0
[  394.303258][T11849]  ? __pfx____sys_sendmsg+0x10/0x10
[  394.303325][T11849]  ? __fget_files+0x2a/0x420
[  394.303356][T11849]  ? __fget_files+0x3a0/0x420
[  394.303399][T11849]  __sys_sendmsg+0x164/0x220
[  394.303430][T11849]  ? __pfx___sys_sendmsg+0x10/0x10
[  394.303479][T11849]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.303503][T11849]  __do_fast_syscall_32+0xb6/0x2b0
[  394.303528][T11849]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.303554][T11849]  do_fast_syscall_32+0x34/0x80
[  394.303577][T11849]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.303604][T11849] RIP: 0023:0xf70ee539
[  394.303623][T11849] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  394.303647][T11849] RSP: 002b:00000000f50de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  394.303671][T11849] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40
[  394.303686][T11849] RDX: 0000000024000000 RSI: 0000000000000000 RDI: 0000000000000000
[  394.303700][T11849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.303712][T11849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  394.303725][T11849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  394.303754][T11849]  </TASK>
[  394.562570][    C0] vkms_vblank_simulate: vblank timer overrun
[  395.765196][   T43] usb 7-1: 2:1 : format type 0 is detected, processed as PCM
[  395.818072][   T43] usb 7-1: 2:1: cannot set freq 9338507 to ep 0x82
[  396.034376][  T121] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  396.080766][   T43] usb 7-1: USB disconnect, device number 29
[  396.246564][T11874] FAULT_INJECTION: forcing a failure.
[  396.246564][T11874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.277308][T11874] CPU: 1 UID: 0 PID: 11874 Comm: syz.0.1838 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  396.277345][T11874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  396.277358][T11874] Call Trace:
[  396.277366][T11874]  <TASK>
[  396.277377][T11874]  dump_stack_lvl+0x189/0x250
[  396.277409][T11874]  ? __pfx____ratelimit+0x10/0x10
[  396.277432][T11874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.277457][T11874]  ? __pfx__printk+0x10/0x10
[  396.277500][T11874]  should_fail_ex+0x414/0x560
[  396.277540][T11874]  _copy_to_user+0x31/0xb0
[  396.277573][T11874]  simple_read_from_buffer+0xe1/0x170
[  396.277609][T11874]  proc_fail_nth_read+0x1b3/0x220
[  396.277637][T11874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  396.277665][T11874]  ? rw_verify_area+0x2a6/0x4d0
[  396.277711][T11874]  ? __lock_acquire+0xab9/0xd20
[  396.277739][T11874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  396.277765][T11874]  vfs_read+0x1fd/0x980
[  396.277791][T11874]  ? fdget_pos+0x247/0x320
[  396.277828][T11874]  ? __pfx___mutex_lock+0x10/0x10
[  396.277852][T11874]  ? __pfx_vfs_read+0x10/0x10
[  396.277881][T11874]  ? __fget_files+0x2a/0x420
[  396.277917][T11874]  ? __fget_files+0x3a0/0x420
[  396.277947][T11874]  ? __fget_files+0x2a/0x420
[  396.277989][T11874]  ksys_read+0x145/0x250
[  396.278020][T11874]  ? __pfx_ksys_read+0x10/0x10
[  396.278049][T11874]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.278074][T11874]  __do_fast_syscall_32+0xb6/0x2b0
[  396.278099][T11874]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.278125][T11874]  do_fast_syscall_32+0x34/0x80
[  396.278148][T11874]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  396.278175][T11874] RIP: 0023:0xf7f48539
[  396.278194][T11874] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  396.278212][T11874] RSP: 002b:00000000f5066590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  396.278235][T11874] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5066620
[  396.278250][T11874] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  396.278262][T11874] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  396.278274][T11874] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  396.278286][T11874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  396.278325][T11874]  </TASK>
[  396.697789][  T121] usb 9-1: USB disconnect, device number 17
[  396.811689][T11880] fuse: Bad value for 'fd'
[  396.887656][   T43] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  397.077998][   T43] usb 7-1: Using ep0 maxpacket: 8
[  397.087780][   T43] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  397.111836][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.186136][   T43] pvrusb2: Hardware description: Terratec Grabster AV400
[  397.207930][   T43] pvrusb2: **********
[  397.215766][   T43] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  397.242235][   T43] pvrusb2: Important functionality might not be entirely working.
[  397.262054][   T43] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  397.337205][   T43] pvrusb2: **********
[  397.374011][ T2345] pvrusb2: Invalid write control endpoint
[  397.594383][   T43] usb 7-1: USB disconnect, device number 30
[  397.731406][ T2345] pvrusb2: Invalid write control endpoint
[  397.759916][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  397.797818][   T10] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  397.807037][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  397.850978][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  397.937803][ T2345] pvrusb2: Device being rendered inoperable
[  397.994395][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  398.032544][   T10] usb 9-1: config 0 has no interfaces?
[  398.057927][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  398.099713][   T10] usb 9-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  398.128447][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.139311][ T2345] pvrusb2: Attached sub-driver cx25840
[  398.144991][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  398.167562][   T10] usb 9-1: Product: syz
[  398.171804][   T10] usb 9-1: Manufacturer: syz
[  398.214664][   T10] usb 9-1: SerialNumber: syz
[  398.222858][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  398.248995][   T10] usb 9-1: config 0 descriptor??
[  398.549733][T11911] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1851'.
[  398.625041][T11911] netlink: 'syz.6.1851': attribute type 10 has an invalid length.
[  398.725004][T11917] netlink: 'syz.3.1853': attribute type 29 has an invalid length.
[  398.735455][T11911] FAULT_INJECTION: forcing a failure.
[  398.735455][T11911] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.761311][T11917] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1853'.
[  398.824978][T11911] CPU: 0 UID: 0 PID: 11911 Comm: syz.6.1851 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  398.825011][T11911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  398.825024][T11911] Call Trace:
[  398.825033][T11911]  <TASK>
[  398.825042][T11911]  dump_stack_lvl+0x189/0x250
[  398.825074][T11911]  ? __pfx____ratelimit+0x10/0x10
[  398.825093][T11911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.825119][T11911]  ? __pfx__printk+0x10/0x10
[  398.825168][T11911]  should_fail_ex+0x414/0x560
[  398.825207][T11911]  _copy_to_user+0x31/0xb0
[  398.825238][T11911]  simple_read_from_buffer+0xe1/0x170
[  398.825274][T11911]  proc_fail_nth_read+0x1b3/0x220
[  398.825301][T11911]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  398.825328][T11911]  ? rw_verify_area+0x2a6/0x4d0
[  398.825354][T11911]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  398.825380][T11911]  vfs_read+0x1fd/0x980
[  398.825416][T11911]  ? __pfx_vfs_read+0x10/0x10
[  398.825453][T11911]  ? __sys_sendmsg+0x189/0x220
[  398.825490][T11911]  ksys_read+0x145/0x250
[  398.825521][T11911]  ? __pfx_ksys_read+0x10/0x10
[  398.825551][T11911]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.825577][T11911]  __do_fast_syscall_32+0xb6/0x2b0
[  398.825601][T11911]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.825625][T11911]  do_fast_syscall_32+0x34/0x80
[  398.825649][T11911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  398.825676][T11911] RIP: 0023:0xf706e539
[  398.825694][T11911] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  398.825714][T11911] RSP: 002b:00000000f505e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  398.825737][T11911] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f505e620
[  398.825751][T11911] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  398.825764][T11911] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  398.825777][T11911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  398.825789][T11911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  398.825819][T11911]  </TASK>
[  399.035495][    C0] vkms_vblank_simulate: vblank timer overrun
[  399.090247][T11915] process 'syz.0.1852' launched '/dev/fd/6' with NULL argv: empty string added
[  399.447465][T11921] fuse: Bad value for 'fd'
[  399.652611][T11925] FAULT_INJECTION: forcing a failure.
[  399.652611][T11925] name failslab, interval 1, probability 0, space 0, times 0
[  399.728029][T11925] CPU: 1 UID: 0 PID: 11925 Comm: syz.3.1855 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  399.728066][T11925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  399.728080][T11925] Call Trace:
[  399.728088][T11925]  <TASK>
[  399.728098][T11925]  dump_stack_lvl+0x189/0x250
[  399.728129][T11925]  ? __pfx____ratelimit+0x10/0x10
[  399.728151][T11925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.728188][T11925]  ? __pfx__printk+0x10/0x10
[  399.728220][T11925]  ? __lock_acquire+0xab9/0xd20
[  399.728262][T11925]  should_fail_ex+0x414/0x560
[  399.728300][T11925]  should_failslab+0xa8/0x100
[  399.728333][T11925]  kmem_cache_alloc_noprof+0x73/0x3c0
[  399.728360][T11925]  ? skb_clone+0x212/0x3a0
[  399.728393][T11925]  skb_clone+0x212/0x3a0
[  399.728426][T11925]  __netlink_deliver_tap+0x404/0x850
[  399.728463][T11925]  ? netlink_deliver_tap+0x2e/0x1b0
[  399.728486][T11925]  netlink_deliver_tap+0x19c/0x1b0
[  399.728511][T11925]  netlink_unicast+0x7fa/0x9e0
[  399.728554][T11925]  ? __pfx_netlink_unicast+0x10/0x10
[  399.728589][T11925]  ? netlink_sendmsg+0x642/0xb30
[  399.728609][T11925]  ? skb_put+0x11b/0x210
[  399.728638][T11925]  netlink_sendmsg+0x805/0xb30
[  399.728672][T11925]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.728698][T11925]  ? __import_iovec+0x5d4/0x7f0
[  399.728724][T11925]  ? aa_sock_msg_perm+0x94/0x160
[  399.728754][T11925]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  399.728776][T11925]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.728800][T11925]  __sock_sendmsg+0x219/0x270
[  399.728836][T11925]  ____sys_sendmsg+0x505/0x830
[  399.728869][T11925]  ? __pfx_____sys_sendmsg+0x10/0x10
[  399.728915][T11925]  ___sys_sendmsg+0x21f/0x2a0
[  399.728944][T11925]  ? __pfx____sys_sendmsg+0x10/0x10
[  399.729011][T11925]  ? __fget_files+0x2a/0x420
[  399.729045][T11925]  ? __fget_files+0x3a0/0x420
[  399.729089][T11925]  __sys_sendmsg+0x164/0x220
[  399.729118][T11925]  ? __pfx___sys_sendmsg+0x10/0x10
[  399.729169][T11925]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.729194][T11925]  __do_fast_syscall_32+0xb6/0x2b0
[  399.729218][T11925]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.729244][T11925]  do_fast_syscall_32+0x34/0x80
[  399.729267][T11925]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  399.729293][T11925] RIP: 0023:0xf705e539
[  399.729311][T11925] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  399.729330][T11925] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  399.729352][T11925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580
[  399.729367][T11925] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000
[  399.729380][T11925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  399.729392][T11925] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  399.729404][T11925] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  399.729436][T11925]  </TASK>
[  400.430163][T11930] ptrace attach of "./syz-executor exec"[6881] was attempted by "./syz-executor exec"[11930]
[  400.867626][ T5950] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  401.039279][ T5950] usb 4-1: Using ep0 maxpacket: 16
[  401.050544][ T5950] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 64
[  401.063509][ T5950] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 8
[  401.075010][ T5950] usb 4-1: config 1 interface 0 has no altsetting 0
[  401.090781][ T5950] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  401.102975][ T5950] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.115078][ T5950] usb 4-1: Product: 瓒릪켄䲎ⱷ໒큇➕ᆆꢗ㬙覔릦쌒㿘貺光ﱴᙄ钕閄薟알⒗숴겐姠拞鬩ꇝ꟎鍅䠵撍섊㍉션슻ಸﱫ᪓뺗髆藒㨧殳授뎾픦巇犫킾閭ﭑ쫆攲䪭鄈⼎鉢鹛팯᝸羡妌⻠團ꓦ鑦궏ꐣ∅觇鴝諳몷
[  401.200733][ T5950] usb 4-1: Manufacturer: 뤄ꈩ琿㌅㜰ꍜ幫ᚍ﹖⶯즐ꐒꀏ䨃ꑭ섇⁲䫣⑇猩쨱༤ඝ╒꠴兣犍㪮퓉럁䘅˒닅㮒鞻쑶騱ᬝሌ材퓘
[  401.270847][   T10] usb 9-1: USB disconnect, device number 18
[  401.340064][ T5950] usb 4-1: SerialNumber: syz
[  401.389635][T11936] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  401.400301][T11936] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  401.502235][T11947] binder: BINDER_SET_CONTEXT_MGR already set
[  401.573800][T11947] binder: 11943:11947 ioctl 4018620d 80000100 returned -16
[  401.698112][T11936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.719106][T11936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  401.743687][   T10] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  402.037753][   T10] usb 9-1: Using ep0 maxpacket: 16
[  402.046784][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.076109][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.157330][ T5950] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  402.169515][   T10] usb 9-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00
[  402.192518][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.231653][ T5950] usb 4-1: USB disconnect, device number 36
[  402.242710][   T10] usb 9-1: config 0 descriptor??
