last executing test programs:

23.638592317s ago: executing program 2 (id=1956):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$inet(0x2, 0x80000, 0x7)
accept4$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000000040)=0x10, 0x41000)
timer_create(0x7, &(0x7f00000001c0)={0x0, 0x2b, 0x0, @thr={&(0x7f0000000300)="4bf8e3154b292454b7c8d73d48a47c90f78db17c0fe64926eff84890d68c17d748850a7e44994895000f194fd809e89762258a4e4a8bda038ecb43f0c61f51046f088662d9117aed7961ba830ce5b0775c6879e61796d30bdf93bb7a72800bdac1652bd938aed513add433dc84b7c8111ce779a8c750acd29cd44b9520cc89c49ceb52de11ffef1c6dee20b579b25f50867b3185167ae37060f12fc43f9fa06d518d417035a515f3ccd41f9ba310afc2434bb1bebfa2f5f6c7fa6cac47553dad21d196b599cd424e5786e60fa1a8a288bbfa", &(0x7f0000000400)="b24090e244b548dcc0e3dac30590fc56c960ed37e391a1931f85d134e463c0da5d34d354cb04812b5712b1728acc95aeade7cd7122f64eb7fb6a36b1786b2611b46de25788a4cbf30664ceb5cbcdd3b96ff34e6002bbc504c634460013510b2cd08da972e533ff60d9169d5a3f7efc90c4e7533cb5649bb0151314ad7338e7b745ee914363a60b88265ef83037d465235bdb17001b8694be6286b990104bad564afd9f14680b1372b2cde506ec0558591d6e30bd2f22c35abcb7a8f282e7f393f8f1c0fa89c1a7c45c22a5d7fc93ca90d96eb7a2c80e99bbdbe5b73e581d82bf4fbad1b57c082c3bbb79f9f3299897d9685722ebfad9920224e2d37b15"}}, &(0x7f0000000500))
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r4, 0x24, 0x0)
ioctl$RNDGETENTCNT(r4, 0x80045200, &(0x7f0000000180))
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x80000001, @mcast2}}, 0x0, 0x0, 0x13, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb499419be4f9142da0bc21470e441225642855b5f2b4b67efbff2fdf98328de9434031348589b763d46d14810acc5f7000000e3ffffff00"}, 0xd8)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
listen(r7, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r9, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

