last executing test programs:

12m35.791659993s ago: executing program 3 (id=1851):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r1, 0x80)
r2 = accept$netrom(r1, 0x0, 0x0)
writev(r2, &(0x7f0000000540)=[{&(0x7f0000000000)="ec0fe6ff6119282063dd08895efd6e516076858a4a18704b7f31707a1eea592fa6d5a693e98848aac64318a8ca97ae1a4969fe13db1969c913857c1f1683b81f2a99807855b48f11ebb65fcf276dab7a6ad9", 0x52}, {&(0x7f0000000080)="4bf0f2927185274d960eb6377bb31f8459627ee65537c8ac2389bba516cb16006132ba0a9796b2709de117d5bb8b0acb9447691a65e25d67fa5c4cb59ac289387a64a8b2a3edd54145e0277c79000691debaa0bf1b808d9763246b2861cd7e486c46aca845b9e4245999a7173c94d0", 0x6f}, {&(0x7f0000000100)="6a50b854530e1be6c3db8eda2118574117d9112fb656dd019171be569e0418c3ad", 0x21}], 0x3)

12m35.431198982s ago: executing program 3 (id=1857):
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000240)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
pwrite64(r5, 0x0, 0x0, 0x7fffffffffffffff)
setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r6, 0x1}], 0x1, 0x0, 0x0, 0x3)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000017c0)=@filter={'filter\x00', 0xe, 0x5, 0x146, [0x0, 0x200000000080, 0x20000000097e, 0x2000000014a2], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{0x0, 0x2, 0x6002, 'gre0\x00', 'geneve1\x00', 'veth0_vlan\x00', 'gre0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, [0xff, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0xff, 0x0, 0xff, 0xff, 0xff], 0x6e, 0x6e, 0xb6, [], [], @common=@ERROR={'ERROR\x00', 0x20, {"882c2ce38f10cd9c2f67fc17c2a5f68cd06df2ebcc8bed3e060c4915afb0"}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x3, 0xfffffffffffffffc}]}, 0x1be)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r7, 0xc018937e, &(0x7f0000000540)={{0x1, 0x1, 0x40}, '.\x00'})
pipe2(&(0x7f0000000180)={<r8=>0xffffffffffffffff}, 0x80080)
inotify_add_watch(r8, 0x0, 0x1)
ioctl$MEDIA_REQUEST_IOC_REINIT(r8, 0x7c81, 0x0)

12m34.511415118s ago: executing program 3 (id=1871):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="5300000007000046009d", @ANYBLOB="c770ee18914110e7c1"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

12m34.437565865s ago: executing program 3 (id=1872):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r0, &(0x7f0000000280)="02042c08ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xffffffffffffff60, 0x24040891, 0x0, 0x0)

12m34.386382067s ago: executing program 3 (id=1874):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r1, 0x80)
r2 = accept$netrom(r1, 0x0, 0x0)
writev(r2, &(0x7f0000000540)=[{&(0x7f0000000000)="ec0fe6ff6119282063dd08895efd6e516076858a4a18704b7f31707a1eea592fa6d5a693e98848aac64318a8ca97ae1a4969fe13db1969c913857c1f1683b81f2a99807855b48f11ebb65fcf276dab7a6ad917897a9996af", 0x58}, {&(0x7f0000000080)="4bf0f2927185274d960eb6377bb31f8459627ee65537c8ac2389bba516cb16006132ba0a9796b2709de117d5bb8b0acb9447691a65e25d67fa5c4cb59ac289387a64a8b2a3edd54145e0277c79000691debaa0bf1b808d9763246b2861cd7e486c46aca845b9e4245999a7173c94d0", 0x6f}, {&(0x7f0000000100)="6a50b854530e1be6c3db8eda2118574117d9112fb656dd019171be569e0418c3ad", 0x21}], 0x3)

12m34.056659099s ago: executing program 3 (id=1879):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="c7"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

12m19.011104926s ago: executing program 32 (id=1879):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="c7"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

7m16.834498858s ago: executing program 4 (id=4530):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
write(r0, &(0x7f0000000380)="fb196dec69a10b2284f761ca101022bcc68752cd2a4ddad8fb4427a23a27b90193ac13a4af86fe765f972d765daff264784bbd7bb9758824e951404b348375ddf05290d0ac0d1193da1090cae4ae32d841f14b4463125af7074084be37266ad8ffda263654000bec6327c11e0e3029907058c64629ad771d9b152fdcc2121b2a355ab2a4754e155e74e1a2618acc20f055d7f69bacaeebdecbcede36c675896677245097c7d87c727afc8890a6acabd6dc660bc389ef8379fb67212653aa766c1d6eca7c7b622835696a5e0ba4c04e7ac7263122337c3dc19d7974310bf43a8251cbc75ff3cffeab3d2e0e9d8e3edbd6bccb93185ab0f08af349c81512f0140643a55eb53a6cae06d378ecc95b7772f3b638d6f34b6ddc61e5014a16be5d7167800e5f992a71983d0698ace86ceb24f3f016bfb640c2833bf3bcba65c329d43e65351c89f9b8a392267438a8c10b0022546cdf39bdd0a57084c8d3a79e97bf75aa5409ff114febd2e48a59d118a4396ff5cee71b8d0b34e63343216281cb47a4a28b329de3104068ec02bd2e849a523c3b92c060dd023c3b9968c3329dd076db9c5f377b94168adc3a766b7f7f941cb4c6b507c77864c839770943f504a7f616b9e7c6b3dc2a81c617c0c6e6f5b0a6d0389ceb0da410e8562bdc5bb88de4a47810a21174488a4d3ef8dcba8a033ecd5f2361c8ba179ed58cf88c335433dfc0f0c1ed5716df27cb1823af02a2ca4f89754f3567b2f51b17f8ef04e8ce3e60e8c1d7773e98a4948f5bf5cee4b0732a78e67ab86a677b0d34cb3f852245e466f05618b844213fe8700cc6fc0b6813ba41a113b524709fb15ad68493da36443f83fc3cc25948dac9f32968e693e3b8c15386fdfd21344cec28e6170b2c94f8d2a6cd1c087297a18c82947e60b97e12742fc0ef6007ec136b3429ba2d4ef1b1fa77428fcc626c6eee96174c2a32a8e0cfa8b7cce8a39a8eef0d921cbf35a2a5ea6c1c8fedeb5bc783502b60392752262e38666f7f2eef6153471ddc469d89f911dadb2aeb40615cba6f5c37cd3ee584aed4f950063dbe223469190cd61281008ca4458373f98f9294115089801dda01deb69d56cdb0e10563a0c78045d6564c41bba6e31ab1e2141d5081624d108c8e8ddaafe7099a7114e2552dd46900f0a5aeaccab141175d377ab872f94d23b083c03cac21abd19ed2307264568e111d5927c08547716b5fdc4db72e4e715c35adb6333a3413b5a4b6b62bd82ab3fc52412929d4945c974ca5e42a2f7ec3f4987f1cc697e4dcbeb25a24c8755038c67da8e6b295f60ce900a5b6fd5a9ef3d50ffcb21ccbae6f05203d135f1bdf20d1d03fa044520cd6e7b5ea79c2f21c76914d47df5961ea77087967fc69836e819ba91d6ed2daf2a21c1100a1bb3320997422234b4d166eeb4c1d6498f508c4fbffdbb6fa8971598782d2d5ad10a38f785592151d406bfa8a3b72f35bcd895acc762182f7f56f851d808c0b872ab787472bcc07f311f442cf2755f3fd737b5ebe059d703306eb51f97de3fc62204d0a8ef4032e720dcf2c7afb2ffc0d07b1fe2da1568f44b0fd9979c2b1c69d4895145931dc6de29c0fbaae24607bf445a73237409b9595780bb173ab5938461120a70f64707cb90fa38dfec31259dab069b4a108d8ff7073de4f28fefe9acb318e725ca1d937e987c54b1b7c88b1ff8d82ee78291a4e80ae588d07b8dfe9303cc80172048992932642502d0a34a1135fd9fe480b891feead766a5d0ea906ea90e7e42800ae1d4c2ec23bf98e307c35ca76606e8b261c9a8ddde2d057bb0cfaaf4233f7a3e0ab5eb2565afc2210c2e33f2d63c51afb7d823acf58e6e602f544872dc3821f9c4fbb5e64eeb30de1df52a406fe25d024dde2cf3ce08230830f6359ab499ca38a4b442d56f28fb8a017657b2c241c10f490d3b7904325098ec40e5d90311b08a23446e107ca4a5ac7146764c9daeaaf7d1e288880296b91387ecb75a8f442c3cf29704460144ce5c03b8d74e689a7ff091e2883c1e4a45cfb8d124caab6d8518c983b1d958921c7d02e0d2f881d8379fa01f76ece37b67a59d6692ddcf34badd6d081bae36b43ab6e961409677bfdc445b3bb67ba9ee779af19cb42de9cf2e18ba6e6859152280f69cecf5fe120aaa5a894d0e125ce24fa33e77a90696a367d88d839663b4ce7f195ce6b158f6204c8e380f0b1be2c41b10d8984d55ba4f51262dbd6e3254660604efe5fc8f6ae5e2b3c0a219650060bc40d839b86c5a07247f36f2bf83d282ca0951b056c1ea748785984d5b686dd74618d4e28090ba47aaf2512d03eb21b7e97fdea9197b75da73d8b9a29b566254bd6654f3f1eec1006b7b671301dcb5051c18435f247d366fae034022f5c965a922fe2225bdb7e757daa2e7c2bf8b03be0d4590895c34bd8582ee1d04939b60e4bd28d6e77a243e14e60e6dc9e07297d5b17f54d1c105f1334e7436c498c6c57179ce4b5a835b076e06e41fec35ef4b962fad389c935f77fa5cae0fb19c4d5b9", 0x701) (async)
write(r0, &(0x7f0000000380)="fb196dec69a10b2284f761ca101022bcc68752cd2a4ddad8fb4427a23a27b90193ac13a4af86fe765f972d765daff264784bbd7bb9758824e951404b348375ddf05290d0ac0d1193da1090cae4ae32d841f14b4463125af7074084be37266ad8ffda263654000bec6327c11e0e3029907058c64629ad771d9b152fdcc2121b2a355ab2a4754e155e74e1a2618acc20f055d7f69bacaeebdecbcede36c675896677245097c7d87c727afc8890a6acabd6dc660bc389ef8379fb67212653aa766c1d6eca7c7b622835696a5e0ba4c04e7ac7263122337c3dc19d7974310bf43a8251cbc75ff3cffeab3d2e0e9d8e3edbd6bccb93185ab0f08af349c81512f0140643a55eb53a6cae06d378ecc95b7772f3b638d6f34b6ddc61e5014a16be5d7167800e5f992a71983d0698ace86ceb24f3f016bfb640c2833bf3bcba65c329d43e65351c89f9b8a392267438a8c10b0022546cdf39bdd0a57084c8d3a79e97bf75aa5409ff114febd2e48a59d118a4396ff5cee71b8d0b34e63343216281cb47a4a28b329de3104068ec02bd2e849a523c3b92c060dd023c3b9968c3329dd076db9c5f377b94168adc3a766b7f7f941cb4c6b507c77864c839770943f504a7f616b9e7c6b3dc2a81c617c0c6e6f5b0a6d0389ceb0da410e8562bdc5bb88de4a47810a21174488a4d3ef8dcba8a033ecd5f2361c8ba179ed58cf88c335433dfc0f0c1ed5716df27cb1823af02a2ca4f89754f3567b2f51b17f8ef04e8ce3e60e8c1d7773e98a4948f5bf5cee4b0732a78e67ab86a677b0d34cb3f852245e466f05618b844213fe8700cc6fc0b6813ba41a113b524709fb15ad68493da36443f83fc3cc25948dac9f32968e693e3b8c15386fdfd21344cec28e6170b2c94f8d2a6cd1c087297a18c82947e60b97e12742fc0ef6007ec136b3429ba2d4ef1b1fa77428fcc626c6eee96174c2a32a8e0cfa8b7cce8a39a8eef0d921cbf35a2a5ea6c1c8fedeb5bc783502b60392752262e38666f7f2eef6153471ddc469d89f911dadb2aeb40615cba6f5c37cd3ee584aed4f950063dbe223469190cd61281008ca4458373f98f9294115089801dda01deb69d56cdb0e10563a0c78045d6564c41bba6e31ab1e2141d5081624d108c8e8ddaafe7099a7114e2552dd46900f0a5aeaccab141175d377ab872f94d23b083c03cac21abd19ed2307264568e111d5927c08547716b5fdc4db72e4e715c35adb6333a3413b5a4b6b62bd82ab3fc52412929d4945c974ca5e42a2f7ec3f4987f1cc697e4dcbeb25a24c8755038c67da8e6b295f60ce900a5b6fd5a9ef3d50ffcb21ccbae6f05203d135f1bdf20d1d03fa044520cd6e7b5ea79c2f21c76914d47df5961ea77087967fc69836e819ba91d6ed2daf2a21c1100a1bb3320997422234b4d166eeb4c1d6498f508c4fbffdbb6fa8971598782d2d5ad10a38f785592151d406bfa8a3b72f35bcd895acc762182f7f56f851d808c0b872ab787472bcc07f311f442cf2755f3fd737b5ebe059d703306eb51f97de3fc62204d0a8ef4032e720dcf2c7afb2ffc0d07b1fe2da1568f44b0fd9979c2b1c69d4895145931dc6de29c0fbaae24607bf445a73237409b9595780bb173ab5938461120a70f64707cb90fa38dfec31259dab069b4a108d8ff7073de4f28fefe9acb318e725ca1d937e987c54b1b7c88b1ff8d82ee78291a4e80ae588d07b8dfe9303cc80172048992932642502d0a34a1135fd9fe480b891feead766a5d0ea906ea90e7e42800ae1d4c2ec23bf98e307c35ca76606e8b261c9a8ddde2d057bb0cfaaf4233f7a3e0ab5eb2565afc2210c2e33f2d63c51afb7d823acf58e6e602f544872dc3821f9c4fbb5e64eeb30de1df52a406fe25d024dde2cf3ce08230830f6359ab499ca38a4b442d56f28fb8a017657b2c241c10f490d3b7904325098ec40e5d90311b08a23446e107ca4a5ac7146764c9daeaaf7d1e288880296b91387ecb75a8f442c3cf29704460144ce5c03b8d74e689a7ff091e2883c1e4a45cfb8d124caab6d8518c983b1d958921c7d02e0d2f881d8379fa01f76ece37b67a59d6692ddcf34badd6d081bae36b43ab6e961409677bfdc445b3bb67ba9ee779af19cb42de9cf2e18ba6e6859152280f69cecf5fe120aaa5a894d0e125ce24fa33e77a90696a367d88d839663b4ce7f195ce6b158f6204c8e380f0b1be2c41b10d8984d55ba4f51262dbd6e3254660604efe5fc8f6ae5e2b3c0a219650060bc40d839b86c5a07247f36f2bf83d282ca0951b056c1ea748785984d5b686dd74618d4e28090ba47aaf2512d03eb21b7e97fdea9197b75da73d8b9a29b566254bd6654f3f1eec1006b7b671301dcb5051c18435f247d366fae034022f5c965a922fe2225bdb7e757daa2e7c2bf8b03be0d4590895c34bd8582ee1d04939b60e4bd28d6e77a243e14e60e6dc9e07297d5b17f54d1c105f1334e7436c498c6c57179ce4b5a835b076e06e41fec35ef4b962fad389c935f77fa5cae0fb19c4d5b9", 0x701)
r1 = syz_open_dev$sg(&(0x7f0000007700), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0xf5ff, 0x0}, &(0x7f0000000000)="15b2536b0513", 0x0, 0x0, 0x0, 0x0, 0x0})
write(r1, &(0x7f0000000080)="36d6228297f58563f9244a0e60bf676662acc3f4ce554b07c648c898e11ff5ce20a643f24f83bcaea05f4528aa0eef650f809caec39b59218c35eb9afd9b075929223ca251ee18a21393eb64a9a3239222cbd95d76979cf49dad10a1c7663849ec864f133aac42bde76313d0fce431a13401f4570f161affa984470a9a47fbb60b228db18ff4a8d9dae532a412701753a24ffd6c4581c3126f102db3452b21b7f3a3baba9fb9c0b2a0176146067bd42d50530d313dc44a43978d51d3a8b0dad7f286eed8f0acb5565cd712b4f06063b6df7aa1aee3a52663d6", 0xd9)

7m16.63611035s ago: executing program 4 (id=4534):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000ec0)={0x0, 0x3, 0x9b, @string={0x9b, 0x3, "44738e86794157193bbce8739c29de078291ce18e5b72aac61ea21d34f3388cf0f4a2b4f2173e62ce1956433b9dc53e0c49f37fe19a84b6c05f2e1aefef76ce55e923142e3d04efaf5411a1fa376cf0430f57f3dcb52578de76903111e098234ac05a97f58464a484cdaf45be22cdba647428ce478bc5478b4eb764ec30c49dfb057432d01d5a86039332395033a477a9f1cd7c1ec2f020eb8"}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x6, 0x726, &(0x7f0000001880)={{0x12, 0x1, 0x201, 0x1e, 0xee, 0x9c, 0x10, 0x19d2, 0x1021, 0xac20, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x714, 0x3, 0x4, 0xe8, 0xb0, 0x1, [{{0x9, 0x4, 0x98, 0x9, 0xc, 0xff, 0xff, 0xff, 0x7f, [], [{{0x9, 0x5, 0x2, 0x3, 0x20, 0xa, 0x4, 0x44, [@generic={0x12, 0x6, "5794c45b458122ac5f5f6b98eaaf6d02"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x10, 0x9, 0x6, 0x6}}, {{0x9, 0x5, 0x6, 0x1, 0x10, 0x3, 0xdd, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80}]}}, {{0x9, 0x5, 0x8, 0x10, 0x400, 0x4, 0x9, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x7f, 0x5}, @generic={0x12, 0xd, "2a7e1ea8348b8c1df95a90d25b32e1ab"}]}}, {{0x9, 0x5, 0xb, 0xc, 0x400, 0x3, 0x7f, 0x0, [@generic={0x91, 0xd, "ed52561a8f6c5b16af8dad5f348bd7ec136783cca72cd4b181a7ea6f7a5c76e4b93da1d20d656016fcb9f063fd5259c1756333f7cba724e15009537ee57ec686f773ebb9e052f6ddbb925a44eb2c1584af037e22d109b976ae9a95fbccebdb875a5152dfabb084b2e7753481b22c3ab827e91cf37278304a92c2f8feef5f27ec2ad9b27fc49500319f200f69bf0dab"}, @generic={0xc9, 0x8, "d21e877b0a0c49f7acfddfbe915503231d3dd31544b241838878d20a7e9afd27e65a72bdfdeeef556132b1e07a851676548683a2a6db617ef073cc86b83d04ba0a3591cc189350924e49e85c5b43de13ca7f2ee41d661e3af95562f4cc8fc8c3282d7483fed91ba090fb49feb5480224d3ad4113999eb6be336ea169b38c7eb443e5bd63f0cff57d66d7160c29522adc3d3e1b84f68de8606c02d278ecb6e77420f18a11cf1a45c90e64f38ce86e3eb8945d0c4675052e8e95fc26c41fd4e6639a9f7d7ba980bc"}]}}, {{0x9, 0x5, 0x8e, 0x8, 0x3ff, 0x4f, 0x1, 0x8d, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0xfff}]}}, {{0x9, 0x5, 0x8b, 0x2, 0x20, 0x4, 0x7f, 0x6}}, {{0x9, 0x5, 0xe, 0x10, 0x200, 0x6, 0xd, 0xfb}}, {{0x9, 0x5, 0xe, 0x8, 0x8, 0x4, 0xd, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x17, 0xb5}]}}, {{0x9, 0x5, 0x7, 0x3, 0x840, 0xdd, 0x7, 0x4b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xbd, 0xb}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x6000}]}}, {{0x9, 0x5, 0xb, 0x8, 0x3ff, 0x4, 0xd, 0x6, [@generic={0x9d, 0x3, "375052ef250f532a8c8468b24a4b8a227f40b62563e5cd96bbb43012dffab12efe764d619823e2bc9460302b3a6ae27156693118efcdce8de5314bb9633c85aace94cb23c365a3d39b95f92d402adbb15a55c54c4b1a05796e25628312d9972e5eedd82bcfe325cffaeec5a08b190302c7bac02837c90de47f52a52bb6ca5a4f7021c7133bed35629b60466eed4cb244940ced7e32f9562594656f"}]}}, {{0x9, 0x5, 0x4, 0x2, 0x3ff, 0xbc, 0x4d, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xfa, 0x7}]}}]}}, {{0x9, 0x4, 0x4b, 0x8, 0x0, 0xd2, 0x5c, 0x66, 0x4}}, {{0x9, 0x4, 0x93, 0x7, 0x9, 0x38, 0x69, 0xc0, 0xd, [], [{{0x9, 0x5, 0xd, 0x10, 0x8, 0x1, 0x9, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x9}, @generic={0xc7, 0x30, "5ccb08ce72d767b5bd5132b13dcaaa991f882fef2e60568f9d8df401f0c41520594728d42fa293549b76ac25ab22b15dc4ea881b1d6bc3fdbb5a96e35121cac1075f2bf99677ff336b4740bede9529d4dbef862ed00e0149271542044df8ee775c135379c16779436402b74140da8ef58688e66f56fee4fa16ef79619cbaf56c6dafed65f905786ed7ff945d009d6d3ddc53a9d9071799ed3d6f09f8608a9c0849f725be79e06ba2f043ad3dfc164637313c27a26cad415a697eb70b6deede8caf8a24ff42"}]}}, {{0x9, 0x5, 0x3, 0x1, 0x200, 0xbb, 0xff, 0x10}}, {{0x9, 0x5, 0xe, 0x10, 0x400, 0x4, 0xb, 0x8, [@generic={0x4d, 0xd, "07003c2897e7d73cb584224724d1fcb719beb995e2596f07dffbaedef7f5c7e6c06b705ae80d0f842268b9d4150d9281aa3a4d9d631939defc730fa708ce8d1d84a51d70996d09d1d6647d"}, @generic={0x44, 0x9, "7f6810338f9c728c93f1310b33b5042221a75fbac315f696e73697496048babe52c488dc79038263218016748108c7e04268d1623e03e7252b28214cf9ed783a09a3"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x3a7, 0xa, 0xd, 0x0, [@generic={0x5b, 0xc, "49d6803d8646aa1e1a7b49851d2cf0d939648e5d8dfb0814c477770b2ec381ce804361b6303f8343ba074c600002f9c5717ba855015f046e0ab13fcabadf740395121c0cc1e1e2c2dc8d26850b689165994dc868366f9bcf72"}]}}, {{0x9, 0x5, 0x80, 0x4, 0x3bf, 0xa8, 0xaf, 0x1, [@generic={0xdf, 0x0, "ad0e27620bc29b7a9d7d700a13b44c77461bdebd583bbf23e958dcb9275020c71fdd02f69e1437c157ef95c342f6bfbaf2bd0cc99b5798ab37fc6f9ca35217c929697e14678cfcd59d873b75c6ba54f17d6ea5233f68071d96c885e8fbe297a92ed76cc2ff7d0d6120cb7bc7c7c7be849fd99d9494adca5c0fd2ed868dad4066ff68b244aada0ba0114440fc3eb667b24d0f5d2886813373270b768c30c93b3d637d432f83781da10e7e0b6760f9b3ab8a2342a0d5c1677fde9008fb180710dd13db1533ee312fb0640747d5af43007549c69703c6191e5fdd3fa06044"}, @generic={0x25, 0x8, "f3a4e808922b92db7a453e8c3fdca4c2e84c945d3e5ddf05672f9cb4f07afb358facff"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x70, 0x5, 0xe, 0x7, [@generic={0x75, 0xf, "81166e7d435c1d0bf6ebc50e6640b406898d2148708763977350ebcb0920fe7fc6c01faaacd4598da135bfb2f49b0fc7d4b99e0005b8518e922fd7f613f597b814db0f8286104928b516971610ebdd26466f8f558d83cfd1cbf047920037c832913aeab6f17055b90e85561623757029970224"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x4}]}}, {{0x9, 0x5, 0x7, 0x3, 0x40, 0x5, 0x6, 0x8}}, {{0x9, 0x5, 0x2, 0x14, 0x0, 0xb, 0x0, 0x4, [@generic={0xa1, 0x21, "47166e4de2c6a53f8e39a1153e91a295bc43cceab7a6f95694657d9147acb8c1e75f4be920bb6a6f80214a7bec38e25e936d3d54fa3c87110d31e2ae5f9b79386e7547e49230b2d067726c3db77ae209f02045b6d256e1068b2c0f07450506da07441d958af97f128645a69d6e8ada746c21f3f0384bfa707fd6def3eb81fb09bfc72595538430440eb76be42c7b57d2cf3c78ce55f1516e30c248e84cc2e9"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x10, 0x6, 0xd9, 0x3, [@generic={0x5, 0x8, "276d1b"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0xff}]}}]}}]}}]}}, &(0x7f0000000e80)={0xa, &(0x7f0000000c80)={0xa, 0x6, 0x200, 0x5, 0xff, 0x0, 0x20, 0xd7}, 0xda, &(0x7f0000000d40)={0x5, 0xf, 0xda, 0x2, [@generic={0xc1, 0x10, 0x3, "67a70d17321e39a9a9a59a56a7ffea942b8544c984d91d5cfcc15ca812812381848ee0ff8a1b4d7c615e350f5228a705eaad39d2d65248a30b640150c229d0bcf2ad0b34558a4cd82167cf25ace66e0bd28087619fb3440b826214d7b17bee120ff768e4161796aeace24e7c937c1ee74e5a1df2bc13aefb8ec93a775281db9d37131a8ed06542e9d4152c5a84c540b660d570774f72dae432312d814f609ed0fe8663661d86c4c701a21302fc7f2f9c00e3f8448112afb193ea74efb966"}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "c5be2928ef3bf144ffb605ad84fdc976"}]}, 0x2, [{0x36, &(0x7f0000000cc0)=@string={0x36, 0x3, "ea6fc3d9ca69f85b7e0074227d2d34fdf53d7243adc1cad65c9a12f3f4c4263895adcdcafe83759cdac8916c227d823e2aec7f51"}}, {0x14, &(0x7f0000000e40)=@string={0x14, 0x3, "77cd5f8fc3e1bba4358d9f8766b03e040c5e"}}]})
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
socket$inet6(0xa, 0x2, 0x0)