[  402.485383][T11945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.515932][T11945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.636204][   T10] usb 9-1: string descriptor 0 read error: -71
[  402.658961][   T10] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input12
[  402.684302][ T5215] bcm5974 9-1:0.0: could not read from device
[  402.798991][ T5215] bcm5974 9-1:0.0: could not read from device
[  402.810899][   T10] usb 9-1: USB disconnect, device number 19
[  403.215069][T11965] fuse: Unknown parameter '0x0000000000000003'
[  403.218002][ T5950] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  403.575892][ T5950] usb 4-1: config 0 has an invalid interface number: 239 but max is 0
[  403.603314][ T5950] usb 4-1: config 0 has no interface number 0
[  403.654462][ T5950] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  403.677057][ T5950] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.706743][ T5950] usb 4-1: Product: syz
[  403.724794][ T5950] usb 4-1: Manufacturer: syz
[  403.742879][ T5950] usb 4-1: SerialNumber: syz
[  403.793090][ T5950] usb 4-1: config 0 descriptor??
[  403.996068][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1869'.
[  404.021371][T11977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1869'.
[  404.281346][ T5950] asix 4-1:0.239 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  404.352794][ T5950] asix 4-1:0.239: probe with driver asix failed with error -71
[  404.438112][ T6509] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  404.497669][ T6509] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  404.509715][ T5950] usb 4-1: USB disconnect, device number 37
[  404.573775][ T6509] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  404.654939][ T6509] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  404.810100][   T10] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  405.002838][   T10] usb 7-1: config 0 has no interfaces?
[  405.040277][   T10] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  405.057830][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.073842][   T10] usb 7-1: Product: syz
[  405.079640][   T10] usb 7-1: Manufacturer: syz
[  405.092136][   T10] usb 7-1: SerialNumber: syz
[  405.107442][   T10] usb 7-1: config 0 descriptor??
[  405.275265][T11997] FAULT_INJECTION: forcing a failure.
[  405.275265][T11997] name failslab, interval 1, probability 0, space 0, times 0
[  405.322119][T11997] CPU: 1 UID: 0 PID: 11997 Comm: syz.3.1875 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  405.322154][T11997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  405.322167][T11997] Call Trace:
[  405.322176][T11997]  <TASK>
[  405.322185][T11997]  dump_stack_lvl+0x189/0x250
[  405.322216][T11997]  ? __pfx____ratelimit+0x10/0x10
[  405.322238][T11997]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.322263][T11997]  ? __pfx__printk+0x10/0x10
[  405.322299][T11997]  ? __pfx___might_resched+0x10/0x10
[  405.322324][T11997]  should_fail_ex+0x414/0x560
[  405.322362][T11997]  should_failslab+0xa8/0x100
[  405.322413][T11997]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  405.322444][T11997]  ? __alloc_skb+0x112/0x2d0
[  405.322472][T11997]  __alloc_skb+0x112/0x2d0
[  405.322501][T11997]  __ip_append_data+0x2dae/0x40c0
[  405.322554][T11997]  ? __pfx_raw_getfrag+0x10/0x10
[  405.322602][T11997]  ? ipv4_mtu+0x23/0x5c0
[  405.322630][T11997]  ? __pfx___ip_append_data+0x10/0x10
[  405.322660][T11997]  ? ipv4_mtu+0x4b2/0x5c0
[  405.322684][T11997]  ? ipv4_mtu+0x23/0x5c0
[  405.322711][T11997]  ? __pfx_ipv4_mtu+0x10/0x10
[  405.322737][T11997]  ? ip_setup_cork+0x577/0x9a0
[  405.322763][T11997]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.322796][T11997]  ip_append_data+0x10e/0x190
[  405.322831][T11997]  ? __pfx_raw_getfrag+0x10/0x10
[  405.322863][T11997]  raw_sendmsg+0x13d8/0x18b0
[  405.322909][T11997]  ? __pfx_raw_sendmsg+0x10/0x10
[  405.322959][T11997]  ? aa_sk_perm+0x81e/0x950
[  405.322990][T11997]  ? __pfx_aa_sk_perm+0x10/0x10
[  405.323013][T11997]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  405.323049][T11997]  ? sock_rps_record_flow+0x19/0x410
[  405.323084][T11997]  ? inet_sendmsg+0x2f4/0x370
[  405.323114][T11997]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  405.323142][T11997]  __sock_sendmsg+0x19c/0x270
[  405.323178][T11997]  ____sys_sendmsg+0x52d/0x830
[  405.323213][T11997]  ? __pfx_____sys_sendmsg+0x10/0x10
[  405.323258][T11997]  ___sys_sendmsg+0x21f/0x2a0
[  405.323289][T11997]  ? __pfx____sys_sendmsg+0x10/0x10
[  405.323356][T11997]  ? __fget_files+0x2a/0x420
[  405.323388][T11997]  ? __fget_files+0x3a0/0x420
[  405.323432][T11997]  __sys_sendmmsg+0x28e/0x430
[  405.323466][T11997]  ? __pfx___sys_sendmmsg+0x10/0x10
[  405.323505][T11997]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  405.323548][T11997]  ? ksys_write+0x22a/0x250
[  405.323589][T11997]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  405.323619][T11997]  __do_fast_syscall_32+0xb6/0x2b0
[  405.323644][T11997]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.323670][T11997]  do_fast_syscall_32+0x34/0x80
[  405.323694][T11997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  405.323722][T11997] RIP: 0023:0xf705e539
[  405.323741][T11997] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  405.323759][T11997] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  405.323781][T11997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001540
[  405.323802][T11997] RDX: 0000000000000002 RSI: 0000000000048800 RDI: 0000000000000000
[  405.323815][T11997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  405.323828][T11997] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  405.323840][T11997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  405.323871][T11997]  </TASK>
[  405.783469][T12004] fuse: Unknown parameter '0x0000000000000003'
[  405.988437][T12008] FAULT_INJECTION: forcing a failure.
[  405.988437][T12008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.006892][T12008] CPU: 0 UID: 0 PID: 12008 Comm: syz.0.1880 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  406.006924][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  406.006938][T12008] Call Trace:
[  406.006947][T12008]  <TASK>
[  406.006958][T12008]  dump_stack_lvl+0x189/0x250
[  406.006988][T12008]  ? __pfx____ratelimit+0x10/0x10
[  406.007011][T12008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.007037][T12008]  ? __pfx__printk+0x10/0x10
[  406.007072][T12008]  ? __might_fault+0xb0/0x130
[  406.007112][T12008]  should_fail_ex+0x414/0x560
[  406.007151][T12008]  _copy_from_iter+0x1db/0x16f0
[  406.007181][T12008]  ? rcu_is_watching+0x15/0xb0
[  406.007204][T12008]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  406.007235][T12008]  ? __pfx__copy_from_iter+0x10/0x10
[  406.007263][T12008]  ? __build_skb_around+0x257/0x3e0
[  406.007292][T12008]  ? netlink_sendmsg+0x642/0xb30
[  406.007312][T12008]  ? skb_put+0x11b/0x210
[  406.007340][T12008]  netlink_sendmsg+0x6b2/0xb30
[  406.007372][T12008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.007398][T12008]  ? __import_iovec+0x5d4/0x7f0
[  406.007424][T12008]  ? aa_sock_msg_perm+0x94/0x160
[  406.007455][T12008]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  406.007479][T12008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.007503][T12008]  __sock_sendmsg+0x219/0x270
[  406.007545][T12008]  ____sys_sendmsg+0x505/0x830
[  406.007579][T12008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.007624][T12008]  ___sys_sendmsg+0x21f/0x2a0
[  406.007654][T12008]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.007720][T12008]  ? __fget_files+0x2a/0x420
[  406.007752][T12008]  ? __fget_files+0x3a0/0x420
[  406.007796][T12008]  __sys_sendmsg+0x164/0x220
[  406.007826][T12008]  ? __pfx___sys_sendmsg+0x10/0x10
[  406.007871][T12008]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.007896][T12008]  __do_fast_syscall_32+0xb6/0x2b0
[  406.007920][T12008]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.007946][T12008]  do_fast_syscall_32+0x34/0x80
[  406.007968][T12008]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  406.007995][T12008] RIP: 0023:0xf7f48539
[  406.008014][T12008] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  406.008033][T12008] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  406.008055][T12008] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001ec0
[  406.008071][T12008] RDX: 00000000040040c0 RSI: 0000000000000000 RDI: 0000000000000000
[  406.008084][T12008] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  406.008097][T12008] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  406.008110][T12008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  406.008141][T12008]  </TASK>
[  406.595028][   T10] usb 9-1: new full-speed USB device number 20 using dummy_hcd
[  406.765854][   T10] usb 9-1: unable to get BOS descriptor or descriptor too short
[  406.824292][   T10] usb 9-1: not running at top speed; connect to a high speed hub
[  406.972809][   T10] usb 9-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  407.000653][   T10] usb 9-1: config 135 has 1 interface, different from the descriptor's value: 2
[  407.016611][   T10] usb 9-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=26.a8
[  407.032284][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.043122][   T10] usb 9-1: Product: syz
[  407.047352][   T10] usb 9-1: Manufacturer: syz
[  407.092043][   T10] usb 9-1: SerialNumber: syz
[  407.219692][T12022] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1884'.
[  407.247027][T12022] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  407.310324][   T10] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  407.319948][   T10] dvb-usb: bulk message failed: -22 (4/0)
[  407.329900][   T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  407.354564][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  407.372233][   T10] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  407.414356][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  407.453424][   T10] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) error while loading driver (-19)
[  407.516852][   T10] usb 9-1: USB disconnect, device number 20
[  407.659861][T12027] FAULT_INJECTION: forcing a failure.
[  407.659861][T12027] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.704800][T12027] CPU: 0 UID: 0 PID: 12027 Comm: syz.3.1886 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  407.704833][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  407.704848][T12027] Call Trace:
[  407.704856][T12027]  <TASK>
[  407.704865][T12027]  dump_stack_lvl+0x189/0x250
[  407.704895][T12027]  ? __pfx____ratelimit+0x10/0x10
[  407.704922][T12027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.704948][T12027]  ? __pfx__printk+0x10/0x10
[  407.704993][T12027]  should_fail_ex+0x414/0x560
[  407.705031][T12027]  _copy_to_user+0x31/0xb0
[  407.705064][T12027]  simple_read_from_buffer+0xe1/0x170
[  407.705099][T12027]  proc_fail_nth_read+0x1b3/0x220
[  407.705127][T12027]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  407.705155][T12027]  ? rw_verify_area+0x2a6/0x4d0
[  407.705182][T12027]  ? __lock_acquire+0xab9/0xd20
[  407.705211][T12027]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  407.705236][T12027]  vfs_read+0x1fd/0x980
[  407.705262][T12027]  ? fdget_pos+0x247/0x320
[  407.705296][T12027]  ? __pfx___mutex_lock+0x10/0x10
[  407.705320][T12027]  ? __pfx_vfs_read+0x10/0x10
[  407.705348][T12027]  ? __fget_files+0x2a/0x420
[  407.705384][T12027]  ? __fget_files+0x3a0/0x420
[  407.705423][T12027]  ? __fget_files+0x2a/0x420
[  407.705465][T12027]  ksys_read+0x145/0x250
[  407.705496][T12027]  ? __pfx_ksys_read+0x10/0x10
[  407.705525][T12027]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.705548][T12027]  __do_fast_syscall_32+0xb6/0x2b0
[  407.705572][T12027]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.705595][T12027]  do_fast_syscall_32+0x34/0x80
[  407.705617][T12027]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  407.705643][T12027] RIP: 0023:0xf705e539
[  407.705661][T12027] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  407.705677][T12027] RSP: 002b:00000000f504e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  407.705700][T12027] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f504e620
[  407.705715][T12027] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000
[  407.705728][T12027] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  407.705740][T12027] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  407.705752][T12027] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  407.705784][T12027]  </TASK>
[  408.183780][T12034] FAULT_INJECTION: forcing a failure.