22.708775642s ago: executing program 2 (id=1963):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x40, 0x23)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000002300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
llistxattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000001280)=""/4096, 0x1000)
write$FUSE_INIT(r3, &(0x7f0000001200)={0x50, 0x0, r4, {0x7, 0x27, 0x0, 0x500000, 0x3}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000006380)="1f08f589b74a5ac9f6c4182224c1a25728f90fc9efa68c26b89ffb368423acac9884dda249ce83785976bfc812d7fc1acecd02ad9585372014eb784069a477808d9e6c64d503a3ab6021911fb824df999043000165aacc1ae4af3b1dcfdef9a4eac74a929896d69af2d4fd58795e0b03d2072279d056a7bfe3035aa5aec04f45da42e710ae688d333a384585cf89485d30fa6d098e600e0fadcf5ed8d4db5d6bae34a6af998820278b114536f077fbba10771e545e105017d2c4f08e54ee15f7e2c85200df2d5687a4fc4faac22de2ace58df70233f6cb7811071c3ac411e25a104df73bd8442b288f9db5a631accfe45436a883cb714c44201b1947d52f613a5e5b594de1f52528ab5556ecc7da0ee190904d3d1ffc63d84abcac6245cda61a8660f431cbed8a4ec476129569f7f1731f27ffd745f887bfc8e7f8602fd6b7ab92a39a24206dc6f93337c1d0eceabfaa688b68520663f96d3ee610ed79a7ae0fe1b0a5119bbfac17d6384ae9c3f12c98c6b19a06a3a094640eef52e823bd6099094aaa00bdd0306a9687456d548e83fac0fa6f256a9bc2b2d7a5f9a63f1a35f1efcbf9eb0da15ce97d1740a26594d4ad73d6116b2f89e7405adafce5531adf46525d819d7dc867e7c76f9785fd785ca773a23328d1575f7caee01f6d2dc3ec92428b1bd93f3fc6feb617e9107de84e30f72b7955d902329fd9080d87793b4dae81a19cca3b8c4ec818b334ca7bb0224fc3ae37354e40f794ee2421adb722d700584871614aad61e1f4c2485ce7dd905af3a37cc67e7c764780bf85fd5310db495b1dfd0701bd7d31887e911e89634148683ea5618d9bc323f74c0c8e27306bdeb25d151f9d602cef31570835af1bfed608f17a95b728e565b7d26fce0c6f9dc41ca454e4d42718eedbcdb765c01fd82e670cf84085f5f044550ec8af11cb0f10982c5f44280d4623d369c5b1ca1fb3c634f0cd5e96dabb4199b8340f805e38bf75be68aa020624d914583376445e1db14e74d651f325884aeb211546454cbe37ea5bb2dd915e8a99b4f365eef676201c8cb095aa3a4d4e74ce14efbeebda53fd659edb12ddf929bdb11e3ffdff74f55e259ff6fbdb8ba3208d094188b990a8051715ae1662a5c79b903ecfe4da99cebc8e504ba558152572e911fd0c6ec938a0a7ebde550aaaa506e53565b7aa22f42f7f03a0c8784e019d4ca2c5664dea9e9fa3c28b8656b2c36f784e39d4683612fc6f009b341c013977abdeb94e0256368537fd2245834276aadcc968d8c6fde3bdeb1c7c9adc5ce7e1d6d32ee73b78cb6bd2013018ad4cee237c17dfb499d175779c017f66a7227b8509e4563f59792f9476da01681e43f2927ae3a1f700acf7ff700fc50c4a976b32c866415634a4f727fcf9759421238f1ed1308f69d5c8467e3259801d785310623fad99a5092b6710e8859ca34b9637cc8b0eb75553c087c7d3770a0b9cc4398498ae049218debb47bca63c73c342726a90248e3e0016381ca7463d7f6ec221757cb0abfda7c72c1148a92a8be41f13dc89d2217af5bdfa2fcc2140b7573c4a7e0ff2bddef2f8d076d01ccedc54c7161a51806d40176f39614edbf7dac64e47b29499fbf0f63f366a45e161e5e27de32d3af43ba12b93b02a29b4c3a1c2f989f66962c7bbe8a1473edae9247d575a8d705f68f1b74a7cc134a97762bdb4706fe57089a507e505b028d5b1211dc7d411acdc121a055a574f3885f06fb89104a8a964e9b1ae679e7114a4c5f49a346286460080cb02760dd35e33f439fb891268e52c99dfa035e5d9dfab919ea92abf76e4cb045f64c5bdf19c00b5e4327d07d8d084c01d37b48c80fc853c210d11c09e4eddcb2448f0359009bc92f830994b8d5d8ca56bd38bbf4d22775a23cfdef85bd669e19fa173c8e3b9c2dd5364d83393e1f179910d5449ba5fcea7341eb181fafb9d4ef0bd53e756f616c717a967f8e8a323920926d1c0745176fcf25a7f8eead7f1637dd68ac5fcc5ba9086bafa08f0cc3e3700a96a633358150709cd4c68ff6f2ccf1971ddddd1c6417bb29ccb59f7da1225cf3ea1e91c65f735fdb97078e0e834aa5d0e3df7011f2871e63e1e004bbd8b96601d5b91dd8736a836f2fb07ae8472ccc178ac4a5b5d302060d1f61b445c192f67067a4279a560630de6487835e5fd0c4e7971ab5d75e02af745cba54580c92244b8ddf4516777011d03756f9952b326b71ee4ab8bf10c4a496ba47cf366b41e2259ece85c8c0231271954296a5e8e1b0f409bd13d7f7cf8779c22ee5b9b840287a8cddbd8cc3e5e809ffb10ff1ff0a8cee4cedc108ed6d8b2d1e3eb0693a9a1e1089c0e2f129d533adbecda6278c8b1d1093d0adc1c97b47c601ca00467889c60259db7d6446ee51b6bd90ee47a9f60b1f5666593007a56bf610a96e70e62eaae0b69ae54a2e30f570764e273485b8066e6addb4a6a40ef0fc408b72a74822f9b544e746246008a57c9bb022e85b1c6378bb00cbb063bf94af8eb84fe18e73a87aa19f3883547549db72b838ba3c50ae6b2833c76231dc321c157b85ea66ea313337f21d333270147be1add522192e3289e102d2dd758e6baae071e19fd3c64d41ebc56bf2fb600e47dce2bc3f4e680219867bf4790813b2db12bbd0e97f86ebc452575b1e9111aa1a25c99d327a0e3674c65bf78d9812390fea6d3e084df0de082704ed996cbf7e6c4918139e35ecee9d23e2c18eca59583d4277938ef1e33845cc98a2d5476bb835a5978776d48273ed4ee81709822c249f49f6df0d6f4306d063e21c462a7ae7571e30492845d52a801f3c0a46a69fab9bfff4c8696db64a637a6222dc16732498f52f38f1bd7000626194b391cd7874552d1acce6dbcb270a2efe464d10e45c79661ebf32be800ab6588ebb9cab0f9f16910235e9ec99448889ca0a16d581a7d913937a09251cbb1512a8141fca40e4066bf659adeb8f2008430edb463808ed8b5b6b6a38bcafedd806918b3ef4f16d2da991288dc234e879cdae065a8f48e22752961a20ba347e82df082ea911309606d48a1199c49e49b4440b726efdb9e26066e3f2693aa972cc52dfc3fe6e014638a4185e7ee028128d6ba9bb91a1eccafd8fd91d8c70a2d73202e060aa94dee57a649b413fb70d0cf0bafc74daff7a26144049f8ce17fc2143be34fb09a3b5a80585de9983b253e5b441022d242bda4d6a59962c54e48ac6ee342833ec576e3936530565a17b83825a3ddf08fa802f3f31e61b6276ecd6ea8d70783e4de27cea7d12c48f95516960b1513dc8d9cd90800554c846bb91e2f7af664e60be25c68df854864ab22c2ec2000c58dc84187fbd7fb68edeb4ca5f07eb190ebf4f05cca87c33ab5cf8ac652a8f773f14dfa43edcefd5e24b64de60a010ad85103826b1550792d880810afb77a674fc4b512935bc87a4a9ac3ac807283ac726e8e7fd5954d2e24873d62f87eb5e81bed2cf6e6c59232b5047ace6e24198f96022c3b554b7ddb950c28d135c6739995dfef1cc4ee90b43f1cdcb3ded71c35cb27a0ced287a10817e4236cef5f45858abce57b92211f12d996cdf60a0f119a71280f78d74178fd1ed251e381cc09376e6fd8b480fa3decdda7c4a33ff60d14244d89b26a4be7928b528d1b9e3b75e6f9cce58b8d9d3f8ad6becc57a8be98fed6b846f69792c700a2d21b471dc567211891a87215a6f73278d77f8322c812394bfea99fc9cc4ea9a8375aa8ff15926e95f5bc03352360e8ae2ee1b78a71b730e22dbcfef43556df20bcc27fe12f929dab7abf5c9de8a689b0ce1a59dc6008a5e891c05a20d3c187e0e5797b9f80f6b39926d10f0dad4b04e5c7130761d5fe1f00cedd7b0cb9a02b443ee19d1df5c0f470fbaa20ca78c1a73d3818cc181ef4631c80710325245cd85559b926987a1c5decf2177b6df98d0f473e78ce031b247381c9a2c68ff5ac6097c184d07833e5cc362a422d448719758ff79a5b11f5ed383e791925a3d8a086a1f1a234730e02bcdc72fc8055cc8fec3118330cdeb3775836a96721e60df59c746efaf2960403a821a9fa049a6d386162672063f48ca9a9a556561e55a80b2789d2ef38bc486cf02adba6ab93bcebaf5fcfa52716a7ed9af179d4e4d1ddf58d30a884f84e9587ca0d70c99506f58aa3638c76e1af5c25f684b65c1bc57d6defee5cf0dd46fc61cd32b1d24856f8cf2974cb321e6b1d32879f8e172dd9957185bab451d95a09cc72114ec92169dbb6ff4ffb8bc7a81e009845747e16351af1ee2f4548c78393864427d293055eee9fa673180539981b268ecb7b71ec11bb28b29685a1704cb9043f60adbf898c222862651290f3f491c27cce62669879c262af81b7c8d022848f83182d96dd14348ce0a37da5810b9044cde47d40cf08f6d5a7d15584226b233901151c24f942051fcf3342650502a79f74d13021d245126b5734b34ba230fec317197d0bd7199394e9cf4d752e2ec95d903db38d11f77a4e7701eceb44628c8ee667d70562821167cb4cfd002cb6e6935d8353666128cef52d757ed393a6167e3e882c2871c2bcafe6c76ddf13a55936accbdc509c15a4a17861cf733134fe8cc77c5c914c513a7d20b39b6cdc4b113aaf9fcd4dbd56c0bad6bc127b6cf73abcab1204d01bfedba4a2bc4a9f25278b396ed5e82db4d91f757f8bed94a4ba8fcec0b59d8a7f9a5dbf0d79a98d02464bd8050e3d29cc422c4d6da046afaee8b4863277798230103a6a9fe79984e1ee16e8ac048931bc02700ce13a5ca43dfc28ed30bffbf9aec896051de54923873d9096bbcbb8e2b4efee66b791b812dd38e873d59e145d66595f88fa4ece0e5c971d36019133a3afafb91936db7282e93d318539033a34e2de8667808f34f9c9f7d9e5c490cef8ec7077aedc3a47ef9631b98eb5067d5701cf612f579495e2c81f4fc02395de4b7e19cee438b9b6a59b5c114960887288e3580053014706f68ad821997e415141632a46c7aec83894ba71d2dc471f696354b2e1631e6332f32bc81d3140616e2095986ccb92fead27e52189586b20a83083aca949ea4bbd0bffc2ec166e4fccca64140be27ac2cb83e70c13bde953d85e92a8f92c9c682b0e58cde84dcba7f68fb74a02289ae430610774745a0f7e978f8faaa21680fa40963c5823b6b9ac31e80a69f1489ca286ba704041d0f7688b426ed61750cbc922ab076ffb64423704acd629bb0e0ab2179e30e127a14e2f2710b7e33b9abdb480f48e7981ff6ab643093cd8b32e38d5145664ec30dbfae0b4c83bf19047e21e9f4cf23dd02d5fe5284f9d143ab8630adf3712c6e366daa1a1b66411aeb7b4862fe5d465b9a2871415837f5ea77755ee324b59166708005547b3c374911214abc8654aa005305f9b86ca8b22a80ed89d36c59942465bb96d8ae0e25248539200dec0cd3e57352448714445284e21aab9beee3ffe4eb493cae1181c9e922b96162fa8cef846c35cb6a195b55262cfe8afe4970592899360d077118e93efa4e5e484558992ade32ff7ab4b69af2022a26d8ee550cb27e46b5636b0826729fec246308901bc1947df359258859b2384f01179d093bcf52edcbbba35bd11935af5a436f88c47c9d3a5d860e31327f01dd41a58bdf1b667b2bf66aff1d2d2ded01382f99c94f583eba6b3c369b82a5747d89a317c85dab1a5cc73438ea9fc9d350732193ccf30fce4f80d4450651e2be4922608182206ebf2a5c148f76206c6270789e7fc4233fc2c98ce4e33243b236d4c5b9b5e96042fba37ddf38899ed52ffa26d7ffee5e8026af098b908f9b037810c48a67a1ddf88b7be96d1559c457b4f69b1b048c76197ccf6e40b4442636640f4ceaae919a1d58ee2c519f54896