7m15.147450223s ago: executing program 4 (id=4540):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000902, &(0x7f0000000000)=@sg0, 0x0, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bind$can_raw(r2, &(0x7f0000000000), 0x10)
bind$can_raw(r2, &(0x7f00000000c0), 0x10)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad88864"], 0xffdd)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r3, &(0x7f0000000200)=ANY=[], 0xffdd)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
pread64(r1, 0x0, 0x0, 0x9)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)

7m15.043315638s ago: executing program 4 (id=4542):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3})
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)

7m14.894615347s ago: executing program 4 (id=4543):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='+rdma -cpuset '], 0xe)
r5 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000001c0)='fuseblk\x00', &(0x7f0000000200)='fuseblk\x00', 0x0)
read(r5, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x2, &(0x7f0000000000)='\x00', &(0x7f0000000040)="fb4d2e19dc07da016c0eafbfe660d1d76b830e50881e52a172394c7436e223f8cf4a62cf3e4a2746d9fe1ef9ab6510d402f6819defc056c13f1b74e283e264bbdac058668d464e182a0dbe3d66b538b2faf2f8ba1fca4e9da541ac45", 0x5c)

7m14.699004165s ago: executing program 4 (id=4544):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4610, &(0x7f00000001c0))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, <r1=>0xffffffffffffffff})
getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000100)={'icmp\x00'}, &(0x7f0000000140)=0x1e)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000000180)={0x20, 0x5, 0x0, 0x100, 0x96})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x8, 0x101000)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\f\x00\b\x00\x00', @ANYRES64], 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x30, r2, 0x7dfff000)

7m14.463859052s ago: executing program 33 (id=4544):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4610, &(0x7f00000001c0))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, <r1=>0xffffffffffffffff})
getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000100)={'icmp\x00'}, &(0x7f0000000140)=0x1e)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000000180)={0x20, 0x5, 0x0, 0x100, 0x96})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x8, 0x101000)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\f\x00\b\x00\x00', @ANYRES64], 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x30, r2, 0x7dfff000)

1m53.851367666s ago: executing program 1 (id=6707):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x62)
sendmmsg(r0, &(0x7f0000006880), 0x33, 0x20048880)

1m53.80436778s ago: executing program 1 (id=6708):
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r0, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}, 0xd57e}], 0x1, 0x60010020, 0x0) (fail_nth: 5)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)

1m53.483366129s ago: executing program 1 (id=6710):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)

1m53.22611852s ago: executing program 1 (id=6712):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000100)={0xc09, 0x6548, 0x1, 0x8, 0xb, 0x5, 0x2, 0x64d9}, 0x20)
ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000080)=0x3)
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x268, 0x0, 0x5, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [{{0x254, 0x1, {{0x3, 0x9}, 0x80, 0x1, 0xe, 0x5, 0xf, 'syz1\x00', "6c30b0d1336b6d522d70bed38c27f228c96c455ab3150f78e327439abc84f92b", "a9c7318065e1763d883262e3ee99a64288194f727ecec478b6af202622503e95", [{0xf, 0xffff, {0x0, 0x704}}, {0x7, 0x3ff, {0x0, 0x67d}}, {0x5, 0x9, {0x0, 0x8}}, {0x3, 0x7, {0x3, 0x9}}, {0x454, 0xa019, {0x3, 0x2}}, {0x0, 0x37, {0x1, 0xc9}}, {0xc, 0x3a5, {0x1, 0xe0}}, {0xffa3, 0x49a, {0x0, 0x4}}, {0xf, 0x7fff, {0x2, 0x4}}, {0xf543, 0x7fff, {0x2, 0x97}}, {0xb3, 0x9, {0x3, 0x2}}, {0x2, 0x97, {0x2, 0x101}}, {0x8, 0x1, {0x2, 0x28e}}, {0x4, 0x2, {0x2, 0x10}}, {0xff01, 0x6, {0x1, 0xe}}, {0x7, 0x6, {0x1, 0x2}}, {0x0, 0x0, {0x0, 0x9dc2}}, {0x5, 0xb9b, {0x0, 0x6}}, {0x1, 0x7f, {0x1, 0x1}}, {0x5ae5, 0x8, {0x1, 0x4}}, {0x9, 0xf, {0x1, 0xbfd}}, {0xe4, 0xb3e1, {0x3, 0x6}}, {0x8, 0x1000, {0x3, 0x10000}}, {0xff4b, 0x6, {0x0, 0x1}}, {0x4, 0x8, {0x0, 0x2}}, {0x6, 0x9, {0x1, 0x6}}, {0x0, 0xcec, {0x0, 0xa}}, {0x3, 0x3310, {0x1, 0x2}}, {0xfff7, 0x1d7, {0x2, 0x7f}}, {0x6, 0x6, {0x3, 0x8}}, {0x5, 0x7ff, {0x3, 0x1000}}, {0x30, 0x7, {0x1, 0x802e}}, {0x9, 0x3, {0x1, 0x7}}, {0x4, 0xe, {0x0, 0x1}}, {0x401, 0x2, {0x1, 0x2}}, {0x8, 0x7ff, {0x0, 0xd4}}, {0x7, 0x100}, {0x5, 0x3, {0x3, 0x6}}, {0x2, 0x4066, {0x1, 0x1}}, {0x4, 0x7, {0x1}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x4f8103ea824f7e36}, 0x8880)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r8, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r7, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000140)={'syzkaller1\x00', &(0x7f0000000500)=@ethtool_drvinfo={0x3, "d12af006cd174426478ccc39485890d81905f660a043e81e31537849327f27e5", "b2d4c89d63e9e1dd520cb4c46995e6db4515579fbc9d055c2d1f121aef5616a1", "662a2ab2f58f8657115cc356227f0e2dbc1a961b61e7f5c33066357173b41d1e", "386caf5b8c02a4b9fb6c7f3c20ef13f3dfc2599a5d5aba480d1f5f280ddc1953", "154af4dc4b644090e11f16be8459885d586cb3428a76cedd4784ea48f2a34cf0", "9fe9ad5e70ec5e256a3695bf", 0xe, 0x6, 0x7, 0xb6, 0x90000}})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3})

1m52.935232839s ago: executing program 1 (id=6716):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x185082)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r2, &(0x7f00000002c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10)
getpeername(r2, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
r4 = syz_create_resource$binfmt(&(0x7f0000000080)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
socket$l2tp6(0xa, 0x2, 0x73)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0x6, 0x40180)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1m52.118816998s ago: executing program 1 (id=6724):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.pending_reads\x00', 0x5e11c1, 0x9c37611dc13d0db7)
fchown(r1, 0x0, 0xee01)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r2 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x63, 0xe1, 0xd8, 0x8, 0x10b8, 0x1bb2, 0xc7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x6, 0xe0, 0x7, [{{0x9, 0x4, 0xf5, 0x0, 0x0, 0x92, 0xd0, 0x15, 0x7}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r2)
r3 = syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000001640)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x2, 0x50, 0x4f, [{{0x9, 0x4, 0x0, 0x4, 0x3, 0x2, 0x6, 0x0, 0x3, {{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x10000, 0x9, 0xe, 0x7f}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x2, 0x7, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xb, 0xf, 0x1}}}}}]}}]}}, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000400)={0x14, 0x0, &(0x7f0000001bc0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f00000019c0)={0x14, 0x0, &(0x7f0000001880)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3009}}}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, <r4=>0x0})
capset(&(0x7f0000000380)={0x19980330, r4}, &(0x7f00000003c0)={0x5, 0x3, 0x0, 0x33, 0x6, 0x7})
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000300)={@id={0x2, 0x0, @c}})
capset(&(0x7f0000000240)={0x20071026, r4}, &(0x7f00000002c0)={0xff, 0x0, 0x0, 0x2, 0x5, 0x7})
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x202000, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101000, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x2000, 0x44, 0xa}, 0x18)
getdents(r5, 0x0, 0x0)
fchown(r1, 0xffffffffffffffff, 0xee01)
sendmsg$OSF_MSG_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b80b00000005010400000000000000000300008054020100"], 0xbb8}, 0x1, 0x0, 0x0, 0x2000}, 0x4004040)

1m51.879511053s ago: executing program 34 (id=6724):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.pending_reads\x00', 0x5e11c1, 0x9c37611dc13d0db7)
fchown(r1, 0x0, 0xee01)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r2 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x63, 0xe1, 0xd8, 0x8, 0x10b8, 0x1bb2, 0xc7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x6, 0xe0, 0x7, [{{0x9, 0x4, 0xf5, 0x0, 0x0, 0x92, 0xd0, 0x15, 0x7}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r2)
r3 = syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000001640)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x2, 0x50, 0x4f, [{{0x9, 0x4, 0x0, 0x4, 0x3, 0x2, 0x6, 0x0, 0x3, {{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x10000, 0x9, 0xe, 0x7f}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x2, 0x7, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xb, 0xf, 0x1}}}}}]}}]}}, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000400)={0x14, 0x0, &(0x7f0000001bc0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f00000019c0)={0x14, 0x0, &(0x7f0000001880)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3009}}}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, <r4=>0x0})
capset(&(0x7f0000000380)={0x19980330, r4}, &(0x7f00000003c0)={0x5, 0x3, 0x0, 0x33, 0x6, 0x7})
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000300)={@id={0x2, 0x0, @c}})
capset(&(0x7f0000000240)={0x20071026, r4}, &(0x7f00000002c0)={0xff, 0x0, 0x0, 0x2, 0x5, 0x7})
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x202000, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101000, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x2000, 0x44, 0xa}, 0x18)
getdents(r5, 0x0, 0x0)
fchown(r1, 0xffffffffffffffff, 0xee01)
sendmsg$OSF_MSG_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b80b00000005010400000000000000000300008054020100"], 0xbb8}, 0x1, 0x0, 0x0, 0x2000}, 0x4004040)

4.345158876s ago: executing program 2 (id=7514):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000880), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x54, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}, @ETHTOOL_A_LINKMODES_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x840}, 0x40180d0)

4.046665536s ago: executing program 2 (id=7515):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')

3.835429035s ago: executing program 2 (id=7518):
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00000109"], 0x20}, 0x1, 0x0, 0x0, 0x20004050}, 0x0)
waitid(0x300, 0x0, 0x0, 0x1, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$igmp6(0xa, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="06245685000000003dbbaaaaaaaaaabb88f5"], 0x72)

3.530871078s ago: executing program 5 (id=7520):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000001f)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00')
close_range(r2, 0xffffffffffffffff, 0x2)
fcntl$notify(r1, 0x402, 0x80000024)

3.415397683s ago: executing program 5 (id=7522):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000001680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x3, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000200)={0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000240)={&(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, r6})
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r7, 0x0, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r9, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

3.183921204s ago: executing program 0 (id=7524):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="140000000000000001000000"], 0x18, 0x81}, 0x4c800)
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r1, &(0x7f0000006ac0)=[{{&(0x7f0000000880)=@generic, 0x80, &(0x7f0000000900)=[{&(0x7f0000000980)=""/180, 0xb4}, {&(0x7f0000000a40)=""/155, 0x9b}], 0x2}, 0x9}, {{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000b00)=""/138, 0x8a}, {&(0x7f0000000bc0)=""/30, 0x1e}, {&(0x7f0000000c00)=""/88, 0x58}, {&(0x7f0000000c80)=""/67, 0x43}, {&(0x7f0000001dc0)=""/252, 0xfc}, {&(0x7f0000000d00)=""/104, 0x68}, {&(0x7f0000001ec0)=""/173, 0xad}], 0x7}}, {{&(0x7f0000002000)=@llc, 0x80, &(0x7f00000033c0)=[{&(0x7f0000002080)=""/1, 0x1}, {&(0x7f00000020c0)=""/213, 0xd5}, {&(0x7f00000021c0)=""/134, 0x86}, {&(0x7f0000002280)=""/75, 0x4b}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000003300)=""/3, 0x3}, {&(0x7f0000003340)=""/76, 0x4c}], 0x7, &(0x7f0000003440)=""/31, 0x1f}, 0x73}, {{&(0x7f0000003480)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000035c0)=[{&(0x7f0000003500)=""/46, 0x2e}, {&(0x7f0000003540)=""/30, 0x1e}, {&(0x7f0000003580)=""/48, 0x3e}], 0x3}, 0x1}, {{&(0x7f0000003600)=@nfc_llcp, 0x80, &(0x7f0000003840)=[{&(0x7f0000003680)=""/132, 0x84}, {&(0x7f0000003740)=""/238, 0xee}], 0x2, &(0x7f0000003880)=""/207, 0xcf}, 0x81}, {{&(0x7f0000003980)=@vsock, 0x80, &(0x7f0000004d00)=[{&(0x7f0000003a00)=""/134, 0x86}, {&(0x7f0000003ac0)=""/23, 0x17}, {&(0x7f0000003b00)=""/132, 0x84}, {&(0x7f0000003bc0)=""/82, 0x52}, {&(0x7f0000003c40)=""/4096, 0x1000}, {&(0x7f0000004c40)=""/178, 0xb2}], 0x6, &(0x7f0000004d80)=""/115, 0x73}, 0x1}, {{&(0x7f0000004e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000005000)=[{&(0x7f0000004e80)=""/30, 0x1e}, {&(0x7f0000004ec0)=""/49, 0x31}, {&(0x7f0000004f00)=""/232, 0xe8}], 0x3, &(0x7f0000005040)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000006040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000006280)=[{&(0x7f00000060c0)=""/226, 0xe2}, {&(0x7f00000061c0)=""/36, 0x24}, {&(0x7f0000006200)=""/127, 0x7f}], 0x3, &(0x7f00000062c0)=""/110, 0x6e}, 0xa85}, {{&(0x7f0000006340)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000006740)=[{&(0x7f00000063c0)=""/191, 0xbf}, {&(0x7f0000006480)=""/211, 0xd3}, {&(0x7f0000006580)=""/201, 0xc9}, {&(0x7f0000006680)=""/151, 0x97}], 0x4}, 0x9}, {{0x0, 0x0, &(0x7f0000006a80)=[{&(0x7f0000006780)=""/11, 0xb}, {&(0x7f00000067c0)=""/188, 0xbc}, {&(0x7f0000006880)=""/210, 0xd2}, {&(0x7f0000006980)=""/202, 0xca}], 0x4}, 0x8}], 0xa, 0x2120, 0x0)

2.221705025s ago: executing program 0 (id=7526):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')

1.706514209s ago: executing program 2 (id=7529):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_buf(r1, 0x29, 0x30, 0x0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x7fff, 0x0, '\x00', 0x1})
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x3c, r4, 0x1, 0x2, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}], @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4440400}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x84, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffffb}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xb6}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x169}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14a0}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x23}, 0x400c0)
fsopen(&(0x7f0000000040)='securityfs\x00', 0x0)

1.631222245s ago: executing program 0 (id=7531):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x70, 0x0, 0x9, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1a}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x100}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x1800)