[  408.183780][T12034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.304473][T12034] CPU: 1 UID: 0 PID: 12034 Comm: syz.8.1889 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  408.304502][T12034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  408.304513][T12034] Call Trace:
[  408.304519][T12034]  <TASK>
[  408.304526][T12034]  dump_stack_lvl+0x189/0x250
[  408.304550][T12034]  ? __pfx____ratelimit+0x10/0x10
[  408.304565][T12034]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.304584][T12034]  ? __pfx__printk+0x10/0x10
[  408.304615][T12034]  should_fail_ex+0x414/0x560
[  408.304643][T12034]  _copy_to_user+0x31/0xb0
[  408.304666][T12034]  simple_read_from_buffer+0xe1/0x170
[  408.304692][T12034]  proc_fail_nth_read+0x1b3/0x220
[  408.304711][T12034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.304729][T12034]  ? rw_verify_area+0x2a6/0x4d0
[  408.304747][T12034]  ? __lock_acquire+0xab9/0xd20
[  408.304767][T12034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.304784][T12034]  vfs_read+0x1fd/0x980
[  408.304801][T12034]  ? fdget_pos+0x247/0x320
[  408.304827][T12034]  ? __pfx___mutex_lock+0x10/0x10
[  408.304843][T12034]  ? __pfx_vfs_read+0x10/0x10
[  408.304863][T12034]  ? __fget_files+0x2a/0x420
[  408.304888][T12034]  ? __fget_files+0x3a0/0x420
[  408.304909][T12034]  ? __fget_files+0x2a/0x420
[  408.304937][T12034]  ksys_read+0x145/0x250
[  408.304958][T12034]  ? __pfx_ksys_read+0x10/0x10
[  408.304979][T12034]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.304996][T12034]  __do_fast_syscall_32+0xb6/0x2b0
[  408.305012][T12034]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.305029][T12034]  do_fast_syscall_32+0x34/0x80
[  408.305045][T12034]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  408.305064][T12034] RIP: 0023:0xf711e539
[  408.305077][T12034] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  408.305091][T12034] RSP: 002b:00000000f510e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  408.305107][T12034] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f510e620
[  408.305117][T12034] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[  408.305127][T12034] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  408.305135][T12034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  408.305144][T12034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  408.305165][T12034]  </TASK>
[  408.637595][   T43] usb 7-1: USB disconnect, device number 31
[  408.657443][ T5952] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  408.835633][ T5952] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  408.846438][ T5952] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  408.860534][ T5952] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  408.871541][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.102509][ T5952] usb 4-1: usb_control_msg returned -32
[  409.121878][ T5952] usbtmc 4-1:16.0: can't read capabilities
[  409.368078][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  409.403039][T12054] FAULT_INJECTION: forcing a failure.
[  409.403039][T12054] name failslab, interval 1, probability 0, space 0, times 0
[  409.416536][T12054] CPU: 1 UID: 0 PID: 12054 Comm: syz.6.1897 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  409.416558][T12054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  409.416572][T12054] Call Trace:
[  409.416579][T12054]  <TASK>
[  409.416586][T12054]  dump_stack_lvl+0x189/0x250
[  409.416609][T12054]  ? __pfx____ratelimit+0x10/0x10
[  409.416624][T12054]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.416642][T12054]  ? __pfx__printk+0x10/0x10
[  409.416667][T12054]  ? fib6_rule_lookup+0x3a1/0x6f0
[  409.416693][T12054]  should_fail_ex+0x414/0x560
[  409.416721][T12054]  should_failslab+0xa8/0x100
[  409.416745][T12054]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  409.416767][T12054]  ? __alloc_skb+0x112/0x2d0
[  409.416787][T12054]  __alloc_skb+0x112/0x2d0
[  409.416807][T12054]  tcp_make_synack+0xc9/0x1c00
[  409.416842][T12054]  ? __pfx_tcp_make_synack+0x10/0x10
[  409.416862][T12054]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  409.416886][T12054]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  409.416909][T12054]  ? rcu_is_watching+0x15/0xb0
[  409.416930][T12054]  ? __mod_timer+0xb37/0xf30
[  409.416951][T12054]  tcp_v6_send_synack+0xf0/0xc10
[  409.416973][T12054]  ? __pfx_tcp_v6_send_synack+0x10/0x10
[  409.416989][T12054]  ? inet_csk_reqsk_queue_hash_add+0x163/0x1d0
[  409.417014][T12054]  ? __pfx_inet_csk_reqsk_queue_hash_add+0x10/0x10
[  409.417043][T12054]  tcp_conn_request+0x23ef/0x3460
[  409.417092][T12054]  ? __pfx_tcp_conn_request+0x10/0x10
[  409.417127][T12054]  ? __lock_acquire+0xab9/0xd20
[  409.417167][T12054]  ? subflow_v6_conn_request+0x27e/0x3c0
[  409.417187][T12054]  ? tcp_rcv_state_process+0x20a/0x4140
[  409.417209][T12054]  tcp_rcv_state_process+0x196a/0x4140
[  409.417240][T12054]  ? sk_filter_trim_cap+0x1d0/0x9d0
[  409.417271][T12054]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[  409.417295][T12054]  ? sk_filter_trim_cap+0x61c/0x9d0
[  409.417321][T12054]  ? __pfx_tcp_inbound_hash+0x10/0x10
[  409.417337][T12054]  ? sk_filter_trim_cap+0x1d0/0x9d0
[  409.417360][T12054]  tcp_v6_do_rcv+0x89d/0x13f0
[  409.417380][T12054]  ? tcp_v6_fill_cb+0x260/0x4c0
[  409.417402][T12054]  tcp_v6_rcv+0x20ea/0x2c30
[  409.417450][T12054]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  409.417476][T12054]  ? fib6_rule_lookup+0x3a1/0x6f0
[  409.417515][T12054]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  409.417538][T12054]  ip6_protocol_deliver_rcu+0xcb0/0x15c0
[  409.417589][T12054]  ip6_input_finish+0x191/0x370
[  409.417615][T12054]  NF_HOOK+0x309/0x3a0
[  409.417637][T12054]  ? __pfx_ip6_input_finish+0x10/0x10
[  409.417656][T12054]  ? NF_HOOK+0x9a/0x3a0
[  409.417675][T12054]  ? __pfx_NF_HOOK+0x10/0x10
[  409.417696][T12054]  ? __pfx_ip6_input_finish+0x10/0x10
[  409.417732][T12054]  ip6_input+0x16a/0x270
[  409.417750][T12054]  ? ip6_input+0x23/0x270
[  409.417773][T12054]  NF_HOOK+0x309/0x3a0
[  409.417790][T12054]  ? skb_orphan+0x4c/0xd0
[  409.417812][T12054]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  409.417830][T12054]  ? NF_HOOK+0x9a/0x3a0
[  409.417849][T12054]  ? __pfx_NF_HOOK+0x10/0x10
[  409.417871][T12054]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  409.417905][T12054]  __netif_receive_skb+0xd3/0x380
[  409.417945][T12054]  ? netif_receive_skb+0x115/0x790
[  409.417976][T12054]  netif_receive_skb+0x1cb/0x790
[  409.418007][T12054]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  409.418030][T12054]  ? __pfx_netif_receive_skb+0x10/0x10
[  409.418068][T12054]  ? tun_rx_batched+0x160/0x730
[  409.418096][T12054]  tun_rx_batched+0x1b9/0x730
[  409.418121][T12054]  ? __lock_acquire+0xab9/0xd20
[  409.418156][T12054]  ? __pfx_tun_rx_batched+0x10/0x10
[  409.418185][T12054]  ? tun_get_user+0x266c/0x3e20
[  409.418227][T12054]  tun_get_user+0x2aa2/0x3e20
[  409.418269][T12054]  ? tun_get_user+0x6f6/0x3e20
[  409.418297][T12054]  ? tun_get_user+0x266c/0x3e20
[  409.418330][T12054]  ? __pfx_tun_get_user+0x10/0x10
[  409.418361][T12054]  ? aa_file_perm+0x40c/0xe70
[  409.418393][T12054]  ? aa_file_perm+0x122/0xe70
[  409.418431][T12054]  ? ref_tracker_alloc+0x318/0x460
[  409.418451][T12054]  ? __lock_acquire+0xab9/0xd20
[  409.418483][T12054]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  409.418513][T12054]  ? tun_get+0x1c/0x2f0
[  409.418544][T12054]  ? tun_get+0x1c/0x2f0
[  409.418568][T12054]  ? tun_get+0x1c/0x2f0
[  409.418599][T12054]  tun_chr_write_iter+0x113/0x200
[  409.418628][T12054]  vfs_write+0x54b/0xa90
[  409.418661][T12054]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  409.418687][T12054]  ? __pfx_vfs_write+0x10/0x10
[  409.418727][T12054]  ? __fget_files+0x2a/0x420
[  409.418770][T12054]  ksys_write+0x145/0x250
[  409.418800][T12054]  ? __pfx_ksys_write+0x10/0x10
[  409.418832][T12054]  ? lockdep_hardirqs_on+0x9c/0x150
[  409.418856][T12054]  __do_fast_syscall_32+0xb6/0x2b0
[  409.418880][T12054]  ? lockdep_hardirqs_on+0x9c/0x150
[  409.418905][T12054]  do_fast_syscall_32+0x34/0x80
[  409.418928][T12054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  409.418954][T12054] RIP: 0023:0xf706e539
[  409.418973][T12054] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  409.418991][T12054] RSP: 002b:00000000f505e520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  409.419013][T12054] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000040
[  409.419028][T12054] RDX: 000000000000004e RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  409.419041][T12054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  409.419052][T12054] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  409.419064][T12054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  409.419096][T12054]  </TASK>
[  409.458422][T12035] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  410.051588][   T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  410.061060][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.128835][   T10] usb 1-1: config 0 descriptor??
[  410.695140][T12077] vivid-000: =================  START STATUS  =================
[  410.718684][ T5952] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  410.731268][T12077] vivid-000: Test Pattern: 75% Colorbar
[  410.740968][T12077] vivid-000: Fill Percentage of Frame: 100
[  410.748509][T12077] vivid-000: Horizontal Movement: No Movement
[  410.755495][T12077] vivid-000: Vertical Movement: No Movement
[  410.763098][T12077] vivid-000: OSD Text Mode: All
[  410.769205][T12077] vivid-000: Show Border: false
[  410.774828][T12077] vivid-000: Show Square: false
[  410.783479][T12077] vivid-000: Sensor Flipped Horizontally: false
[  410.791574][T12077] vivid-000: Sensor Flipped Vertically: false
[  410.855896][T12077] vivid-000: Insert SAV Code in Image: false
[  410.881624][T12077] vivid-000: Insert EAV Code in Image: false
[  410.902232][ T5952] usb 5-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  410.914793][T12077] vivid-000: Insert Video Guard Band: false
[  410.938305][ T5952] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 184
[  410.943171][T12077] vivid-000: Reduced Framerate: 
[  410.967908][ T5952] usb 5-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  411.007879][T12077] false
[  411.021450][T12077] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  411.025959][ T5952] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.049431][T12077] 
[  411.059456][T12077] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  411.081594][T12077] vivid-000: Enable Capture Cropping: true grabbed
[  411.162248][   T10] ath6kl: Failed to submit usb control message: -110
[  411.178342][T12077] vivid-000: Enable Capture Composing: true grabbed
[  411.192611][T12077] vivid-000: Enable Capture Scaler: 
[  411.193922][ T5952] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  411.208856][T12077] true grabbed
[  411.214582][T12077] vivid-000: Timestamp Source: End of Frame
[  411.227088][  T930] usb 4-1: USB disconnect, device number 38
[  411.237718][T12077] vivid-000: Colorspace: 
[  411.237973][   T10] ath6kl: unable to send the bmi data to the device: -110
[  411.257735][T12077] sRGB
[  411.265098][T12077] vivid-000: Transfer Function: Default
[  411.275111][T12077] vivid-000: Y'CbCr Encoding: Default
[  411.283285][T12077] vivid-000: HSV Encoding: Hue 0-179
[  411.293685][T12077] vivid-000: Quantization: Full Range
[  411.309470][T12077] vivid-000: Apply Alpha To Red Only: false
[  411.318886][T12077] vivid-000: Standard Aspect Ratio: 4x3
[  411.330089][T12077] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  411.344546][T12077] vivid-000: DV Timings: 640x480p59 inactive
[  411.358917][T12077] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  411.373366][T12077] vivid-000: Maximum EDID Blocks: 2
[  411.383740][T12077] vivid-000: Limited RGB Range (16-235): false
[  411.390774][T12077] vivid-000: Rx RGB Quantization Range: Automatic
[  411.402307][   T10] ath6kl: Unable to send get target info: -110
[  411.409520][T12077] vivid-000: Power Present: 0x00000001
[  411.417669][T12077] tpg source WxH: 320x180 (Y'CbCr)
[  411.426625][T12077] tpg field: 1
[  411.432600][T12077] tpg crop: (0,0)/320x180
[  411.439872][T12077] tpg compose: (0,0)/320x180
[  411.445616][T12077] tpg colorspace: 8
[  411.450354][T12077] tpg transfer function: 0/2
[  411.455121][T12077] tpg Y'CbCr encoding: 0/1
[  411.459918][T12077] tpg quantization: 1/1
[  411.464845][T12077] tpg RGB range: 0/2
[  411.471758][T12077] vivid-000: ==================  END STATUS  ==================
[  411.588946][   T10] ath6kl: Failed to init ath6kl core: -110
[  411.596401][   T10] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[  411.605690][T12072] netlink: 'syz.4.1900': attribute type 10 has an invalid length.