b681321aa20f6022c4caf5cff00daafb5e82a3920c697612ea1903d8272ff812f90a6d5f798ea73de1953437219bc58e4aa3c18ec917951479029ab79425007ec7c0ed1b1fd19d7c09c1d5d24b7180c0392d3f26053d6d01a2d8513d67f08eb63e711814b09516146c215ef04fba5bc31a7a739a3c6addd6c67b5431f53240cf7a2311fa4538ec813ef3ddd12019b7640aa7e81ed04a1df6d14a14201efc33a1b9e999131b9692a40555a9e9ca84d01534fefd1be04ce8730ef60d4d968a25b482058ceca88d9c67328fa05f2d909cd4a5b60a82a592c5c94fdd0c924f1d1aa868eb073c2d7bdfd6820fcbd31a51b344bdd03d9cfc0a5f2f6997223e98ceb9d4757aecbd33f58a1fd2342a6990a518f0a48e1e69e03c51a77e7e377fafd35ff24ef0838253daa8ce480f62741c6d574634a3c42b4eb88cf6f2756015503d3957bae1b9f0369710dcd7d6b93c4d4978634eb070d2b32564261069914ce3d9056f641f12c37b8ed01ae4d2d0fd88d09faed8e0dfa7f901603ef9d87795a0d12284c2ddc0a3233e26f61da5b1e7897ace63546b348bcbd9f4e1af1aae9706de2a4abf004b1e175d91e7c977227504322424bf8e03f1d10c4cf956c4bc59db9c56afe64881f7b775426c5fb5aad0b64eb47dfc5b9fbd682e674d0cff02e3eed68d3909ace823bf75c2c1ae48ea51e2b43c468dfb1210545081cac928d014cb7d577a6cc45a25983f3e5b5b01657171bc09dc42c2d6881bcaf9b9da0a121df12a936af047fc9e68c62554116f17f088a98496745b3929fc70b9308506a633c9b9b3d3959e557574161923c3e8596b5a93a19f98aeb063da5039e56aba9cd33196df2ee481ca12e1134828f00539825a8ed464f208b11e2df2a0bb34e8aaf82c80e398b945405835a13e42d42d10993166606d27836b8abab852a0f9b85c450d8af896244287545c6855fea284ecf909869e6478ff26505c845e33c01bb48a6592e86295d8a2b386e821b91bb5b40b133660712959e3bd61944c08e7b4e69f02f61e2fa00d56e5f555afa641ead023fca53b97e1f2cbb96ddd6b940cc268094d1656f52f260e2da6e7f4862072129b989c928c7869e03b7181b34c52684efcfb97718ce2ceae7e15b8312c487a693fae8dfe3821fac9a1302d8f74311e01660ea352ec827b9767a5dc473c4051d9c1847dfd70a4d33a5280d44583bae626f23a1368171a856be458646f0b1a95232d79498784bc03eaaa4f33bbc6a72885e855b9812355758a05f9d5c0e8ca965cc66584c7183c7e718f11c29830b7344360d76abd1a4ee173a122cb952a77b3f5aa8f85ed464694143b79c18f656834d1d0d30ff603838ac2a2df2d9f420690193d5b0540c043747f9cb5e7261a92924b55dd36bb224eeafc07fb888b6aad989b7019d15a739bd49821beea365ec1f081d70227f0fa982c11e216ffc4350c2e376c3b713a15833317df39f3e14b4bdccbed38ef4b79d5fa6197b0b3ed1201fc38054bb0146de7818b17ad7d063e2b4b5d58153bc708e5091d8916f3ef3dbd1c6fe31a4beadfe7948cecb726a610641165a53edcf76935fef8d391be30a184205798af44f0aad9f00d87ae521e4a152cb314570cb477cbb8a253717487cd35be190e92d950f57e8e9f8776b30646ef70c9268018575cb692f3e5a62be55b1911a09df4780a56c9fe444df15bb100e4138626406fb4d2c711a7f64ec2e97f6ba1b62c5fa873e80c35a9f09480e8d32ab08846be3e9efa0584ccb53ef329fb48a22c7cbb3da3e2a5ba75b7c04e2884220adea8fa12677eb62229f58913e8d9e3aee98b5da08c69f9bf7d6d6674338451c0b99dff23d4cfed26e79ec85aadfc0100e7df24986174d2b9b8c32cfdbbd5c6e89c3bfc6ae0b47b3d66816c5c234728fc6f5afd50d3a8fab1c38b668287fb002525bcf971411905f6c132d3abadc68377acfe41d16970d3153a6a54440a8209d31d533020d0d278886f2240e07e67c47f6b61a25645d571955ad28100e9b9eb362427b1e4c6d27116f54463beef4798c9324ea37d89fb30f0e473baecaea0414004dbb05c8f24db34e29db26167cb9508410070c7f371d5b2bbf6290a8991a8f08a0ce5e0cbc85d963ba2c65469b3698777eeca8556db787714dd77d624e1308b0303e77958f2c4195b978255799f3717b46d2ee859ad13ca5da3b61879510db57ebd9a54a410f3bc615d9b05b739156afe14a240e318436dc39c85ef753f8e4d55c416dfbaaf5fcec0b44bb767696e6259b50d56dd7b89135e256ba3bbe537aad37182ee4b6bd50b93d98b2ab7932a3892602e3486c54c1dd5fb26b4f7f9a34f64e5ee8c4a3f6a35adeb1e42570c7f42d96904458eb754049f1ca0461eaab322d7819d695e2bdf8f1e71c6703ea6d55a1a3f739bc3ad67fd02ac6b09ce5458fd6e702a9be7bffa29c47631ea8d32c199d9b31fa1066915e8bc91f0d0ac7cf8481c980d253ebf2a77062d6ab0d7be4fc1fe1ce636d64957fd1eb255cd9a582433adf70722e20d6d6c5cba085c313ef3d129f77cf1d021f108674df333555eb3be3ef5dce2ba20bebac0ac65a098e5f2c4e1de650d3cb0469dadf5dd83d9e2ea9eb0bc53413ae99c1022028fafeabee2bbc91102b9c26069d4858102733c8a744d0b54c874d5949eb309e839547c9e93213631120f57452b5379fa4dbfaf0954e3d59184020374eb34bc9d56d3b0f8f98a2f897d4f011cf822f8dae8d9181ef51b7ed5d3e4f909f5bb850b79c48e47a6227cd5d2701259dca31b84f34e6c3ecbfb1714b1b4b5c9a32930d65819d052cb05fcb041940cbbd4349418bb3c6d9606deed09d4ef737ff1840bfc716e3871fc64aabfef52fbb055844a872d536ac2f574e9b000ac0947604c4181704514322156815175901d13fd52df17a6b7fd737ef7acd9540b16ab55d4a61aaf5affea66f4bfafbcd0548fd37ab1e9b6ee3140d57dd1c7be30d69a478240734a46364369618c7b42a91cb260b1ee99d8b4901b4ae6beb18b5aac867ac56c08d67c1373a229ba3a3c2122e95efb56bf01b2a58a5412dfd085b61f4b028cb0140005f8c57353f778d1671b47e1afd0418ccb133f464f4f456938ff61ebb9d743914f4386814ed18b2bb15f831d54e0f1af34a9c6f27a94ffc41ddce865707ca7afabe196765d5c4648377902e77924568a501274a130ebea3d8cd377f0821fb25b1249edd8df47f14e62a7c78490a1ac429019eb93d3e548294e7edb4073f610f76cf9401d10b45c4bc459704562f9ad8b3f996d3090c6aced5c4f183cc1c8110233e9be0d58abcb7a5b742b94116596ea5cd6f733838dccd4fb8f7e07d9a81c9a8dad8002d499b7fd957a2d9765349640e49e5a761759949d24b68a1ebd6bf7f60af384ec73dd3aa25b7b9d8fe1135f3b2bdac632e01e971df641e1a31ea8bb5f9997984f35f044dec16666e9af828d97dae7e36324104bb90b51b75804b160f07789f6fb106051ff2b996836713bd9b6cdd9b7d38ca399000145fd36263c19452bd33ce828aba60e1b63083bde6bca665fb4367a4cefe0484cac6536a3177a2a3b490bfed0b968393ea9cc9ae85d088c73303e0857b41bd5486b9d83099c1b70d1d7c00d10a9b8b93ba75b7e5cf8e95e63abc53b34246511018dfd9a753852c75c9165732d400840f918244dd0da834e6fcaf09dfa617fbbeedb65b0a00dd70523cdd35bde427c1fcface4025160d66f0550a3f5ec849a6307dcda7ad9e6a4dc5417c0b0f869ce25bb38b4dcfed512aef37e717c984d3246b807d17235fbc3b93a1641bbf190da677186155c55085faa90da6d1520fcaf75b55cade82a22ccd3ce1d5044f09f52f4d6beb269469d8a148192d4dcb9c1ecababb2132ea2791156ca417be08ec6dfba22eaa3f98de53dccebb6274ec7f8305c2e676594ebf36ccf5f24288972c4c04763948e1406e4a4463e7b8f5a4d1622a1389f9586712cee57cffab18ddae2e0cc35cc88f163fa4b4f1a97c93aa10f6dd695230cccfa03a89540fa2223977a6d9d8a037576becbc3a2d9d033955e177d95147008a76d833596975ca3d0e5ebb0e163b65ff6524d50671e0e60a741266cca9dabec58f962584269456db3a948d05ebd78213d748672e475c2485077a4562b74d37476a410d74698b28bca2764c88dbbe49ce2d7cce61f90324ac449bd64d5f7ef8def0471a3ed5711dc41afd7fa44f0e2f3131dc063b1712893689d853d77ab60dd70d53d949407057f47baf46347274942f44201b53d3090735cfe26e4d6fc048ec2a24844d76483055d3f0cd7f2c294511516788b46b742884c99bd7ecc991bec92c666d51bcf34769fbb9f154e3aa1d506c14be3bc3087ce3e3073e2e2123303ae2e7d4077235780f1e5481d89399d5eeb38c569074a77746e1277c3b949f03a188e38f6ffebe5cf044ec651bc3ee00af104750fa9c7d665fa8500c1f94d003968936dbe223ede1c7150f9dfa772f9294951e2c0bced2f81a2d80e5ad1ebbb129776c64dce75da35759180e5504399214551285e4610884f852ca61fb66920943df0afd109ec638d2807c6dc3481dcf2df4fdae1a83efb06c8c6493b0221cb5dccfac29cb8c832d98bd16caaf8af603cdb45e7ec881279821794ec3b1c4ff8bb78f005baf054714c65ecd98e555c1161e3cb02f3d5b2d299255aee818c4f707d7b37e34c5963088679ececb2548b4c843230507b56aea4103060a74ac1014dd07880d3a1adfeab685c05102d05ccb62c90946c4a2b2d4ba647ea16a44bf19f324adea495c82c7201e633d3bf274ed80540fd327e347b7b401c1a71688a5cd3667c1df3ccdfa379633fdc65cdf7c5d6f29d63debdd8ba0819be80becf75cb7fc5244cf97801b61053191d45ace4d56032d0633a69279fa86f938d0f15f9c04c418ec986bef6a3b3583471dc88836cc817e68a4116f0184d0acf4e73917ae06e35eb41a81d4beeabaeaf1197a7f97a4308d1536ca6127a1182513027981fcc24d7e1ec1c2e843b9d43a97c5c7af601ebdb9344d7254b229e36952251af8544ea0065546fef4be68e1448fd5533716e42839b3b9b94bd82f77024fe29635db568bc5a70c5e5835c2debca25c4ef710b434212793610d13e72076782e9e62a095a79cfd9d944aeaf32a9e553c10967e042b449c269eb4c0ab4bf9ba3b2a059433a6bcba7d24e4e68f21afbbc30bfa32c31da28c700b0fd6671b794b3bf47df2ac985211aa355e0303afaff069e4809132a6afde9b601c2782b7e6691e1fff6d50f79c0095939550c6eadbe5adecb54dacb3e4504d82f85cc09aedd3533d6d584a631aa54486455ce34be5bc82d1b037309b786ce01640b7a6f4e86be6c6893b48dda7f98a03b1cedaf8614d11577dbb8ed6a28094a633e0d8a236f509c13e3169528cc4215e112aeb0c73e5bff86316237c9504036172e46ec57da923857543dcc0f7d5dd8535df05c834191a82113bef14402415d4df7fdde4580b760e13e69c7bb3318342665438ad7f340113f423b6a3e44d1ccaef681485703d4d54d58d85ebdec2c0ec34f54912dab8755062ba6c86d9b1c2328fcf279237ba306f2c0f1fca95bfb68adaea8cfcebda4e1c414955759198e65cf832cd682e415aaea3aa8457448a27e7f2d357911b23951094dceda5076f2888eb4d04c8bc72fc269272840", 0x2000, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={0x18, 0x0, 0x9, {0xf}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc2, 0x4f, 0x40, 0x2, 0x80, 0x1, 0x3, 0x44, 0x8, 0x0, 0x9}, {0xb, 0xa6f2, 0x6, 0x8, 0x9, 0xff, 0x4, 0x3, 0xa, 0x13, 0x7, 0x6, 0x1}, {0x1ff, 0x7, 0xd, 0x10, 0x25, 0x9, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x2, 0x4}], 0x9})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x1000, 0x6, 0xffffffffffffffff, 0x0, 0x10000, 0xfffffffffffffffd, 0x4002004c1, 0x1000, 0x0, 0x0, 0x10, 0x0, 0x3, 0x80000000000, 0x1, 0x8b37], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22.283224032s ago: executing program 2 (id=1965):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