1.454801929s ago: executing program 2 (id=7533):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x4, 0x12)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0xa, 0x8010, r0, 0x3d952000)
pselect6(0x40, &(0x7f0000000080)={0x6, 0x1, 0xffffffffe4746eba, 0x9, 0x8f00, 0x7fffffff, 0x2, 0xe468}, &(0x7f00000000c0)={0xb97, 0x0, 0x6, 0x3, 0x1, 0xd7, 0x3, 0x6}, &(0x7f0000000100)={0x1, 0x46, 0x7, 0x100000001, 0x1, 0x1, 0x0, 0x3}, &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180), 0x8})
ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000000200)={0x3, "16b61bae345e49a9796f1fb5a08a22b8c568d65259f2e6e3dfd5a8579656905c", 0x1, 0x1000, 0x8, 0x2, 0x2, 0x2, 0x7, 0x3})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x2, 0x7})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000002c0)={<r1=>r0, 0x10000000000000, 0xbaa1, 0x5})
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000300)={0x0, 0x9}, 0x8)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = openat$cgroup_int(r1, &(0x7f0000000340)='pids.max\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000380)=0xc, 0x12)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000003c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @null, @rose={'rose', 0x0}, 0x1, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast]})
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000440))
ioctl$TUNGETVNETLE(r1, 0x800454dd, &(0x7f0000000480))
ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f00000004c0)={0x800, 0x4, 0x4de, 0x1000, 0xfff, 0x7fffffff, 0x8})
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000500), &(0x7f0000000540)=@v2={0x5, 0x0, 0xa, 0x9, 0x84, "0d7e15f6a7958958cf5f878766106521967c458790646d47cdf2bd4e6f85601f8d8b7a77eb5fe57cce64d0444ef2fc991141d77710edc2357a1551983184556be0e41a94ef57b0da4850a412b0b380b523d5e9e81e8398f1ca097e66a6daad4efe7d1a2d0a4132d74c8fa3d779ad8fc24ddf652f908bef1f5847efc077b3b12efd80be35"}, 0x8d, 0x2)
close_range(r1, r0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000600)={0x9, 0x9})
ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f0000000640)={0x0, 0x5, @value=0x3})
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f00000006c0)={0x0, &(0x7f0000000680)})
r4 = syz_open_dev$sndmidi(&(0x7f0000000700), 0x5, 0x101280)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r5=>r4, {0xb40}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000780)={{0x1, 0x1, 0x18, <r6=>r0, {0x5e6}}, './file0\x00'})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000007c0)={0x3, 0x0, [{0x36e, 0x0, 0xf8f}, {0xa05, 0x0, 0x4}, {0xc0000102, 0x0, 0x5}]})
setsockopt(r6, 0x200, 0x64ad, &(0x7f0000000800)="540ab78788823fb5330f8ce5135c4ce388da89412433e18388408d78690f1b21a1f50d9132022c812af7573813eb50d21c1b8001afc70f60ae9d965e25deba45a3b20d8af011193fb66e54c48f50f59248da8c61e1970afdd63fd8b195e7b74e24df4cfb7c9800d813e31e0e88673004313ef1bdf975500da3a922242c0befda9d363b4c1f1ca1d5d6cd7cd4560d9340b9ab56e2ab1d1bb81939777113fde72c5672857db7c9b32f9b8356cd90", 0xad)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f00000008c0)={<r7=>0x0, @in={{0x2, 0x4e22, @local}}, 0x1, 0xb}, &(0x7f0000000980)=0x90)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000009c0)={r7, 0x3, 0xe4, "68fb02ecfc8ebe0e522a2662fe2116decbc61f0c4d6ebc9a15b2723be0852f73e868bb8497dfd0340658e5f5cab2015212f517fe9e9225aaee6587028510a28089b207ca7b9b69e8c66c05f5f205681f325f002bb81bfd04ff8b084321cc3a943243f18b46122c3e3cdfb8e0273fbbf16c8629561e2f98284998e54ba49e825c81bcff2315ca30ef1e0791a1d5b4a5189e5014b556b3e241e2e2f9df61224c7af13814dee3b6802f194f12e66ac13a23c8601a116d8c2ce9129895b19bb9b0d0f31775e1af26bab32b234837eb57c4b31e76dbbe6d80ee8e694ad2b61cdff8becd632907"}, 0xec)
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000b00)={0x28, 0x1, 0x0, 0x0, <r8=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000ac0)})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r1, 0x3ba0, &(0x7f0000001b40)={0x48, 0x3, r8, 0x0, 0x6, 0x1000, &(0x7f0000000b40)="2397c2e2142aa64e0e0223dd2fec93ede1843f6cc1f771bab29ae2ac4f57ade013fba854bdd3e87700182c25888a206793696864eed3f00f6ae39798a8446b3adb5935d0848903e7f77b4ddd1c40f023ac21d6636d28ffffb24cb4d8c1fc2885aceceb135e9431ef8333a745d024ab97ec72cca3d12dc6365ae91e2213a060bc74fe973649d0cb2a59ffbeae21e430558729a95039032b1a85e192adfa7d44e808f168fe1460a23af6847f8ad130410e85095c3902bb142451b95eb4645988ffbccae92dedd6d1774740c000be4f5264034f9d767b2fb323cfd5e941771e4c47b1813485bc65ce700c5299803cfa6c1fb5c5d17fa30685ced4c76ccdb48cab1d13087ae034c29d39fcb30f881fe9c06652d522a64a0f2c924b9cc1322f5912f5eb029b1e3787167d0820577cc201cae8c0992b1c3c268e6c0fe0e8612ce16f1632456aba77e4ebefaefc0841870dcb6dbfebfbb6593791cd6293e436a48845e616b289f696cd282bb7ce49b8d84d056ca778268045a185bc36955fe582afdd8bbe2c2ebe1058571c558981476bac85ac601280f3b705d0ef402330aecc2875d12a3ccfc1ee8a18e07038c3d48fdc77234a2b3ee3f04d74801dad04aea3204227794743800262d62591dde547c7fdef3a9b767ab920044bb3276efa742be29889505a145194f20b72904fc477abc1f102649079f3521f8ed51b4015368191d41e9943aa71dbae1ec7bb752ede295dd6ef89892c9e821087862b6d1ac8a85cee7f47e5ba033861fb9d04c3603b05dc93d35e851edb17897443c01d9ebc7843f83c87d5f068d114d04fcbb2b5ebb60ec7dd42459c75041c59afd4b07961b42a2aef0481cd10e100869fd0857013233776276b561e4bed0788dac59a7b9910862e18684fcce4532d1885d462bbe76fa31770f427911d910167c1ffec222a8bd6e6600596e3047dbbecc76a8e014ceebd4c22f2019f3ce9ee8acb2c251185d0b862230f363f9d77223cf7b3c4f3d4d34eb82f9a45ea14aec899300fb000f8e827b9643832acc38aec2fa4b3e51c1c595b371fb3f9ab4e54c00d915323fdbef5efa9f9f4cc8f8e53f55985599acbe666c3a05a27f57dad2defd270811a2a9337b15d93ba73b619755488cec7ec6dd818fac1f2cfe55c3633ec84cb72ed04d75a51244554930bda40e6f980955a9edbb7e462ad015854946f57e2a516377f6977622cdae5bd25d138a1555662e438984a75917cc5272818200e92d13b91b7a06d352d622a077456d2048590fb1d173d9bda6fefb1936c090ae29a2866bdc4e7c8dfba49b65fe208017cf015be082da9375744a54b014d3c3b0e894e5a4ec4a6d434a463d47cf736091219429976dee9d3d624099c36b6853efcde728c13a97584b0da775cc803fb6d05e4eeb990f76ca46dd31a77b82664c85adb6fc8e393e945cf2d615b82bb9ad86da17ec917f88c9a6d13f32533b07fdbc87576325e496e07a8eb19a16b757f0f0315644e6662f19027ebf809342cd71ec008b03cc26198bab083114de436f1293e5e151b3764af994b5488d5ce865efacebb14c1aa901f6d8c03fcf1acca30428e1f9e1b4415a8c74e51b663125ca8e2bf2881c37cace0f539f5d961802a607a1bab97949cccbd7d01098ce749e28cdf474745ae99da90809316f6c4a2fc3d1ddb3165da1ba87af58fbdfd8f52d4e6255a2bc4c53769e2d46247482719122e3dc1ae59d4cb62e7de4b5b0fb9f3c7e53e91eddfdc1410ee7001ee8d59681a09b25782b3d547fa19199c21cf9eede595fcd4c7e4dbdbbb83428aced9b15abca41fb52245fdca2f82a792f11f63fbbea5886338cea3db9cc945fd91232a64d028a117c0293b25321cbdbfd7855f8c802448a93324144e5f4a18498b232bb6f7b7c34d65bb9659debaf4f2d0370bf8328bb237d0b23918f55a9f42454855645cda53535315af8c91f6e30de62bf26e59f82014fea0b845d84d5a24e10c291a2cd1fc6b8def6d3155c4dab72bc4bfbeb65d4cfee61e849874270ea1465e1ff3232272d9c7dda04c759174e341184f18366b950080489c598520dc226aa3bab5230c877ab18ea9fed0b45865de0c704f32323cd093e9ea8c6bd01d0cad86172d4a9aeac321e8fcf452abc9dff0a020c57224ec4d7fe871992fc3f8d3e6d72e81f6e712edea85ed0985f3da87301adbfe97f8b2a9047c94c17004b64bf5c69c5a31c8b7a1a5d24581c56f9f6a062d5ae0e90f2580894d3ce49bb7cd9836334e6288ed292d98edb50cba04b7ec6402db511ac0119fbd2e9e2a43248a21542cb9c6920bf853b599c931a590c7b2366a7c05e437a2c9ca8673f8fb989ece27889668ee69fb35794c071a376875451ceb4056f24a92051bcab1cfc910755ec878a9f6b0e09cab140255e9480d72632a1b2ca6511ef12dee8987306ce31d78df32c4194978f9b49e9c8db2024c6e2ed8ceb5165d06ccb0fb750b55dfc6ed4d3f408c9bafac4ee8672786b749e9d1279894cff9b929e13209cf82d684d23ee0d5b5431c038f001eb3590419132553b6d0762903671b423db2b0bd56eb595521d05733ed2cd4ba6002d848f7a94e4f115baeba63407059a58182e7557035718ef7609674ea9c66a7345e9537feb454ee67d52134f784c2f01173c9708ffd8f86c5155d98f53a7534e4baf8ceacebb67b41b727786b1b6e3121597566faea8d58d560cf4c2e864f62f305aba614b95776548615178c36122f5a8e9b676550b2006948a1370db598f7c0b2249089be024596d370db8162176d5d4d1a4b43e74fb7ac80808980a47144439d1518264ff004a3d1a11e12698df85457e265005c71503a02e9e1e85a715a9f69a6601aba7d1912fefe43f9fcab3507ecc0fade588a1885b888f31c2b02a90fa91cf868f9b680f824ce79889890816650b38a3aef47be598b2b4d10ef96f3cc5baf8d0b44bf332e40a6661f69a44d4aed65b4c7c65afc9772db04fd2a337b8e7e7639003a14622e17260899d6eae690a5f8c4fbf7883ac59556181b0972ad76fe7c4e636a84bfa0a013f491a8e379b1797c69d26236ab42dd11594023bd130367db3ad69a5494852f41b95b5307d8b02fea475ee2518eaaa2e99d04b564aa1c109a566b1d3c16034499bcf81e5456265edc68b413e056714f9903e77ab5cc06277ebfdb0a998621288664c0236e3bcab79511b0c51d188d3a398f870d9e06455c7219cd75a28e3b7a58db2c7a5f8d25513870718f194691bbf5ae2396a8bf375dd5080751bcb534b25fd9110d59f13296da88db867195b2bd3e17f2814d2e1df302b6d6a81e208c0ea28954dc9f9169d7b18e54f991fe73badc56126e510b74d0a5af9d99edf391676b952edf5c3d4b1054fb0c3f1ae91771342a9799f49d4095bf0be94fad59b1ef99be335d47245d335568a7b88c5416d48e40c94b09e652f97026b82174915afd4151c99ac83e95ebbc4c6f47284bf41ba42b55c2fa3b374567e8fcb2d0b863ccd7e122c7a6761ee5812a53faa3022b60dd8ff66d5339111f2c89536a8f220d99c7051e55acd7267c8d79a968636fe7f175b4eb0f866141765daaca083c719fa251c5c69a3cf995e1c3d76980760bd6dcb26590c5721f3f49e1c22f73d5af19029776113a03060c51a819ef57086835b43be07e83519c8e48af00d7cc8a156753dc5080807aa286ff59031347f8582275f08ae3c5363ffb0f38cb48d212a3fd72fed553bea359f835cb840828b273ac195a87c031886be76709bdf4c2bf130de5ebbcc3271b5bedf41ffafb310d06e5dc3da9aeca51147f0dc161ac67ecba95bd3aaea96d9853d4b7ad38ec121d0c0435013e7cfd1556bc0c24bc8684a957631b233e013fa98be12f0963e084ed964ebae4f2ea94741d759a33e594d8ba43a33f556e38dae704b28d88ffeb8a16d2ff1ff20828db69b03e01b66314fefce99f29aad007f2e836912bbebb8d1b96e6148840567b2a4459092f372ef4a69679507099aa84e51b987e1bb195d60fc946ffb3057ef1c6070a2d8b11832489de2a90bb19fc03ecbf1c53245960c6f4e5174fa1e3635d1f86bffef8192679b6d634d27a511d0443525b903480a95b6218a35ff221216cfb7ddbb6cd3dd2d5c4dde6260bf36c941a22ba02c1efe443655872d14cfcdd3e1056384ef0aaf6a219519a15876591854e5cbbeb309b155a3e66607572134d1cfb790d2479664ad1da06af736fcb2f1ed83b6167110730fca06dc0c89745bbd8f6dde921a13bf3b28ddd9e86e779185032b9d250ca03db9e212dd018317f1eba41c139fd22b44020601b70cf4071bca2f11aff9bfa4d26aa3c49f10444540093012e207bf814ba6d5ed3fab3eb69631d22a0633e8b5a8b2997a8c2da2eff8f18d71e2db7aba405006532d7dfc7b924d49d9e2d86ba05bbec87f9c61b056f040c8a4e0093b1cf2368036684baa167a9fd9a181ba0c2d083a6efc2ac1185e0e1e2776291a571f6af1d301131a6f669325c6f01892d5ee62d2add2c129b62eb71efe6b6b003b2c2c7b0cd7bbfc6ad9c7c5db8b2dc38a7f3be3e9b71741006124957bc8d57ca24fce4e86ce164d27348660bc0547142effe6e72834eb2c8cef78b61a64422c870cefcf2bbb47ba5b45408e3f351cade409b3625c094c27ac49027e2a24638df122caf438adbc38e53df298c539495f0ab5aa0533e6c1fa6d17fedbab848d60bbfb7d3aa5394ac0c288356403c8d1050855cf43e5bf422b597de54f8913f15fd7270ef63e3db4b012f9d376affdbd1ba40aa908f163831f6d2cfe1003e4edc2f3d1d19b9e87099efc5d676f7f5c0df2b516d5c3fffe97a0dfaf7e3d442f3224bd8f1c4293d69121caa3065c7fe0fe1ad5707ccbfe67710e5ac745bf9637a2e153ee20ab70807bdcdb55eef5eae030ad55d1289bc95e5ca61a911fa9be478b1d551ce6d7414cf44ef6123178ca9181d8b4bce584700104156f495b462889b0a3f80c2d333506a74bebb3a8ca6836147e4b85511624b2e85c7a2919218392ca0ba88363e50775baa4ae05616753e5d32697b2786eda9ea5135a2a0fb240561b90f57f52c7b5aeddf8f71009dc6f519b0e813f0b37417145c4451e45b4c1d26aeb18b790f821cf97b092eaf2e86b16390e0004e0e1091b4f47d814d57782b38d9f46f81cbf0ab870772678e72d31a3de9d77c63c75602da75dd43c66a7825153cd8400bdaba13f99c66775e140574a532ada5631a5cd2ff44411c3a483ce62bc78d525c0732f1bd56d79ed049f9979101e91af9ce92b0ce23c33dba6b79adae96bca4807b8c221a9f6bc8530e94b4001973a5d5755d36c0e0cacf43068eef3bbd8f82faeb885832b637c027f2246412c86926adedb1606206d7a92d29725c3464f9a77f05dfdd0bf433631fef4bcb166448ae4674dac2eb6bb05d29add30396285765600ff3cf0dbdc57d08acbc7877a3a90dc668b0c90cb6ad87fd62440a18e221b60fe36f2893ba11985ac84f9ee705ef4dc29ecf17df74409a5692d1cde942a20cb09199ec5443475caad9aa0dc129844e10d4095ccb2dd8f254482a1cf149a98f500d1beaafe79e609a06a7063565c234344a36af35af3444cc56a6458aa3a41e94c7fe381d0173de53a44718b7e60837e3eb1e6a23b428a780d0874774c03e0633b2b70249bee99ab3b1603a8cdae82901bf7a769d279a63ac275188d64cf2656afeb2c649dc8bfa350a049ed0e915964ebad200691763ac1b20559e9227074c3064f5b81d30bb35988cd8756709c10c303b9bc4a76c9e44"})

1.38795914s ago: executing program 0 (id=7534):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x81}, 0x4c800)
setsockopt$sock_int(r1, 0x1, 0x2a, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000006ac0)=[{{&(0x7f0000000880)=@generic, 0x80, &(0x7f0000000900)=[{&(0x7f0000000980)=""/180, 0xb4}, {&(0x7f0000000a40)=""/155, 0x9b}], 0x2}, 0x9}, {{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000b00)=""/138, 0x8a}, {&(0x7f0000000bc0)=""/30, 0x1e}, {&(0x7f0000000c00)=""/88, 0x58}, {&(0x7f0000000c80)=""/67, 0x43}, {&(0x7f0000001dc0)=""/252, 0xfc}, {&(0x7f0000000d00)=""/104, 0x68}, {&(0x7f0000001ec0)=""/173, 0xad}], 0x7}}, {{&(0x7f0000002000)=@llc, 0x80, &(0x7f00000033c0)=[{&(0x7f0000002080)=""/1, 0x1}, {&(0x7f00000020c0)=""/213, 0xd5}, {&(0x7f00000021c0)=""/134, 0x86}, {&(0x7f0000002280)=""/75, 0x4b}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000003300)=""/3, 0x3}, {&(0x7f0000003340)=""/76, 0x4c}], 0x7, &(0x7f0000003440)=""/31, 0x1f}, 0x73}, {{&(0x7f0000003480)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000035c0)=[{&(0x7f0000003500)=""/46, 0x2e}, {&(0x7f0000003540)=""/30, 0x1e}, {&(0x7f0000003580)=""/48, 0x3e}], 0x3}, 0x1}, {{&(0x7f0000003600)=@nfc_llcp, 0x80, &(0x7f0000003840)=[{&(0x7f0000003680)=""/132, 0x84}, {&(0x7f0000003740)=""/238, 0xee}], 0x2, &(0x7f0000003880)=""/207, 0xcf}, 0x81}, {{&(0x7f0000003980)=@vsock, 0x80, &(0x7f0000004d00)=[{&(0x7f0000003a00)=""/134, 0x86}, {&(0x7f0000003ac0)=""/23, 0x17}, {&(0x7f0000003b00)=""/132, 0x84}, {&(0x7f0000003bc0)=""/82, 0x52}, {&(0x7f0000003c40)=""/4096, 0x1000}, {&(0x7f0000004c40)=""/178, 0xb2}], 0x6, &(0x7f0000004d80)=""/115, 0x73}, 0x1}, {{&(0x7f0000004e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000005000)=[{&(0x7f0000004e80)=""/30, 0x1e}, {&(0x7f0000004ec0)=""/49, 0x31}, {&(0x7f0000004f00)=""/232, 0xe8}], 0x3, &(0x7f0000005040)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000006040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000006280)=[{&(0x7f00000060c0)=""/226, 0xe2}, {&(0x7f00000061c0)=""/36, 0x24}, {&(0x7f0000006200)=""/127, 0x7f}], 0x3, &(0x7f00000062c0)=""/110, 0x6e}, 0xa85}, {{&(0x7f0000006340)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000006740)=[{&(0x7f00000063c0)=""/191, 0xbf}, {&(0x7f0000006480)=""/211, 0xd3}, {&(0x7f0000006580)=""/201, 0xc9}, {&(0x7f0000006680)=""/151, 0x97}], 0x4}, 0x9}, {{0x0, 0x0, &(0x7f0000006a80)=[{&(0x7f0000006780)=""/11, 0xb}, {&(0x7f00000067c0)=""/188, 0xbc}, {&(0x7f0000006880)=""/210, 0xd2}, {&(0x7f0000006980)=""/202, 0xca}], 0x4}, 0x8}], 0xa, 0x2120, 0x0)

1.24750489s ago: executing program 5 (id=7536):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0xc00464c9, &(0x7f0000000000))
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0x4, 0x0, &(0x7f0000000680))

1.227968584s ago: executing program 2 (id=7537):
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00000109"], 0x20}, 0x1, 0x0, 0x0, 0x20004050}, 0x0)
waitid(0x300, 0x0, 0x0, 0x1, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="06245685000000003dbbaaaaaaaaaabb88f5"], 0x72)

1.199369178s ago: executing program 5 (id=7538):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x4, 0x3}]})
close_range(r0, r0, 0x2)
mq_open(0x0, 0x6e93ebbbcc0884f2, 0x2c, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
dup2(r1, r0)

1.103444874s ago: executing program 6 (id=7539):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')

1.074013487s ago: executing program 6 (id=7540):
add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)

1.02386529s ago: executing program 6 (id=7541):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, 0x0, 0x1800, 0x0, 0x0)

931.263058ms ago: executing program 6 (id=7542):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x70, 0x0, 0x9, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x1}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1a}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x100}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x1800)

883.884465ms ago: executing program 6 (id=7543):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000880), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x38, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}, @ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x840}, 0x40180d0)

813.507074ms ago: executing program 6 (id=7544):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x300, 0x0, 0x101, 0x300}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x1010, r2, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r4, 0x80084121, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

417.647626ms ago: executing program 0 (id=7545):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x2000, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a"], 0x60}}, 0x0)

259.259384ms ago: executing program 0 (id=7546):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000c80), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000100)={0x5, 0x10, 0xfa00, {0xffffffffffffffff}}, 0x18)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800cbbc92378edc02847a972b9631325532dc7bbb0e810b787fa0277a0a0c000068b9a6150a7e5a48b9a3e41f", @ANYRES16=r1, @ANYBLOB="010002000000800000001200000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000"], 0x28}, 0x1, 0x0, 0x0, 0x4000840}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000040), &(0x7f00000000c0)=0x14)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlock(&(0x7f0000d9f000/0x3000)=nil, 0x3000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
munlockall()
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xa0, r1, 0x800, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5a7d, 0x7}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x68}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x71}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x12}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x20}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x36}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4004085}, 0x200408c0)
mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x400408, &(0x7f0000000cc0)=ANY=[@ANYRESHEX=0xee00])

223.34098ms ago: executing program 5 (id=7547):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000001f)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000024)

0s ago: executing program 5 (id=7548):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x208282, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r1, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r1, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

kernel console output (not intermixed with test programs):