[  411.615323][T12070] netlink: 'syz.4.1900': attribute type 10 has an invalid length.
[  411.749918][   T10] usb 1-1: USB disconnect, device number 28
[  411.809617][T12072] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  411.870008][ T5952] gspca_sn9c2028: read1 error -71
[  411.898719][ T5952] gspca_sn9c2028: read1 error -71
[  412.030505][ T5952] sn9c2028 5-1:220.0: probe with driver sn9c2028 failed with error -71
[  412.058881][ T5952] usb 5-1: USB disconnect, device number 35
[  412.210367][T12091] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  412.320215][T12091] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  413.074780][ T5952] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  413.279894][ T5952] usb 7-1: Using ep0 maxpacket: 32
[  413.301517][ T5952] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  413.311029][ T5952] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  413.327158][ T5952] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  413.378592][ T5952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  413.516557][ T5952] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  413.574457][ T5952] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  413.637246][ T5952] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  413.665940][ T5952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.699567][ T5952] usb 7-1: config 0 descriptor??
[  413.836287][ T5952] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  413.885840][ T5952] usb 7-1: USB disconnect, device number 32
[  413.996528][ T5952] usblp0: removed
[  414.197888][   T43] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  414.367821][   T43] usb 1-1: Using ep0 maxpacket: 8
[  414.385892][   T43] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  414.415093][   T43] usb 1-1: config 0 interface 0 has no altsetting 0
[  414.436181][   T43] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  414.455381][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.467071][   T43] usb 1-1: Product: syz
[  414.476441][   T43] usb 1-1: Manufacturer: syz
[  414.484894][   T43] usb 1-1: SerialNumber: syz
[  414.506383][   T43] usb 1-1: config 0 descriptor??
[  414.520354][   T43] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found
[  414.736172][   T43] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected
[  414.777916][   T43] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  414.988130][   T43] usb 1-1: USB disconnect, device number 29
[  415.007647][   T10] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  415.158107][   T10] usb 7-1: Using ep0 maxpacket: 8
[  415.185611][   T10] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  415.204796][   T10] usb 7-1: config 0 has no interface number 0
[  415.228529][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  415.281034][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  415.303148][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  415.314991][   T10] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  415.338433][   T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  415.351113][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.510520][   T10] usb 7-1: config 0 descriptor??
[  415.603529][   T10] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  415.718056][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  415.718079][   T30] audit: type=1800 audit(1754240963.157:1063): pid=12129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1916" name="file1" dev="tmpfs" ino=2111 res=0 errno=0
[  415.745281][ T5950] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  415.759008][   T30] audit: type=1800 audit(1754240963.197:1064): pid=12130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1916" name="file1" dev="tmpfs" ino=2111 res=0 errno=0
[  415.853266][   T43] usb 7-1: USB disconnect, device number 33
[  415.864339][   T43] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  415.930933][ T5950] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  415.947295][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.990203][ T5950] usb 4-1: config 0 descriptor??
[  416.492109][T12127] vivid-000: =================  START STATUS  =================
[  416.500145][T12127] vivid-000: Test Pattern: 75% Colorbar
[  416.506032][T12127] vivid-000: Fill Percentage of Frame: 100
[  416.513105][T12127] vivid-000: Horizontal Movement: No Movement
[  416.522604][T12127] vivid-000: Vertical Movement: No Movement
[  416.541776][T12127] vivid-000: OSD Text Mode: All
[  416.578690][T12127] vivid-000: Show Border: false
[  416.583756][T12127] vivid-000: Show Square: false
[  416.589586][T12127] vivid-000: Sensor Flipped Horizontally: false
[  416.629828][T12127] vivid-000: Sensor Flipped Vertically: false
[  416.674027][T12127] vivid-000: Insert SAV Code in Image: false
[  416.693048][T12139] FAULT_INJECTION: forcing a failure.
[  416.693048][T12139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.735934][T12127] vivid-000: Insert EAV Code in Image: false
[  416.769490][T12127] vivid-000: Insert Video Guard Band: false
[  416.780172][T12127] vivid-000: Reduced Framerate: false
[  416.792913][T12139] CPU: 0 UID: 0 PID: 12139 Comm: syz.6.1917 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  416.792948][T12139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  416.792962][T12139] Call Trace:
[  416.792970][T12139]  <TASK>
[  416.792980][T12139]  dump_stack_lvl+0x189/0x250
[  416.793016][T12139]  ? __pfx____ratelimit+0x10/0x10
[  416.793038][T12139]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.793065][T12139]  ? __pfx__printk+0x10/0x10
[  416.793108][T12139]  should_fail_ex+0x414/0x560
[  416.793148][T12139]  _copy_to_user+0x31/0xb0
[  416.793182][T12139]  simple_read_from_buffer+0xe1/0x170
[  416.793219][T12139]  proc_fail_nth_read+0x1b3/0x220
[  416.793247][T12139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  416.793275][T12139]  ? rw_verify_area+0x2a6/0x4d0
[  416.793299][T12139]  ? __lock_acquire+0xab9/0xd20
[  416.793329][T12139]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  416.793355][T12139]  vfs_read+0x1fd/0x980
[  416.793381][T12139]  ? fdget_pos+0x247/0x320
[  416.793417][T12139]  ? __pfx___mutex_lock+0x10/0x10
[  416.793441][T12139]  ? __pfx_vfs_read+0x10/0x10
[  416.793468][T12139]  ? __fget_files+0x2a/0x420
[  416.793504][T12139]  ? __fget_files+0x3a0/0x420
[  416.793534][T12139]  ? __fget_files+0x2a/0x420
[  416.793578][T12139]  ksys_read+0x145/0x250
[  416.793608][T12139]  ? __pfx_ksys_read+0x10/0x10
[  416.793639][T12139]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.793663][T12139]  __do_fast_syscall_32+0xb6/0x2b0
[  416.793687][T12139]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.793712][T12139]  do_fast_syscall_32+0x34/0x80
[  416.793735][T12139]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  416.793760][T12139] RIP: 0023:0xf706e539
[  416.793779][T12139] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  416.793797][T12139] RSP: 002b:00000000f505e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  416.793819][T12139] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f505e620
[  416.793842][T12139] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  416.793854][T12139] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  416.793865][T12139] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  416.793878][T12139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  416.793910][T12139]  </TASK>
[  416.797323][T12127] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  417.046453][T12127] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  417.056615][T12127] vivid-000: Enable Capture Cropping: true grabbed
[  417.075844][T12127] vivid-000: Enable Capture Composing: true grabbed
[  417.088276][T12127] vivid-000: Enable Capture Scaler: true grabbed
[  417.098734][T12127] vivid-000: Timestamp Source: End of Frame
[  417.109984][T12127] vivid-000: Colorspace: 
[  417.124729][ T5950] ath6kl: Failed to submit usb control message: -110
[  417.137620][T12127] sRGB
[  417.162648][T12127] vivid-000: Transfer Function: Default
[  417.174990][T12127] vivid-000: Y'CbCr Encoding: Default
[  417.188442][T12127] vivid-000: HSV Encoding: Hue 0-179
[  417.190788][ T5950] ath6kl: unable to send the bmi data to the device: -110
[  417.204065][T12127] vivid-000: Quantization: Full Range
[  417.211998][T12127] vivid-000: Apply Alpha To Red Only: false
[  417.238218][T12127] vivid-000: Standard Aspect Ratio: 4x3
[  417.261998][T12127] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  417.274036][T12127] vivid-000: DV Timings: 640x480p59 inactive
[  417.284138][T12127] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  417.294110][T12127] vivid-000: Maximum EDID Blocks: 2
[  417.314413][ T5950] ath6kl: Unable to send get target info: -110
[  417.318200][T12127] 
[  417.388546][T12127] vivid-000: Limited RGB Range (16-235): false
[  417.429572][ T5950] ath6kl: Failed to init ath6kl core: -110
[  417.436836][ T5950] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  417.448629][T12127] vivid-000: Rx RGB Quantization Range: Automatic
[  417.467746][T12127] vivid-000: Power Present: 0x00000001
[  417.482671][T12127] tpg source WxH: 320x180 (Y'CbCr)
[  417.490716][T12127] tpg field: 1
[  417.496233][T12127] tpg crop: (0,0)/320x180
[  417.502959][T12127] tpg compose: (0,0)/320x180
[  417.508454][T12127] tpg colorspace: 8
[  417.512849][T12127] tpg transfer function: 0/2
[  417.518240][T12127] tpg Y'CbCr encoding: 0/1
[  417.523914][T12127] tpg quantization: 1/1
[  417.529421][T12127] tpg RGB range: 0/2
[  417.533719][T12127] vivid-000: ==================  END STATUS  ==================
[  417.614569][  T930] usb 4-1: USB disconnect, device number 39
[  417.641518][T12153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1922'.
[  417.702113][T12153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1922'.
[  417.845153][T12152] binder: 12150:12152 ioctl c0306201 800003c0 returned -14
[  417.858548][T12152] binder: 12150:12152 ioctl c0306201 80000a00 returned -14
[  418.497672][T12179] netlink: 'syz.3.1931': attribute type 10 has an invalid length.
[  418.525156][T12179] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.545973][T12179] team0: Port device bond0 added
[  418.679969][T12189] FAULT_INJECTION: forcing a failure.
[  418.679969][T12189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.693664][T12189] CPU: 0 UID: 0 PID: 12189 Comm: syz.4.1935 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  418.693693][T12189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  418.693706][T12189] Call Trace:
[  418.693716][T12189]  <TASK>
[  418.693725][T12189]  dump_stack_lvl+0x189/0x250
[  418.693756][T12189]  ? __pfx____ratelimit+0x10/0x10
[  418.693778][T12189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.693804][T12189]  ? __pfx__printk+0x10/0x10
[  418.693849][T12189]  should_fail_ex+0x414/0x560
[  418.693890][T12189]  _copy_to_user+0x31/0xb0
[  418.693924][T12189]  simple_read_from_buffer+0xe1/0x170
[  418.693961][T12189]  proc_fail_nth_read+0x1b3/0x220
[  418.693990][T12189]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  418.694017][T12189]  ? rw_verify_area+0x2a6/0x4d0
[  418.694042][T12189]  ? __lock_acquire+0xab9/0xd20
[  418.694071][T12189]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  418.694097][T12189]  vfs_read+0x1fd/0x980
[  418.694124][T12189]  ? fdget_pos+0x247/0x320
[  418.694161][T12189]  ? __pfx___mutex_lock+0x10/0x10
[  418.694185][T12189]  ? __pfx_vfs_read+0x10/0x10
[  418.694214][T12189]  ? __fget_files+0x2a/0x420
[  418.694251][T12189]  ? __fget_files+0x3a0/0x420
[  418.694281][T12189]  ? __fget_files+0x2a/0x420
[  418.694324][T12189]  ksys_read+0x145/0x250
[  418.694353][T12189]  ? __pfx_ksys_read+0x10/0x10
[  418.694385][T12189]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.694417][T12189]  __do_fast_syscall_32+0xb6/0x2b0
[  418.694441][T12189]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.694468][T12189]  do_fast_syscall_32+0x34/0x80
[  418.694492][T12189]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  418.694519][T12189] RIP: 0023:0xf70ee539
[  418.694538][T12189] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  418.694558][T12189] RSP: 002b:00000000f50de590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  418.694581][T12189] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50de620
[  418.694596][T12189] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[  418.694609][T12189] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  418.694621][T12189] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  418.694633][T12189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  418.694667][T12189]  </TASK>
[  418.978784][T12167] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  418.990115][T12167] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  419.023829][T12167] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  419.040161][T12167] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  419.105891][T12167] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  419.119854][T12167] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  419.146606][T12167] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  419.180602][T12167] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  419.192928][T12167] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  419.204123][T12167] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  419.355968][T12201] fuse: Bad value for 'group_id'
[  419.366648][T12201] fuse: Bad value for 'group_id'
[  419.486007][T12206] FAULT_INJECTION: forcing a failure.