21.63742912s ago: executing program 2 (id=1967):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071104200000000001e000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94) (async)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001180)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="63e373f0a26867f03baffe9ee06aca7754fe90665cf72d5f9e89ab4d7026610d3c543f0ab7ad0dfaeefc64d44af000"/60], 0x44}}, 0x4000) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'ip6tnl0\x00', <r1=>0x0, 0x29, 0xff, 0x0, 0x8, 0x1, @private2, @remote, 0x8, 0x0, 0x200, 0x3ff}}) (async)
r2 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff}) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) (async)
r5 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000180)={{{@in=@local, @in6=@remote, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x0, 0x6, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x20000000000000}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d4, 0x6c}, 0xa, @in=@broadcast, 0x10000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'veth1_to_bridge\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xa}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0xff, 0x2, 0x20000000, 0x2}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'sit0\x00', &(0x7f00000008c0)={'gre0\x00', 0x0, 0x80, 0x41, 0x40, 0xe6, {{0x2e, 0x4, 0x3, 0x0, 0xb8, 0x67, 0x0, 0x4, 0x29, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x3a}, {[@timestamp_addr={0x44, 0x14, 0x64, 0x1, 0x5, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff}, {@empty, 0x9}]}, @timestamp_addr={0x44, 0x1c, 0xaa, 0x1, 0x5, [{@private=0xa010100}, {@multicast1, 0x8}, {@private=0xa010102}]}, @timestamp_prespec={0x44, 0x24, 0xa6, 0x3, 0x7, [{@private=0xa010102, 0x9}, {@loopback, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7fffffff}, {@local, 0xd5e}]}, @rr={0x7, 0x1f, 0xc6, [@multicast1, @rand_addr=0x64010100, @local, @private=0xa010100, @multicast1, @broadcast, @empty]}, @timestamp={0x44, 0x28, 0xa7, 0x0, 0x0, [0x90000000, 0x3, 0x1, 0x800, 0x0, 0x1, 0x2, 0xfffffff9, 0x3]}, @noop, @generic={0x82, 0x4, "9302"}, @timestamp_prespec={0x44, 0x4, 0x27, 0x3, 0xb}]}}}}}) (async, rerun: 64)
pwritev(r4, &(0x7f0000000100)=[{&(0x7f0000001200)="2af9a124add9e501f5e385a52d4b35f6099281db441507c7d69f73f3a7b150b98279f1beabaf469e1f4f88ae12b4c6e8435dcb41d7b621123ba7181b03d4b05774933831cafc09da46f9e53e738adba1dc85c0e783d85aecb1e2de8b4c69a7aa65080f879a0582f6821f8959c8b4e776ad341948b38d7b2c1be24ce3b0e1494f545eaa7d31bfc89dc3b18a9b342119f7a6412cce3389c56ac30a390ab88fe24d3ad681b27092aae59f24265906201f07de2aff14b793e1e5088a847047acbb3936ad2a1869999cf8612a34db0c9f41270644648f8bcd3561d2305435ed54a9399e021e9b7e9ae3df5e175aa50fe22114a28ab48ed914e24e6a0c8dcd42b6a78ebdfc39fb036e1c5d692bd06a843eeeadc44788af327adb0b81bf46a9926f72e20f8e8caa8c054de1191a06c497f4f819b6748ffbc87dd18ddc282a8434bfcf95ab1d50552cb079ec7b57c7dc5a56b1cc40f633839ff584512c9c7ff48edf3a086c5f578ff36835bdd025d380f3b359e25963a6eff1647cd6f41285e550f51485ff5881896e6d6e7891ee7ba73c086791fdd82a0b8b6d1308a87a5f9896231d7ecbf0321919b1e960897b9ecc1f7e1d91c99f10623c56d351c873a4ef10c1e02de157bf33dde43fd341fec2bdefec3e2713bd5a88f6f0c4b6c4aaf583992c2ee3d6f75560ded24cbe924a69930c02241f89341cc1f7432bedd4d8f5e19bec5ab910cdb35ea66a04ce247cc467259d167de679dc8bca485b489f9f94f23b78b5166365b81af36502833a964152e118f2719e664067192b987d64e9bf373adcae666d2238a9e76937356f27917ab9de33c815553e0c45749dbbb7452789c8b279dbc6e11be05d84f77a34b241ac3fc3d5439bed3b9ca4fa300c5d44197a32446ddc5c4b22519e38039b267dc0989a16de57e2cb9a59408f7faa20aa0a7f7ced5fdb253609f407944759018db9d32372c4fa038cd8b6f2739e9b436706ea35c628829ad827aa68be4c567051cc6ca3f7378e61fa9f72c058105ab58de2729e393c9386be3a8b48bf8e87674f462aa4b323d52502c689e9a43d10c9cc542123ef4f5ff60be68c53a229ca12fb32fb01bbf339e310e16bf2884f0c58a8ed0c14e0d74d2a119145246641bd72d37aa0917ca0bb5ac7f543e829c7d5b48ecb2fa68b529074bd02bf01fc0af794bf8fce1a5bf050f021b111bdc9b8a142fdf4d431616cf0c54e50417a62d106e687afacc7b7603e224e914e5b388f793a7b5bd41bb2a5e4d22798c7a2f1db49266308b06e2b5d2350ec46eacf70c5e0c35001f55869ac89753320c60ab97cfb02e88664d62db9a0d258b9a9ea8ce573f6808247b25d7a305a5b1bcb1e27316ec116e7fa9e8fa982e541c7180ee4954168f6371d62b77d37e7e3840ddf2fd1a24831351e7b06cb396bb0c9c5f95bc73602c6e8dc4dc231efc6571cdf3ad304c68b679874a0408118fe066e23e227f3f13eb7ea42bde2e8d590a343bf50315c910b1b66ddf95208ea0a85998835e81d0667685614ccc06076b3b027d31635e75a1f1d22d731cbaadbc4907ef9022ceaded08aa12bba7514011ea37f587bc297dc1e07641a7248df526aa1d91b8ad6aa70a67a79eb247dcdc3a4db6984b45ebcc90f7bcd3dec0d24444b138eb1f23a6f4033e59b428d1d91ca4688952e5406a6340755cbbad38b32c1deb33f663aa774334029714f174f097f81ee39172de2061a26372cc20a88a1151e95f8c0c64f348eb2da901a3e0c6b06cd079366511180bbbe298fd134400f6002813cc49d5fdaf14c53b0b10cdbe1f07075a4d15a40b5c8c4bb990b4e12bd357b9f0d0e53d96f472e9252cd3bc8c21bf025b0d6e12f7d64430a238d3af47149cf2f150417608b111fee8d051735e68ea84511e147c3708456ad93fac7f0958579793911785445b026743f45c6812aa1e6ab1dd29b2bf7fcda0286a2e6aeaef811ff0f72e0cbcff0850b1478fb49960963fbe7fe82cb931d44201b0b68c438288a991f51ad7c347158daab74c83e9e98014dd290aefd320400c3b4b59e7d6e81ecf79953f70da8e932fc29fd1c407cf7102ff5bac80cae5bbbf0d53807778e2cce123d954fbc5b4095810b4875b06d743cb65d9ab1a2985af2bb8bff459c2fbcf214f262d616f1440cbf1fe73be1ca84942248467d195bdcd9d3b886dfc57bb4482a1e8f5e3fb4ac4946024c68c8431790976b2c368548305d168cf15de54aa85cb83ebfbb7770e65b7a288645b82b592d533df534e802d442550c090be26f523f720b0a3d0efa724b3e89e1bdf8df5cdd955974e57c1ad018bfe9df85489a28a854ce00f98f1d35b3c4444385ce833e9b55be5fa33c5ddb0bece90dcb0333a08ffd831de79fd2fa859a34e8cbc83becd8b26d358695d7548f7ab2dd3f731a63288047d4bd99dc028ea1ee6e2ab27f8d256c4f15168fe9c6f096179b45fb92e699ea4b8091727d54d635dbfab5d43a32073897f1f30c866bbc62bef85599f4b887cb6850d421e3cc408dfe181dd6677544884347697c4af999d779f2736da3a938d38882edf24c9b064a23cfd6e845fda382414c71655adae376080dd40ade61ad8857327b6a14fa0aee30cbfdc8eb18afef1e90d13b332e0fea4c5dc754182dda6917db540eda4f27f30618e5edd2dfc7e343654bf3d7be2ee549d8f37a2d5bfbeaa4ac4d54c448626b8d24a748638a4e592bb02f77f36140d7527f38f618526eb05ad6c02f4e7cc999f10042b292dce5a0dfcae0572428a81995fbd8604eb46512c4e58acb46fdc9cec0795e6914010e4653e300b496b6051544d41cd9aa918c34de30e1e6806fd2040f12e4db05f6e280e9cd4b2490c174f24043bfeefdc5cc2689456d287edf4568d68637f431f606595c174d0725e38ff4439c968c57536ddedb3a5412667cf6c2d49633f064b4d82e8e518f9c4e088cdb822a4664141410e0179108cca5ef5cefbe7ebd427f1a170b2209d413c506b695ee75672c84de2da252f4a6c37f3fed2ed2873e91d9ac5022af95f4b0eab322df7ae6de61a21b09e672a2a5009f21053031b2a13692bef36716db329584215fef5cea09f2f0c0428d19e628a05d4fdc685e9837644f46a6aca68ebfc30391d1d6a3fce2b104d14ef1ab1cd9dbca706732fa52f4b7bd2b4abe86a962a49c5ebdb2ae45c1f992bd56dd474c721eea497b4a59c9a3a01845e64b94816c3ec18b5bbc12db16187c94f4659dd16d1e1f155ca9da0b0cfadad6773a5c10da447c0d5af84516f952575a764d2e19b0290ab4847d636d4f15197cbfbcf4f2ca3ed957130d5d1a91c5d6fd9f23ae20c40df1243e67d638ff81971b4ca7d10a9e8f3762511ae71417b1fa07e6805bf72ab7e00693b5ae0b4bcfa2c96670e9bc71f1bc1916672146f5e13a1280d9a59d87414bf0fd45af50ce235e459e4b32e407ffda83970e3e06bd7f9840474a99914646908f108fbb59b3f50ba0b0611dea225bce6c3a28c625ed50922aafbd87fb9d99122b84d8ef88eab591cbb59256f60fb199f855b00aedcd2113b815ef6bd3fe26edffca4ad6568e2584e117818e77c4667f2a21cec992c0bcf286f6412255b0babb8b254cbc548da8f46235d3307e299146c82ef1a4b26c5aaf40e83c20e6dc204245dc1a72a47f0e5366a1c9312fce46e00fc9c9527f47f9a7a6b19eedd5d84badac5b231f42f697bcb87e88f1fa4554ce66167eab9526fc466442d6ec3f331c6e7dcb28a11f0848a701614297a9ff4f9b6ffad7524498a2220fa842ab3eced76eb2dbebfd5436599613400f2a353ad549d8cc806ff5b5e3376e25b5dc3bb0adee3772568cfb483c9ab04b6a546da50b4c4725fe04238638d338430255c4ada29abc9a0cb004b7c6fde34d5e527bab884d340bfebecde98cd19bb22834fcf7afd29e298662ab245fe0061f2cca9d6982484def2635e0487ee5c76f3067b61721b55c937f6601f6100298339ccfe118b44b8d62c8499f06927a4353e0ef0a59f301adfa2943986a2985faff6ee5838b797ffff88a60349e11cca943e816a34db9905b592393f51f5f3f8ef14520591499d609686eff355a722bb01e1b595e18646a2b0ff08ab79001d2be9e9ee6c784af29c976113e9a715fa31e4f905c48d2090420ed5d44a15ab11fe2cc9c34757ca72e82bf39068f1a0c573537ee2fee422bfa873fa2b86f774cff8416f6c07acae80f40515a6aa3ac43448030a6617e258511e0fcd30a50f2290139a82cbec7b569bbb124bc52a5e6f2d87ebcf3fcdabdf7784a7aba4f8df148d16fe6e40c3cfbd2326aac678d202bbd9f2751b9be10e3f91258dcaa80e8d5531f96288d1b8911e68def8459a55352893ab156ba986c7b2adfd06551513355985d30d6aad7ffbbf3ec575e041611ba7de29be96a42e3a97978494acfe0ee5922f3e32bd25fda0acde3b22923b553b212e636cf139ad114d025fc5625c38cde4fd561834f9a82f05f2c981cb4a2f7113f42bafabf85c3e7c6f505e3e8b6bea9c5c644e880bf2a8eb318cde93fdd8c9a0158d080ba720cc129538aa5df7bfc26d6c5d5bd28e9744311911006ea37df6bbdb0415a0336f3963965db69f37972ec5444a5c3c85061cec0f50cb74e18a2f31439a97b536b8d9f231c979d221089fe7c05198ee72836af06cf45cbe9b0047029b6f624c31fbde9ea09a4c03862d55dc56dea91a526631c30403757e0ce0620a98b62987e51c82baca228fc345e5c1a4f6c8810a93643f4c85feacf241f3ac0273310580ba6ceaf8e9116dec1b03b709a8402c7b408ac66f1c667707faf286d3fe96214928876fcbf2977329024ac63b4ab19d39ff5b385605d87c49fc4c91e589228417359f376f20d27c2604c0d2197394129df42103c67c6ed8f431d54d0756e0a2cfe240de31f0e72f17c35fdebda8f4916a01386a69833bbf9a414d66f5287e4f1178601d9ad3ca00190a2c8e13e7b4fe040cabaa3c002dceca88debd28f7293361f10226ad2e0e26afcef735412f70645afc9e734cea5dcd0a3b12a9556b13c08bdd66b61a98e0ee8835827506fadcdede43deaa5f92b5bff2adc0f18a1459d91f3244be92e103d0b6131c02f22e2348f57450632e75dc6e44fda444ff3cd297b0d83f33a6d12d9a51eb1108291961af46547a2a0e1f93e7d6be1dcf810c1d5bb85c4eca5784aa212f068857c8dd511ef2f1c9a5c8aafaed1d7e376369e6602d46b0b70de6531c2d815d31a627c8968d2197215e763496b2cd871078a033222ac6cc3ec89b5b011bc70327776c35999dc8bd92edac7d13895a7cfe710d1105f5db0712856cb9489e0bc31f22544b30a338b99766106455954a488b30723f8760e6504b28199c5e6c5a26637b099d35a14f54a9ed583a0c92247888a74ace278c0b7bc8a1187594bbb4c9fd8015b2b6f64f132197cf3ba94f92063c4e401b107d023d8d4230bd4944e789dc8635d470965e154f30cdf3ac78c230424d569cb5e87fae4e42a4e7efae8f5d8d9c1540c5b10a44333fa09b3ddc3552222393988bbdd1422308ca986b976e0403ea165fb537be2e9e11ce6afa183e0f6882e08ef6e8f40f74846ffb2ace33034fdc6a22777ab0bae00383d5000e6f8509341958de17379e821a47879272ddc14e1a10f06fad7b4182ade4f1d20916c989fb75f256d2c6502d5ee043f03c8ba53339cbcebe3fe5264f789b3535829a586504bb76df57e8d7f10686e2d08b9a1b1a94a406422565175401948865529e2f636ad1fa3005938022ebee4f592455745736404f6f8", 0x1000}], 0x1, 0x8, 0x8) (async, rerun: 64)
r7 = socket(0x11, 0x3, 0x0) (async, rerun: 64)
r8 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r9=>0x0})
bind$packet(r7, &(0x7f0000000180)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @dev}, 0x14) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r11=>0x0}) (async)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r11, @ANYRESDEC=r11], 0x70}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=@getqdisc={0x48, 0x26, 0x8, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xb, 0xffe6}, {0xffff, 0x7}, {0x7, 0xb}}}, 0x48}}, 0x50) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000006c0)={'ip6gre0\x00', &(0x7f0000000640)={'ip6tnl0\x00', 0x0, 0x4, 0x5d, 0x2, 0x8000, 0x18, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @multicast2}, 0x700, 0x1, 0xa6e, 0x3271a3a4}})
r13 = socket$packet(0x11, 0x3, 0x300) (async)
socketpair(0x11, 0x100000005, 0x0, &(0x7f0000000000)={<r14=>0xffffffffffffffff})
getpeername$packet(r14, &(0x7f0000000000)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r13, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r15}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