ntered disabled state
[  914.927244][T29902] bridge_slave_1: entered allmulticast mode
[  914.935954][T29902] bridge_slave_1: entered promiscuous mode
[  914.979722][T29902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  914.993315][T29902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  915.045643][T29902] team0: Port device team_slave_0 added
[  915.057494][T29902] team0: Port device team_slave_1 added
[  915.101448][T29902] batman_adv: batadv0: Adding interface: batadv_slave_0
[  915.111343][T29902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.142498][T29902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  915.157018][T29902] batman_adv: batadv0: Adding interface: batadv_slave_1
[  915.164605][T29902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.191017][T29902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  915.301475][T30159] vxcan1: tx drop: invalid da for name 0x0000000000000003
[  915.323354][T30159] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7112'.
[  915.347684][T29902] hsr_slave_0: entered promiscuous mode
[  915.362341][T29902] hsr_slave_1: entered promiscuous mode
[  915.368784][T29902] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  915.383899][T29902] Cannot create hsr debugfs directory
[  915.458919][T30171] FAULT_INJECTION: forcing a failure.
[  915.458919][T30171] name failslab, interval 1, probability 0, space 0, times 0
[  915.475330][ T3493] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  915.490336][T30171] CPU: 1 UID: 0 PID: 30171 Comm: syz.5.7113 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  915.490378][T30171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  915.490391][T30171] Call Trace:
[  915.490398][T30171]  <TASK>
[  915.490404][T30171]  dump_stack_lvl+0x189/0x250
[  915.490426][T30171]  ? __pfx____ratelimit+0x10/0x10
[  915.490461][T30171]  ? __pfx_dump_stack_lvl+0x10/0x10
[  915.490477][T30171]  ? __pfx__printk+0x10/0x10
[  915.490499][T30171]  ? __pfx___might_resched+0x10/0x10
[  915.490514][T30171]  ? fs_reclaim_acquire+0x7d/0x100
[  915.490540][T30171]  should_fail_ex+0x414/0x560
[  915.490562][T30171]  should_failslab+0xa8/0x100
[  915.490584][T30171]  kmem_cache_alloc_noprof+0x73/0x3c0
[  915.490601][T30171]  ? __pmd_alloc+0xc6/0x3b0
[  915.490621][T30171]  __pmd_alloc+0xc6/0x3b0
[  915.490640][T30171]  __handle_mm_fault+0xa63/0x5620
[  915.490662][T30171]  ? mt_find+0x46f/0x5f0
[  915.490683][T30171]  ? __pfx___handle_mm_fault+0x10/0x10
[  915.490712][T30171]  ? find_vma+0xe7/0x160
[  915.490728][T30171]  ? __pfx_find_vma+0x10/0x10
[  915.490765][T30171]  handle_mm_fault+0x40a/0x8e0
[  915.490792][T30171]  do_user_addr_fault+0x764/0x1390
[  915.490853][T30171]  exc_page_fault+0x76/0xf0
[  915.490898][T30171]  ? __might_fault+0xb0/0x130
[  915.490924][T30171]  asm_exc_page_fault+0x26/0x30
[  915.490942][T30171] RIP: 0010:__get_user_1+0x14/0x30
[  915.490970][T30171] Code: ff ff ff cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90
[  915.490988][T30171] RSP: 0018:ffffc9000fbc7c80 EFLAGS: 00050283
[  915.491007][T30171] RAX: 0000200000001080 RBX: ffff888079909800 RCX: db09007b249a2a00
[  915.491034][T30171] RDX: 00007ffffffff000 RSI: ffffffff8dc3afeb RDI: ffffffff8be41840
[  915.491050][T30171] RBP: 00000000000089e0 R08: 0000000000000000 R09: ffffffff820c9120
[  915.491063][T30171] R10: 00000000000089e1 R11: 0000000000000000 R12: dffffc0000000000
[  915.491078][T30171] R13: ffffffff8cadf048 R14: 0000200000001080 R15: dffffc0000000000
[  915.491100][T30171]  ? __might_fault+0xb0/0x130
[  915.491132][T30171]  rds_ioctl+0xfe/0x2b0
[  915.491164][T30171]  sock_do_ioctl+0xd9/0x300
[  915.491187][T30171]  ? __pfx_sock_do_ioctl+0x10/0x10
[  915.491204][T30171]  ? __lock_acquire+0xab9/0xd20
[  915.491241][T30171]  sock_ioctl+0x576/0x790
[  915.491275][T30171]  ? __pfx_sock_ioctl+0x10/0x10
[  915.491306][T30171]  ? __fget_files+0x2a/0x420
[  915.491335][T30171]  ? __fget_files+0x3a0/0x420
[  915.491364][T30171]  ? __fget_files+0x2a/0x420
[  915.491396][T30171]  ? bpf_lsm_file_ioctl+0x9/0x20
[  915.491417][T30171]  ? __pfx_sock_ioctl+0x10/0x10
[  915.491447][T30171]  __se_sys_ioctl+0xfc/0x170
[  915.491475][T30171]  do_syscall_64+0xfa/0x3b0
[  915.491493][T30171]  ? lockdep_hardirqs_on+0x9c/0x150
[  915.491524][T30171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.491544][T30171]  ? clear_bhb_loop+0x60/0xb0
[  915.491569][T30171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.491588][T30171] RIP: 0033:0x7f7cde18e929
[  915.491604][T30171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  915.491621][T30171] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  915.491641][T30171] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  915.491656][T30171] RDX: 0000200000001080 RSI: 00000000000089e0 RDI: 0000000000000003
[  915.491669][T30171] RBP: 00007f7cdbff6090 R08: 0000000000000000 R09: 0000000000000000
[  915.491681][T30171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  915.491694][T30171] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  915.491725][T30171]  </TASK>
[  915.953961][T30173] validate_nla: 1 callbacks suppressed
[  915.953982][T30173] netlink: 'syz.6.7114': attribute type 10 has an invalid length.
[  915.989078][   T10] usb 3-1: USB disconnect, device number 27
[  916.094872][ T3493] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.267943][ T3493] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.500846][ T3493] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.600746][ T5840] Bluetooth: hci4: command tx timeout
[  916.954999][ T3493] bridge_slave_1: left allmulticast mode
[  916.965756][ T3493] bridge_slave_1: left promiscuous mode
[  916.972635][ T3493] bridge0: port 2(bridge_slave_1) entered disabled state
[  917.027934][ T3493] bridge_slave_0: left allmulticast mode
[  917.051890][ T3493] bridge_slave_0: left promiscuous mode
[  917.061231][ T3493] bridge0: port 1(bridge_slave_0) entered disabled state
[  917.560626][ T5884] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  917.707988][ T3493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  917.720395][ T3493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  917.729341][ T5884] usb 6-1: Using ep0 maxpacket: 8
[  917.736966][ T5884] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  917.746802][ T3493] bond0 (unregistering): Released all slaves
[  917.753441][ T5884] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  917.768939][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.799159][ T5884] usb 6-1: config 0 descriptor??
[  917.863163][T12387] ip6gretap0 speed is unknown, defaulting to 1000
[  917.890551][T12387] infiniband syz2: ib_query_port failed (-19)
[  918.002493][ T3493] : left promiscuous mode
[  918.448282][T30335] FAULT_INJECTION: forcing a failure.
[  918.448282][T30335] name failslab, interval 1, probability 0, space 0, times 0
[  918.468251][T30335] CPU: 0 UID: 0 PID: 30335 Comm: syz.6.7128 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  918.468279][T30335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  918.468291][T30335] Call Trace:
[  918.468310][T30335]  <TASK>
[  918.468317][T30335]  dump_stack_lvl+0x189/0x250
[  918.468343][T30335]  ? __pfx____ratelimit+0x10/0x10
[  918.468373][T30335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.468394][T30335]  ? __pfx__printk+0x10/0x10
[  918.468421][T30335]  ? ref_tracker_alloc+0x318/0x460
[  918.468449][T30335]  should_fail_ex+0x414/0x560
[  918.468474][T30335]  should_failslab+0xa8/0x100
[  918.468499][T30335]  kmem_cache_alloc_noprof+0x73/0x3c0
[  918.468519][T30335]  ? skb_clone+0x212/0x3a0
[  918.468548][T30335]  skb_clone+0x212/0x3a0
[  918.468576][T30335]  __netlink_deliver_tap+0x404/0x850
[  918.468608][T30335]  ? netlink_deliver_tap+0x2e/0x1b0
[  918.468631][T30335]  netlink_deliver_tap+0x19c/0x1b0
[  918.468654][T30335]  netlink_unicast+0x72f/0x8d0
[  918.468683][T30335]  netlink_sendmsg+0x805/0xb30
[  918.468714][T30335]  ? __pfx_netlink_sendmsg+0x10/0x10
[  918.468740][T30335]  ? aa_sock_msg_perm+0x94/0x160
[  918.468761][T30335]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  918.468798][T30335]  ? __pfx_netlink_sendmsg+0x10/0x10
[  918.468823][T30335]  __sock_sendmsg+0x219/0x270
[  918.468844][T30335]  ____sys_sendmsg+0x505/0x830
[  918.468873][T30335]  ? __pfx_____sys_sendmsg+0x10/0x10
[  918.468905][T30335]  ? import_iovec+0x74/0xa0
[  918.468927][T30335]  ___sys_sendmsg+0x21f/0x2a0
[  918.468954][T30335]  ? __pfx____sys_sendmsg+0x10/0x10
[  918.469011][T30335]  ? __fget_files+0x2a/0x420
[  918.469038][T30335]  ? __fget_files+0x3a0/0x420
[  918.469074][T30335]  __x64_sys_sendmsg+0x19b/0x260
[  918.469102][T30335]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  918.469135][T30335]  ? __pfx_ksys_write+0x10/0x10
[  918.469156][T30335]  ? rcu_is_watching+0x15/0xb0
[  918.469182][T30335]  ? do_syscall_64+0xbe/0x3b0
[  918.469203][T30335]  do_syscall_64+0xfa/0x3b0
[  918.469219][T30335]  ? lockdep_hardirqs_on+0x9c/0x150
[  918.469247][T30335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.469264][T30335]  ? clear_bhb_loop+0x60/0xb0
[  918.469286][T30335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.469304][T30335] RIP: 0033:0x7f634998e929
[  918.469320][T30335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.469336][T30335] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  918.469355][T30335] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  918.469369][T30335] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 0000000000000003
[  918.469381][T30335] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  918.469392][T30335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.469403][T30335] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  918.469431][T30335]  </TASK>
[  918.784730][ T5840] Bluetooth: hci4: command tx timeout
[  919.085150][ T3493] hsr_slave_0: left promiscuous mode
[  919.125409][ T3493] hsr_slave_1: left promiscuous mode
[  919.145417][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  919.177509][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_0
[  919.207144][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  919.240240][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  919.293536][ T3493] veth1_macvtap: left promiscuous mode
[  919.301464][ T3493] veth0_macvtap: left promiscuous mode
[  919.308521][ T3493] veth1_vlan: left promiscuous mode
[  919.314936][ T3493] veth0_vlan: left promiscuous mode
[  919.789756][T30372] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7136'.
[  919.819307][T30372] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7136'.
[  920.036248][ T3493] team0 (unregistering): Port device team_slave_1 removed
[  920.097462][ T3493] team0 (unregistering): Port device team_slave_0 removed
[  920.358575][T19284] usb 6-1: USB disconnect, device number 84
[  920.493829][T30387] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  920.831170][ T5840] Bluetooth: hci4: command tx timeout
[  920.838670][T29902] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  920.907857][T30402] tipc: Started in network mode
[  920.940407][T30402] tipc: Node identity 7f000001, cluster identity 4711
[  920.977488][T30402] tipc: New replicast peer: 0.0.0.0
[  920.986712][T30402] tipc: Enabled bearer <udp:syz2>, priority 7
[  921.025294][T29902] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  921.044421][   T36] Bluetooth: hci6: Frame reassembly failed (-84)
[  921.082455][T29902] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  921.105769][T29902] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  921.143658][T12387] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  921.286092][T29902] 8021q: adding VLAN 0 to HW filter on device bond0
[  921.302268][T12387] usb 6-1: config 0 has no interfaces?
[  921.312456][ T3493] IPVS: stop unused estimator thread 0...
[  921.321116][T12387] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  921.344553][T29902] 8021q: adding VLAN 0 to HW filter on device team0
[  921.351305][T12387] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.363879][T12387] usb 6-1: config 0 descriptor??
[  921.377412][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  921.384661][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  921.442653][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  921.449874][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  921.543814][T29902] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  921.564484][T29902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  921.646559][T30410] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7139'.
[  921.663106][T30410] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7139'.
[  921.674908][ T5884] usb 6-1: USB disconnect, device number 85
[  921.678615][T30402] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7139'.
[  921.897586][T29902] 8021q: adding VLAN 0 to HW filter on device batadv0
[  921.975238][T30454] FAULT_INJECTION: forcing a failure.
[  921.975238][T30454] name failslab, interval 1, probability 0, space 0, times 0
[  921.982087][T29902] veth0_vlan: entered promiscuous mode
[  921.994268][T30454] CPU: 1 UID: 0 PID: 30454 Comm: syz.6.7143 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  921.994293][T30454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  921.994310][T30454] Call Trace:
[  921.994318][T30454]  <TASK>
[  921.994325][T30454]  dump_stack_lvl+0x189/0x250
[  921.994350][T30454]  ? __pfx____ratelimit+0x10/0x10
[  921.994379][T30454]  ? __pfx_dump_stack_lvl+0x10/0x10
[  921.994399][T30454]  ? __pfx__printk+0x10/0x10
[  921.994432][T30454]  ? __pfx___might_resched+0x10/0x10
[  921.994457][T30454]  should_fail_ex+0x414/0x560
[  921.994484][T30454]  should_failslab+0xa8/0x100
[  921.994509][T30454]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  921.994532][T30454]  ? __alloc_skb+0x112/0x2d0
[  921.994563][T30454]  __alloc_skb+0x112/0x2d0
[  921.994588][T30454]  netlink_sendmsg+0x5c6/0xb30
[  921.994620][T30454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  921.994646][T30454]  ? aa_sock_msg_perm+0x94/0x160
[  921.994668][T30454]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  921.994696][T30454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  921.994719][T30454]  __sock_sendmsg+0x219/0x270
[  921.994740][T30454]  ____sys_sendmsg+0x505/0x830
[  921.994769][T30454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  921.994801][T30454]  ? import_iovec+0x74/0xa0
[  921.994824][T30454]  ___sys_sendmsg+0x21f/0x2a0
[  921.994854][T30454]  ? __pfx____sys_sendmsg+0x10/0x10
[  921.994910][T30454]  ? __fget_files+0x2a/0x420
[  921.994936][T30454]  ? __fget_files+0x3a0/0x420
[  921.994976][T30454]  __x64_sys_sendmsg+0x19b/0x260
[  921.995002][T30454]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  921.995039][T30454]  ? __pfx_ksys_write+0x10/0x10
[  921.995060][T30454]  ? rcu_is_watching+0x15/0xb0
[  921.995085][T30454]  ? do_syscall_64+0xbe/0x3b0
[  921.995106][T30454]  do_syscall_64+0xfa/0x3b0
[  921.995121][T30454]  ? lockdep_hardirqs_on+0x9c/0x150
[  921.995148][T30454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  921.995165][T30454]  ? clear_bhb_loop+0x60/0xb0
[  921.995187][T30454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  921.995204][T30454] RIP: 0033:0x7f634998e929
[  921.995219][T30454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  921.995235][T30454] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  921.995254][T30454] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  921.995268][T30454] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  921.995279][T30454] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  921.995290][T30454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  921.995300][T30454] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  921.995327][T30454]  </TASK>
[  922.025722][T29902] veth1_vlan: entered promiscuous mode
[  922.028635][    C1] vkms_vblank_simulate: vblank timer overrun
[  922.083137][T29902] veth0_macvtap: entered promiscuous mode
[  922.087634][    C1] vkms_vblank_simulate: vblank timer overrun
[  922.107119][T29902] veth1_macvtap: entered promiscuous mode
[  922.207839][    C1] vkms_vblank_simulate: vblank timer overrun
[  922.302867][    C1] vkms_vblank_simulate: vblank timer overrun
[  922.311877][T12387] tipc: Node number set to 2130706433
[  922.355898][T29902] batman_adv: batadv0: Interface activated: batadv_slave_0
[  922.368537][T29902] batman_adv: batadv0: Interface activated: batadv_slave_1
[  922.387964][T29902] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  922.396770][T29902] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  922.407290][T29902] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  922.416061][T29902] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  922.507101][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  922.523768][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.556515][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  922.564616][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.580560][   T24] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  922.634534][T30475] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7105'.
[  922.722381][   T24] usb 7-1: device descriptor read/64, error -71
[  922.910620][T19284] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  922.920490][ T5842] Bluetooth: hci4: command tx timeout
[  922.960240][   T24] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  923.040342][T30491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7148'.
[  923.066335][T19284] usb 6-1: Using ep0 maxpacket: 8
[  923.071924][ T5842] Bluetooth: hci6: command 0x1003 tx timeout
[  923.082345][T19284] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  923.084206][ T5840] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  923.109341][   T24] usb 7-1: device descriptor read/64, error -71
[  923.158194][T19284] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  923.190733][T19284] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.232294][T19284] usb 6-1: config 0 descriptor??
[  923.280583][   T24] usb usb7-port1: attempt power cycle
[  923.620499][   T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  923.662383][   T24] usb 7-1: device descriptor read/8, error -71
[  923.900335][   T24] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  923.920943][   T24] usb 7-1: device descriptor read/8, error -71
[  924.030864][   T24] usb usb7-port1: unable to enumerate USB device
[  925.171757][T30520] FAULT_INJECTION: forcing a failure.
[  925.171757][T30520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  925.195077][T30520] CPU: 0 UID: 0 PID: 30520 Comm: syz.0.7157 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  925.195104][T30520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  925.195116][T30520] Call Trace:
[  925.195124][T30520]  <TASK>
[  925.195131][T30520]  dump_stack_lvl+0x189/0x250
[  925.195157][T30520]  ? __pfx____ratelimit+0x10/0x10
[  925.195186][T30520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  925.195207][T30520]  ? __pfx__printk+0x10/0x10
[  925.195227][T30520]  ? __might_fault+0xb0/0x130
[  925.195266][T30520]  should_fail_ex+0x414/0x560
[  925.195294][T30520]  _copy_from_user+0x2d/0xb0
[  925.195314][T30520]  do_sock_getsockopt+0x1cd/0x650
[  925.195342][T30520]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  925.195365][T30520]  ? do_syscall_64+0x40/0x3b0
[  925.195383][T30520]  ? __fget_files+0x3a0/0x420
[  925.195408][T30520]  ? __fget_files+0x2a/0x420
[  925.195441][T30520]  __x64_sys_getsockopt+0x1a5/0x250
[  925.195465][T30520]  ? do_syscall_64+0x40/0x3b0
[  925.195484][T30520]  ? do_syscall_64+0x40/0x3b0
[  925.195505][T30520]  do_syscall_64+0xfa/0x3b0
[  925.195521][T30520]  ? lockdep_hardirqs_on+0x9c/0x150
[  925.195548][T30520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.195566][T30520]  ? clear_bhb_loop+0x60/0xb0
[  925.195588][T30520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.195605][T30520] RIP: 0033:0x7f5fb1b8e929
[  925.195621][T30520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  925.195637][T30520] RSP: 002b:00007f5fb29b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  925.195656][T30520] RAX: ffffffffffffffda RBX: 00007f5fb1db5fa0 RCX: 00007f5fb1b8e929
[  925.195670][T30520] RDX: 0000000000000014 RSI: 0000000000000084 RDI: 0000000000000003
[  925.195679][T30520] RBP: 00007f5fb29b2090 R08: 0000200000000040 R09: 0000000000000000
[  925.195690][T30520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  925.195701][T30520] R13: 0000000000000000 R14: 00007f5fb1db5fa0 R15: 00007ffff9abde38
[  925.195728][T30520]  </TASK>
[  925.587579][T30531] tmpfs: Unknown parameter 'usrquotaÏ°P7«Âuv�ŠF#�ɱDµûÔ½Õ‡tÔˆ¦Ä‚¸nÙæî*ì#¾÷ÆY¡W«Åå©ï»µÃ˜¹4–M³òw·„ŽŠäøVª(U£Eû±Åô à"”È›up †>4Õ[.l(2Û‚„u¬B2BW&Ù^Å|‘ØE&á«]ø)(wÃE´¤Ä#Yóyo¦t'
[  925.711568][T27641] usb 6-1: USB disconnect, device number 86
[  925.820948][ T5884] IPVS: starting estimator thread 0...
[  925.920196][T30560] IPVS: using max 31 ests per chain, 74400 per kthread
[  925.963436][T30568] FAULT_INJECTION: forcing a failure.
[  925.963436][T30568] name failslab, interval 1, probability 0, space 0, times 0
[  925.979824][T30568] CPU: 1 UID: 0 PID: 30568 Comm: syz.6.7168 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  925.979848][T30568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  925.979860][T30568] Call Trace:
[  925.979867][T30568]  <TASK>
[  925.979875][T30568]  dump_stack_lvl+0x189/0x250
[  925.979900][T30568]  ? __pfx____ratelimit+0x10/0x10
[  925.979929][T30568]  ? __pfx_dump_stack_lvl+0x10/0x10
[  925.979949][T30568]  ? __pfx__printk+0x10/0x10
[  925.979974][T30568]  ? __pfx___might_resched+0x10/0x10
[  925.979999][T30568]  should_fail_ex+0x414/0x560
[  925.980027][T30568]  should_failslab+0xa8/0x100
[  925.980052][T30568]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  925.980074][T30568]  ? __alloc_skb+0x112/0x2d0
[  925.980104][T30568]  __alloc_skb+0x112/0x2d0
[  925.980130][T30568]  netlink_sendmsg+0x5c6/0xb30
[  925.980161][T30568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  925.980195][T30568]  ? aa_sock_msg_perm+0x94/0x160
[  925.980216][T30568]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  925.980243][T30568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  925.980266][T30568]  __sock_sendmsg+0x219/0x270
[  925.980287][T30568]  ____sys_sendmsg+0x505/0x830
[  925.980315][T30568]  ? __pfx_____sys_sendmsg+0x10/0x10
[  925.980347][T30568]  ? import_iovec+0x74/0xa0
[  925.980368][T30568]  ___sys_sendmsg+0x21f/0x2a0
[  925.980393][T30568]  ? __pfx____sys_sendmsg+0x10/0x10
[  925.980449][T30568]  ? __fget_files+0x2a/0x420
[  925.980474][T30568]  ? __fget_files+0x3a0/0x420
[  925.980509][T30568]  __x64_sys_sendmsg+0x19b/0x260
[  925.980536][T30568]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  925.980568][T30568]  ? __pfx_ksys_write+0x10/0x10
[  925.980591][T30568]  ? rcu_is_watching+0x15/0xb0
[  925.980616][T30568]  ? do_syscall_64+0xbe/0x3b0
[  925.980638][T30568]  do_syscall_64+0xfa/0x3b0
[  925.980654][T30568]  ? lockdep_hardirqs_on+0x9c/0x150
[  925.980681][T30568]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.980698][T30568]  ? clear_bhb_loop+0x60/0xb0
[  925.980719][T30568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.980736][T30568] RIP: 0033:0x7f634998e929
[  925.980752][T30568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  925.980768][T30568] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  925.980787][T30568] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  925.980800][T30568] RDX: 0000000004005000 RSI: 0000200000000440 RDI: 0000000000000003
[  925.980812][T30568] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  925.980823][T30568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  925.980833][T30568] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  925.980859][T30568]  </TASK>
[  926.040793][   T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  926.043593][    C1] vkms_vblank_simulate: vblank timer overrun
[  926.240707][   T10] usb 3-1: device descriptor read/64, error -71
[  926.245654][    C1] vkms_vblank_simulate: vblank timer overrun
[  926.374529][    C1] vkms_vblank_simulate: vblank timer overrun
[  926.511110][   T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  926.665983][T30583] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  926.675874][   T10] usb 3-1: device descriptor read/64, error -71
[  926.810380][ T5884] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  926.818319][   T10] usb usb3-port1: attempt power cycle
[  926.950463][T19284] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[  926.977879][ T5884] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  926.991369][ T5884] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  927.011303][ T5884] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  927.025554][ T5884] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.034306][ T5884] usb 7-1: Product: syz
[  927.038779][ T5884] usb 7-1: Manufacturer: syz
[  927.049642][ T5884] usb 7-1: SerialNumber: syz
[  927.120941][T19284] usb 6-1: Using ep0 maxpacket: 8