[  419.486007][T12206] name failslab, interval 1, probability 0, space 0, times 0
[  419.513153][T12206] CPU: 0 UID: 0 PID: 12206 Comm: syz.3.1941 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  419.513188][T12206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  419.513201][T12206] Call Trace:
[  419.513210][T12206]  <TASK>
[  419.513218][T12206]  dump_stack_lvl+0x189/0x250
[  419.513260][T12206]  ? __pfx____ratelimit+0x10/0x10
[  419.513282][T12206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  419.513308][T12206]  ? __pfx__printk+0x10/0x10
[  419.513345][T12206]  ? __pfx___might_resched+0x10/0x10
[  419.513371][T12206]  should_fail_ex+0x414/0x560
[  419.513411][T12206]  should_failslab+0xa8/0x100
[  419.513445][T12206]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  419.513474][T12206]  ? __alloc_skb+0x112/0x2d0
[  419.513502][T12206]  __alloc_skb+0x112/0x2d0
[  419.513532][T12206]  netlink_sendmsg+0x5c6/0xb30
[  419.513566][T12206]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.513593][T12206]  ? __import_iovec+0x5d4/0x7f0
[  419.513619][T12206]  ? aa_sock_msg_perm+0x94/0x160
[  419.513650][T12206]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  419.513676][T12206]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.513701][T12206]  __sock_sendmsg+0x219/0x270
[  419.513737][T12206]  ____sys_sendmsg+0x505/0x830
[  419.513771][T12206]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.513816][T12206]  ___sys_sendmsg+0x21f/0x2a0
[  419.513845][T12206]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.513911][T12206]  ? __fget_files+0x2a/0x420
[  419.513942][T12206]  ? __fget_files+0x3a0/0x420
[  419.513986][T12206]  __sys_sendmsg+0x164/0x220
[  419.514015][T12206]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.514059][T12206]  ? lockdep_hardirqs_on+0x9c/0x150
[  419.514083][T12206]  __do_fast_syscall_32+0xb6/0x2b0
[  419.514108][T12206]  ? lockdep_hardirqs_on+0x9c/0x150
[  419.514133][T12206]  do_fast_syscall_32+0x34/0x80
[  419.514157][T12206]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  419.514183][T12206] RIP: 0023:0xf705e539
[  419.514203][T12206] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  419.514222][T12206] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  419.514246][T12206] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  419.514274][T12206] RDX: 000000002008c014 RSI: 0000000000000000 RDI: 0000000000000000
[  419.514288][T12206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  419.514301][T12206] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  419.514314][T12206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  419.514344][T12206]  </TASK>
[  419.839441][T12212] loop9: detected capacity change from 0 to 8
[  419.854894][T12212]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  419.870501][T12212] loop9: partition table partially beyond EOD, truncated
[  419.895735][T12212] loop9: p1 size 81768186 extends beyond EOD, truncated
[  420.023817][ T5969]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  420.060609][ T5969] loop9: partition table partially beyond EOD, truncated
[  420.087189][T12219] ip6gre1: entered allmulticast mode
[  420.099472][ T5969] loop9: p1 size 81768186 extends beyond EOD, truncated
[  420.140327][T12214]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  420.146273][T12214] loop9: partition table partially beyond EOD, truncated
[  420.154394][T12214] loop9: p1 size 81768186 extends beyond EOD, truncated
[  420.265710][T12224] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1948'.
[  420.294179][T12224] batadv1: entered promiscuous mode
[  420.309324][T12224] 8021q: adding VLAN 0 to HW filter on device batadv1
[  420.314258][ T5969] udevd[5969]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  420.357819][ T5867] Bluetooth: hci0: command 0x0406 tx timeout
[  420.398683][ T5969] udevd[5969]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  420.466825][T12228] input: syz1 as /devices/virtual/input/input13
[  420.598983][T12235] FAULT_INJECTION: forcing a failure.
[  420.598983][T12235] name failslab, interval 1, probability 0, space 0, times 0
[  420.613109][T12235] CPU: 0 UID: 0 PID: 12235 Comm: syz.3.1952 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  420.613138][T12235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.613150][T12235] Call Trace:
[  420.613157][T12235]  <TASK>
[  420.613164][T12235]  dump_stack_lvl+0x189/0x250
[  420.613194][T12235]  ? __pfx____ratelimit+0x10/0x10
[  420.613212][T12235]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.613233][T12235]  ? __pfx__printk+0x10/0x10
[  420.613262][T12235]  ? __pfx___might_resched+0x10/0x10
[  420.613277][T12235]  ? fs_reclaim_acquire+0x7d/0x100
[  420.613308][T12235]  should_fail_ex+0x414/0x560
[  420.613339][T12235]  should_failslab+0xa8/0x100
[  420.613366][T12235]  __kmalloc_node_noprof+0xd1/0x4e0
[  420.613389][T12235]  ? __vmalloc_node_range_noprof+0x5a9/0x12f0
[  420.613420][T12235]  __vmalloc_node_range_noprof+0x5a9/0x12f0
[  420.613464][T12235]  ? percpu_ref_get_many+0x19/0x140
[  420.613501][T12235]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  420.613529][T12235]  ? memcpy_and_pad+0x48/0x80
[  420.613549][T12235]  __vmalloc_node_noprof+0xc2/0x110
[  420.613573][T12235]  ? copy_process+0x54b/0x3c00
[  420.613592][T12235]  ? copy_process+0x54b/0x3c00
[  420.613611][T12235]  dup_task_struct+0x3e7/0x860
[  420.613633][T12235]  copy_process+0x54b/0x3c00
[  420.613669][T12235]  ? get_pid_task+0x20/0x1f0
[  420.613694][T12235]  ? __pfx_copy_process+0x10/0x10
[  420.613724][T12235]  kernel_clone+0x21e/0x840
[  420.613743][T12235]  ? vfs_write+0x8d8/0xa90
[  420.613770][T12235]  ? __pfx_kernel_clone+0x10/0x10
[  420.613800][T12235]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  420.613827][T12235]  __ia32_compat_sys_ia32_clone+0x189/0x1e0
[  420.613850][T12235]  ? __pfx___ia32_compat_sys_ia32_clone+0x10/0x10
[  420.613890][T12235]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.613912][T12235]  __do_fast_syscall_32+0xb6/0x2b0
[  420.613937][T12235]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.613962][T12235]  do_fast_syscall_32+0x34/0x80
[  420.613987][T12235]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  420.614013][T12235] RIP: 0023:0xf705e539
[  420.614033][T12235] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  420.614051][T12235] RSP: 002b:00000000f502d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000078
[  420.614079][T12235] RAX: ffffffffffffffda RBX: 00000000640c7000 RCX: 0000000000000000
[  420.614094][T12235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  420.614106][T12235] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  420.614119][T12235] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  420.614132][T12235] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  420.614162][T12235]  </TASK>
[  420.614494][T12235] syz.3.1952: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  420.949355][T12235] CPU: 1 UID: 0 PID: 12235 Comm: syz.3.1952 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  420.949391][T12235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.949405][T12235] Call Trace:
[  420.949413][T12235]  <TASK>
[  420.949421][T12235]  dump_stack_lvl+0x189/0x250
[  420.949456][T12235]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.949483][T12235]  ? __pfx__printk+0x10/0x10
[  420.949513][T12235]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  420.949538][T12235]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  420.949565][T12235]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  420.949591][T12235]  warn_alloc+0x214/0x310
[  420.949623][T12235]  ? __pfx___might_resched+0x10/0x10
[  420.949642][T12235]  ? fs_reclaim_acquire+0x7d/0x100
[  420.949678][T12235]  ? __pfx_warn_alloc+0x10/0x10
[  420.949715][T12235]  ? rcu_is_watching+0x15/0xb0
[  420.949737][T12235]  ? trace_kmalloc+0x1f/0xd0
[  420.949760][T12235]  ? __kmalloc_node_noprof+0x293/0x4e0
[  420.949788][T12235]  ? __vmalloc_node_range_noprof+0x5a9/0x12f0
[  420.949826][T12235]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  420.949888][T12235]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  420.949923][T12235]  ? memcpy_and_pad+0x48/0x80
[  420.949948][T12235]  __vmalloc_node_noprof+0xc2/0x110
[  420.949979][T12235]  ? copy_process+0x54b/0x3c00
[  420.950000][T12235]  ? copy_process+0x54b/0x3c00
[  420.950024][T12235]  dup_task_struct+0x3e7/0x860
[  420.950053][T12235]  copy_process+0x54b/0x3c00
[  420.950097][T12235]  ? get_pid_task+0x20/0x1f0
[  420.950127][T12235]  ? __pfx_copy_process+0x10/0x10
[  420.950205][T12235]  kernel_clone+0x21e/0x840
[  420.950229][T12235]  ? vfs_write+0x8d8/0xa90
[  420.950261][T12235]  ? __pfx_kernel_clone+0x10/0x10
[  420.950297][T12235]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  420.950327][T12235]  __ia32_compat_sys_ia32_clone+0x189/0x1e0
[  420.950355][T12235]  ? __pfx___ia32_compat_sys_ia32_clone+0x10/0x10
[  420.950405][T12235]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.950430][T12235]  __do_fast_syscall_32+0xb6/0x2b0
[  420.950454][T12235]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.950479][T12235]  do_fast_syscall_32+0x34/0x80
[  420.950503][T12235]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  420.950529][T12235] RIP: 0023:0xf705e539
[  420.950549][T12235] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  420.950566][T12235] RSP: 002b:00000000f502d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000078
[  420.950589][T12235] RAX: ffffffffffffffda RBX: 00000000640c7000 RCX: 0000000000000000
[  420.950603][T12235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  420.950615][T12235] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  420.950628][T12235] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  420.950640][T12235] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  420.950671][T12235]  </TASK>
[  420.950795][T12235] Mem-Info:
[  421.088572][ T5865] Bluetooth: hci1: command 0x0406 tx timeout
[  421.167974][ T5867] Bluetooth: hci4: command 0x0406 tx timeout
[  421.175373][ T5865] Bluetooth: hci2: command 0x0406 tx timeout
[  421.241389][ T5867] Bluetooth: hci3: command 0x0406 tx timeout
[  421.371300][T12235] active_anon:8398 inactive_anon:0 isolated_anon:0
[  421.371300][T12235]  active_file:9380 inactive_file:39971 isolated_file:0
[  421.371300][T12235]  unevictable:768 dirty:187 writeback:0
[  421.371300][T12235]  slab_reclaimable:11140 slab_unreclaimable:111738
[  421.371300][T12235]  mapped:30408 shmem:1406 pagetables:1764
[  421.371300][T12235]  sec_pagetables:0 bounce:0
[  421.371300][T12235]  kernel_misc_reclaimable:0
[  421.371300][T12235]  free:1292601 free_pcp:13331 free_cma:0
[  421.416757][    C0] vkms_vblank_simulate: vblank timer overrun
[  421.471409][T12235] Node 0 active_anon:33692kB inactive_anon:0kB active_file:37468kB inactive_file:159684kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121680kB dirty:696kB writeback:0kB shmem:4088kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:13060kB pagetables:7028kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  421.529221][T12235] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:52kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  421.566730][T12235] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  421.615413][T12235] lowmem_reserve[]: 0 2497 2499 2499 2499
[  421.622045][T12235] Node 0 DMA32 free:1252584kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33648kB inactive_anon:0kB active_file:37468kB inactive_file:158116kB unevictable:1536kB writepending:696kB present:3129332kB managed:2557604kB mlocked:0kB bounce:0kB free_pcp:39244kB local_pcp:18740kB free_cma:0kB
[  421.747601][T12235] lowmem_reserve[]: 0 0 1 1 1
[  421.751647][T12249] FAULT_INJECTION: forcing a failure.