20.248960424s ago: executing program 2 (id=1973):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x25}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}]]}, 0x34}}, 0x40020)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000004c0)={0x5})
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x50, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x42d}]}, @CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @mcast2}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x2804c015}, 0x24000800)

19.953391086s ago: executing program 2 (id=1976):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
socket(0x23, 0x80805, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
syz_emit_ethernet(0xf87, &(0x7f0000000000)=ANY=[@ANYBLOB="b746e328a4caaaaaaaaaaa0086dd606410a60f51000000000000000000000000ffff7f000001fe8000000000000000000000000000aa84"], 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r8, &(0x7f0000000340)={0x1d, r9, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r9, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0d03000000000000000013000000240009"], 0x38}}, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000005d0d3087d07aa04d85b0102030109021b000f000000000904000001dbcc7a000905", @ANYRES8], 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000600)={&(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0xa, 0x3, 0xa})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[], 0x50}, 0x1, 0xba01}, 0x0)

4.800072353s ago: executing program 32 (id=1976):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
socket(0x23, 0x80805, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
syz_emit_ethernet(0xf87, &(0x7f0000000000)=ANY=[@ANYBLOB="b746e328a4caaaaaaaaaaa0086dd606410a60f51000000000000000000000000ffff7f000001fe8000000000000000000000000000aa84"], 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x7101})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r8, &(0x7f0000000340)={0x1d, r9, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r9, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0d03000000000000000013000000240009"], 0x38}}, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000005d0d3087d07aa04d85b0102030109021b000f000000000904000001dbcc7a000905", @ANYRES8], 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000600)={&(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0xa, 0x3, 0xa})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[], 0x50}, 0x1, 0xba01}, 0x0)

4.572865885s ago: executing program 0 (id=2036):
r0 = socket(0x10, 0x3, 0x4)
socket$kcm(0x10, 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x4788, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xd, 0x1}, {0x4, 0xfff3}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x22, 0x4, 0xa, 0x0, 0x0, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x1, 0xc, 0x8, 0xd, 0x0, 0x4, 0x2}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x44)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010127bd7000ffdbdf251700000008000300", @ANYRES32=r5, @ANYBLOB="2a001a00ffffffffffff00000a00006d0ea06a5ba3e4f7bc0f0e9fc41f97a41a00ffffffffffff004e0a001a00ffffffffffff00000a782500ffffffffffff00000a0006000802110000000000"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r6)

4.500015827s ago: executing program 3 (id=2037):
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

4.377941635s ago: executing program 3 (id=2038):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2, 0x80800, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000})
ioctl$DRM_IOCTL_MODE_GETENCODER(r3, 0xc01464a6, &(0x7f0000000180)={r4})
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)=0x2)
r5 = syz_io_uring_setup(0x49a0, &(0x7f0000000380)={0x0, 0x5cca, 0x80, 0x20000, 0x2c4, 0x0, r3}, &(0x7f00000001c0), &(0x7f0000000300))
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f00000004c0)=""/243, 0x0, 0x80a0000})
r7 = dup2(r6, r6)
write$vhost_msg_v2(r7, &(0x7f0000000600)={0x2, 0x0, {&(0x7f00000001c0)=""/128, 0x80, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r7, &(0x7f00000002c0)={0x1, {&(0x7f0000000680)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000380)=0x1)
r8 = syz_io_uring_setup(0x1f83, &(0x7f0000000480)={0x0, 0x8e19, 0x13580, 0x3, 0x349, 0x0, r5}, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000000)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r8, 0x0, 0x0})
io_uring_enter(r8, 0x14, 0xb9c, 0x3, 0x0, 0xffffffd5)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6(0xa, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12011003398f7708"], 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x103102, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0xfffffffffffffffc)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
socket$key(0xf, 0x3, 0x2)
r13 = syz_open_dev$video4linux(&(0x7f0000000040), 0x100000000009, 0x80000)
ioctl$VIDIOC_SUBDEV_S_FMT(r13, 0xc0585605, &(0x7f0000000140)={0x1, 0x0, {0xfffffffd, 0xb77, 0x1011, 0x0, 0xa, 0x9, 0x3, 0xa4de36948e08189d}})