[  927.141540][T19284] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  927.151275][T19284] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  927.161349][T19284] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.171334][   T10] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  927.180380][T19284] usb 6-1: config 0 descriptor??
[  927.220939][   T10] usb 3-1: device descriptor read/8, error -71
[  927.464696][ T5884] usb 7-1: cannot find UAC_HEADER
[  927.475860][   T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  927.503888][   T10] usb 3-1: device descriptor read/8, error -71
[  927.509461][T30628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7180'.
[  927.511516][ T5884] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -22
[  927.537139][ T5884] usb 7-1: USB disconnect, device number 15
[  927.571777][T22347] udevd[22347]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  927.612936][   T10] usb usb3-port1: unable to enumerate USB device
[  928.035317][T30642] binder: 30641:30642 ioctl 9408 0 returned -22
[  928.042585][T30642] binder: 30641:30642 ioctl c0306201 2000000002c0 returned -14
[  928.867210][T30680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7189'.
[  929.383117][ T5867] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  929.540207][ T5867] usb 3-1: Using ep0 maxpacket: 16
[  929.548658][ T5867] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  929.561152][T30716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7199'.
[  929.572905][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  929.606940][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  929.619168][ T5867] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  929.637228][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  929.666147][ T5867] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  929.676309][ T5867] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  929.693194][ T5867] usb 3-1: Manufacturer: syz
[  929.747198][T19284] usb 6-1: USB disconnect, device number 87
[  929.770905][ T5867] usb 3-1: config 0 descriptor??
[  929.818304][T30729] FAULT_INJECTION: forcing a failure.
[  929.818304][T30729] name failslab, interval 1, probability 0, space 0, times 0
[  929.854978][T30729] CPU: 0 UID: 0 PID: 30729 Comm: syz.0.7201 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  929.855012][T30729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  929.855022][T30729] Call Trace:
[  929.855030][T30729]  <TASK>
[  929.855038][T30729]  dump_stack_lvl+0x189/0x250
[  929.855064][T30729]  ? __pfx____ratelimit+0x10/0x10
[  929.855092][T30729]  ? __pfx_dump_stack_lvl+0x10/0x10
[  929.855113][T30729]  ? __pfx__printk+0x10/0x10
[  929.855140][T30729]  ? __pfx___might_resched+0x10/0x10
[  929.855165][T30729]  should_fail_ex+0x414/0x560
[  929.855193][T30729]  ? seq_read_iter+0x1fd/0xe10
[  929.855212][T30729]  should_failslab+0xa8/0x100
[  929.855237][T30729]  __kvmalloc_node_noprof+0x161/0x5f0
[  929.855261][T30729]  ? seq_read_iter+0x1fd/0xe10
[  929.855281][T30729]  ? aa_file_perm+0x11f/0xed0
[  929.855305][T30729]  seq_read_iter+0x1fd/0xe10
[  929.855337][T30729]  ? __asan_memset+0x22/0x50
[  929.855371][T30729]  seq_read+0x2e2/0x3d0
[  929.855413][T30729]  ? __pfx_seq_read+0x10/0x10
[  929.855454][T30729]  ? rw_verify_area+0x258/0x650
[  929.855476][T30729]  ? __pfx_seq_read+0x10/0x10
[  929.855499][T30729]  vfs_read+0x1fd/0x980
[  929.855527][T30729]  ? __pfx___mutex_lock+0x10/0x10
[  929.855546][T30729]  ? __pfx_vfs_read+0x10/0x10
[  929.855570][T30729]  ? __fget_files+0x2a/0x420
[  929.855601][T30729]  ? __fget_files+0x3a0/0x420
[  929.855626][T30729]  ? __fget_files+0x2a/0x420
[  929.855659][T30729]  ksys_read+0x145/0x250
[  929.855685][T30729]  ? __pfx_ksys_read+0x10/0x10
[  929.855705][T30729]  ? rcu_is_watching+0x15/0xb0
[  929.855731][T30729]  ? do_syscall_64+0xbe/0x3b0
[  929.855752][T30729]  do_syscall_64+0xfa/0x3b0
[  929.855769][T30729]  ? lockdep_hardirqs_on+0x9c/0x150
[  929.855796][T30729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.855815][T30729]  ? clear_bhb_loop+0x60/0xb0
[  929.855836][T30729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.855853][T30729] RIP: 0033:0x7f5fb1b8e929
[  929.855868][T30729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  929.855888][T30729] RSP: 002b:00007f5fb29b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  929.855906][T30729] RAX: ffffffffffffffda RBX: 00007f5fb1db5fa0 RCX: 00007f5fb1b8e929
[  929.855937][T30729] RDX: 0000000000000039 RSI: 00002000000004c0 RDI: 0000000000000004
[  929.855951][T30729] RBP: 00007f5fb29b2090 R08: 0000000000000000 R09: 0000000000000000
[  929.855965][T30729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  929.855978][T30729] R13: 0000000000000000 R14: 00007f5fb1db5fa0 R15: 00007ffff9abde38
[  929.856016][T30729]  </TASK>
[  930.240451][ T5867] rc_core: IR keymap rc-hauppauge not found
[  930.246439][ T5867] Registered IR keymap rc-empty
[  930.276124][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.300889][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.327262][ T5867] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  930.331897][T30746] FAULT_INJECTION: forcing a failure.
[  930.331897][T30746] name failslab, interval 1, probability 0, space 0, times 0
[  930.351950][T30746] CPU: 0 UID: 0 PID: 30746 Comm: syz.5.7207 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  930.351972][T30746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  930.351983][T30746] Call Trace:
[  930.351990][T30746]  <TASK>
[  930.351997][T30746]  dump_stack_lvl+0x189/0x250
[  930.352020][T30746]  ? __pfx____ratelimit+0x10/0x10
[  930.352047][T30746]  ? __pfx_dump_stack_lvl+0x10/0x10
[  930.352067][T30746]  ? __pfx__printk+0x10/0x10
[  930.352090][T30746]  ? __pfx___might_resched+0x10/0x10
[  930.352108][T30746]  ? fs_reclaim_acquire+0x7d/0x100
[  930.352135][T30746]  should_fail_ex+0x414/0x560
[  930.352161][T30746]  should_failslab+0xa8/0x100
[  930.352184][T30746]  __kmalloc_cache_noprof+0x70/0x3d0
[  930.352204][T30746]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  930.352227][T30746]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  930.352254][T30746]  sctp_association_new+0x15d3/0x25f0
[  930.352291][T30746]  sctp_connect_new_asoc+0x2c5/0x690
[  930.352317][T30746]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  930.352340][T30746]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  930.352362][T30746]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  930.352383][T30746]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  930.352405][T30746]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  930.352422][T30746]  ? security_sctp_bind_connect+0x7e/0x2e0
[  930.352451][T30746]  sctp_sendmsg+0x155c/0x2810
[  930.352483][T30746]  ? __pfx_sctp_sendmsg+0x10/0x10
[  930.352508][T30746]  ? aa_sk_perm+0x81e/0x950
[  930.352529][T30746]  ? __pfx_aa_sk_perm+0x10/0x10
[  930.352558][T30746]  ? sock_rps_record_flow+0x19/0x410
[  930.352578][T30746]  ? inet_sendmsg+0x2f4/0x370
[  930.352594][T30746]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  930.352623][T30746]  __sock_sendmsg+0x19c/0x270
[  930.352643][T30746]  ____sys_sendmsg+0x52d/0x830
[  930.352671][T30746]  ? __pfx_____sys_sendmsg+0x10/0x10
[  930.352701][T30746]  ? import_iovec+0x74/0xa0
[  930.352735][T30746]  ___sys_sendmsg+0x21f/0x2a0
[  930.352759][T30746]  ? __pfx____sys_sendmsg+0x10/0x10
[  930.352814][T30746]  ? __fget_files+0x2a/0x420
[  930.352838][T30746]  ? __fget_files+0x3a0/0x420
[  930.352873][T30746]  __sys_sendmmsg+0x227/0x430
[  930.352900][T30746]  ? __pfx___sys_sendmmsg+0x10/0x10
[  930.352921][T30746]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  930.352961][T30746]  ? ksys_write+0x22a/0x250
[  930.352985][T30746]  ? __pfx_ksys_write+0x10/0x10
[  930.353005][T30746]  ? rcu_is_watching+0x15/0xb0
[  930.353030][T30746]  __x64_sys_sendmmsg+0xa0/0xc0
[  930.353055][T30746]  do_syscall_64+0xfa/0x3b0
[  930.353072][T30746]  ? lockdep_hardirqs_on+0x9c/0x150
[  930.353097][T30746]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.353114][T30746]  ? clear_bhb_loop+0x60/0xb0
[  930.353135][T30746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.353151][T30746] RIP: 0033:0x7f7cde18e929
[  930.353167][T30746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  930.353182][T30746] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  930.353200][T30746] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  930.353213][T30746] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000003
[  930.353224][T30746] RBP: 00007f7cdbff6090 R08: 0000000000000000 R09: 0000000000000000
[  930.353234][T30746] R10: 0000000034000091 R11: 0000000000000246 R12: 0000000000000001
[  930.353244][T30746] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  930.353270][T30746]  </TASK>
[  930.698552][ T5867] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input82
[  930.718375][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.740384][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.780262][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.810072][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.841509][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.855627][T30762] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7208'.
[  930.892742][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.953680][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  930.992031][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  931.030877][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  931.050327][T27641] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  931.060378][ T5867] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  931.108831][ T5867] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  931.128721][ T5867] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  931.200552][T27641] usb 1-1: Using ep0 maxpacket: 8
[  931.232554][T27641] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  931.244233][T27641] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  931.293383][T27641] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  931.319333][T27641] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  931.333017][T27641] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  931.346670][T27641] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  931.376949][T27641] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.486036][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  931.494099][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  931.645361][T27641] usb 1-1: usb_control_msg returned -32
[  931.658528][T27641] usbtmc 1-1:16.0: can't read capabilities
[  932.041201][T19284] usb 3-1: USB disconnect, device number 32
[  932.102925][T30828] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7219'.
[  932.241411][T30837] FAULT_INJECTION: forcing a failure.
[  932.241411][T30837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  932.255822][T30837] CPU: 1 UID: 0 PID: 30837 Comm: syz.6.7222 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  932.255845][T30837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  932.255857][T30837] Call Trace:
[  932.255864][T30837]  <TASK>
[  932.255872][T30837]  dump_stack_lvl+0x189/0x250
[  932.255897][T30837]  ? __pfx____ratelimit+0x10/0x10
[  932.255946][T30837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  932.255987][T30837]  ? __pfx__printk+0x10/0x10
[  932.256023][T30837]  should_fail_ex+0x414/0x560
[  932.256055][T30837]  _copy_to_user+0x31/0xb0
[  932.256079][T30837]  put_itimerspec64+0x168/0x1d0
[  932.256101][T30837]  ? __pfx_put_itimerspec64+0x10/0x10
[  932.256125][T30837]  ? preempt_schedule_thunk+0x16/0x30
[  932.256164][T30837]  __x64_sys_timer_gettime+0x14c/0x1d0
[  932.256194][T30837]  ? __pfx___x64_sys_timer_gettime+0x10/0x10
[  932.256235][T30837]  ? do_syscall_64+0xbe/0x3b0
[  932.256260][T30837]  do_syscall_64+0xfa/0x3b0
[  932.256279][T30837]  ? lockdep_hardirqs_on+0x9c/0x150
[  932.256310][T30837]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.256330][T30837]  ? clear_bhb_loop+0x60/0xb0
[  932.256355][T30837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.256375][T30837] RIP: 0033:0x7f634998e929
[  932.256393][T30837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  932.256411][T30837] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e0
[  932.256434][T30837] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  932.256449][T30837] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000000
[  932.256463][T30837] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  932.256476][T30837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  932.256489][T30837] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  932.256521][T30837]  </TASK>
[  932.630452][T19284] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  932.701501][T30851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  932.784971][T19284] usb 3-1: config 1 interface 0 altsetting 248 bulk endpoint 0x82 has invalid maxpacket 64
[  932.795352][T19284] usb 3-1: config 1 interface 0 altsetting 248 bulk endpoint 0x3 has invalid maxpacket 8
[  932.817811][T19284] usb 3-1: config 1 interface 0 has no altsetting 0
[  932.819668][T30864] FAULT_INJECTION: forcing a failure.
[  932.819668][T30864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  932.843164][T19284] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  932.847371][T30864] CPU: 0 UID: 0 PID: 30864 Comm: syz.6.7229 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  932.847398][T30864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  932.847411][T30864] Call Trace:
[  932.847420][T30864]  <TASK>
[  932.847429][T30864]  dump_stack_lvl+0x189/0x250
[  932.847460][T30864]  ? __pfx____ratelimit+0x10/0x10
[  932.847502][T30864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  932.847527][T30864]  ? __pfx__printk+0x10/0x10
[  932.847550][T30864]  ? __might_fault+0xb0/0x130
[  932.847584][T30864]  should_fail_ex+0x414/0x560
[  932.847616][T30864]  _copy_from_user+0x2d/0xb0
[  932.847638][T30864]  ___sys_sendmsg+0x158/0x2a0
[  932.847669][T30864]  ? __pfx____sys_sendmsg+0x10/0x10
[  932.847731][T30864]  ? __fget_files+0x2a/0x420
[  932.847757][T30864]  ? __fget_files+0x3a0/0x420
[  932.847797][T30864]  __x64_sys_sendmsg+0x19b/0x260
[  932.847827][T30864]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  932.847865][T30864]  ? __pfx_ksys_write+0x10/0x10
[  932.847888][T30864]  ? rcu_is_watching+0x15/0xb0
[  932.847918][T30864]  ? do_syscall_64+0xbe/0x3b0
[  932.847942][T30864]  do_syscall_64+0xfa/0x3b0
[  932.847960][T30864]  ? lockdep_hardirqs_on+0x9c/0x150
[  932.847990][T30864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.848011][T30864]  ? clear_bhb_loop+0x60/0xb0
[  932.848035][T30864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.848053][T30864] RIP: 0033:0x7f634998e929
[  932.848072][T30864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  932.848106][T30864] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  932.848130][T30864] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  932.848147][T30864] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  932.848160][T30864] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  932.848174][T30864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  932.848186][T30864] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  932.848218][T30864]  </TASK>
[  933.035244][T30868] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7230'.
[  933.044745][T19284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.095101][T19284] usb 3-1: Product: Э
[  933.099423][T19284] usb 3-1: Manufacturer: Ц
[  933.104136][T19284] usb 3-1: SerialNumber: �╭�쩹馰༣㺊�䋾갓뷭馵쬭퉗�㽵�㞶驳俭넶䩯ꇡ沧ᒇ鶺㖡�喕砃�咉��⊜禠ಹ��㧎⠷�쉼瀑퀭�쬲夙虀ﮣꯋ⯷�銱골쓥邆笛ࢽ�ࠟዔ⫹ݾ뉧抦扜湤볣挙ꊓง蕩絒녛㬩姽
[  933.144128][T30830] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  933.171912][T30830] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  933.367569][T30888] netlink: 'syz.5.7234': attribute type 1 has an invalid length.
[  933.378521][T30888] netlink: 'syz.5.7234': attribute type 2 has an invalid length.
[  933.404570][T19284] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  933.436724][T19284] usb 3-1: USB disconnect, device number 33
[  933.520852][   T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  933.714665][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  933.727235][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  933.737650][   T10] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  933.753143][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  933.763466][   T10] usb 7-1: config 0 descriptor??
[  933.805260][T30913] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7239'.
[  933.834920][ T5906] usb 1-1: USB disconnect, device number 53
[  934.094707][T30941] netlink: 'syz.0.7243': attribute type 1 has an invalid length.
[  934.102717][T30941] netlink: 'syz.0.7243': attribute type 2 has an invalid length.
[  934.177479][   T10] cm6533_jd 0003:0D8C:0022.0029: unknown main item tag 0x0
[  934.195368][   T10] cm6533_jd 0003:0D8C:0022.0029: unknown main item tag 0x0
[  934.210533][   T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.0029/input/input83
[  934.259430][   T10] cm6533_jd 0003:0D8C:0022.0029: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  934.263374][   T24] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[  934.397341][T30882] 8021q: VLANs not supported on gre0
[  934.443627][   T24] usb 6-1: Using ep0 maxpacket: 8
[  934.453113][   T24] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  934.465459][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  934.475239][   T24] usb 6-1: Product: syz
[  934.476273][   T10] usb 7-1: USB disconnect, device number 16
[  934.479416][   T24] usb 6-1: Manufacturer: syz
[  934.479434][   T24] usb 6-1: SerialNumber: syz
[  934.483789][   T24] usb 6-1: config 0 descriptor??
[  934.714086][   T24] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  935.184049][T30987] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7249'.
[  935.423405][T31007] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7254'.
[  935.843191][T30470] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  935.940691][   T24] usb write operation failed. (-71)
[  935.956516][   T24] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  935.978131][   T24] dvbdev: DVB: registering new adapter (Terratec H7)
[  936.002529][   T24] usb 6-1: media controller created
[  936.008399][   T24] usb read operation failed. (-71)
[  936.016381][   T24] usb write operation failed. (-71)
[  936.024948][T30470] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.043678][T30470] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.053683][   T24] dvb_usb_az6007 6-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  936.063912][T30470] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  936.074854][   T24] usb 6-1: USB disconnect, device number 88
[  936.081278][T30470] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.095806][T30470] usb 7-1: config 0 descriptor??
[  936.220241][T27641] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[  936.380962][T27641] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  936.388512][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  936.420922][T27641] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  936.434293][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  936.446265][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  936.458637][T27641] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  936.482289][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  936.510402][T27641] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  936.526410][T30470] cm6533_jd 0003:0D8C:0022.002A: unknown main item tag 0x0
[  936.537879][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  936.548752][T30470] cm6533_jd 0003:0D8C:0022.002A: unknown main item tag 0x0
[  936.564242][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  936.600450][T30470] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.002A/input/input84
[  936.608862][T27641] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  936.622534][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  936.633596][T27641] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  936.645984][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  936.688711][T27641] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  936.694556][T30470] cm6533_jd 0003:0D8C:0022.002A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  936.753055][T27641] usb 3-1: string descriptor 0 read error: -22
[  936.764925][T27641] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  936.775624][T27641] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.841521][T27641] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  936.845668][T31018] 8021q: VLANs not supported on gre0
[  937.062151][ T5867] usb 7-1: USB disconnect, device number 17
[  937.111781][T31092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7267'.
[  937.510769][T31028] netlink: 172 bytes leftover after parsing attributes in process `syz.2.7259'.
[  937.610245][T27641] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  937.711783][   T10] usb 3-1: USB disconnect, device number 34
[  937.783510][T27641] usb 6-1: Using ep0 maxpacket: 16
[  937.799489][T27641] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  937.813101][T27641] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  937.830052][T27641] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.845844][T27641] usb 6-1: Product: syz
[  937.863818][T27641] usb 6-1: Manufacturer: syz
[  937.884142][T27641] usb 6-1: SerialNumber: syz
[  937.901657][T27641] usb 6-1: config 0 descriptor??
[  937.927688][T27641] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  937.937622][T27641] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  938.182609][T31137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  938.590307][ T5906] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  938.607053][T27641] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  938.698052][T31179] fuse: Unknown parameter '0x0000000000000003'
[  938.741278][T30470] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  938.753529][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  938.766225][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  938.776442][ T5906] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  938.785947][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.798118][ T5906] usb 7-1: config 0 descriptor??
[  938.839916][T31187] FAULT_INJECTION: forcing a failure.
[  938.839916][T31187] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  938.853789][T31187] CPU: 0 UID: 0 PID: 31187 Comm: syz.0.7284 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  938.853814][T31187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  938.853826][T31187] Call Trace:
[  938.853833][T31187]  <TASK>
[  938.853844][T31187]  dump_stack_lvl+0x189/0x250
[  938.853870][T31187]  ? __pfx____ratelimit+0x10/0x10
[  938.853898][T31187]  ? __pfx_dump_stack_lvl+0x10/0x10
[  938.853918][T31187]  ? __pfx__printk+0x10/0x10
[  938.853938][T31187]  ? __might_fault+0xb0/0x130
[  938.853970][T31187]  should_fail_ex+0x414/0x560
[  938.853996][T31187]  _copy_from_user+0x2d/0xb0
[  938.854015][T31187]  get_timespec64+0x8e/0x1a0
[  938.854032][T31187]  ? __pfx_get_timespec64+0x10/0x10
[  938.854059][T31187]  futex2_setup_timeout+0xd5/0x2b0
[  938.854088][T31187]  ? __pfx_futex2_setup_timeout+0x10/0x10
[  938.854118][T31187]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  938.854144][T31187]  __se_sys_futex_waitv+0x140/0x280
[  938.854172][T31187]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[  938.854210][T31187]  ? __pfx_ksys_write+0x10/0x10
[  938.854243][T31187]  ? do_syscall_64+0xbe/0x3b0
[  938.854260][T31187]  ? __x64_sys_futex_waitv+0x20/0xc0
[  938.854287][T31187]  do_syscall_64+0xfa/0x3b0
[  938.854304][T31187]  ? lockdep_hardirqs_on+0x9c/0x150
[  938.854332][T31187]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.854349][T31187]  ? clear_bhb_loop+0x60/0xb0
[  938.854371][T31187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.854388][T31187] RIP: 0033:0x7f5fb1b8e929
[  938.854403][T31187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  938.854418][T31187] RSP: 002b:00007f5fb29b2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[  938.854437][T31187] RAX: ffffffffffffffda RBX: 00007f5fb1db5fa0 RCX: 00007f5fb1b8e929
[  938.854451][T31187] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001ac0
[  938.854462][T31187] RBP: 00007f5fb29b2090 R08: 0000000000000001 R09: 0000000000000000
[  938.854473][T31187] R10: 0000200000001f40 R11: 0000000000000246 R12: 0000000000000001
[  938.854485][T31187] R13: 0000000000000001 R14: 00007f5fb1db5fa0 R15: 00007ffff9abde38
[  938.854512][T31187]  </TASK>
[  939.090220][T30470] usb 3-1: Using ep0 maxpacket: 8
[  939.099334][T30470] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  939.118906][T30470] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.130054][T30470] usb 3-1: Product: syz
[  939.134346][T30470] usb 3-1: Manufacturer: syz
[  939.138968][T30470] usb 3-1: SerialNumber: syz