[  421.751647][T12249] name failslab, interval 1, probability 0, space 0, times 0
[  421.753672][T12235] Node 0 
[  421.765909][T12249] CPU: 0 UID: 0 PID: 12249 Comm: syz.6.1958 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  421.765939][T12249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  421.765953][T12249] Call Trace:
[  421.765961][T12249]  <TASK>
[  421.765970][T12249]  dump_stack_lvl+0x189/0x250
[  421.766001][T12249]  ? __pfx____ratelimit+0x10/0x10
[  421.766023][T12249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.766050][T12249]  ? __pfx__printk+0x10/0x10
[  421.766082][T12249]  ? __pfx___might_resched+0x10/0x10
[  421.766102][T12249]  ? fs_reclaim_acquire+0x7d/0x100
[  421.766140][T12249]  should_fail_ex+0x414/0x560
[  421.766180][T12249]  should_failslab+0xa8/0x100
[  421.766213][T12249]  __kmalloc_noprof+0xcb/0x4f0
[  421.766241][T12249]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  421.766278][T12249]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  421.766329][T12249]  genl_family_rcv_msg_doit+0xb8/0x300
[  421.766368][T12249]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  421.766402][T12249]  ? rcu_is_watching+0x15/0xb0
[  421.766427][T12249]  ? apparmor_capable+0x137/0x1b0
[  421.766463][T12249]  ? bpf_lsm_capable+0x9/0x20
[  421.766490][T12249]  ? security_capable+0x7e/0x2e0
[  421.766525][T12249]  genl_rcv_msg+0x60e/0x790
[  421.766562][T12249]  ? __pfx_genl_rcv_msg+0x10/0x10
[  421.766590][T12249]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  421.766616][T12249]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  421.766639][T12249]  ? __pfx_nl80211_post_doit+0x10/0x10
[  421.766667][T12249]  ? __asan_memcpy+0x40/0x70
[  421.766690][T12249]  ? __pfx_ref_tracker_free+0x10/0x10
[  421.766725][T12249]  netlink_rcv_skb+0x205/0x470
[  421.766752][T12249]  ? __lock_acquire+0xab9/0xd20
[  421.766791][T12249]  ? __pfx_genl_rcv_msg+0x10/0x10
[  421.766825][T12249]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  421.766874][T12249]  ? down_read+0x1ad/0x2e0
[  421.766908][T12249]  genl_rcv+0x28/0x40
[  421.766938][T12249]  netlink_unicast+0x82f/0x9e0
[  421.766989][T12249]  ? __pfx_netlink_unicast+0x10/0x10
[  421.767029][T12249]  ? netlink_sendmsg+0x642/0xb30
[  421.767060][T12249]  ? skb_put+0x11b/0x210
[  421.767095][T12249]  netlink_sendmsg+0x805/0xb30
[  421.767134][T12249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.767165][T12249]  ? __import_iovec+0x5d4/0x7f0
[  421.767196][T12249]  ? aa_sock_msg_perm+0x94/0x160
[  421.767231][T12249]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  421.767257][T12249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.767285][T12249]  __sock_sendmsg+0x219/0x270
[  421.767335][T12249]  ____sys_sendmsg+0x505/0x830
[  421.767374][T12249]  ? __pfx_____sys_sendmsg+0x10/0x10
[  421.767426][T12249]  ___sys_sendmsg+0x21f/0x2a0
[  421.767462][T12249]  ? __pfx____sys_sendmsg+0x10/0x10
[  421.767544][T12249]  ? __fget_files+0x2a/0x420
[  421.767580][T12249]  ? __fget_files+0x3a0/0x420
[  421.767630][T12249]  __sys_sendmsg+0x164/0x220
[  421.767664][T12249]  ? __pfx___sys_sendmsg+0x10/0x10
[  421.767716][T12249]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.767745][T12249]  __do_fast_syscall_32+0xb6/0x2b0
[  421.767775][T12249]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.767804][T12249]  do_fast_syscall_32+0x34/0x80
[  421.767831][T12249]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  421.767862][T12249] RIP: 0023:0xf706e539
[  421.767886][T12249] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  421.767907][T12249] RSP: 002b:00000000f505e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  421.767934][T12249] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  421.767952][T12249] RDX: 0000000004040000 RSI: 0000000000000000 RDI: 0000000000000000
[  421.767969][T12249] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  421.767983][T12249] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  421.767998][T12249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  421.768034][T12249]  </TASK>
[  422.202864][T12261] fuse: Bad value for 'group_id'
[  422.205626][T12235] Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  422.238799][T12261] fuse: Bad value for 'group_id'
[  422.273013][T12235] lowmem_reserve[]: 0 0 0 0 0
[  422.279487][   T30] audit: type=1326 audit(1754240969.697:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.306343][T12235] Node 1 Normal free:3902308kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:200kB unevictable:1536kB writepending:52kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:13312kB local_pcp:3264kB free_cma:0kB
[  422.340413][   T43] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  422.350811][   T30] audit: type=1326 audit(1754240969.707:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.376924][T12235] lowmem_reserve[]: 0 0 0 0 0
[  422.382447][T12235] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  422.411909][   T30] audit: type=1326 audit(1754240969.707:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.450140][ T5867] Bluetooth: hci0: command 0x0406 tx timeout
[  422.458798][   T30] audit: type=1326 audit(1754240969.707:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.470686][T12235] Node 0 
[  422.486830][   T30] audit: type=1326 audit(1754240969.707:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.518083][   T30] audit: type=1326 audit(1754240969.707:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.569063][T12235] DMA32: 2754*4kB (UME) 1524*8kB (UM) 272*16kB (UME) 479*32kB (UM) 121*64kB (UME) 19*128kB (UME) 38*256kB (UM) 18*512kB (UE) 10*1024kB (UE) 1*2048kB (U) 285*4096kB (UM) = 1251656kB
[  422.587471][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.626774][ T5952] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  422.635936][   T43] usb 5-1: Using ep0 maxpacket: 8
[  422.654088][   T43] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  422.663182][   T43] usb 5-1: config 0 has no interface number 0
[  422.669953][   T43] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  422.672025][T12235] Node 0 
[  422.690240][   T30] audit: type=1326 audit(1754240969.707:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.779295][   T30] audit: type=1326 audit(1754240969.707:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.809468][   T43] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  422.819769][T12235] Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  422.857657][ T5952] usb 7-1: Using ep0 maxpacket: 8
[  422.859357][   T30] audit: type=1326 audit(1754240969.707:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706e539 code=0x7ffc0000
[  422.889772][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.898203][T12235] Node 1 Normal: 159*4kB (UME) 49*8kB (UME) 32*16kB (UME) 169*32kB (UM) 39*64kB (UME) 7*128kB (UME) 3*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3902308kB
[  422.898445][T12235] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  422.898466][T12235] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  422.898517][T12235] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  422.898537][T12235] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  422.898557][T12235] 50753 total pagecache pages
[  422.898572][T12235] 0 pages in swap cache
[  422.898582][T12235] Free swap  = 124996kB
[  422.898593][T12235] Total swap = 124996kB
[  422.898604][T12235] 2097051 pages RAM
[  422.898615][T12235] 0 pages HighMem/MovableOnly
[  422.898624][T12235] 425608 pages reserved
[  422.898634][T12235] 0 pages cma reserved
[  423.067992][   T43] usb 5-1: config 0 descriptor??
[  423.084872][   T43] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  423.217192][ T5952] usb 7-1: unable to get BOS descriptor or descriptor too short
[  423.236753][ T5952] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  423.244472][   T30] audit: type=1326 audit(1754240969.707:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12250 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[  423.248675][ T5867] Bluetooth: hci4: command 0x0406 tx timeout
[  423.270800][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.289532][ T5865] Bluetooth: hci1: command 0x0406 tx timeout
[  423.297995][ T5952] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  423.317833][ T5867] Bluetooth: hci2: command 0x0406 tx timeout
[  423.324406][ T5867] Bluetooth: hci3: command 0x0406 tx timeout
[  423.337372][ T5952] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  423.347737][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.356555][ T5952] usb 7-1: Product: syz
[  423.367646][ T5952] usb 7-1: Manufacturer: syz
[  423.372690][ T5952] usb 7-1: SerialNumber: syz
[  423.409562][ T5952] usb 7-1: config 0 descriptor??
[  423.434290][T12247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.447213][T12247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.575668][ T5952] usb 5-1: USB disconnect, device number 36
[  423.575745][    C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  424.374534][T12273] Invalid logical block size (-4)
[  424.708174][   T10] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  424.853271][T12284] netlink: 'syz.3.1969': attribute type 1 has an invalid length.
[  424.869657][   T10] usb 9-1: config 0 has an invalid interface number: 160 but max is 0
[  424.882855][   T10] usb 9-1: config 0 has no interface number 0
[  424.889963][   T10] usb 9-1: config 0 interface 160 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  424.929361][   T10] usb 9-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=9e.4e
[  424.940415][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.972448][   T10] usb 9-1: Product: syz
[  425.036982][   T10] usb 9-1: Manufacturer: syz
[  425.074762][   T10] usb 9-1: SerialNumber: syz
[  425.120429][   T10] usb 9-1: config 0 descriptor??
[  425.133188][T12284] 8021q: adding VLAN 0 to HW filter on device bond1
[  425.171421][   T10] usb 9-1: Found UVC 0.00 device syz (05ac:8501)
[  425.216342][   T10] usb 9-1: No valid video chain found.
[  425.235934][T12285] erspan0: entered allmulticast mode
[  425.307090][T12285] bond1: (slave erspan0): making interface the new active one
[  425.356080][T12285] bond1: (slave erspan0): Enslaving as an active interface with an up link
[  425.391878][   T10] usb 9-1: USB disconnect, device number 21
[  425.937130][T12297] FAULT_INJECTION: forcing a failure.