4.304082142s ago: executing program 0 (id=2039):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0xc00e}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x4000000, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWSETELEM={0x78, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4c, 0x3, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0xb}, @NFTA_SET_ELEM_EXPRESSIONS={0x3c, 0xb, 0x0, 0x1, [{0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0x4, 0x2}, @val={0x4}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xfc}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="0c002c80080000006c09"], 0x38}}, 0x0)

4.168647517s ago: executing program 0 (id=2040):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000000)=[{0x48, 0xa, 0x48, 0x1}, {0x28, 0x4, 0x76, 0xffffd024}, {0x6, 0x27, 0x3, 0x207}]}, 0x10)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) (fail_nth: 7)

4.022425171s ago: executing program 0 (id=2041):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x4000004)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @remote, @void, {@ipv4={0x8100, @tipc={{0x5, 0x4, 0x2, 0x0, 0x3c, 0x67, 0x0, 0x9, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x13}}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x1, 0x0, 0x0, 0x5, 0x2, 0x1, 0x4e21, 0x4e23, 0x3, 0x1, 0x0, 0x0, 0x1}}}}}}, 0x0)

3.874562071s ago: executing program 0 (id=2042):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffe5d, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_BYTEORDER_OP={0x8}, @NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0xb2}, @NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x0, 0x84, 0x81, 0x5}, 0x9c)
syz_emit_ethernet(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="b80000000001050500000000000000000a0000013c00028057fd018014000300fe80000000000000000000000000003814000400000000000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000000000000000000000000114000400fe8000000000000000000000000000aa0800074000000001240006800c000380060001004e21000014004400fe880000000000000000000000000001"], 0xb8}}, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket(0x200000000000011, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x4, 0x0, 0x800, 0x0, 0x10, 0x0, 0x1}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'})
r4 = socket(0x10, 0x803, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}, 'gretap0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @remote, 'caif0\x00'}})
socket$nl_generic(0x10, 0x3, 0x10)

3.822297789s ago: executing program 4 (id=2043):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4, 0x2}, {0xd, 0x1}, {0x4, 0xfff3}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x22, 0x4, 0xa, 0x0, 0x0, 0x3ff}}, {0x4}}, {{0x1c, 0x1, {0x5, 0xc, 0x8, 0xd, 0x0, 0x4, 0x2}}, {0xfffffdbc}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x44) (fail_nth: 7)

3.654456351s ago: executing program 4 (id=2044):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
setsockopt$inet6_int(r2, 0x29, 0x9, &(0x7f0000000140)=0x7, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x60040040}, 0x4000840)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=r3, @ANYBLOB="40007a800c0003"], 0x5c}}, 0x4000840)

3.534650972s ago: executing program 4 (id=2045):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f00000000c0)=0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000bd3000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f00000000c0))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xb, 0xfff1}}}, 0x24}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x437, 0x0, 0xffffffef, {0x0, 0x0, 0x0, r5, 0x50487, 0x8044}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_REMOTE={0x8, 0x7, @local}]}}}]}, 0x44}}, 0x20008884)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {}, {0x5, 0xf}}}, 0x24}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.533914364s ago: executing program 1 (id=2046):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x3c, r2, 0x1, 0x0, 0xfffffffc, {}, [@ETHTOOL_A_RINGS_RX={0x8}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8}]}, 0x3c}}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0xc048aec8, &(0x7f0000000740)={0x5, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x20}, {0x0, 0x4}]}})

3.337425527s ago: executing program 1 (id=2047):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000b00)=@ipv6_newaddrlabel={0x38, 0x48, 0x1, 0x0, 0x0, {}, [@IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000000}, 0x20048000)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
mlock(&(0x7f0000017000/0x3000)=nil, 0x3000)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x1ff}}, './file0\x00'})
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f00000003c0)={{0x6, 0x4}, 0x100})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x4}]})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f00000002c0)={0x4, @sdr={0x30314247, 0x6}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.231380241s ago: executing program 4 (id=2048):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000503000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000005d000000000000000404000012da0aff2500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) (async)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb) (async)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000b00)={0xa, @pix_mp={0xffff, 0xc, 0x31324d59, 0x7, 0x9, [{0x2319, 0x81}, {0xfffffffd, 0x7}, {0x4, 0xadf}, {0x5, 0x4018}, {0x0, 0x8}, {}, {0x0, 0x9}, {0xaa}], 0x0, 0x0, 0x1, 0x2, 0x2}})
r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000140)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "280991800000598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f000000155cc30cf11d0bc000", [0x4, 0x7]}}) (async)
epoll_create1(0x0) (async)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, 0x0, 0x0) (async)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="abba00000400"], 0x0, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000280)=ANY=[@ANYBLOB="200100000000102c0a1453d786675c3d0f0f4ae05d9cfbed56cfdbc9bc13133b6d9a34605a11e3ccabe25fe0e72b40498c1b2024257913f944ffcb4e5fe21d2b843c0b81d1cf5795ba510bb69285e606428334da74bd2317"], &(0x7f00000005c0)={0x20, 0x3, 0x1, 0x2}}) (async, rerun: 32)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0xe) (async)
munlockall() (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x200000, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000380)="34686d2bc0b1c15cf2fab3aaa5c6196936", 0x11}, {&(0x7f0000000080)="505af6a72d2cfbc8bfe730757d0dff098b7d71", 0x13}], 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c) (async)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x9, 0xf7, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0xc})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
writev(r2, &(0x7f0000000a40)=[{&(0x7f00000003c0)="ff07", 0x2}, {&(0x7f0000000040)='z', 0x1}, {&(0x7f0000000000)="a9e47d", 0x3}], 0x3)
syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01060000010000000000090000002400048013000100"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)

3.162391939s ago: executing program 1 (id=2049):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$vbi(0x0, 0x0, 0x2)
dup2(r1, r1)
r3 = fsopen(&(0x7f0000000140)='virtiofs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='sourca', &(0x7f00000000c0)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1\x88\x16', 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0)
capset(0x0, 0x0)
socket(0x11, 0x3, 0x0)
r4 = syz_io_uring_setup(0x804e69, &(0x7f0000000200)={0x0, 0xab63, 0x800, 0x2, 0xfffffffc}, 0x0, 0x0)
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000000000)={0x8, {"a2e3ad214fc752f91b5d30f70b06d038e7ff7fc6e5539b385d098b089b3b08381a090890e0878f0e1ac6e7049b3344959b609a240c872adb988f7e0319520100ffe8d178708c523c921b1b5b31360d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a72eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa452370000000010403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b93903000000000000001c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae0000000000000007eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d6039947329710309d83fdd9d8b4ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d6245939241a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78cd7d79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77900b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000eeffffffffffffff00000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f00000002c0)={'ipvlan1\x00'})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000040)='\x00\xa0\xa7\xfb\x8c\x8e', 0x0, 0x0)
r9 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r7], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r10 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r10, 0x80045017, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000001040), 0x0, 0xa0c65)

3.142859369s ago: executing program 3 (id=2050):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0x1000}, 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'trusted:', 'trusted:'}, 0x20, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) (fail_nth: 7)

2.824215382s ago: executing program 3 (id=2051):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000300)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x2f, 0x8, 0x2, 0x3, 0x8, @dev={0xfe, 0x80, '\x00', 0x2d}, @loopback, 0x1, 0x80, 0xb, 0x8f}})
r1 = socket$inet6(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r3, @ANYRES32, @ANYBLOB="0000750014001a8010000580"], 0x34}}, 0x40)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x44, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x80}, [@FRA_SRC={0x14, 0x2, @empty}, @FRA_DST={0x14, 0x1, @private1}]}, 0x44}}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xd19, @empty, 0x4}, 0x1c)
connect$inet6(r5, &(0x7f0000001d40)={0xa, 0x4e24, 0xf, @loopback, 0x2}, 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="7a00000ca8ccb14d99321300000200050000000000000000"], 0x18}}, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000100)={@random="ed438400", @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "6bfe4d", 0x48, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0x42}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[], {0x4e24, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x6, "a3d04d6eed0c257d6898ce4d34aa3ff1cbac497abe78a856", "d4baa6766b81c29c2d6a912cd0874b8af16734ad0711d1125298fe026444c601"}}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32=r3], 0x44}, 0x1, 0x10000000}, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

2.342746357s ago: executing program 4 (id=2052):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x3800}, [@RTA_DST={0x8, 0x1, @remote}]}, 0x24}}, 0x0) (fail_nth: 10)

2.320927055s ago: executing program 3 (id=2053):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000006000000080000000c"], 0x50)
r1 = socket(0x10, 0x3, 0x9)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x4082c1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'veth1_to_batadv\x00', 0x7101})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x43c, 0x64, 0x100, 0x70bd29, 0x25cfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp6={{0xa}, {0x40c, 0x2, [@TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x85, 0x8, 0x4, 0x9, 0x4, 0x9, 0xcf, 0x775, 0xfffffffa, 0x3, 0xa2, 0x4, 0x4, 0x7fff, 0x3, 0xf, 0x4, 0x3, 0x5, 0x2, 0x8, 0x7, 0x6, 0xffffffff, 0x9, 0x78, 0x1, 0x2, 0x4, 0x1, 0xfffffee8, 0x5, 0x9, 0xa, 0x5, 0x8000, 0xd9, 0x0, 0x16, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x5, 0x3ff, 0x7, 0x0, 0x5, 0xfffffff7, 0x8, 0x50ea, 0x6, 0x8001, 0x9, 0xb0e0, 0xf, 0x5, 0x8, 0x3, 0x0, 0x4, 0x5b23, 0x5, 0x8, 0x2, 0xee, 0x7fffffff, 0x7fffffff, 0x3, 0x172, 0x5ae27a20, 0x5, 0x6, 0x4, 0x200, 0x1ff, 0x3, 0x400, 0xe6b3, 0xd171, 0x6, 0x1ff, 0x7, 0x699213b0, 0x9, 0xa, 0x12, 0x3, 0x4, 0x0, 0x100, 0x5, 0x6793, 0x0, 0x1, 0xfffffffa, 0x9, 0x80000000, 0x7, 0x5, 0x0, 0x80000000, 0x400, 0x7, 0x7, 0x5, 0x9, 0x6, 0x9, 0x0, 0x1, 0x5, 0x2, 0x2, 0x2, 0x7ff, 0x40, 0x7f, 0x5fece1ea, 0xbf7, 0x8, 0x78, 0xe, 0x80000000, 0x6, 0x8, 0x5, 0xe, 0x5, 0x200, 0x4, 0x4, 0x0, 0x0, 0x1, 0x3, 0xb, 0x70, 0x2, 0x1, 0x9, 0x1800000, 0x9, 0xbff, 0x4, 0x6, 0x800, 0x7, 0x5, 0x3, 0x9, 0x6, 0x0, 0x2, 0x6, 0x800, 0x3ff, 0x9, 0x3, 0xcc, 0xc60, 0x3, 0x8, 0x4, 0x1, 0x0, 0x7, 0x2, 0x6, 0xc, 0x4, 0x32, 0x2, 0x8, 0x1000, 0x2, 0x4, 0x4, 0x2, 0xffff, 0xb37, 0x7fff, 0xbec, 0x8, 0x5, 0x1, 0x5, 0x0, 0x1, 0xffff, 0x7f, 0x3, 0x94f, 0xc91, 0x9, 0x3, 0x2, 0xd46, 0xf, 0x200, 0x0, 0x8, 0x7fffffff, 0x0, 0x8, 0x2, 0xe6, 0xb, 0x18000000, 0x4, 0x5, 0xd756, 0x6, 0x3, 0x800, 0xd3, 0x2, 0x6, 0x9, 0x4, 0x7, 0x5, 0xaec, 0x100, 0x0, 0xfffffffb, 0x40, 0xfffffffe, 0x3, 0xa, 0x7f, 0x1, 0x9c, 0x400, 0x5, 0x8000, 0x8, 0x8, 0x9, 0x6, 0xffffff7f, 0xee2b, 0x7, 0xeaf, 0x3, 0x401, 0x7, 0x7f, 0x5f, 0x1000, 0x7, 0x9, 0x7, 0x8001, 0x9, 0x3]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x40881)
recvmmsg(0xffffffffffffffff, &(0x7f0000006fc0)=[{{0x0, 0x16, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}, {&(0x7f0000000480)=""/247, 0xf7}], 0x2}, 0x3}], 0x1, 0x1, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r7, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x2ce9}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x9, 0x2ce8}, 0x8)
recvmsg(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001580)=""/4090, 0xffa}], 0x1}, 0x0)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r1, r8, 0x0, 0x7fffffffffffffff)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000000)={0x3, r0, 0x2})
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r0, &(0x7f0000000a00), 0x0}, 0x20)