[  939.147326][T30470] usb 3-1: config 0 descriptor??
[  939.156172][T30470] gspca_main: se401-2.14.0 probing 047d:5003
[  939.311735][ T5906] cm6533_jd 0003:0D8C:0022.002B: unknown main item tag 0x0
[  939.319169][ T5906] cm6533_jd 0003:0D8C:0022.002B: unknown main item tag 0x0
[  939.331521][ T5906] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.002B/input/input85
[  939.372129][ T5906] cm6533_jd 0003:0D8C:0022.002B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  939.518381][T27641] em28xx 6-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  939.539377][T27641] em28xx 6-1:0.0: board has no eeprom
[  939.586946][T31154] 8021q: VLANs not supported on gre0
[  939.624023][T27641] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  939.632365][T27641] em28xx 6-1:0.0: dvb set to bulk mode.
[  939.638003][ T5905] em28xx 6-1:0.0: Binding DVB extension
[  939.658806][T27641] usb 6-1: USB disconnect, device number 89
[  939.682430][T27641] em28xx 6-1:0.0: Disconnecting em28xx
[  939.729326][ T5905] em28xx 6-1:0.0: Registering input extension
[  939.737610][T27641] em28xx 6-1:0.0: Closing input extension
[  939.746367][ T5905] usb 7-1: USB disconnect, device number 18
[  939.795569][T27641] em28xx 6-1:0.0: Freeing device
[  940.181368][T30470] gspca_se401: read req failed req 0x06 error -19
[  940.197298][T30470] usb 3-1: USB disconnect, device number 35
[  940.472954][T31308] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  940.482969][T31308] cgroup: Need name or subsystem set
[  940.530502][ T5905] usb 7-1: new low-speed USB device number 19 using dummy_hcd
[  940.640342][T27641] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  940.685351][ T5905] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  940.694460][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  940.710645][ T5905] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  940.727176][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  940.752315][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  940.768304][ T5905] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  940.788640][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  940.804342][T27641] usb 6-1: Using ep0 maxpacket: 8
[  940.812055][ T5905] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  940.824570][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  940.837103][T27641] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x82 has invalid maxpacket 8
[  940.846954][T27641] usb 6-1: config 1 interface 0 altsetting 9 endpoint 0x3 has invalid maxpacket 1088, setting to 1024
[  940.857984][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  940.869506][T27641] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x3 has invalid maxpacket 1024
[  940.879773][T27641] usb 6-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  940.898613][ T5905] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  940.906460][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  940.918214][T27641] usb 6-1: config 1 interface 0 has no altsetting 0
[  940.926676][ T5905] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  940.940026][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  940.951710][ T5905] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  940.963020][T27641] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  940.972478][T27641] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.981345][T27641] usb 6-1: Product: syz
[  940.986008][T27641] usb 6-1: Manufacturer: syz
[  940.991647][T27641] usb 6-1: SerialNumber: syz
[  940.997182][ T5905] usb 7-1: string descriptor 0 read error: -22
[  941.004442][ T5905] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  941.018629][T31301] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  941.025184][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  941.037255][T31301] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  941.055161][ T5905] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  941.288076][T27641] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  941.323256][T27641] usb 6-1: USB disconnect, device number 90
[  941.465706][T31287] netlink: 172 bytes leftover after parsing attributes in process `syz.6.7298'.
[  941.479467][ T5905] usb 7-1: USB disconnect, device number 19
[  941.590405][ T5906] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  941.642104][T31381] FAULT_INJECTION: forcing a failure.
[  941.642104][T31381] name failslab, interval 1, probability 0, space 0, times 0
[  941.655386][T31381] CPU: 0 UID: 0 PID: 31381 Comm: syz.6.7312 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  941.655412][T31381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  941.655424][T31381] Call Trace:
[  941.655433][T31381]  <TASK>
[  941.655441][T31381]  dump_stack_lvl+0x189/0x250
[  941.655468][T31381]  ? __pfx____ratelimit+0x10/0x10
[  941.655498][T31381]  ? __pfx_dump_stack_lvl+0x10/0x10
[  941.655520][T31381]  ? __pfx__printk+0x10/0x10
[  941.655548][T31381]  ? ref_tracker_alloc+0x318/0x460
[  941.655576][T31381]  should_fail_ex+0x414/0x560
[  941.655605][T31381]  should_failslab+0xa8/0x100
[  941.655632][T31381]  kmem_cache_alloc_noprof+0x73/0x3c0
[  941.655654][T31381]  ? skb_clone+0x212/0x3a0
[  941.655685][T31381]  skb_clone+0x212/0x3a0
[  941.655715][T31381]  __netlink_deliver_tap+0x404/0x850
[  941.655760][T31381]  ? netlink_deliver_tap+0x2e/0x1b0
[  941.655785][T31381]  netlink_deliver_tap+0x19c/0x1b0
[  941.655810][T31381]  netlink_unicast+0x72f/0x8d0
[  941.655839][T31381]  netlink_sendmsg+0x805/0xb30
[  941.655873][T31381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  941.655923][T31381]  ? aa_sock_msg_perm+0x94/0x160
[  941.655947][T31381]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  941.655996][T31381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  941.656024][T31381]  __sock_sendmsg+0x219/0x270
[  941.656048][T31381]  ____sys_sendmsg+0x505/0x830
[  941.656083][T31381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  941.656121][T31381]  ? import_iovec+0x74/0xa0
[  941.656147][T31381]  ___sys_sendmsg+0x21f/0x2a0
[  941.656178][T31381]  ? __pfx____sys_sendmsg+0x10/0x10
[  941.656245][T31381]  ? __fget_files+0x2a/0x420
[  941.656274][T31381]  ? __fget_files+0x3a0/0x420
[  941.656316][T31381]  __x64_sys_sendmsg+0x19b/0x260
[  941.656346][T31381]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  941.656385][T31381]  ? __pfx_ksys_write+0x10/0x10
[  941.656410][T31381]  ? rcu_is_watching+0x15/0xb0
[  941.656440][T31381]  ? do_syscall_64+0xbe/0x3b0
[  941.656466][T31381]  do_syscall_64+0xfa/0x3b0
[  941.656486][T31381]  ? lockdep_hardirqs_on+0x9c/0x150
[  941.656518][T31381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.656540][T31381]  ? clear_bhb_loop+0x60/0xb0
[  941.656566][T31381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.656586][T31381] RIP: 0033:0x7f634998e929
[  941.656605][T31381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  941.656623][T31381] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  941.656644][T31381] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  941.656659][T31381] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  941.656673][T31381] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  941.656686][T31381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  941.656699][T31381] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  941.656731][T31381]  </TASK>
[  941.656758][T31381] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7312'.
[  941.820618][   T24] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  941.940223][ T5906] usb 3-1: Using ep0 maxpacket: 8
[  942.026640][ T5906] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  942.036457][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.076683][ T5906] usb 3-1: Product: syz
[  942.096910][ T5906] usb 3-1: Manufacturer: syz
[  942.101898][ T5906] usb 3-1: SerialNumber: syz
[  942.122476][ T5906] usb 3-1: config 0 descriptor??
[  942.147422][ T5906] gspca_main: se401-2.14.0 probing 047d:5003
[  942.190649][   T24] usb 1-1: Using ep0 maxpacket: 16
[  942.205757][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  942.228940][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  942.285080][   T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  942.297996][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.328422][   T24] usb 1-1: Product: syz
[  942.339686][   T24] usb 1-1: Manufacturer: syz
[  942.363666][   T24] usb 1-1: SerialNumber: syz
[  942.382848][   T24] usb 1-1: config 0 descriptor??
[  942.405107][   T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  942.424068][   T24] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  942.431589][T31409] FAULT_INJECTION: forcing a failure.
[  942.431589][T31409] name failslab, interval 1, probability 0, space 0, times 0
[  942.485977][T31409] CPU: 0 UID: 0 PID: 31409 Comm: syz.5.7317 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  942.486012][T31409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  942.486034][T31409] Call Trace:
[  942.486043][T31409]  <TASK>
[  942.486053][T31409]  dump_stack_lvl+0x189/0x250
[  942.486085][T31409]  ? __pfx____ratelimit+0x10/0x10
[  942.486117][T31409]  ? __pfx_dump_stack_lvl+0x10/0x10
[  942.486142][T31409]  ? __pfx__printk+0x10/0x10
[  942.486169][T31409]  ? __pfx___might_resched+0x10/0x10
[  942.486194][T31409]  ? fs_reclaim_acquire+0x7d/0x100
[  942.486229][T31409]  should_fail_ex+0x414/0x560
[  942.486262][T31409]  should_failslab+0xa8/0x100
[  942.486292][T31409]  kmem_cache_alloc_noprof+0x73/0x3c0
[  942.486317][T31409]  ? security_file_alloc+0x34/0x330
[  942.486353][T31409]  security_file_alloc+0x34/0x330
[  942.486387][T31409]  init_file+0x93/0x2f0
[  942.486411][T31409]  alloc_empty_file+0x6e/0x1d0
[  942.486433][T31409]  alloc_file_pseudo+0x13d/0x210
[  942.486457][T31409]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  942.486477][T31409]  ? evm_inode_alloc_security+0x40/0xb0
[  942.486500][T31409]  ? security_inode_alloc+0xd5/0x330
[  942.486525][T31409]  sock_alloc_file+0xb8/0x2e0
[  942.486542][T31409]  do_accept+0x34b/0x680
[  942.486563][T31409]  ? __pfx_do_accept+0x10/0x10
[  942.486599][T31409]  __sys_accept4+0x11c/0x1c0
[  942.486627][T31409]  ? __pfx___sys_accept4+0x10/0x10
[  942.486651][T31409]  ? __pfx_ksys_write+0x10/0x10
[  942.486670][T31409]  ? rcu_is_watching+0x15/0xb0
[  942.486693][T31409]  __x64_sys_accept4+0x9a/0xb0
[  942.486712][T31409]  do_syscall_64+0xfa/0x3b0
[  942.486725][T31409]  ? lockdep_hardirqs_on+0x9c/0x150
[  942.486750][T31409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  942.486771][T31409]  ? clear_bhb_loop+0x60/0xb0
[  942.486798][T31409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  942.486817][T31409] RIP: 0033:0x7f7cde18e929
[  942.486832][T31409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  942.486846][T31409] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  942.486862][T31409] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  942.486874][T31409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  942.486883][T31409] RBP: 00007f7cdbff6090 R08: 0000000000000000 R09: 0000000000000000
[  942.486892][T31409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  942.486902][T31409] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  942.486933][T31409]  </TASK>
[  942.974789][T31424] netlink: 172 bytes leftover after parsing attributes in process `syz.5.7320'.
[  943.015568][   T24] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  943.050654][   T24] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  943.080518][   T24] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  943.087896][   T24] em28xx 1-1:0.0: No AC97 audio processor
[  943.126008][   T24] usb 1-1: USB disconnect, device number 54
[  943.137100][   T24] em28xx 1-1:0.0: Disconnecting em28xx
[  943.154353][   T24] em28xx 1-1:0.0: Freeing device
[  943.404553][ T5906] gspca_se401: read req failed req 0x06 error -19
[  943.434293][ T5906] usb 3-1: USB disconnect, device number 36
[  943.749844][T31488] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7331'.
[  943.804025][T31491] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7332'.
[  944.120566][T12387] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  944.261022][T31506] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7337'.
[  944.280457][T12387] usb 3-1: Using ep0 maxpacket: 8
[  944.292757][T12387] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  944.302121][T12387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.311295][T12387] usb 3-1: Product: syz
[  944.315657][T12387] usb 3-1: Manufacturer: syz
[  944.320745][T12387] usb 3-1: SerialNumber: syz
[  944.328730][T12387] usb 3-1: config 0 descriptor??
[  944.344653][T12387] gspca_main: se401-2.14.0 probing 047d:5003
[  944.800510][   T24] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  944.982171][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.007505][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  945.027070][   T24] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  945.037525][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.064478][   T24] usb 1-1: config 0 descriptor??
[  945.220224][   T10] usb 7-1: new full-speed USB device number 20 using dummy_hcd
[  945.321652][T12387] gspca_se401: read req failed req 0x06 error -19
[  945.342527][T12387] usb 3-1: USB disconnect, device number 37
[  945.373506][   T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  945.384357][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  945.398201][   T10] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  945.408116][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  945.416438][   T10] usb 7-1: Product: syz
[  945.422033][   T10] usb 7-1: Manufacturer: syz
[  945.426656][   T10] usb 7-1: SerialNumber: syz
[  945.482481][   T24] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0
[  945.489816][   T24] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0
[  945.505642][   T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.002C/input/input87
[  945.567605][   T24] cm6533_jd 0003:0D8C:0022.002C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  945.763864][T27641] usb 1-1: USB disconnect, device number 55
[  945.852739][   T10] usb 7-1: cannot find UAC_HEADER
[  945.879687][   T10] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -22
[  945.894776][   T10] usb 7-1: USB disconnect, device number 20
[  945.923405][T22347] udevd[22347]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  947.080989][ T5905] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  947.252143][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  947.288727][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  947.298915][ T5905] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  947.308156][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  947.341796][ T5905] usb 6-1: config 0 descriptor??
[  947.437003][T31715] netlink: 'syz.2.7377': attribute type 1 has an invalid length.
[  947.451002][T31715] netlink: 'syz.2.7377': attribute type 2 has an invalid length.
[  947.706642][T31729] netlink: 184 bytes leftover after parsing attributes in process `syz.6.7381'.
[  947.771609][ T5905] cm6533_jd 0003:0D8C:0022.002D: unknown main item tag 0x0
[  947.788470][ T5905] cm6533_jd 0003:0D8C:0022.002D: unknown main item tag 0x0
[  947.800441][ T5905] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0D8C:0022.002D/input/input88
[  947.849942][ T5905] cm6533_jd 0003:0D8C:0022.002D: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.5-1/input0
[  948.063781][   T24] usb 6-1: USB disconnect, device number 91
[  948.341741][T31785] netlink: 'syz.6.7388': attribute type 1 has an invalid length.
[  948.350493][T31785] netlink: 'syz.6.7388': attribute type 2 has an invalid length.
[  948.379978][T31786] netlink: 'syz.0.7385': attribute type 1 has an invalid length.
[  948.400733][T31786] netlink: 208 bytes leftover after parsing attributes in process `syz.0.7385'.
[  948.550775][T31792] FAULT_INJECTION: forcing a failure.
[  948.550775][T31792] name failslab, interval 1, probability 0, space 0, times 0
[  948.568265][T31792] CPU: 0 UID: 0 PID: 31792 Comm: syz.6.7389 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  948.568294][T31792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  948.568306][T31792] Call Trace:
[  948.568315][T31792]  <TASK>
[  948.568322][T31792]  dump_stack_lvl+0x189/0x250
[  948.568351][T31792]  ? __pfx____ratelimit+0x10/0x10
[  948.568383][T31792]  ? __pfx_dump_stack_lvl+0x10/0x10
[  948.568407][T31792]  ? __pfx__printk+0x10/0x10
[  948.568436][T31792]  ? __pfx___might_resched+0x10/0x10
[  948.568457][T31792]  ? fs_reclaim_acquire+0x7d/0x100
[  948.568490][T31792]  should_fail_ex+0x414/0x560
[  948.568521][T31792]  should_failslab+0xa8/0x100
[  948.568548][T31792]  __kmalloc_cache_noprof+0x70/0x3d0
[  948.568572][T31792]  ? l2tp_tunnel_create+0x92/0x3e0
[  948.568595][T31792]  ? __pfx_l2tp_tunnel_get+0x10/0x10
[  948.568622][T31792]  l2tp_tunnel_create+0x92/0x3e0
[  948.568652][T31792]  pppol2tp_connect+0x7eb/0x1750
[  948.568688][T31792]  ? __pfx_pppol2tp_connect+0x10/0x10
[  948.568715][T31792]  ? aa_sk_perm+0x81e/0x950
[  948.568734][T31792]  ? __might_fault+0xb0/0x130
[  948.568759][T31792]  ? __pfx_aa_sk_perm+0x10/0x10
[  948.568800][T31792]  ? bpf_lsm_socket_connect+0x9/0x20
[  948.568833][T31792]  __sys_connect+0x313/0x440
[  948.568857][T31792]  ? __fget_files+0x3a0/0x420
[  948.568886][T31792]  ? __pfx___sys_connect+0x10/0x10
[  948.568921][T31792]  ? __pfx_ksys_write+0x10/0x10
[  948.568945][T31792]  ? rcu_is_watching+0x15/0xb0
[  948.568975][T31792]  __x64_sys_connect+0x7a/0x90
[  948.568999][T31792]  do_syscall_64+0xfa/0x3b0
[  948.569018][T31792]  ? lockdep_hardirqs_on+0x9c/0x150
[  948.569047][T31792]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.569068][T31792]  ? clear_bhb_loop+0x60/0xb0
[  948.569092][T31792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.569110][T31792] RIP: 0033:0x7f634998e929
[  948.569128][T31792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  948.569145][T31792] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  948.569175][T31792] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  948.569190][T31792] RDX: 0000000000000032 RSI: 00002000000002c0 RDI: 0000000000000004
[  948.569202][T31792] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  948.569215][T31792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  948.569226][T31792] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  948.569256][T31792]  </TASK>
[  949.279682][T31817] nfs: Unknown parameter ''
[  949.419679][T31823] netlink: 72 bytes leftover after parsing attributes in process `syz.5.7396'.
[  949.521004][T31825] netlink: 'syz.0.7397': attribute type 1 has an invalid length.
[  949.529339][T31825] netlink: 'syz.0.7397': attribute type 2 has an invalid length.
[  949.699424][T31832] FAULT_INJECTION: forcing a failure.
[  949.699424][T31832] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  949.723089][T31832] CPU: 0 UID: 0 PID: 31832 Comm: syz.0.7399 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  949.723114][T31832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  949.723125][T31832] Call Trace:
[  949.723133][T31832]  <TASK>
[  949.723142][T31832]  dump_stack_lvl+0x189/0x250
[  949.723167][T31832]  ? __pfx____ratelimit+0x10/0x10
[  949.723196][T31832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  949.723216][T31832]  ? __pfx__printk+0x10/0x10
[  949.723239][T31832]  ? fs_reclaim_acquire+0x7d/0x100
[  949.723273][T31832]  should_fail_ex+0x414/0x560
[  949.723301][T31832]  prepare_alloc_pages+0x213/0x610
[  949.723340][T31832]  __alloc_frozen_pages_noprof+0x123/0x370
[  949.723371][T31832]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  949.723406][T31832]  ? policy_nodemask+0x27c/0x720
[  949.723433][T31832]  alloc_pages_mpol+0x232/0x4a0
[  949.723463][T31832]  folio_alloc_mpol_noprof+0x39/0x70
[  949.723493][T31832]  shmem_alloc_and_add_folio+0x447/0xf60
[  949.723518][T31832]  ? filemap_get_entry+0xad/0x2f0
[  949.723543][T31832]  ? filemap_get_entry+0xad/0x2f0
[  949.723564][T31832]  ? filemap_get_entry+0xad/0x2f0
[  949.723590][T31832]  ? filemap_get_entry+0x28f/0x2f0
[  949.723617][T31832]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  949.723643][T31832]  ? shmem_allowable_huge_orders+0x1f8/0x420
[  949.723669][T31832]  shmem_get_folio_gfp+0x59d/0x1660
[  949.723700][T31832]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  949.723729][T31832]  shmem_write_begin+0xf7/0x2b0
[  949.723757][T31832]  generic_perform_write+0x2c7/0x910
[  949.723787][T31832]  ? __pfx_generic_perform_write+0x10/0x10
[  949.723802][T31832]  ? down_write+0x162/0x1f0
[  949.723829][T31832]  ? file_update_time+0x2da/0x490
[  949.723853][T31832]  shmem_file_write_iter+0xf8/0x120
[  949.723877][T31832]  vfs_write+0x548/0xa90
[  949.723905][T31832]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  949.723928][T31832]  ? __pfx_vfs_write+0x10/0x10
[  949.723961][T31832]  ? __fget_files+0x2a/0x420
[  949.723997][T31832]  ksys_write+0x145/0x250
[  949.724022][T31832]  ? __pfx_ksys_write+0x10/0x10
[  949.724043][T31832]  ? rcu_is_watching+0x15/0xb0
[  949.724068][T31832]  ? do_syscall_64+0xbe/0x3b0
[  949.724090][T31832]  do_syscall_64+0xfa/0x3b0
[  949.724107][T31832]  ? lockdep_hardirqs_on+0x9c/0x150
[  949.724135][T31832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.724153][T31832]  ? clear_bhb_loop+0x60/0xb0
[  949.724175][T31832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.724192][T31832] RIP: 0033:0x7f5fb1b8e929
[  949.724208][T31832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.724224][T31832] RSP: 002b:00007f5fb29b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  949.724244][T31832] RAX: ffffffffffffffda RBX: 00007f5fb1db5fa0 RCX: 00007f5fb1b8e929
[  949.724257][T31832] RDX: 0000000000032600 RSI: 0000200000000000 RDI: 0000000000000005
[  949.724269][T31832] RBP: 00007f5fb29b2090 R08: 0000000000000000 R09: 0000000000000000
[  949.724281][T31832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  949.724291][T31832] R13: 0000000000000000 R14: 00007f5fb1db5fa0 R15: 00007ffff9abde38
[  949.724327][T31832]  </TASK>
[  950.470761][T31856] netlink: 'syz.6.7407': attribute type 1 has an invalid length.
[  950.484169][T31856] netlink: 'syz.6.7407': attribute type 2 has an invalid length.
[  950.929341][T31881] FAULT_INJECTION: forcing a failure.
[  950.929341][T31881] name failslab, interval 1, probability 0, space 0, times 0
[  950.996625][T31881] CPU: 1 UID: 0 PID: 31881 Comm: syz.5.7416 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  950.996655][T31881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  950.996669][T31881] Call Trace:
[  950.996679][T31881]  <TASK>
[  950.996688][T31881]  dump_stack_lvl+0x189/0x250
[  950.996718][T31881]  ? __pfx____ratelimit+0x10/0x10
[  950.996751][T31881]  ? __pfx_dump_stack_lvl+0x10/0x10
[  950.996775][T31881]  ? __pfx__printk+0x10/0x10
[  950.996807][T31881]  ? ref_tracker_alloc+0x318/0x460
[  950.996839][T31881]  should_fail_ex+0x414/0x560
[  950.996871][T31881]  should_failslab+0xa8/0x100
[  950.996900][T31881]  kmem_cache_alloc_noprof+0x73/0x3c0
[  950.996925][T31881]  ? skb_clone+0x212/0x3a0
[  950.996960][T31881]  skb_clone+0x212/0x3a0
[  950.996993][T31881]  __netlink_deliver_tap+0x404/0x850
[  950.997031][T31881]  ? netlink_deliver_tap+0x2e/0x1b0
[  950.997059][T31881]  netlink_deliver_tap+0x19c/0x1b0
[  950.997086][T31881]  netlink_unicast+0x72f/0x8d0
[  950.997132][T31881]  netlink_sendmsg+0x805/0xb30
[  950.997176][T31881]  ? __pfx_netlink_sendmsg+0x10/0x10
[  950.997209][T31881]  ? aa_sock_msg_perm+0x94/0x160
[  950.997230][T31881]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  950.997257][T31881]  ? __pfx_netlink_sendmsg+0x10/0x10
[  950.997280][T31881]  __sock_sendmsg+0x219/0x270
[  950.997300][T31881]  ____sys_sendmsg+0x505/0x830
[  950.997330][T31881]  ? __pfx_____sys_sendmsg+0x10/0x10
[  950.997362][T31881]  ? import_iovec+0x74/0xa0
[  950.997384][T31881]  ___sys_sendmsg+0x21f/0x2a0
[  950.997411][T31881]  ? __pfx____sys_sendmsg+0x10/0x10
[  950.997468][T31881]  ? __fget_files+0x2a/0x420
[  950.997494][T31881]  ? __fget_files+0x3a0/0x420
[  950.997530][T31881]  __x64_sys_sendmsg+0x19b/0x260
[  950.997557][T31881]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  950.997590][T31881]  ? __pfx_ksys_write+0x10/0x10
[  950.997612][T31881]  ? rcu_is_watching+0x15/0xb0
[  950.997637][T31881]  ? do_syscall_64+0xbe/0x3b0
[  950.997659][T31881]  do_syscall_64+0xfa/0x3b0
[  950.997675][T31881]  ? lockdep_hardirqs_on+0x9c/0x150
[  950.997703][T31881]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.997720][T31881]  ? clear_bhb_loop+0x60/0xb0
[  950.997742][T31881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.997760][T31881] RIP: 0033:0x7f7cde18e929
[  950.997776][T31881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  950.997792][T31881] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  950.997811][T31881] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  950.997825][T31881] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000003