[  425.937130][T12297] name failslab, interval 1, probability 0, space 0, times 0
[  425.996037][T12297] CPU: 0 UID: 0 PID: 12297 Comm: syz.3.1972 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  425.996071][T12297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  425.996086][T12297] Call Trace:
[  425.996096][T12297]  <TASK>
[  425.996106][T12297]  dump_stack_lvl+0x189/0x250
[  425.996141][T12297]  ? __pfx____ratelimit+0x10/0x10
[  425.996165][T12297]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.996191][T12297]  ? __pfx__printk+0x10/0x10
[  425.996226][T12297]  ? __pfx___might_resched+0x10/0x10
[  425.996247][T12297]  ? fs_reclaim_acquire+0x7d/0x100
[  425.996287][T12297]  should_fail_ex+0x414/0x560
[  425.996328][T12297]  should_failslab+0xa8/0x100
[  425.996362][T12297]  __kmalloc_noprof+0xcb/0x4f0
[  425.996391][T12297]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  425.996430][T12297]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  425.996471][T12297]  genl_family_rcv_msg_doit+0xb8/0x300
[  425.996510][T12297]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  425.996545][T12297]  ? rcu_is_watching+0x15/0xb0
[  425.996570][T12297]  ? apparmor_capable+0x137/0x1b0
[  425.996608][T12297]  ? bpf_lsm_capable+0x9/0x20
[  425.996638][T12297]  ? security_capable+0x7e/0x2e0
[  425.996674][T12297]  genl_rcv_msg+0x60e/0x790
[  425.996713][T12297]  ? __pfx_genl_rcv_msg+0x10/0x10
[  425.996740][T12297]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  425.996767][T12297]  ? __pfx_nl80211_set_key+0x10/0x10
[  425.996796][T12297]  ? __pfx_nl80211_post_doit+0x10/0x10
[  425.996825][T12297]  ? __asan_memcpy+0x40/0x70
[  425.996849][T12297]  ? __pfx_ref_tracker_free+0x10/0x10
[  425.996879][T12297]  netlink_rcv_skb+0x205/0x470
[  425.996898][T12297]  ? __lock_acquire+0xab9/0xd20
[  425.996930][T12297]  ? __pfx_genl_rcv_msg+0x10/0x10
[  425.996960][T12297]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  425.997011][T12297]  ? down_read+0x1ad/0x2e0
[  425.997040][T12297]  genl_rcv+0x28/0x40
[  425.997072][T12297]  netlink_unicast+0x82f/0x9e0
[  425.997117][T12297]  ? __pfx_netlink_unicast+0x10/0x10
[  425.997154][T12297]  ? netlink_sendmsg+0x642/0xb30
[  425.997175][T12297]  ? skb_put+0x11b/0x210
[  425.997204][T12297]  netlink_sendmsg+0x805/0xb30
[  425.997237][T12297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.997265][T12297]  ? __import_iovec+0x5d4/0x7f0
[  425.997292][T12297]  ? aa_sock_msg_perm+0x94/0x160
[  425.997324][T12297]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  425.997347][T12297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.997372][T12297]  __sock_sendmsg+0x219/0x270
[  425.997408][T12297]  ____sys_sendmsg+0x505/0x830
[  425.997442][T12297]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.997486][T12297]  ___sys_sendmsg+0x21f/0x2a0
[  425.997516][T12297]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.997583][T12297]  ? __fget_files+0x2a/0x420
[  425.997615][T12297]  ? __fget_files+0x3a0/0x420
[  425.997659][T12297]  __sys_sendmsg+0x164/0x220
[  425.997690][T12297]  ? __pfx___sys_sendmsg+0x10/0x10
[  425.997736][T12297]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.997761][T12297]  __do_fast_syscall_32+0xb6/0x2b0
[  425.997787][T12297]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.997813][T12297]  do_fast_syscall_32+0x34/0x80
[  425.997838][T12297]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  425.997865][T12297] RIP: 0023:0xf705e539
[  425.997884][T12297] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  425.997905][T12297] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  425.997929][T12297] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580
[  425.997944][T12297] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000
[  425.997957][T12297] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  425.997971][T12297] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  425.997993][T12297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  425.998026][T12297]  </TASK>
[  426.386876][   T10] usb 7-1: USB disconnect, device number 34
[  426.547258][T12302] loop8: detected capacity change from 0 to 8
[  426.568465][T12301] fuse: Bad value for 'group_id'
[  426.573488][T12301] fuse: Bad value for 'group_id'
[  426.582654][ T5969] Dev loop8: unable to read RDB block 8
[  426.589000][ T5969]  loop8: unable to read partition table
[  426.595487][ T5969] loop8: partition table beyond EOD, truncated
[  426.773697][T12302] Dev loop8: unable to read RDB block 8
[  426.792035][T12304] netlink: 'syz.0.1975': attribute type 1 has an invalid length.
[  426.801315][T12302]  loop8: unable to read partition table
[  426.837266][T12302] loop8: partition table beyond EOD, truncated
[  426.846665][T12302] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  426.890873][T12304] 8021q: adding VLAN 0 to HW filter on device bond1
[  427.218329][ T5952] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  427.395857][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  427.472095][ T5952] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  427.529686][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  427.556876][ T5952] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  427.576973][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.606380][ T5952] usb 4-1: config 0 descriptor??
[  427.653307][ T5952] em28xx 4-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  427.846220][T12312] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  428.093009][T12326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.154827][T12326] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.489837][   T10] usb 4-1: USB disconnect, device number 40
[  428.731200][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  428.731222][   T30] audit: type=1326 audit(1754240976.177:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12341 comm="syz.8.1986" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x0
[  428.875338][T12347] loop6: detected capacity change from 0 to 524287999
[  428.878512][T12344] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1985'.
[  429.200941][T12352] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  429.306763][T12354] FAULT_INJECTION: forcing a failure.
[  429.306763][T12354] name failslab, interval 1, probability 0, space 0, times 0
[  429.857830][T12354] CPU: 1 UID: 0 PID: 12354 Comm: syz.0.1988 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  429.857857][T12354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  429.857868][T12354] Call Trace:
[  429.857875][T12354]  <TASK>
[  429.857883][T12354]  dump_stack_lvl+0x189/0x250
[  429.857907][T12354]  ? __pfx____ratelimit+0x10/0x10
[  429.857923][T12354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  429.857942][T12354]  ? __pfx__printk+0x10/0x10
[  429.857966][T12354]  ? __pfx___might_resched+0x10/0x10
[  429.857981][T12354]  ? fs_reclaim_acquire+0x7d/0x100
[  429.858009][T12354]  should_fail_ex+0x414/0x560
[  429.858037][T12354]  should_failslab+0xa8/0x100
[  429.858062][T12354]  __kmalloc_noprof+0xcb/0x4f0
[  429.858082][T12354]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  429.858109][T12354]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  429.858137][T12354]  genl_family_rcv_msg_doit+0xb8/0x300
[  429.858164][T12354]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  429.858189][T12354]  ? rcu_is_watching+0x15/0xb0
[  429.858206][T12354]  ? apparmor_capable+0x137/0x1b0
[  429.858232][T12354]  ? bpf_lsm_capable+0x9/0x20
[  429.858253][T12354]  ? security_capable+0x7e/0x2e0
[  429.858277][T12354]  genl_rcv_msg+0x60e/0x790
[  429.858304][T12354]  ? __pfx_genl_rcv_msg+0x10/0x10
[  429.858324][T12354]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  429.858344][T12354]  ? __pfx_nl80211_connect+0x10/0x10
[  429.858358][T12354]  ? __pfx_nl80211_post_doit+0x10/0x10
[  429.858379][T12354]  ? __asan_memcpy+0x40/0x70
[  429.858396][T12354]  ? __pfx_ref_tracker_free+0x10/0x10
[  429.858427][T12354]  netlink_rcv_skb+0x205/0x470
[  429.858443][T12354]  ? __lock_acquire+0xab9/0xd20
[  429.858466][T12354]  ? __pfx_genl_rcv_msg+0x10/0x10
[  429.858495][T12354]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  429.858538][T12354]  ? down_read+0x1ad/0x2e0
[  429.858566][T12354]  genl_rcv+0x28/0x40
[  429.858594][T12354]  netlink_unicast+0x82f/0x9e0
[  429.858627][T12354]  ? __pfx_netlink_unicast+0x10/0x10
[  429.858652][T12354]  ? netlink_sendmsg+0x642/0xb30
[  429.858670][T12354]  ? skb_put+0x11b/0x210
[  429.858691][T12354]  netlink_sendmsg+0x805/0xb30
[  429.858715][T12354]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.858734][T12354]  ? __import_iovec+0x5d4/0x7f0
[  429.858754][T12354]  ? aa_sock_msg_perm+0x94/0x160
[  429.858775][T12354]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  429.858792][T12354]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.858809][T12354]  __sock_sendmsg+0x219/0x270
[  429.858836][T12354]  ____sys_sendmsg+0x505/0x830
[  429.858860][T12354]  ? __pfx_____sys_sendmsg+0x10/0x10
[  429.858892][T12354]  ___sys_sendmsg+0x21f/0x2a0
[  429.858914][T12354]  ? __pfx____sys_sendmsg+0x10/0x10
[  429.858961][T12354]  ? __fget_files+0x2a/0x420
[  429.858983][T12354]  ? __fget_files+0x3a0/0x420
[  429.859014][T12354]  __sys_sendmsg+0x164/0x220
[  429.859035][T12354]  ? __pfx___sys_sendmsg+0x10/0x10
[  429.859067][T12354]  ? lockdep_hardirqs_on+0x9c/0x150
[  429.859085][T12354]  __do_fast_syscall_32+0xb6/0x2b0
[  429.859103][T12354]  ? lockdep_hardirqs_on+0x9c/0x150
[  429.859121][T12354]  do_fast_syscall_32+0x34/0x80
[  429.859138][T12354]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  429.859158][T12354] RIP: 0023:0xf7f48539
[  429.859172][T12354] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  429.859186][T12354] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  429.859203][T12354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  429.859214][T12354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  429.859224][T12354] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  429.859233][T12354] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  429.859242][T12354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  429.859265][T12354]  </TASK>
[  430.241912][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.363411][    C1] vkms_vblank_simulate: vblank timer overrun
[  432.125610][T12367] syzkaller0: entered promiscuous mode
[  432.167695][   T43] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  432.223053][T12367] syzkaller0: entered allmulticast mode
[  432.280161][T12374] @: renamed from vlan0 (while UP)
[  432.432119][   T43] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  432.444320][   T43] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  432.475376][   T43] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  432.517822][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.577423][T12372] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  432.652168][   T43] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  436.443738][ T5950] usb 5-1: USB disconnect, device number 37
[  436.600421][T12406] program syz.3.2000 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  436.762946][T12411] syzkaller0: entered promiscuous mode
[  437.106292][T12411] syzkaller0: entered allmulticast mode
[  437.114859][T12419] netlink: 'syz.6.2001': attribute type 2 has an invalid length.
[  437.139823][T12415] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2000'.
[  437.213237][T12420] netlink: 'syz.4.2003': attribute type 1 has an invalid length.
[  437.294712][   T30] audit: type=1326 audit(1754240984.727:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.336378][   T30] audit: type=1326 audit(1754240984.727:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.427857][   T30] audit: type=1326 audit(1754240984.727:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=338 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.453301][   T30] audit: type=1326 audit(1754240984.727:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.537692][ T5950] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  437.573706][   T30] audit: type=1326 audit(1754240984.727:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.681480][T12425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2004'.
[  437.697660][ T5950] usb 9-1: Using ep0 maxpacket: 8
[  437.720804][ T5950] usb 9-1: unable to get BOS descriptor or descriptor too short
[  437.761796][ T5950] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  437.781275][ T5950] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  437.812928][   T30] audit: type=1326 audit(1754240984.727:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.956223][   T30] audit: type=1326 audit(1754240984.737:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf711e539 code=0x7ffc0000
[  437.981330][ T5950] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  438.007846][ T5952] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  438.017606][ T5950] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.040471][ T5950] usb 9-1: Product: syz
[  438.044703][ T5950] usb 9-1: Manufacturer: syz
[  438.050638][   T30] audit: type=1326 audit(1754240984.737:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  438.129153][   T30] audit: type=1326 audit(1754240984.737:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf711e539 code=0x7ffc0000
[  438.155321][   T30] audit: type=1326 audit(1754240984.737:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12412 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000
[  438.165439][ T5950] usb 9-1: SerialNumber: syz
[  438.197833][ T5952] usb 1-1: Using ep0 maxpacket: 8
[  438.220986][ T5950] usb 9-1: config 0 descriptor??
[  438.241472][ T5952] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  438.291279][ T5952] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  438.331750][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.728291][ T5952] usb 1-1: Product: syz
[  438.733796][ T5952] usb 1-1: Manufacturer: syz
[  438.739301][ T5952] usb 1-1: SerialNumber: syz
[  438.765572][ T5952] usb 1-1: config 0 descriptor??
[  438.787823][ T5952] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  438.796617][ T5952] usb 1-1: setting power ON
[  438.802126][ T5952] dvb-usb: bulk message failed: -22 (2/0)
[  438.814656][ T5952] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  438.828241][ T5952] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  438.991101][T12425] dvb-usb: bulk message failed: -22 (3/0)
[  439.001254][T12425] dvb-usb: bulk message failed: -22 (5/0)
[  439.013259][T12425] dvb-usb: bulk message failed: -22 (3/0)
[  439.021955][ T5952] usb 1-1: media controller created
[  439.056450][T12425] dvb-usb: bulk message failed: -22 (3/0)
[  439.268482][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  439.277791][  T121] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  439.444590][ T5952] usb 1-1: selecting invalid altsetting 6
[  439.450955][  T121] usb 7-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  439.461526][ T5952] usb 1-1: digital interface selection failed (-22)
[  439.483265][  T121] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 129
[  439.497865][ T5952] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  439.507262][  T121] usb 7-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  439.529778][  T121] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.541843][  T121] usb 7-1: Product: syz
[  439.546296][  T121] usb 7-1: Manufacturer: syz
[  439.554962][  T121] usb 7-1: SerialNumber: syz
[  439.595349][  T121] usb 7-1: config 0 descriptor??