1.709883501s ago: executing program 4 (id=2054):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x6e) (async, rerun: 32)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) (async, rerun: 64)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (rerun: 64)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) (async, rerun: 64)
link(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00') (async, rerun: 64)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 32)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000010000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x16, 0x0, 0x0) (async, rerun: 32)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@local, 0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 32)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) (async, rerun: 32)
socket(0x1e, 0x5, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
epoll_create(0x8) (async, rerun: 32)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) (async, rerun: 32)
keyctl$dh_compute(0x17, &(0x7f0000000400), 0x0, 0x0, 0x0) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32)
getresuid(&(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)) (rerun: 32)

562.804942ms ago: executing program 0 (id=2055):
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1, 0x7}}, './file0\x00'})
close_range(0xffffffffffffffff, r0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000000c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000043c0)={0x0, @in={{0x2, 0x4e24, @private=0xa010101}}, 0x9, 0x8, 0x4, 0xfffff43e, 0x97}, &(0x7f0000004480)=0x98)

331.976839ms ago: executing program 1 (id=2056):
r0 = syz_open_dev$usbfs(&(0x7f0000000200), 0x100000003, 0x400)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_TYPE(r2, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[], 0x90}, 0x1, 0x0, 0x0, 0x40041}, 0x20000801)
recvmmsg(r2, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f00000023c0)=[{&(0x7f0000001e40)=""/66, 0x42}], 0x1}, 0xc}], 0x1, 0x10000, 0x0)
ioctl$USBDEVFS_CLAIMINTERFACE(r0, 0x8004550f, &(0x7f00000001c0))
r3 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000400)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b/?\\o\xdc\xea\x95\x9a)\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\x9c\x00\x00\x00\x00\x00\x00\x00&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed000007030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000010000004fdffffff0000000800004f19ca898b0a9f1f9ba0aabf5c3ab7feb05d3c1bba4c1e37cea27cb106af27f845dcbe", @ANYRES32=0x0, @ANYBLOB="a82302002104020008001b000000000010001a800c000a800500080008000000"], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="00eb0000", @ANYRES32=r4, @ANYBLOB="05002abd70003f841ec3fdc7dc8c08000300", @ANYRES32=r6, @ANYRES64=r7], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRES16=r5], 0x24}}, 0x40048d0)

211.74133ms ago: executing program 3 (id=2057):
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0)
r0 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
futex(&(0x7f000000cffc), 0x5, 0x100000, 0x0, &(0x7f0000000000), 0x1000000)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x19}})
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x100, 0x0, @loopback={0xff00000000000000}}}, 0x24)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x197302, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x80000000000b49, 0x8, 0x1000000000008, 0x0, 0x80000003}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0)
r7 = fcntl$getown(r5, 0x9)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r6, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'})
sched_getattr(r7, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)

38.718864ms ago: executing program 1 (id=2058):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000c00000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a01de00000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000010000380"], 0xc0}}, 0x0)

0s ago: executing program 1 (id=2059):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000080))
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f00000006c0)=0x10, 0x4)
sendmmsg$alg(r3, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001701000003000000010000000000000000000000000000001701000002000000000000007005baa38d33e2e1650de8f13f421b2d4b60252e76171216e42961c3b08d4d3dacb0a7089ff7cbfd613d46fa95d6e2f6e76ac3266c9b1a531c4bcf0e7071f117cca4e883b4a6eb5dee7a9ab4d05d7ee311ab1c55b817285e0c3714ee6137e3b8553de667701a7c93437583b5f0b285a188098c1ac4ebac40b315ff8db6f736992497879a42b95248fed4d4888970573d0e88ceead26d97e172588a3ad30fbd01b7bbeeaa668e835f7ae3113fe2d949bb47bc0b2c62541714cc0538601ae4bab19d69a5addee134dd447034da6dd89704603d31a3d25b9d5f46cfd43d9e29aac7422920d98e1463256bd4cc929373ad9000000000faf6a95a04ad3b9db9b230f8224a3d6db187a94e5dadfe181d20d3a4bd08e8b0e6eeb79fdee230dd852a36dfc9046d03b8f316b2d460ca5d08c515d914db8ce430ea0237911c440ee750fe787aaffa83b809651c529e4cf68c8219a827ea003c59e3e51b00cd7f9464f37be2eb3e1475819ad37edcc238b85ab205a2b394916815d9cf7bf3f8e3d19a4697756299e21f2afd3ae31e0f09b8153965635216de47156f4e5fc97cb04f9c5e13256be1d9e0a94f9c6387940de1bcd7b532d16ebba216601cf23be6a7c259550bd059a5a7aee85eb558de8201c1d9c7b29e27313f61cf0b07dd790071bdbceabdd32ce2bcc279b1575a1431b03e5dc37307d15a2782175c87dad1a3aadf48b382bea4ae0b423edee0e12ada4c1dacc40bf387630792ab5c7ed6e2ef7e8a77268b0ff8978ccddfa8da4521d24b3fddc70d181c20caa9a584df9b2e"], 0x18}], 0x4924924924924fd, 0x0)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x5000, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="05000000e6ef1f00060000007f00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r5, &(0x7f0000001600), 0x0}, 0x20)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r7 = socket$inet(0x2, 0x3, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x1e0, 0x0, 0xe138, 0x198, 0x0, 0x198, 0x148, 0x358, 0x358, 0x148, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000, 0x0, 'xfrm0\x00', 'team_slave_1\x00', {}, {}, 0x33}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x1, 0xd, 0x3, 'syz0\x00', {0x17}}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240)
write$tun(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="1ce50700aa03f5e1f5ce0060aa1e6925e407725a0137c6f1ad4190eee274d2caf78efe5d89551c681327b9afeb4081d1dad9f6edaabe5e87cf88b47d5fd5868cbdb98edeadf7ee6ad3e971bb6f9b7b087842062fdcafcc568d67e22734c078"], 0x59)
open(0x0, 0x100, 0x40)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000000280)={'wg0\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYBLOB="64000000120008002dbd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="306200000100000008000500", @ANYRES32=r9, @ANYBLOB="08010087f336fa1014b805f4", @ANYRES32=r9, @ANYBLOB="0b0024000289d70ab2a10600080025000100000004001400ddfc140064756d6d793000"/44], 0x64}}, 0xea5bc50b6199d77e)
sendmsg$kcm(r1, &(0x7f0000000900)={&(0x7f0000000140)=@un=@file={0x1, './file0\x00'}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)="e6ca1a8c07e25a3e23436a954b3190b9620fd58234f6c2cff2fc597fbdc0d551e78868cf088ef239b44b730586a92477c3fd0350b8b8561c839d9d5ab5e2c4882cfb1efaff7baf7f2ebfde9ccfd4d12b784e462d3ef146fde5c435c6c9ccaf9c78f5874cebcfea1db7b5617efae1c011232bff6690a45355856406a6fec9", 0x7e}, {&(0x7f0000000240)="e5d77f305d34728a3b28615d75748a6d453775afabf3d6f872a7eff7def723e0cae78f3ada52485b2c5656a2866b39d35bf31828ccefec068da12741aae706513582a06127b1cb3b6675051fcbe382d3e3254804066daecc5d470db5d3782473c9a8dcfa5f915647919d312458b1595c1f077bfae155801836e082405549a3aad6d7e91cb10c9f193de2ad15ce4dd8e16303b05d143d3f6879628e3d21f3c008ee7b9f2db375f8caf32bb04d2e505c1de3f175ad7ae6cbb299391ebe125143064d55257a60cf483b4be7c2b5187ec99f8efa8cfe18f88a1bef5126582eebff42d3e32ad1ae3b8c30faf0", 0xea}, {&(0x7f0000000700)="e29893c353cec91b95fc9341aa748b88b85559edefffeb55127f110b27f6fd9fe106a0b4bb25fad72662e5d5fbf6c84b0cc007a56a7b38998cee59a8712b01129002caa339ee209c9b2e7298ea", 0x4d}, {&(0x7f00000000c0)="8ff119d4baf98c8b46059961aab7b3c5ad8970db0a71586ab9416b1024ddd3b789b3ab182715ceacdfdcc9", 0x2b}, {&(0x7f00000003c0)="7969381562d84216a4cd3a98502f96984bc14f325827966d6cf91eb5f48eadf784306622e61d992aa9c260f86600d7b9e88c7ccfb0183763aee63104ac55df14a0e74a44f15b73ac26b135b5e55268238760f8ca0c37e3f2af051ccd643a1915c2f9e0318185d1f9cc212354ff6a19cf062497cc1a563486e4b9eac5f4966494ba1b026e58571cce86849c58e8e74e0f18561821937e2d898a79aeef979373", 0x9f}, {&(0x7f0000000480)="617b6751a0a0868497b54b6dc09de556596c12417e74c4bc9ab8bf7ff4462bba06211afb66", 0x25}, {&(0x7f0000000780)="287c43577961d72f09947feb0561d0f43c649a2e16eef7f2175fdb368c705a0a8628c6aa85d6b7195651dcc5606e77fe6882fcfffa0ab552e8e7e71ea3633d2f095551543252d7ef19e40938d1b5be93c4198f740f607fdafc2a84a083c3c3c29ca5212d6209ea9c593212d32426ccd1040be06d510d3c89eea3817c539ed9b306fde72e28c239e8ec519d33ef5db074f82d99956662a272496e3356b8a0736e6e88e73103230ce9e4ff3a533e83f26a0e154c6e0da69b193432a80519aaaf285a34e7673b40772f27f88f0140d8aeca57989765feb76d2ad99427465ade9a08dc8e21d2be", 0xe5}, {&(0x7f0000000580)="d0f33466082d09c532cb645a575c627f7590e029747fbe96381c3ef4c186029d08da4e62789da314", 0x28}], 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="e0000000000000000f010000ff00000078c8976a7816ab98bf953014c2bd4ba9f03c8bb883cc968c4921b43bc7dc40f3b1570396d2dc6232043adaa443aa068f740ef20bd1ba3c5a7dca5c8672b336881e8341b8b91e19a53656aa92e35668439a4d450101b8d00b1bff5100b77ef022e66c47e4662f4b30490b8166317d25668c8c766cd57b4cb4ecc3544df95e4a4855ba115bbd641f81ab91bce6a1345663e4341d7a280704a6d4ff28567e56b688e4b48c0fcb15ff3f9a0f4f0ac83607cce515ce9826c90e1d447c9185136f1b044b24c5c63c9abba891214ab900000000c8000000000000001001000022040000cc9e2eccb737c4a110f31b96b37ff3cfeb6eaf961d032db51b698361dbdf1f2c47ca3a46c879755dfd7423bff161101e1d589a967b0df2e118afe2af6a721f44e54665caa70fb4cc779c83839003797ff826d1082c1659087451e3c75461332bd05bfdf84314205e7a338ad8ec1071e16283464c664adb1cd99e4327127636739cda46eadc3eb652b2a35e229436fd95a679fff04e1264340691a960cd81ecd0cf90191c7deae60372e3d0d9e7bdca29b07fef05b8dd0000f0000000000000008400000005000000161ce563e48bd0c5bb64260fa7f20907a5f464bb1884cd76dba6a36ea64c8baff519d6328ee08ca29d2e24e9028f6f8cbb7a5ffd0f6e150f0077adad24b85f0bcfc8b5f38851530ee124f447a591445607876063475c2b472521ebef451b5302b693ae0b54b84b65369fb8c2b573ae0346f919ce452636ca829a876bc6406db4aff7d15f977daa36b41b019c34620a9af03819ad6ef8b1d5e697dcf7dbdff282ee0fd9504688eaad9225b245a54d57ff3c061fbe7596e7290f046974d3b1a680e24af452fe5f33c263b444175ad3aa35cba4b19c0319752ff2dd00000000000000008526aa73d3c3230c5ee5f67db48a15423b948536f1a23b41fcc3d1ef2e36967c75dc84a9ff3cd80b71547f7acb27251d0bbd65def8dffce9e3eb5d01e02bb1d00e2c36deb30e0958a5abe2ab3b6a39bebf0dd2bad79597305c4b5357f46d19190903a036b77b32e008735852587ad0205b34126520b94c5bad5bfbd2ccdeb9fee40ffcb130b605445bee12069d76415b84317b0537de8cc491f37fd77e2c3e602b81ef4760c30582e9ffd6f9b0622f597278d8e08dffea5f57c1668e66e564a6bd53e6dab272aa5ad2c26e5dbf6f6d49b5a0c9fba81320846d844606406586ee0c44268c28296534c2c49d3be48ace0c5114db1397f382ccf2ef1a12097c4413ea42a78f61eeb72e32a078451bea6cf28a4b370c1a63b9e6f62c5682a76c16d8436ad9288155a09b86239d18cc8357ecd75ed562141640acccef12b7ca93cb7b817ad8c169dffa15000000"], 0x298}, 0x0)
r10 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x40, 0x8000000, 0x38d}, &(0x7f0000000340)=<r11=>0x0, &(0x7f0000000600)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x18a, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000000c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f0000000640)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x3, 0x4, 0x0, {0xa, 0x4e21, 0x3, @private1, 0x100008}}}, 0x0, 0x0, 0x1, {0x0, r13}})
io_uring_enter(r10, 0xe8f, 0xb9bf, 0x3c, 0x0, 0x3d)