[  950.997837][T31881] RBP: 00007f7cdbff6090 R08: 0000000000000000 R09: 0000000000000000
[  950.997848][T31881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  950.997859][T31881] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  950.997886][T31881]  </TASK>
[  951.472517][T31900] fuse: Unknown parameter ''
[  951.619683][T31912] FAULT_INJECTION: forcing a failure.
[  951.619683][T31912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  951.633144][T31912] CPU: 1 UID: 0 PID: 31912 Comm: syz.2.7425 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  951.633169][T31912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  951.633180][T31912] Call Trace:
[  951.633188][T31912]  <TASK>
[  951.633196][T31912]  dump_stack_lvl+0x189/0x250
[  951.633222][T31912]  ? __pfx____ratelimit+0x10/0x10
[  951.633250][T31912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  951.633271][T31912]  ? __pfx__printk+0x10/0x10
[  951.633291][T31912]  ? __might_fault+0xb0/0x130
[  951.633323][T31912]  should_fail_ex+0x414/0x560
[  951.633351][T31912]  _copy_from_user+0x2d/0xb0
[  951.633370][T31912]  do_ipv6_getsockopt+0x2b0/0x2300
[  951.633406][T31912]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[  951.633443][T31912]  ? __might_fault+0xb0/0x130
[  951.633465][T31912]  ? _parse_integer_limit+0x1ae/0x1f0
[  951.633493][T31912]  ? aa_label_sk_perm+0x413/0x560
[  951.633516][T31912]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  951.633558][T31912]  ipv6_getsockopt+0xbd/0x290
[  951.633579][T31912]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  951.633610][T31912]  ? __might_fault+0xb0/0x130
[  951.633633][T31912]  rawv6_getsockopt+0x298/0x580
[  951.633663][T31912]  ? __pfx_rawv6_getsockopt+0x10/0x10
[  951.633695][T31912]  ? sock_common_getsockopt+0x2d/0xb0
[  951.633718][T31912]  do_sock_getsockopt+0x35d/0x650
[  951.633744][T31912]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  951.633767][T31912]  ? do_syscall_64+0x40/0x3b0
[  951.633783][T31912]  ? __fget_files+0x3a0/0x420
[  951.633809][T31912]  ? __fget_files+0x2a/0x420
[  951.633841][T31912]  __x64_sys_getsockopt+0x1a5/0x250
[  951.633863][T31912]  ? do_syscall_64+0x40/0x3b0
[  951.633882][T31912]  ? do_syscall_64+0x40/0x3b0
[  951.633914][T31912]  do_syscall_64+0xfa/0x3b0
[  951.633931][T31912]  ? lockdep_hardirqs_on+0x9c/0x150
[  951.633957][T31912]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.633975][T31912]  ? clear_bhb_loop+0x60/0xb0
[  951.633998][T31912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.634015][T31912] RIP: 0033:0x7faf0398e929
[  951.634031][T31912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  951.634046][T31912] RSP: 002b:00007faf047c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  951.634065][T31912] RAX: ffffffffffffffda RBX: 00007faf03bb5fa0 RCX: 00007faf0398e929
[  951.634078][T31912] RDX: 0000000000000036 RSI: 0000000000000029 RDI: 0000000000000003
[  951.634089][T31912] RBP: 00007faf047c2090 R08: 00002000000001c0 R09: 0000000000000000
[  951.634101][T31912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.634112][T31912] R13: 0000000000000000 R14: 00007faf03bb5fa0 R15: 00007ffe4ab42098
[  951.634139][T31912]  </TASK>
[  951.903686][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.157891][ T3493] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.255966][ T3493] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.358908][ T5905] usb 1-1: new full-speed USB device number 56 using dummy_hcd
[  952.384328][ T3493] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.467220][ T3493] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.522603][ T5905] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  952.545048][ T5905] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  952.560269][ T5905] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  952.569559][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  952.577706][ T5905] usb 1-1: Product: syz
[  952.583806][ T5905] usb 1-1: Manufacturer: syz
[  952.591411][ T5905] usb 1-1: SerialNumber: syz
[  952.616964][T31937] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.7432'.
[  952.651095][T31937] netlink: 168 bytes leftover after parsing attributes in process `syz.6.7432'.
[  952.673151][T31937] C: renamed from team_slave_0 (while UP)
[  952.698436][T31937] Invalid/unusable pipe
[  952.717326][ T3493] gretap0: left allmulticast mode
[  952.724036][ T3493] gretap0: left promiscuous mode
[  952.729199][ T3493] bridge0: port 3(gretap0) entered disabled state
[  952.742595][ T3493] bridge_slave_1: left allmulticast mode
[  952.748356][ T3493] bridge_slave_1: left promiscuous mode
[  952.754697][ T3493] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.764231][ T3493] bridge_slave_0: left allmulticast mode
[  952.769922][ T3493] bridge_slave_0: left promiscuous mode
[  952.775958][ T3493] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.018214][ T5905] usb 1-1: cannot find UAC_HEADER
[  953.085407][ T5905] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  953.103226][ T5905] usb 1-1: USB disconnect, device number 56
[  953.159282][T22347] udevd[22347]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  953.444013][ T3493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  953.467738][ T3493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  953.536270][ T3493] bond0 (unregistering): Released all slaves
[  953.736873][ T3493] tipc: Disabling bearer <udp:s>
[  953.760273][ T3493] tipc: Left network mode
[  954.482812][T32023] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7447'.
[  954.551923][T32026] FAULT_INJECTION: forcing a failure.
[  954.551923][T32026] name failslab, interval 1, probability 0, space 0, times 0
[  954.580252][T32026] CPU: 0 UID: 0 PID: 32026 Comm: syz.5.7448 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  954.580280][T32026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  954.580298][T32026] Call Trace:
[  954.580307][T32026]  <TASK>
[  954.580315][T32026]  dump_stack_lvl+0x189/0x250
[  954.580344][T32026]  ? __pfx____ratelimit+0x10/0x10
[  954.580374][T32026]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.580397][T32026]  ? __pfx__printk+0x10/0x10
[  954.580425][T32026]  ? ref_tracker_alloc+0x318/0x460
[  954.580454][T32026]  should_fail_ex+0x414/0x560
[  954.580482][T32026]  should_failslab+0xa8/0x100
[  954.580510][T32026]  kmem_cache_alloc_noprof+0x73/0x3c0
[  954.580533][T32026]  ? skb_clone+0x212/0x3a0
[  954.580565][T32026]  skb_clone+0x212/0x3a0
[  954.580595][T32026]  __netlink_deliver_tap+0x404/0x850
[  954.580631][T32026]  ? netlink_deliver_tap+0x2e/0x1b0
[  954.580656][T32026]  netlink_deliver_tap+0x19c/0x1b0
[  954.580682][T32026]  netlink_unicast+0x72f/0x8d0
[  954.580724][T32026]  netlink_sendmsg+0x805/0xb30
[  954.580759][T32026]  ? __pfx_netlink_sendmsg+0x10/0x10
[  954.580787][T32026]  ? aa_sock_msg_perm+0x94/0x160
[  954.580809][T32026]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  954.580838][T32026]  ? __pfx_netlink_sendmsg+0x10/0x10
[  954.580864][T32026]  __sock_sendmsg+0x219/0x270
[  954.580886][T32026]  ____sys_sendmsg+0x505/0x830
[  954.580917][T32026]  ? __pfx_____sys_sendmsg+0x10/0x10
[  954.580952][T32026]  ? import_iovec+0x74/0xa0
[  954.580976][T32026]  ___sys_sendmsg+0x21f/0x2a0
[  954.581004][T32026]  ? __pfx____sys_sendmsg+0x10/0x10
[  954.581065][T32026]  ? __fget_files+0x2a/0x420
[  954.581093][T32026]  ? __fget_files+0x3a0/0x420
[  954.581131][T32026]  __x64_sys_sendmsg+0x19b/0x260
[  954.581160][T32026]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  954.581196][T32026]  ? __pfx_ksys_write+0x10/0x10
[  954.581219][T32026]  ? rcu_is_watching+0x15/0xb0
[  954.581247][T32026]  ? do_syscall_64+0xbe/0x3b0
[  954.581270][T32026]  do_syscall_64+0xfa/0x3b0
[  954.581288][T32026]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.581317][T32026]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.581335][T32026]  ? clear_bhb_loop+0x60/0xb0
[  954.581358][T32026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.581377][T32026] RIP: 0033:0x7f7cde18e929
[  954.581393][T32026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.581410][T32026] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  954.581429][T32026] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  954.581455][T32026] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  954.581466][T32026] RBP: 00007f7cdbff6090 R08: 0000000000000000 R09: 0000000000000000
[  954.581477][T32026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  954.581488][T32026] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  954.581515][T32026]  </TASK>
[  954.891371][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  954.958145][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  954.999569][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  955.044863][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  955.083126][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  955.240303][ T3493] hsr_slave_0: left promiscuous mode
[  955.246579][ T3493] hsr_slave_1: left promiscuous mode
[  955.257779][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  955.265639][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_0
[  955.351612][T12387] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  955.405324][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  955.414119][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  955.535067][T12387] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  955.576590][T12387] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  955.597099][T12387] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  955.606373][T12387] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.618629][T12387] usb 1-1: Product: syz
[  955.623329][T12387] usb 1-1: Manufacturer: syz
[  955.627967][T12387] usb 1-1: SerialNumber: syz
[  955.699805][ T3493] veth1_macvtap: left promiscuous mode
[  955.707532][ T3493] veth0_macvtap: left promiscuous mode
[  955.737547][ T3493] veth1_vlan: left promiscuous mode
[  955.746685][ T3493] veth0_vlan: left promiscuous mode
[  955.778917][T32073] vivid-003: disconnect
[  955.800577][T32073] vivid-003: reconnect
[  956.070483][T30470] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  956.079057][T12387] usb 1-1: cannot find UAC_HEADER
[  956.142316][T12387] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  956.171643][T12387] usb 1-1: USB disconnect, device number 57
[  956.224456][T22347] udevd[22347]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  956.283294][T30470] usb 7-1: Using ep0 maxpacket: 16
[  956.295914][T30470] usb 7-1: config 3 has an invalid descriptor of length 180, skipping remainder of the config
[  956.307959][T30470] usb 7-1: config 3 has 0 interfaces, different from the descriptor's value: 1
[  956.317478][T30470] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.02
[  956.326971][T30470] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  956.650322][ T3493] team0 (unregistering): Port device team_slave_1 removed
[  956.774916][ T3493] team0 (unregistering): Port device team_slave_0 removed
[  957.112558][T12387] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  957.152218][ T5840] Bluetooth: hci6: command tx timeout
[  957.274039][T12387] usb 6-1: Using ep0 maxpacket: 32
[  957.282824][T12387] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  957.306097][T12387] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  957.327970][T12387] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  957.337655][T12387] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.375459][T12387] usb 6-1: config 0 descriptor??
[  957.385761][T12387] hub 6-1:0.0: USB hub found
[  957.585350][T12387] hub 6-1:0.0: 1 port detected
[  958.004138][T12387] usb 6-1: USB disconnect, device number 92
[  958.009581][T32030] chnl_net:caif_netlink_parms(): no params data found
[  958.349840][ T3493] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  958.388387][T32030] bridge0: port 1(bridge_slave_0) entered blocking state
[  958.440035][T32030] bridge0: port 1(bridge_slave_0) entered disabled state
[  958.459885][T32030] bridge_slave_0: entered allmulticast mode
[  958.493760][T32030] bridge_slave_0: entered promiscuous mode
[  958.513059][T32030] bridge0: port 2(bridge_slave_1) entered blocking state
[  958.529066][T32030] bridge0: port 2(bridge_slave_1) entered disabled state
[  958.543601][T32030] bridge_slave_1: entered allmulticast mode
[  958.583920][T32030] bridge_slave_1: entered promiscuous mode
[  958.664817][ T3493] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  958.812598][T12387] usb 7-1: USB disconnect, device number 21
[  958.925317][ T3493] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  958.977800][T32030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  959.025463][T32030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  959.126641][ T3493] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.230507][ T5840] Bluetooth: hci6: command tx timeout
[  959.239518][T32030] team0: Port device team_slave_0 added
[  959.269933][T32030] team0: Port device team_slave_1 added
[  959.336348][T32030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  959.358164][T32030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  959.400146][ T5905] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  959.418238][T32030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  959.441950][T32030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  959.449966][T32030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  959.510323][T32030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  959.582516][ T5905] usb 6-1: config 0 has an invalid interface number: 104 but max is 0
[  959.630741][ T5905] usb 6-1: config 0 has no interface number 0
[  959.636906][ T5905] usb 6-1: config 0 interface 104 has no altsetting 0
[  959.679978][ T5905] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9
[  959.695471][T32030] hsr_slave_0: entered promiscuous mode
[  959.697722][T32435] FAULT_INJECTION: forcing a failure.
[  959.697722][T32435] name failslab, interval 1, probability 0, space 0, times 0
[  959.702863][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  959.723836][T32030] hsr_slave_1: entered promiscuous mode
[  959.739323][ T5905] usb 6-1: Product: syz
[  959.749234][ T5905] usb 6-1: Manufacturer: syz
[  959.761516][ T5905] usb 6-1: SerialNumber: syz
[  959.768199][T32435] CPU: 0 UID: 0 PID: 32435 Comm: syz.0.7470 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  959.768227][T32435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  959.768240][T32435] Call Trace:
[  959.768249][T32435]  <TASK>
[  959.768268][T32435]  dump_stack_lvl+0x189/0x250
[  959.768295][T32435]  ? __pfx____ratelimit+0x10/0x10
[  959.768324][T32435]  ? __pfx_dump_stack_lvl+0x10/0x10
[  959.768345][T32435]  ? __pfx__printk+0x10/0x10
[  959.768371][T32435]  ? ref_tracker_alloc+0x318/0x460
[  959.768400][T32435]  should_fail_ex+0x414/0x560
[  959.768431][T32435]  should_failslab+0xa8/0x100
[  959.768463][T32435]  kmem_cache_alloc_noprof+0x73/0x3c0
[  959.768485][T32435]  ? skb_clone+0x212/0x3a0
[  959.768515][T32435]  skb_clone+0x212/0x3a0
[  959.768543][T32435]  __netlink_deliver_tap+0x404/0x850
[  959.768576][T32435]  ? netlink_deliver_tap+0x2e/0x1b0
[  959.768599][T32435]  netlink_deliver_tap+0x19c/0x1b0
[  959.768622][T32435]  netlink_unicast+0x72f/0x8d0
[  959.768650][T32435]  netlink_sendmsg+0x805/0xb30
[  959.768680][T32435]  ? __pfx_netlink_sendmsg+0x10/0x10
[  959.768706][T32435]  ? aa_sock_msg_perm+0x94/0x160
[  959.768728][T32435]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  959.768756][T32435]  ? __pfx_netlink_sendmsg+0x10/0x10
[  959.768779][T32435]  __sock_sendmsg+0x219/0x270
[  959.768800][T32435]  ____sys_sendmsg+0x505/0x830
[  959.768831][T32435]  ? __pfx_____sys_sendmsg+0x10/0x10
[  959.768864][T32435]  ? import_iovec+0x74/0xa0
[  959.768886][T32435]  ___sys_sendmsg+0x21f/0x2a0
[  959.768913][T32435]  ? __pfx____sys_sendmsg+0x10/0x10
[  959.768972][T32435]  ? __fget_files+0x2a/0x420
[  959.768998][T32435]  ? __fget_files+0x3a0/0x420
[  959.769034][T32435]  __x64_sys_sendmsg+0x19b/0x260
[  959.769062][T32435]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  959.769096][T32435]  ? __pfx_ksys_write+0x10/0x10
[  959.769118][T32435]  ? rcu_is_watching+0x15/0xb0
[  959.769144][T32435]  ? do_syscall_64+0xbe/0x3b0
[  959.769167][T32435]  do_syscall_64+0xfa/0x3b0
[  959.769183][T32435]  ? lockdep_hardirqs_on+0x9c/0x150
[  959.769211][T32435]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.769229][T32435]  ? clear_bhb_loop+0x60/0xb0
[  959.769251][T32435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.769269][T32435] RIP: 0033:0x7f5fb1b8e929
[  959.769285][T32435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.769300][T32435] RSP: 002b:00007f5fb29b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  959.769319][T32435] RAX: ffffffffffffffda RBX: 00007f5fb1db5fa0 RCX: 00007f5fb1b8e929
[  959.769332][T32435] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  959.769344][T32435] RBP: 00007f5fb29b2090 R08: 0000000000000000 R09: 0000000000000000
[  959.769356][T32435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.769366][T32435] R13: 0000000000000000 R14: 00007f5fb1db5fa0 R15: 00007ffff9abde38
[  959.769395][T32435]  </TASK>
[  960.069662][ T5905] usb 6-1: config 0 descriptor??
[  960.127241][ T5905] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  960.369138][ T3493] bridge_slave_1: left allmulticast mode
[  960.405249][ T3493] bridge_slave_1: left promiscuous mode
[  960.433993][ T3493] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.515802][ T3493] bridge_slave_0: left allmulticast mode
[  960.531714][ T3493] bridge_slave_0: left promiscuous mode
[  960.545183][ T3493] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.644869][ T5905] gspca_vc032x: reg_r err -110
[  960.650195][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.670349][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.677017][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.726499][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.748438][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.772669][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.779248][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.810132][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.815494][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.844353][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.849714][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.857024][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.883301][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.888939][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.894844][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.923270][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.928850][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.946739][ T5905] gspca_vc032x: I2c Bus Busy Wait 00
[  960.971325][ T5905] gspca_vc032x: Unknown sensor...
[  960.976637][ T5905] vc032x 6-1:0.104: probe with driver vc032x failed with error -22
[  961.021603][T12387] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  961.190222][T12387] usb 7-1: Using ep0 maxpacket: 8
[  961.226780][T12387] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  961.240177][T12387] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.248290][T12387] usb 7-1: Product: syz
[  961.259352][T12387] usb 7-1: Manufacturer: syz
[  961.264091][T12387] usb 7-1: SerialNumber: syz
[  961.276967][T12387] usb 7-1: config 0 descriptor??
[  961.287023][T12387] gspca_main: se401-2.14.0 probing 047d:5003
[  961.321893][ T5840] Bluetooth: hci6: command tx timeout
[  961.478609][ T3493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  961.499525][ T3493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  961.517717][ T3493] bond0 (unregistering): Released all slaves
[  961.653586][ T3493] : left promiscuous mode
[  961.689579][T12387] gspca_se401: ExtraFeatures: 89
[  961.696944][T12387] gspca_se401: Too many frame sizes
[  961.797121][ T3493] tipc: Left network mode
[  961.837135][T27641] usb 6-1: USB disconnect, device number 93
[  961.893118][ T5905] usb 7-1: USB disconnect, device number 22
[  962.002387][T12387] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  962.153699][ T3493] hsr_slave_0: left promiscuous mode
[  962.159907][ T3493] hsr_slave_1: left promiscuous mode
[  962.178804][T12387] usb 1-1: Using ep0 maxpacket: 8
[  962.185602][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  962.201610][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_0
[  962.221000][T12387] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  962.238293][ T3493] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  962.245896][T12387] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.255187][ T3493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  962.282869][T12387] usb 1-1: config 0 descriptor??
[  962.326207][ T3493] veth1_macvtap: left promiscuous mode
[  962.356519][ T3493] veth0_macvtap: left promiscuous mode
[  962.383213][ T3493] veth1_vlan: left promiscuous mode
[  962.388525][ T3493] veth0_vlan: left promiscuous mode
[  962.706722][T12387] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  962.752632][T12387] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  962.777343][T12387] asix 1-1:0.0: probe with driver asix failed with error -32
[  963.262283][ T3493] team0 (unregistering): Port device team_slave_1 removed
[  963.326330][T32625] FAULT_INJECTION: forcing a failure.
[  963.326330][T32625] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  963.345181][ T3493] team0 (unregistering): Port device C removed
[  963.352122][T32625] CPU: 0 UID: 0 PID: 32625 Comm: syz.6.7487 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  963.352145][T32625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  963.352155][T32625] Call Trace:
[  963.352162][T32625]  <TASK>
[  963.352170][T32625]  dump_stack_lvl+0x189/0x250
[  963.352195][T32625]  ? __pfx____ratelimit+0x10/0x10
[  963.352223][T32625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  963.352243][T32625]  ? __pfx__printk+0x10/0x10
[  963.352273][T32625]  should_fail_ex+0x414/0x560
[  963.352300][T32625]  _copy_to_user+0x31/0xb0
[  963.352320][T32625]  simple_read_from_buffer+0xe1/0x170
[  963.352347][T32625]  proc_fail_nth_read+0x1df/0x250
[  963.352368][T32625]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  963.352388][T32625]  ? rw_verify_area+0x258/0x650
[  963.352410][T32625]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  963.352429][T32625]  vfs_read+0x1fd/0x980
[  963.352456][T32625]  ? __pfx___mutex_lock+0x10/0x10
[  963.352474][T32625]  ? __pfx_vfs_read+0x10/0x10
[  963.352497][T32625]  ? __fget_files+0x2a/0x420
[  963.352524][T32625]  ? __fget_files+0x3a0/0x420
[  963.352547][T32625]  ? __fget_files+0x2a/0x420
[  963.352580][T32625]  ksys_read+0x145/0x250
[  963.352604][T32625]  ? __pfx_ksys_read+0x10/0x10
[  963.352624][T32625]  ? rcu_is_watching+0x15/0xb0
[  963.352649][T32625]  ? do_syscall_64+0xbe/0x3b0
[  963.352671][T32625]  do_syscall_64+0xfa/0x3b0
[  963.352687][T32625]  ? lockdep_hardirqs_on+0x9c/0x150
[  963.352713][T32625]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.352731][T32625]  ? clear_bhb_loop+0x60/0xb0
[  963.352752][T32625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.352770][T32625] RIP: 0033:0x7f634998d33c
[  963.352785][T32625] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  963.352801][T32625] RSP: 002b:00007f634a847030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  963.352819][T32625] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998d33c
[  963.352831][T32625] RDX: 000000000000000f RSI: 00007f634a8470a0 RDI: 0000000000000004
[  963.352842][T32625] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  963.352853][T32625] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  963.352863][T32625] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  963.352890][T32625]  </TASK>
[  963.591888][ T5840] Bluetooth: hci6: command tx timeout
[  964.106386][ T5867] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[  964.277605][ T5867] usb 6-1: Using ep0 maxpacket: 32
[  964.298038][ T5867] usb 6-1: unable to get BOS descriptor or descriptor too short
[  964.321964][ T5867] usb 6-1: config 0 has no interfaces?
[  964.339550][ T5867] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  964.348985][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.357957][ T5867] usb 6-1: Product: syz
[  964.368530][ T5867] usb 6-1: Manufacturer: syz
[  964.379898][ T5867] usb 6-1: SerialNumber: syz
[  964.399347][ T5867] usb 6-1: config 0 descriptor??
[  964.618951][T32635] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  964.628409][T32681] FAULT_INJECTION: forcing a failure.
[  964.628409][T32681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  964.676276][T32681] CPU: 1 UID: 0 PID: 32681 Comm: syz.6.7496 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  964.676306][T32681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  964.676319][T32681] Call Trace:
[  964.676327][T32681]  <TASK>