[  439.642272][ T5952] usb 1-1: setting power OFF
[  439.673533][ T5952] dvb-usb: bulk message failed: -22 (2/0)
[  439.945498][ T5952] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  439.985969][ T5952] (NULL device *): no alternate interface
[  440.209151][ T5952] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  440.305880][  T930] usb 9-1: USB disconnect, device number 22
[  440.507987][ T5952] usb 1-1: USB disconnect, device number 30
[  440.564534][  T121] mos7840 7-1:0.0: required endpoints missing
[  440.620224][  T121] usb 7-1: USB disconnect, device number 35
[  440.848555][T12461] netlink: 'syz.4.2017': attribute type 1 has an invalid length.
[  440.865281][T12461] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  440.987750][ T5952] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  441.155497][T12457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  441.164651][T12457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  441.177114][ T5952] usb 1-1: unable to get BOS descriptor or descriptor too short
[  441.193572][ T5952] usb 1-1: unable to read config index 0 descriptor/start: -71
[  441.197875][ T5950] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  441.203690][ T5952] usb 1-1: can't read configurations, error -71
[  441.363146][ T5950] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  441.377563][ T5950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.389212][ T5950] usb 5-1: config 0 descriptor??
[  441.623339][T12479] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2025'.
[  441.919407][T12488] vivid-000: =================  START STATUS  =================
[  441.927286][T12488] vivid-000: Test Pattern: 75% Colorbar
[  441.933484][T12488] vivid-000: Fill Percentage of Frame: 100
[  441.949836][T12488] vivid-000: Horizontal Movement: No Movement
[  441.976217][T12487] 
[  441.978624][T12487] ============================================
[  441.984801][T12487] WARNING: possible recursive locking detected
[  441.990989][T12487] 6.16.0-syzkaller-11241-g186f3edfdd41 #0 Not tainted
[  441.997785][T12487] --------------------------------------------
[  442.003963][T12487] syz.3.2029/12487 is trying to acquire lock:
[  442.010057][T12487] ffff88805a704d28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __netdev_update_features+0xcb1/0x1be0
[  442.021073][T12487] 
[  442.021073][T12487] but task is already holding lock:
[  442.028463][T12487] ffff88805a704d28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x19b0
[  442.033284][T12488] vivid-000: Vertical Movement: 
[  442.038357][T12487] and the lock comparison function returns 0:
[  442.038374][T12487] 
[  442.038374][T12487] other info that might help us debug this:
[  442.038384][T12487]  Possible unsafe locking scenario:
[  442.038384][T12487] 
[  442.038392][T12487]        CPU0
[  442.038399][T12487]        ----
[  442.038405][T12487]   lock(&dev_instance_lock_key#20);
[  442.038432][T12487]   lock(&dev_instance_lock_key#20);
[  442.038455][T12487] 
[  442.038455][T12487]  *** DEADLOCK ***
[  442.038455][T12487] 
[  442.038462][T12487]  May be due to missing lock nesting notation
[  442.038462][T12487] 
[  442.038471][T12487] 2 locks held by syz.3.2029/12487:
[  442.038485][T12487]  #0: ffffffff8f532948 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x19b0
[  442.038550][T12487]  #1: ffff88805a704d28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x19b0
[  442.038617][T12487] 
[  442.038617][T12487] stack backtrace:
[  442.038631][T12487] CPU: 1 UID: 0 PID: 12487 Comm: syz.3.2029 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) 
[  442.038657][T12487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  442.038671][T12487] Call Trace:
[  442.038680][T12487]  <TASK>
[  442.038688][T12487]  dump_stack_lvl+0x189/0x250
[  442.038716][T12487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.038745][T12487]  ? __pfx__printk+0x10/0x10
[  442.038782][T12487]  ? print_lock_name+0xde/0x100
[  442.038820][T12487]  print_deadlock_bug+0x28b/0x2a0
[  442.038846][T12487]  validate_chain+0x1a3f/0x2140
[  442.038872][T12487]  ? __lock_acquire+0xab9/0xd20
[  442.038918][T12487]  __lock_acquire+0xab9/0xd20
[  442.038958][T12487]  ? __netdev_update_features+0xcb1/0x1be0
[  442.038993][T12487]  lock_acquire+0x120/0x360
[  442.039025][T12487]  ? __netdev_update_features+0xcb1/0x1be0
[  442.039063][T12487]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  442.039105][T12487]  __mutex_lock+0x187/0x1360
[  442.039130][T12487]  ? __netdev_update_features+0xcb1/0x1be0
[  442.039169][T12487]  ? stack_depot_save_flags+0x429/0x900
[  442.039208][T12487]  ? __netdev_update_features+0xcb1/0x1be0
[  442.039255][T12487]  ? __pfx___mutex_lock+0x10/0x10
[  442.039282][T12487]  ? bond_fix_features+0x191/0x1d0
[  442.039323][T12487]  __netdev_update_features+0xcb1/0x1be0
[  442.039365][T12487]  ? __pfx___netdev_update_features+0x10/0x10
[  442.039400][T12487]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  442.039438][T12487]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  442.039483][T12487]  ? __wake_up_common_lock+0x190/0x1f0
[  442.039515][T12487]  ? consume_skb+0xce/0xf0
[  442.039543][T12487]  ? netlink_broadcast_filtered+0x1216/0x12c0
[  442.039590][T12487]  netdev_change_features+0x72/0xd0
[  442.039623][T12487]  ? __pfx_netdev_change_features+0x10/0x10
[  442.039655][T12487]  ? cfg80211_netdev_notifier_call+0x1ee/0x1450
[  442.039689][T12487]  ? netif_set_tso_max_size+0x10e/0x1d0
[  442.039720][T12487]  bond_compute_features+0x615/0x680
[  442.039765][T12487]  ? __pfx_bond_compute_features+0x10/0x10
[  442.039809][T12487]  bond_netdev_event+0x72e/0xe80
[  442.039845][T12487]  ? __pfx_bond_netdev_event+0x10/0x10
[  442.039878][T12487]  ? inetdev_event+0x464/0x15b0
[  442.039913][T12487]  ? igmp_netdev_event+0x7c/0x770
[  442.039950][T12487]  notifier_call_chain+0x1b3/0x3e0
[  442.039981][T12487]  netdev_features_change+0x85/0xc0
[  442.040004][T12487]  ? __pfx_netdev_features_change+0x10/0x10
[  442.040028][T12487]  ? security_capable+0x7e/0x2e0
[  442.040064][T12487]  dev_ethtool+0x1536/0x19b0
[  442.040102][T12487]  ? __pfx_dev_ethtool+0x10/0x10
[  442.040140][T12487]  ? dev_load+0x21/0x1f0
[  442.040165][T12487]  dev_ioctl+0x392/0x1150
[  442.040192][T12487]  compat_sock_ioctl+0xc3b/0xc80
[  442.040233][T12487]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  442.040280][T12487]  ? __fget_files+0x3a0/0x420
[  442.040318][T12487]  ? __fget_files+0x2a/0x420
[  442.040356][T12487]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  442.040389][T12487]  __ia32_compat_sys_ioctl+0x543/0x840
[  442.040421][T12487]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  442.040455][T12487]  ? __se_sys_futex_time32+0x360/0x3e0
[  442.040490][T12487]  ? fd_install+0x97/0x540
[  442.040530][T12487]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.040554][T12487]  __do_fast_syscall_32+0xb6/0x2b0
[  442.040582][T12487]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.040607][T12487]  do_fast_syscall_32+0x34/0x80
[  442.040634][T12487]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  442.040667][T12487] RIP: 0023:0xf705e539
[  442.040689][T12487] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  442.040713][T12487] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  442.040739][T12487] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008946
[  442.040755][T12487] RDX: 0000000080000680 RSI: 0000000000000000 RDI: 0000000000000000
[  442.040772][T12487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  442.040789][T12487] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  442.040805][T12487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  442.040830][T12487]  </TASK>
[  442.547777][ T5950] ath6kl: Failed to submit usb control message: -110
[  442.554549][ T5950] ath6kl: unable to send the bmi data to the device: -110
[  442.563790][T12488] No Movement
[  442.567290][T12488] vivid-000: OSD Text Mode: All
[  442.579196][T12488] vivid-000: Show Border: false
[  442.591987][T12488] vivid-000: Show Square: false
[  442.600231][T12488] vivid-000: Sensor Flipped Horizontally: false
[  442.606612][ T5950] ath6kl: Unable to send get target info: -110
[  442.644702][T12488] vivid-000: Sensor Flipped Vertically: false
[  442.651957][T12488] vivid-000: Insert SAV Code in Image: false
[  442.659397][T12488] vivid-000: Insert EAV Code in Image: false
[  442.665763][T12488] vivid-000: Insert Video Guard Band: false
[  442.672940][ T5950] ath6kl: Failed to init ath6kl core: -110
[  442.679852][ T5950] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[  442.706372][T12488] vivid-000: Reduced Framerate: false
[  442.713089][T12488] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  442.723371][T12488] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  442.732193][T12488] vivid-000: Enable Capture Cropping: true grabbed
[  442.739039][T12488] vivid-000: Enable Capture Composing: true grabbed
[  442.745808][T12488] vivid-000: Enable Capture Scaler: true grabbed
[  442.753262][T12488] vivid-000: Timestamp Source: End of Frame
[  442.759457][T12488] vivid-000: Colorspace: sRGB
[  442.764271][T12488] vivid-000: Transfer Function: Default
[  442.770470][T12488] vivid-000: Y'CbCr Encoding: Default
[  442.776106][T12488] vivid-000: HSV Encoding: Hue 0-179
[  442.782094][T12488] vivid-000: Quantization: Full Range
[  442.787895][T12488] vivid-000: Apply Alpha To Red Only: false
[  442.798083][T12488] vivid-000: Standard Aspect Ratio: 4x3
[  442.806650][T12488] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  442.814590][ T5952] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  442.822554][T12488] vivid-000: DV Timings: 640x480p59 inactive
[  442.831390][T12488] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  442.839159][T12488] vivid-000: Maximum EDID Blocks: 2
[  442.846222][T12488] vivid-000: Limited RGB Range (16-235): false
[  442.852676][T12488] vivid-000: Rx RGB Quantization Range: Automatic
[  442.860484][T12488] vivid-000: Power Present: 0x00000001
[  442.867123][T12488] tpg source WxH: 320x240 (R'G'B)
[  442.872746][T12488] tpg field: 1
[  442.876966][T12488] tpg crop: (0,0)/320x240
[  442.881664][T12488] tpg compose: (0,0)/320x240
[  442.887097][T12488] tpg colorspace: 8
[  442.892277][T12488] tpg transfer function: 0/2
[  442.897791][T12488] tpg quantization: 1/1
[  442.902248][T12488] tpg RGB range: 0/2
[  442.909724][  T930] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  442.917742][T12488] vivid-000: ==================  END STATUS  ==================
[  442.977577][ T5952] usb 1-1: Using ep0 maxpacket: 32
[  442.984398][ T5952] usb 1-1: config 0 interface 0 altsetting 74 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.995779][ T5952] usb 1-1: config 0 interface 0 altsetting 74 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.006713][ T5952] usb 1-1: config 0 interface 0 has no altsetting 0
[  443.014863][ T5952] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  443.024018][ T5952] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.040194][ T5952] usb 1-1: config 0 descriptor??
[  443.077658][  T930] usb 4-1: Using ep0 maxpacket: 16
[  443.084281][  T930] usb 4-1: config 8 has an invalid interface number: 206 but max is 0
[  443.093022][  T930] usb 4-1: config 8 has no interface number 0
[  443.099444][  T930] usb 4-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[  443.111401][  T930] usb 4-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[  443.122870][  T930] usb 4-1: config 8 interface 206 has no altsetting 0
[  443.131781][  T930] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  443.142441][  T930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.152142][  T930] usb 4-1: Product: syz
[  443.156436][  T930] usb 4-1: Manufacturer: syz
[  443.161314][  T930] usb 4-1: SerialNumber: syz
[  443.474078][ T5952] petalynx 0003:18B1:0037.0013: unknown main item tag 0x0
[  443.482398][ T5952] petalynx 0003:18B1:0037.0013: unknown main item tag 0x0
[  443.489683][ T5952] petalynx 0003:18B1:0037.0013: unknown main item tag 0x0
[  443.501078][ T5952] petalynx 0003:18B1:0037.0013: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.0-1/input0
[  443.720965][ T5950] usb 1-1: USB disconnect, device number 33
[  445.400547][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  445.406919][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  448.208926][  T930] garmin_gps 4-1:8.206: Garmin GPS usb/tty converter detected
[  448.219905][  T930] usb 4-1: Garmin GPS usb/tty converter now attached to ttyUSB0