[  964.676337][T32681]  dump_stack_lvl+0x189/0x250
[  964.676367][T32681]  ? __pfx____ratelimit+0x10/0x10
[  964.676401][T32681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  964.676426][T32681]  ? __pfx__printk+0x10/0x10
[  964.676463][T32681]  should_fail_ex+0x414/0x560
[  964.676496][T32681]  _copy_to_user+0x31/0xb0
[  964.676520][T32681]  simple_read_from_buffer+0xe1/0x170
[  964.676556][T32681]  proc_fail_nth_read+0x1df/0x250
[  964.676580][T32681]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  964.676604][T32681]  ? rw_verify_area+0x258/0x650
[  964.676630][T32681]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  964.676652][T32681]  vfs_read+0x1fd/0x980
[  964.676685][T32681]  ? __pfx___mutex_lock+0x10/0x10
[  964.676708][T32681]  ? __pfx_vfs_read+0x10/0x10
[  964.676738][T32681]  ? __fget_files+0x2a/0x420
[  964.676774][T32681]  ? __fget_files+0x3a0/0x420
[  964.676804][T32681]  ? __fget_files+0x2a/0x420
[  964.676845][T32681]  ksys_read+0x145/0x250
[  964.676875][T32681]  ? __pfx_ksys_read+0x10/0x10
[  964.676908][T32681]  ? do_syscall_64+0xbe/0x3b0
[  964.676933][T32681]  do_syscall_64+0xfa/0x3b0
[  964.676953][T32681]  ? lockdep_hardirqs_on+0x9c/0x150
[  964.676985][T32681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.677005][T32681]  ? clear_bhb_loop+0x60/0xb0
[  964.677029][T32681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.677046][T32681] RIP: 0033:0x7f634998d33c
[  964.677073][T32681] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  964.677093][T32681] RSP: 002b:00007f634a847030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  964.677123][T32681] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998d33c
[  964.677138][T32681] RDX: 000000000000000f RSI: 00007f634a8470a0 RDI: 0000000000000004
[  964.677161][T32681] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  964.677172][T32681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  964.677182][T32681] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  964.677208][T32681]  </TASK>
[  964.695756][T32635] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  964.892041][ T5867] usb 6-1: USB disconnect, device number 94
[  964.953943][ T5905] usb 1-1: USB disconnect, device number 58
[  965.220004][T32030] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  965.253104][T32030] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  965.276604][T32030] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  965.302769][T32030] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  965.477719][ T5867] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  965.481151][T32030] 8021q: adding VLAN 0 to HW filter on device bond0
[  965.521962][T32030] 8021q: adding VLAN 0 to HW filter on device team0
[  965.542936][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state
[  965.550168][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state
[  965.568348][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[  965.575547][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[  965.620216][ T5867] usb 6-1: device descriptor read/64, error -71
[  965.641189][T27641] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  965.815054][T27641] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.841535][T27641] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  965.871038][ T5867] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[  965.875385][T27641] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  965.917654][T27641] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.966357][T27641] usb 1-1: config 0 descriptor??
[  966.023817][ T5867] usb 6-1: device descriptor read/64, error -71
[  966.147475][T32030] 8021q: adding VLAN 0 to HW filter on device batadv0
[  966.160531][ T5867] usb usb6-port1: attempt power cycle
[  966.234320][T32030] veth0_vlan: entered promiscuous mode
[  966.281291][T32030] veth1_vlan: entered promiscuous mode
[  966.331122][  T303] FAULT_INJECTION: forcing a failure.
[  966.331122][  T303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  966.336239][T32030] veth0_macvtap: entered promiscuous mode
[  966.374489][T32030] veth1_macvtap: entered promiscuous mode
[  966.382932][  T303] CPU: 0 UID: 0 PID: 303 Comm: syz.6.7504 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  966.382955][  T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  966.382966][  T303] Call Trace:
[  966.382974][  T303]  <TASK>
[  966.382982][  T303]  dump_stack_lvl+0x189/0x250
[  966.383007][  T303]  ? __pfx____ratelimit+0x10/0x10
[  966.383038][  T303]  ? __pfx_dump_stack_lvl+0x10/0x10
[  966.383059][  T303]  ? __pfx__printk+0x10/0x10
[  966.383090][  T303]  should_fail_ex+0x414/0x560
[  966.383118][  T303]  _copy_to_user+0x31/0xb0
[  966.383139][  T303]  simple_read_from_buffer+0xe1/0x170
[  966.383169][  T303]  proc_fail_nth_read+0x1df/0x250
[  966.383189][  T303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  966.383210][  T303]  ? rw_verify_area+0x258/0x650
[  966.383232][  T303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  966.383250][  T303]  vfs_read+0x1fd/0x980
[  966.383277][  T303]  ? __pfx___mutex_lock+0x10/0x10
[  966.383297][  T303]  ? __pfx_vfs_read+0x10/0x10
[  966.383321][  T303]  ? __fget_files+0x2a/0x420
[  966.383352][  T303]  ? __fget_files+0x3a0/0x420
[  966.383377][  T303]  ? __fget_files+0x2a/0x420
[  966.383411][  T303]  ksys_read+0x145/0x250
[  966.383432][  T303]  ? __fget_files+0x2a/0x420
[  966.383460][  T303]  ? __pfx_ksys_read+0x10/0x10
[  966.383488][  T303]  ? do_syscall_64+0xbe/0x3b0
[  966.383510][  T303]  do_syscall_64+0xfa/0x3b0
[  966.383526][  T303]  ? lockdep_hardirqs_on+0x9c/0x150
[  966.383553][  T303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.383571][  T303]  ? clear_bhb_loop+0x60/0xb0
[  966.383593][  T303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.383610][  T303] RIP: 0033:0x7f634998d33c
[  966.383625][  T303] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  966.383640][  T303] RSP: 002b:00007f634a847030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  966.383659][  T303] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998d33c
[  966.383673][  T303] RDX: 000000000000000f RSI: 00007f634a8470a0 RDI: 0000000000000004
[  966.383684][  T303] RBP: 00007f634a847090 R08: 0000000000000000 R09: 0000000000000000
[  966.383695][  T303] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  966.383707][  T303] R13: 0000000000000000 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  966.383734][  T303]  </TASK>
[  966.633262][T32030] batman_adv: batadv0: Interface activated: batadv_slave_0
[  966.644309][T32030] batman_adv: batadv0: Interface activated: batadv_slave_1
[  966.680318][ T5867] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[  966.702574][T32030] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  966.719508][T32030] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  966.735654][ T5867] usb 6-1: device descriptor read/8, error -71
[  966.737795][T27641] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  966.751571][T27641] cm6533_jd 0003:0D8C:0022.002E: unknown main item tag 0x0
[  966.762229][T27641] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.002E/input/input90
[  966.796115][T32030] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  966.805114][T27641] cm6533_jd 0003:0D8C:0022.002E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  966.862800][T32030] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  967.010882][T30470] usb 1-1: USB disconnect, device number 59
[  967.030260][ T5867] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[  967.095982][ T5867] usb 6-1: device descriptor read/8, error -71
[  967.113972][T27641] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  967.238331][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  967.252284][ T5867] usb usb6-port1: unable to enumerate USB device
[  967.269085][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  967.300233][T27641] usb 7-1: Using ep0 maxpacket: 8
[  967.316780][T27641] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  967.342301][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  967.351289][T27641] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.360514][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  967.373408][T27641] usb 7-1: config 0 descriptor??
[  967.738452][  T376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  967.749045][  T379] netlink: 'syz.2.7511': attribute type 2 has an invalid length.
[  967.786805][T27641] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  967.807715][T27641] asix 7-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  967.833135][T27641] asix 7-1:0.0: probe with driver asix failed with error -32
[  968.881952][T30470] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  968.917088][  T422] netlink: 'syz.0.7521': attribute type 1 has an invalid length.
[  968.930768][  T422] netlink: 'syz.0.7521': attribute type 2 has an invalid length.
[  969.042555][T30470] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  969.061829][T30470] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  969.093204][T30470] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  969.123355][T30470] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.149815][T30470] usb 3-1: config 0 descriptor??
[  969.579210][T30470] cm6533_jd 0003:0D8C:0022.002F: unknown main item tag 0x0
[  969.594153][T30470] cm6533_jd 0003:0D8C:0022.002F: unknown main item tag 0x0
[  969.622541][T30470] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.002F/input/input91
[  969.694256][T30470] cm6533_jd 0003:0D8C:0022.002F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  969.884537][ T5867] usb 3-1: USB disconnect, device number 38
[  969.920572][ T5884] usb 7-1: USB disconnect, device number 23
[  969.963484][  T445] fido_id[445]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  970.043267][  T478] FAULT_INJECTION: forcing a failure.
[  970.043267][  T478] name failslab, interval 1, probability 0, space 0, times 0
[  970.120681][  T478] CPU: 0 UID: 0 PID: 478 Comm: syz.6.7525 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  970.120708][  T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  970.120718][  T478] Call Trace:
[  970.120725][  T478]  <TASK>
[  970.120733][  T478]  dump_stack_lvl+0x189/0x250
[  970.120758][  T478]  ? __pfx____ratelimit+0x10/0x10
[  970.120787][  T478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  970.120811][  T478]  ? __pfx__printk+0x10/0x10
[  970.120834][  T478]  ? __pfx___might_resched+0x10/0x10
[  970.120858][  T478]  should_fail_ex+0x414/0x560
[  970.120885][  T478]  should_failslab+0xa8/0x100
[  970.120910][  T478]  kmem_cache_alloc_noprof+0x73/0x3c0
[  970.120932][  T478]  ? getname_flags+0xb8/0x540
[  970.120953][  T478]  getname_flags+0xb8/0x540
[  970.120973][  T478]  user_path_at+0x24/0x60
[  970.120993][  T478]  __se_sys_mount+0x2d3/0x410
[  970.121026][  T478]  ? __pfx___se_sys_mount+0x10/0x10
[  970.121057][  T478]  ? do_syscall_64+0xbe/0x3b0
[  970.121073][  T478]  ? __x64_sys_mount+0x20/0xc0
[  970.121101][  T478]  do_syscall_64+0xfa/0x3b0
[  970.121118][  T478]  ? lockdep_hardirqs_on+0x9c/0x150
[  970.121145][  T478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.121162][  T478]  ? clear_bhb_loop+0x60/0xb0
[  970.121184][  T478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.121201][  T478] RIP: 0033:0x7f634998e929
[  970.121217][  T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  970.121233][  T478] RSP: 002b:00007f634a847038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  970.121252][  T478] RAX: ffffffffffffffda RBX: 00007f6349bb5fa0 RCX: 00007f634998e929
[  970.121265][  T478] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[  970.121277][  T478] RBP: 00007f634a847090 R08: 0000200000000cc0 R09: 0000000000000000
[  970.121289][  T478] R10: 0000000000400408 R11: 0000000000000246 R12: 0000000000000001
[  970.121300][  T478] R13: 0000000000000001 R14: 00007f6349bb5fa0 R15: 00007ffda05ab5a8
[  970.121327][  T478]  </TASK>
[  970.793521][  T497] netlink: 'syz.0.7531': attribute type 1 has an invalid length.
[  970.830800][  T497] netlink: 'syz.0.7531': attribute type 2 has an invalid length.
[  971.193042][   T30] audit: type=1326 audit(1750454058.359:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=519 comm="syz.5.7538" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cde18e929 code=0x0
[  971.406497][  T534] netlink: 'syz.6.7542': attribute type 1 has an invalid length.
[  971.414822][ T5905] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  971.422904][  T534] netlink: 'syz.6.7542': attribute type 2 has an invalid length.
[  971.592947][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  971.610178][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  971.631538][ T5905] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  971.648208][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.659185][ T5905] usb 3-1: config 0 descriptor??
[  971.850252][T30470] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  971.982779][  T550] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7545'.
[  972.022085][T30470] usb 7-1: Using ep0 maxpacket: 8
[  972.061896][T30470] usb 7-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  972.079733][ T5905] cm6533_jd 0003:0D8C:0022.0030: unknown main item tag 0x0
[  972.085313][T30470] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.109050][T30470] usb 7-1: Product: syz
[  972.111301][ T5905] cm6533_jd 0003:0D8C:0022.0030: unknown main item tag 0x0
[  972.131410][T30470] usb 7-1: Manufacturer: syz
[  972.136174][T30470] usb 7-1: SerialNumber: syz
[  972.161801][ T5905] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0030/input/input92
[  972.184067][T30470] usb 7-1: config 0 descriptor??
[  972.213405][T30470] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  972.222213][ T5905] cm6533_jd 0003:0D8C:0022.0030: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  972.433988][  T571] ==================================================================
[  972.442206][  T571] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990
[  972.449871][  T571] Read of size 1 at addr ffff88803561b830 by task syz.5.7548/571
[  972.457608][  T571] 
[  972.459956][  T571] CPU: 0 UID: 0 PID: 571 Comm: syz.5.7548 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  972.459980][  T571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  972.459992][  T571] Call Trace:
[  972.460001][  T571]  <TASK>
[  972.460009][  T571]  dump_stack_lvl+0x189/0x250
[  972.460035][  T571]  ? __virt_addr_valid+0x1c8/0x5c0
[  972.460060][  T571]  ? rcu_is_watching+0x15/0xb0
[  972.460081][  T571]  ? __kasan_check_byte+0x12/0x40
[  972.460104][  T571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  972.460124][  T571]  ? rcu_is_watching+0x15/0xb0
[  972.460144][  T571]  ? lock_release+0x4b/0x3e0
[  972.460164][  T571]  ? __virt_addr_valid+0x1c8/0x5c0
[  972.460186][  T571]  ? __virt_addr_valid+0x4a5/0x5c0
[  972.460211][  T571]  print_report+0xd2/0x2b0
[  972.460234][  T571]  ? rose_get_neigh+0x391/0x990
[  972.460262][  T571]  kasan_report+0x118/0x150
[  972.460286][  T571]  ? rose_get_neigh+0x391/0x990
[  972.460307][  T571]  rose_get_neigh+0x391/0x990
[  972.460328][  T571]  rose_connect+0x416/0x10a0
[  972.460351][  T571]  ? __pfx_current_check_access_socket+0x10/0x10
[  972.460374][  T571]  ? aa_sk_perm+0x81e/0x950
[  972.460390][  T571]  ? __might_fault+0xb0/0x130
[  972.460411][  T571]  ? __pfx_rose_connect+0x10/0x10
[  972.460435][  T571]  ? aa_af_perm+0x2b0/0x2b0
[  972.460463][  T571]  ? tomoyo_socket_connect_permission+0x164/0x290
[  972.460490][  T571]  ? bpf_lsm_socket_connect+0x9/0x20
[  972.460520][  T571]  __sys_connect+0x313/0x440
[  972.460542][  T571]  ? __pfx___sys_connect+0x10/0x10
[  972.460568][  T571]  ? rcu_is_watching+0x15/0xb0
[  972.460593][  T571]  __x64_sys_connect+0x7a/0x90
[  972.460614][  T571]  do_syscall_64+0xfa/0x3b0
[  972.460632][  T571]  ? lockdep_hardirqs_on+0x9c/0x150
[  972.460660][  T571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.460678][  T571]  ? clear_bhb_loop+0x60/0xb0
[  972.460699][  T571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.460717][  T571] RIP: 0033:0x7f7cde18e929
[  972.460733][  T571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  972.460750][  T571] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  972.460771][  T571] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  972.460785][  T571] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000005
[  972.460797][  T571] RBP: 00007f7cde210b39 R08: 0000000000000000 R09: 0000000000000000
[  972.460809][  T571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  972.460821][  T571] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  972.460841][  T571]  </TASK>
[  972.460847][  T571] 
[  972.720731][  T571] Allocated by task 32592:
[  972.725147][  T571]  kasan_save_track+0x3e/0x80
[  972.729830][  T571]  __kasan_kmalloc+0x93/0xb0
[  972.734420][  T571]  __kmalloc_node_noprof+0x276/0x4e0
[  972.739708][  T571]  allocate_slab+0x17c/0x3b0
[  972.744328][  T571]  ___slab_alloc+0xbfc/0x1480
[  972.749010][  T571]  kmem_cache_alloc_noprof+0x283/0x3c0
[  972.754476][  T571]  __send_signal_locked+0x22a/0xeb0
[  972.759702][  T571]  force_sig_info_to_task+0x30c/0x590
[  972.765090][  T571]  force_sig_fault+0xdc/0x130
[  972.769770][  T571]  __bad_area_nosemaphore+0x3b3/0x780
[  972.775140][  T571]  exc_page_fault+0x76/0xf0
[  972.779651][  T571]  asm_exc_page_fault+0x26/0x30
[  972.784501][  T571] 
[  972.786830][  T571] Freed by task 22347:
[  972.790915][  T571]  kasan_save_track+0x3e/0x80
[  972.795599][  T571]  kasan_save_free_info+0x46/0x50
[  972.800643][  T571]  __kasan_slab_free+0x62/0x70
[  972.805409][  T571]  kfree+0x18e/0x440
[  972.809307][  T571]  __free_slab+0xb9/0x1c0
[  972.813641][  T571]  __put_partials+0x161/0x1c0
[  972.818330][  T571]  put_cpu_partial+0x17c/0x250
[  972.823098][  T571]  __slab_free+0x2f7/0x400
[  972.827532][  T571]  qlist_free_all+0x97/0x140
[  972.832127][  T571]  kasan_quarantine_reduce+0x148/0x160
[  972.837592][  T571]  __kasan_slab_alloc+0x22/0x80
[  972.842444][  T571]  __kmalloc_noprof+0x224/0x4f0
[  972.847305][  T571]  tomoyo_realpath_from_path+0xe3/0x5d0
[  972.852859][  T571]  tomoyo_path_perm+0x213/0x4b0
[  972.857721][  T571]  security_file_truncate+0xb1/0x270
[  972.863014][  T571]  path_openat+0x3022/0x3830
[  972.867604][  T571]  do_filp_open+0x1fa/0x410
[  972.872111][  T571]  do_sys_openat2+0x121/0x1c0
[  972.876802][  T571]  __x64_sys_openat+0x138/0x170
[  972.881660][  T571]  do_syscall_64+0xfa/0x3b0
[  972.886175][  T571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.892092][  T571] 
[  972.894415][  T571] The buggy address belongs to the object at ffff88803561b800
[  972.894415][  T571]  which belongs to the cache kmalloc-512 of size 512
[  972.908478][  T571] The buggy address is located 48 bytes inside of
[  972.908478][  T571]  freed 512-byte region [ffff88803561b800, ffff88803561ba00)
[  972.922199][  T571] 
[  972.924536][  T571] The buggy address belongs to the physical page:
[  972.930954][  T571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888035619000 pfn:0x35618
[  972.941016][  T571] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  972.949517][  T571] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  972.958016][  T571] page_type: f5(slab)
[  972.962011][  T571] raw: 00fff00000000240 ffff88801a841c80 ffffea0001942910 ffffea00016a7510
[  972.970595][  T571] raw: ffff888035619000 000000000010000e 00000000f5000000 0000000000000000
[  972.979177][  T571] head: 00fff00000000240 ffff88801a841c80 ffffea0001942910 ffffea00016a7510
[  972.987847][  T571] head: ffff888035619000 000000000010000e 00000000f5000000 0000000000000000
[  972.996531][  T571] head: 00fff00000000002 ffffea0000d58601 00000000ffffffff 00000000ffffffff
[  973.005233][  T571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  973.013902][  T571] page dumped because: kasan: bad access detected
[  973.020324][  T571] page_owner tracks the page as allocated
[  973.026040][  T571] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5171, tgid 5171 (init), ts 29892756281, free_ts 24981827370
[  973.045986][  T571]  post_alloc_hook+0x240/0x2a0
[  973.050772][  T571]  get_page_from_freelist+0x21e4/0x22c0
[  973.056341][  T571]  __alloc_frozen_pages_noprof+0x181/0x370
[  973.062175][  T571]  alloc_pages_mpol+0x232/0x4a0
[  973.067061][  T571]  allocate_slab+0x8a/0x3b0
[  973.071634][  T571]  ___slab_alloc+0xbfc/0x1480
[  973.076335][  T571]  __kmalloc_cache_noprof+0x296/0x3d0
[  973.081724][  T571]  tomoyo_find_next_domain+0xdc/0x1aa0
[  973.087212][  T571]  tomoyo_bprm_check_security+0x11c/0x180
[  973.092945][  T571]  security_bprm_check+0x89/0x270
[  973.097971][  T571]  bprm_execve+0x8ee/0x1450
[  973.102489][  T571]  do_execveat_common+0x510/0x6a0
[  973.107519][  T571]  __x64_sys_execve+0x94/0xb0
[  973.112205][  T571]  do_syscall_64+0xfa/0x3b0
[  973.116723][  T571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.122633][  T571] page last free pid 9 tgid 9 stack trace:
[  973.128439][  T571]  __free_frozen_pages+0xc71/0xe70
[  973.133557][  T571]  vfree+0x25a/0x400
[  973.137475][  T571]  delayed_vfree_work+0x55/0x80
[  973.142336][  T571]  process_scheduled_works+0xae1/0x17b0
[  973.147885][  T571]  worker_thread+0x8a0/0xda0
[  973.152481][  T571]  kthread+0x70e/0x8a0
[  973.156568][  T571]  ret_from_fork+0x3f9/0x770
[  973.161166][  T571]  ret_from_fork_asm+0x1a/0x30
[  973.165972][  T571] 
[  973.168320][  T571] Memory state around the buggy address:
[  973.173971][  T571]  ffff88803561b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  973.182042][  T571]  ffff88803561b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  973.190114][  T571] >ffff88803561b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  973.198186][  T571]                                      ^
[  973.203822][  T571]  ffff88803561b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  973.211895][  T571]  ffff88803561b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  973.219955][  T571] ==================================================================
[  973.228250][  T571] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  973.235471][  T571] CPU: 0 UID: 0 PID: 571 Comm: syz.5.7548 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  973.247379][  T571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  973.257457][  T571] Call Trace:
[  973.260763][  T571]  <TASK>
[  973.263712][  T571]  dump_stack_lvl+0x99/0x250
[  973.268345][  T571]  ? __asan_memcpy+0x40/0x70
[  973.272957][  T571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  973.278266][  T571]  ? __pfx__printk+0x10/0x10
[  973.282887][  T571]  panic+0x2db/0x790
[  973.286815][  T571]  ? __pfx_panic+0x10/0x10
[  973.291263][  T571]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  973.297195][  T571]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  973.303129][  T571]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  973.309489][  T571]  ? print_memory_metadata+0x314/0x400
[  973.314989][  T571]  ? rose_get_neigh+0x391/0x990
[  973.319860][  T571]  check_panic_on_warn+0x89/0xb0
[  973.324832][  T571]  ? rose_get_neigh+0x391/0x990
[  973.329709][  T571]  end_report+0x78/0x160
[  973.333989][  T571]  kasan_report+0x129/0x150
[  973.338534][  T571]  ? rose_get_neigh+0x391/0x990
[  973.343416][  T571]  rose_get_neigh+0x391/0x990
[  973.348117][  T571]  rose_connect+0x416/0x10a0
[  973.352740][  T571]  ? __pfx_current_check_access_socket+0x10/0x10
[  973.359093][  T571]  ? aa_sk_perm+0x81e/0x950
[  973.363622][  T571]  ? __might_fault+0xb0/0x130
[  973.368323][  T571]  ? __pfx_rose_connect+0x10/0x10
[  973.373375][  T571]  ? aa_af_perm+0x2b0/0x2b0
[  973.377909][  T571]  ? tomoyo_socket_connect_permission+0x164/0x290
[  973.384356][  T571]  ? bpf_lsm_socket_connect+0x9/0x20
[  973.389671][  T571]  __sys_connect+0x313/0x440
[  973.394293][  T571]  ? __pfx___sys_connect+0x10/0x10
[  973.399436][  T571]  ? rcu_is_watching+0x15/0xb0
[  973.404233][  T571]  __x64_sys_connect+0x7a/0x90
[  973.409047][  T571]  do_syscall_64+0xfa/0x3b0
[  973.413592][  T571]  ? lockdep_hardirqs_on+0x9c/0x150
[  973.418821][  T571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.424915][  T571]  ? clear_bhb_loop+0x60/0xb0
[  973.429619][  T571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.435532][  T571] RIP: 0033:0x7f7cde18e929
[  973.439975][  T571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  973.459604][  T571] RSP: 002b:00007f7cdbff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  973.468058][  T571] RAX: ffffffffffffffda RBX: 00007f7cde3b5fa0 RCX: 00007f7cde18e929
[  973.476061][  T571] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000005
[  973.484069][  T571] RBP: 00007f7cde210b39 R08: 0000000000000000 R09: 0000000000000000
[  973.492066][  T571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  973.500059][  T571] R13: 0000000000000000 R14: 00007f7cde3b5fa0 R15: 00007ffcf8f3cf28
[  973.508065][  T571]  </TASK>
[  973.511464][  T571] Kernel Offset: disabled
[  973.515881][  T571] Rebooting in 86400 seconds..