kernel console output (not intermixed with test programs):

eed USB device number 61 using dummy_hcd
[  532.323476][ T5914] usb 4-1: Using ep0 maxpacket: 32
[  532.429541][ T5914] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  532.448933][ T5927] usb 2-1: USB disconnect, device number 78
[  532.487834][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  532.544235][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  532.594598][ T5914] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  532.609169][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.644546][ T5914] usb 4-1: config 0 descriptor??
[  532.652095][T11918] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  532.683257][ T5914] hub 4-1:0.0: USB hub found
[  532.885326][T11942] FAULT_INJECTION: forcing a failure.
[  532.885326][T11942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.904703][T11942] CPU: 1 UID: 0 PID: 11942 Comm: syz.2.1801 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  532.904734][T11942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  532.904746][T11942] Call Trace:
[  532.904755][T11942]  <TASK>
[  532.904764][T11942]  dump_stack_lvl+0x189/0x250
[  532.904792][T11942]  ? __pfx____ratelimit+0x10/0x10
[  532.904813][T11942]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.904835][T11942]  ? __pfx__printk+0x10/0x10
[  532.904859][T11942]  ? __might_fault+0xb0/0x130
[  532.904900][T11942]  should_fail_ex+0x414/0x560
[  532.904928][T11942]  _copy_from_user+0x2d/0xb0
[  532.904959][T11942]  kstrtouint_from_user+0xc4/0x170
[  532.904988][T11942]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  532.905033][T11942]  proc_fail_nth_write+0x88/0x240
[  532.905055][T11942]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  532.905083][T11942]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  532.905104][T11942]  vfs_write+0x27b/0xa90
[  532.905149][T11942]  ? __pfx_vfs_write+0x10/0x10
[  532.905179][T11942]  ? __fget_files+0x2a/0x420
[  532.905203][T11942]  ? __fget_files+0x3a0/0x420
[  532.905220][T11942]  ? __fget_files+0x2a/0x420
[  532.905245][T11942]  ksys_write+0x145/0x250
[  532.905273][T11942]  ? __pfx_ksys_write+0x10/0x10
[  532.905295][T11942]  ? rcu_is_watching+0x15/0xb0
[  532.905323][T11942]  ? do_syscall_64+0xbe/0x3b0
[  532.905348][T11942]  do_syscall_64+0xfa/0x3b0
[  532.905373][T11942]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.905392][T11942]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  532.905417][T11942]  ? clear_bhb_loop+0x60/0xb0
[  532.905446][T11942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.905466][T11942] RIP: 0033:0x7fd70f38d45f
[  532.905485][T11942] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  532.905502][T11942] RSP: 002b:00007fd7101f4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  532.905524][T11942] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd70f38d45f
[  532.905538][T11942] RDX: 0000000000000001 RSI: 00007fd7101f40a0 RDI: 0000000000000006
[  532.905551][T11942] RBP: 00007fd7101f4090 R08: 0000000000000000 R09: 0000000000000014
[  532.905564][T11942] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  532.905578][T11942] R13: 0000000000000000 R14: 00007fd70f5b5fa0 R15: 00007fd70f6dfa28
[  532.905616][T11942]  </TASK>
[  533.143564][    C1] vkms_vblank_simulate: vblank timer overrun
[  533.201304][ T5914] hub 4-1:0.0: 15 ports detected
[  533.212275][ T5914] hub 4-1:0.0: insufficient power available to use all downstream ports
[  533.261536][  T981] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  533.291391][   T24] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  533.430612][ T5914] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  533.438205][ T5914] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  533.449604][  T981] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  533.460364][   T24] usb 5-1: Using ep0 maxpacket: 32
[  533.466300][ T5914] usbhid 4-1:0.0: can't add hid device: -71
[  533.472936][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  533.483062][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  533.501570][  T981] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  533.525260][   T24] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  533.535127][   T24] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  533.544109][   T24] usb 5-1: Product: syz
[  533.549883][  T981] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  533.549916][  T981] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  533.549938][  T981] usb 1-1: SerialNumber: syz
[  533.567435][ T5914] usb 4-1: USB disconnect, device number 61
[  533.577422][   T24] usb 5-1: Manufacturer: syz
[  533.577452][   T24] usb 5-1: SerialNumber: syz
[  533.619398][   T24] usb 5-1: config 0 descriptor??
[  533.625476][   T24] hub 5-1:0.0: bad descriptor, ignoring hub
[  533.625520][   T24] hub 5-1:0.0: probe with driver hub failed with error -5
[  533.769021][  T981] usb 1-1: 0:2 : does not exist
[  533.809080][  T981] usb 1-1: USB disconnect, device number 78
[  533.888154][ T7059] udevd[7059]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  533.932845][   T24] usb 5-1: USB disconnect, device number 54
[  534.119203][T11954] program syz.2.1804 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  534.193158][T11955] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1804'.
[  534.307113][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.429514][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.456325][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.486482][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.498197][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.509027][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.518579][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.528472][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.555834][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.566758][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: unknown main item tag 0x0
[  534.593506][ T5848] hid-generic 0001:1000D17:FFFFFFFD.001A: hidraw0: <UNKNOWN> HID v0.08 Device [syz1] on syz0
[  534.699400][T11968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1809'.
[  534.771827][ T5927] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  534.978233][ T5927] usb 2-1: config 0 has no interfaces?
[  534.987682][ T5927] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  535.002144][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.022687][ T5927] usb 2-1: Product: syz
[  535.035402][ T5927] usb 2-1: Manufacturer: syz
[  535.046448][ T5927] usb 2-1: SerialNumber: syz
[  535.089091][ T5927] usb 2-1: config 0 descriptor??
[  535.440010][T11982] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  535.492271][T11984] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  535.765438][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1818'.
[  535.970233][ T2154] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  536.138063][ T2154] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  536.155031][ T2154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.168275][ T2154] usb 1-1: Product: syz
[  536.175357][ T2154] usb 1-1: Manufacturer: syz
[  536.180325][ T2154] usb 1-1: SerialNumber: syz
[  536.206718][ T2154] usb 1-1: config 0 descriptor??
[  536.225472][ T2154] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 079
[  536.352456][ T5914] usb 5-1: new full-speed USB device number 55 using dummy_hcd
[  536.538666][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  536.590194][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  536.612697][ T5914] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  536.627161][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.657252][ T5914] usb 5-1: config 0 descriptor??
[  536.822225][ T5848] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  536.831426][T11989] binder: BC_ACQUIRE_RESULT not supported
[  536.841740][T11989] binder: 11988:11989 ioctl c0306201 2000000001c0 returned -22
[  536.873308][ T2154] i2c i2c-2: failure reading functionality
[  536.905219][ T2154] i2c i2c-2: connected i2c-tiny-usb device
[  536.933650][ T2154] usb 1-1: USB disconnect, device number 79
[  537.008211][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  537.034263][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  537.058049][ T5848] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  537.078633][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.092785][ T5848] usb 3-1: config 0 descriptor??
[  537.293425][ T5914] usb 5-1: language id specifier not provided by device, defaulting to English
[  537.370582][ T2154] usb 2-1: USB disconnect, device number 79
[  537.673339][T12029] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1829'.
[  537.722207][T12030] fuse: Bad value for 'group_id'
[  537.736271][T12030] fuse: Bad value for 'group_id'
[  537.931713][ T2154] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  538.049139][   T30] audit: type=1326 audit(1753713211.720:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12020 comm="syz.3.1828" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3bed8e9a9 code=0x0
[  538.071106][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.119346][ T2154] usb 2-1: config 0 has an invalid interface number: 229 but max is 0
[  538.136779][ T2154] usb 2-1: config 0 has no interface number 0
[  538.154662][ T2154] usb 2-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19
[  538.226399][ T2154] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.336620][ T2154] usb 2-1: config 0 descriptor??
[  538.797635][ T5848] usbhid 3-1:0.0: can't add hid device: -71
[  538.823706][ T5848] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  538.890530][ T5848] usb 3-1: USB disconnect, device number 62
[  539.034803][ T5914] uclogic 0003:256C:006D.001B: failed retrieving Huion firmware version: -71
[  539.076990][ T5914] uclogic 0003:256C:006D.001B: failed probing parameters: -71
[  539.093996][T12040] netlink: 'syz.0.1833': attribute type 4 has an invalid length.
[  539.109512][ T5914] uclogic 0003:256C:006D.001B: probe with driver uclogic failed with error -71
[  539.143073][T12040] syz_tun: entered allmulticast mode
[  539.154703][ T5914] usb 5-1: USB disconnect, device number 55
[  539.239865][   T24] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  539.316874][T12040] dvmrp1: entered allmulticast mode
[  539.347944][T12039] syz_tun: left allmulticast mode
[  539.427082][   T24] usb 4-1: Using ep0 maxpacket: 32
[  539.440475][   T24] usb 4-1: too many configurations: 53, using maximum allowed: 8
[  539.449654][T12043] x_tables: ip_tables: osf match: only valid for protocol 6
[  539.460963][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  539.489535][   T24] usb 4-1: can't read configurations, error -61
[  539.662768][   T24] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  539.908531][   T24] usb 4-1: Using ep0 maxpacket: 32
[  539.936206][   T24] usb 4-1: too many configurations: 53, using maximum allowed: 8
[  539.963298][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  539.978725][   T24] usb 4-1: can't read configurations, error -61
[  539.998529][   T24] usb usb4-port1: attempt power cycle
[  540.070745][T12049] netlink: 'syz.0.1835': attribute type 5 has an invalid length.
[  540.451295][   T24] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  540.529023][   T24] usb 4-1: Using ep0 maxpacket: 32
[  540.536936][   T24] usb 4-1: too many configurations: 53, using maximum allowed: 8
[  540.553923][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  540.561948][   T24] usb 4-1: can't read configurations, error -61
[  540.634847][  T981] usb 2-1: USB disconnect, device number 80
[  540.701800][ T5927] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  540.723393][   T24] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  540.731737][ T5848] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  540.757371][   T24] usb 4-1: Using ep0 maxpacket: 32
[  540.765273][   T24] usb 4-1: too many configurations: 53, using maximum allowed: 8
[  540.794960][   T24] usb 4-1: unable to read config index 0 descriptor/start: -61
[  540.802698][   T24] usb 4-1: can't read configurations, error -61
[  540.822195][   T24] usb usb4-port1: unable to enumerate USB device
[  540.861888][ T5927] usb 5-1: Using ep0 maxpacket: 32
[  540.875265][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  540.901699][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  540.921872][ T5848] usb 3-1: too many configurations: 119, using maximum allowed: 8
[  540.936505][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  540.951047][ T5848] usb 3-1: unable to read config index 0 descriptor/start: -61
[  540.959317][ T5848] usb 3-1: can't read configurations, error -61
[  541.001752][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  541.031733][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 79, changing to 10
[  541.071873][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 34258, setting to 1024
[  541.128787][ T5927] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  541.152930][ T5848] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  541.175951][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.195207][ T5927] usb 5-1: Product: syz
[  541.199461][ T5927] usb 5-1: Manufacturer: syz
[  541.206008][ T5927] usb 5-1: SerialNumber: syz
[  541.222344][ T5927] usb 5-1: config 0 descriptor??
[  541.229417][T12062] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  541.243893][T12069] FAULT_INJECTION: forcing a failure.
[  541.243893][T12069] name failslab, interval 1, probability 0, space 0, times 0
[  541.261733][T12069] CPU: 1 UID: 0 PID: 12069 Comm: syz.1.1842 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  541.261764][T12069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  541.261777][T12069] Call Trace:
[  541.261786][T12069]  <TASK>
[  541.261795][T12069]  dump_stack_lvl+0x189/0x250
[  541.261825][T12069]  ? __pfx____ratelimit+0x10/0x10
[  541.261849][T12069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.261873][T12069]  ? __pfx__printk+0x10/0x10
[  541.261907][T12069]  ? __pfx___might_resched+0x10/0x10
[  541.261930][T12069]  ? fs_reclaim_acquire+0x7d/0x100
[  541.261956][T12069]  should_fail_ex+0x414/0x560
[  541.261984][T12069]  should_failslab+0xa8/0x100
[  541.262017][T12069]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  541.262048][T12069]  ? __alloc_skb+0x112/0x2d0
[  541.262083][T12069]  __alloc_skb+0x112/0x2d0
[  541.262118][T12069]  inet_ifmcaddr_notify+0x7e/0x150
[  541.262154][T12069]  __ip_mc_dec_group+0x40b/0x690
[  541.262188][T12069]  inetdev_event+0x2a7/0x15b0
[  541.262217][T12069]  ? __pfx_inetdev_event+0x10/0x10
[  541.262251][T12069]  notifier_call_chain+0x1b6/0x3e0
[  541.262286][T12069]  __dev_notify_flags+0x18d/0x2e0
[  541.262322][T12069]  ? __pfx___dev_notify_flags+0x10/0x10
[  541.262351][T12069]  ? __dev_change_flags+0x4cc/0x6d0
[  541.262389][T12069]  ? __pfx___dev_change_flags+0x10/0x10
[  541.262441][T12069]  netif_change_flags+0xe8/0x1a0
[  541.262480][T12069]  do_setlink+0xc55/0x41c0
[  541.262515][T12069]  ? __kernel_text_address+0xd/0x40
[  541.262537][T12069]  ? arch_stack_walk+0xfc/0x150
[  541.262563][T12069]  ? __pfx_do_setlink+0x10/0x10
[  541.262606][T12069]  ? __lock_acquire+0xab9/0xd20
[  541.262633][T12069]  ? __mutex_trylock_common+0x153/0x260
[  541.262661][T12069]  ? __pfx___mutex_trylock_common+0x10/0x10
[  541.262694][T12069]  ? rcu_is_watching+0x15/0xb0
[  541.262716][T12069]  ? trace_contention_end+0x39/0x120
[  541.262743][T12069]  ? __mutex_lock+0x330/0xe80
[  541.262769][T12069]  ? __pfx_aa_get_newest_label+0x10/0x10
[  541.262796][T12069]  ? rtnl_newlink+0x8db/0x1c70
[  541.262822][T12069]  ? rcu_is_watching+0x15/0xb0
[  541.262847][T12069]  ? __pfx___mutex_lock+0x10/0x10
[  541.262880][T12069]  ? ns_capable+0x8a/0xf0
[  541.262906][T12069]  ? rtnl_link_get_net_capable+0x16a/0x350
[  541.262940][T12069]  rtnl_newlink+0x160b/0x1c70
[  541.262966][T12069]  ? netlink_sendmsg+0x805/0xb30
[  541.263010][T12069]  ? __pfx_rtnl_newlink+0x10/0x10
[  541.263065][T12069]  ? kasan_quarantine_put+0xdd/0x220
[  541.263092][T12069]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.263122][T12069]  ? nlmon_xmit+0xb0/0x100
[  541.263146][T12069]  ? kmem_cache_free+0x18f/0x400
[  541.263185][T12069]  ? __local_bh_enable_ip+0x12d/0x1c0
[  541.263209][T12069]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.263233][T12069]  ? __local_bh_enable_ip+0x12d/0x1c0
[  541.263287][T12069]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  541.263314][T12069]  ? __dev_queue_xmit+0x27e/0x3a70
[  541.263349][T12069]  ? __lock_acquire+0xab9/0xd20
[  541.263398][T12069]  ? __pfx_rtnl_newlink+0x10/0x10
[  541.263432][T12069]  rtnetlink_rcv_msg+0x7cc/0xb70
[  541.263465][T12069]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  541.263492][T12069]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  541.263518][T12069]  ? ref_tracker_free+0x63a/0x7d0
[  541.263541][T12069]  ? __copy_skb_header+0xa7/0x550
[  541.263564][T12069]  ? __pfx_ref_tracker_free+0x10/0x10
[  541.263587][T12069]  ? __skb_clone+0x63/0x7a0
[  541.263617][T12069]  netlink_rcv_skb+0x205/0x470
[  541.263649][T12069]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  541.263680][T12069]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  541.263724][T12069]  ? netlink_deliver_tap+0x2e/0x1b0
[  541.263754][T12069]  ? netlink_deliver_tap+0x2e/0x1b0
[  541.263788][T12069]  netlink_unicast+0x75c/0x8e0
[  541.263828][T12069]  netlink_sendmsg+0x805/0xb30
[  541.263868][T12069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.263901][T12069]  ? aa_sock_msg_perm+0x94/0x160
[  541.263925][T12069]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  541.263946][T12069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.264000][T12069]  __sock_sendmsg+0x21c/0x270
[  541.264030][T12069]  ____sys_sendmsg+0x505/0x830
[  541.264057][T12069]  ? __pfx_____sys_sendmsg+0x10/0x10
[  541.264088][T12069]  ? import_iovec+0x74/0xa0
[  541.264121][T12069]  ___sys_sendmsg+0x21f/0x2a0
[  541.264144][T12069]  ? __pfx____sys_sendmsg+0x10/0x10
[  541.264204][T12069]  ? __fget_files+0x2a/0x420
[  541.264223][T12069]  ? __fget_files+0x3a0/0x420
[  541.264255][T12069]  __x64_sys_sendmsg+0x19b/0x260
[  541.264278][T12069]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  541.264310][T12069]  ? __pfx_ksys_write+0x10/0x10
[  541.264336][T12069]  ? rcu_is_watching+0x15/0xb0
[  541.264366][T12069]  ? do_syscall_64+0xbe/0x3b0
[  541.264395][T12069]  do_syscall_64+0xfa/0x3b0
[  541.264425][T12069]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.264448][T12069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.264470][T12069]  ? clear_bhb_loop+0x60/0xb0
[  541.264494][T12069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.264515][T12069] RIP: 0033:0x7fb5ed18e9a9
[  541.264534][T12069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.264552][T12069] RSP: 002b:00007fb5edfcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.264576][T12069] RAX: ffffffffffffffda RBX: 00007fb5ed3b5fa0 RCX: 00007fb5ed18e9a9
[  541.264591][T12069] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  541.264605][T12069] RBP: 00007fb5edfcd090 R08: 0000000000000000 R09: 0000000000000000
[  541.264618][T12069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  541.264631][T12069] R13: 0000000000000000 R14: 00007fb5ed3b5fa0 R15: 00007fb5ed4dfa28
[  541.264664][T12069]  </TASK>
[  541.267951][ T5927] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input46
[  541.656723][T12076] overlayfs: missing 'lowerdir'
[  541.691205][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  541.696081][ T5848] usb 3-1: too many configurations: 119, using maximum allowed: 8
[  541.951094][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  541.999817][ T5848] usb 3-1: unable to read config index 0 descriptor/start: -61
[  542.048618][ T5848] usb 3-1: can't read configurations, error -61
[  542.060177][ T5848] usb usb3-port1: attempt power cycle
[  542.078984][    C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1
[  542.106814][T12081] veth1: entered promiscuous mode
[  542.126353][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.206948][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.266386][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.306062][ T6997] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.349805][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.394319][ T5202] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  542.404830][   T24] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  542.451900][ T5848] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  542.493856][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  542.502480][ T5848] usb 3-1: too many configurations: 119, using maximum allowed: 8
[  542.517836][ T5848] usb 3-1: unable to read config index 0 descriptor/start: -61
[  542.529943][ T5848] usb 3-1: can't read configurations, error -61
[  542.611197][   T24] usb 4-1: Using ep0 maxpacket: 16
[  542.622010][   T24] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  542.630493][   T24] usb 4-1: config 0 has no interface number 0
[  542.646318][   T24] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  542.657972][   T24] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  542.676947][ T5848] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  542.676968][   T24] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  542.694421][   T24] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  542.706621][   T24] usb 4-1: Product: syz
[  542.714984][   T24] usb 4-1: SerialNumber: syz
[  542.715474][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  542.730747][ T5848] usb 3-1: too many configurations: 119, using maximum allowed: 8
[  542.747929][   T24] usb 4-1: config 0 descriptor??
[  542.750593][ T5848] usb 3-1: unable to read config index 0 descriptor/start: -61
[  542.804238][   T24] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[  543.319422][   T24] usb 4-1: USB disconnect, device number 66
[  543.457693][ T5848] usb 3-1: can't read configurations, error -61
[  543.476596][T11530] usb 5-1: USB disconnect, device number 56
[  543.482877][ T5848] usb usb3-port1: unable to enumerate USB device
[  543.661655][ T5914] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  543.769385][T12107] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  543.847106][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  543.847917][T12110] FAULT_INJECTION: forcing a failure.
[  543.847917][T12110] name failslab, interval 1, probability 0, space 0, times 0
[  543.865402][T12110] CPU: 0 UID: 0 PID: 12110 Comm: syz.4.1854 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  543.865429][T12110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  543.865443][T12110] Call Trace:
[  543.865452][T12110]  <TASK>
[  543.865461][T12110]  dump_stack_lvl+0x189/0x250
[  543.865492][T12110]  ? __pfx____ratelimit+0x10/0x10
[  543.865516][T12110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.865541][T12110]  ? __pfx__printk+0x10/0x10
[  543.865574][T12110]  ? __lock_acquire+0xab9/0xd20
[  543.865605][T12110]  should_fail_ex+0x414/0x560
[  543.865634][T12110]  should_failslab+0xa8/0x100
[  543.865669][T12110]  kmem_cache_alloc_noprof+0x73/0x3c0
[  543.865697][T12110]  ? skb_clone+0x212/0x3a0
[  543.865717][T12110]  ? __pfx_skb_network_protocol+0x10/0x10
[  543.865744][T12110]  skb_clone+0x212/0x3a0
[  543.865763][T12110]  ? dev_queue_xmit_nit+0x25a/0xcc0
[  543.865798][T12110]  dev_queue_xmit_nit+0x416/0xcc0
[  543.865830][T12110]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  543.865874][T12110]  dev_hard_start_xmit+0x1be/0x830
[  543.865924][T12110]  __dev_queue_xmit+0x1adf/0x3a70
[  543.865950][T12110]  ? kasan_save_track+0x3e/0x80
[  543.865972][ T5914] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  543.865977][T12110]  ? __netlink_deliver_tap+0x404/0x850
[  543.866013][T12110]  ? __dev_queue_xmit+0x27e/0x3a70
[  543.866033][T12110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.866072][T12110]  ? __pfx___dev_queue_xmit+0x10/0x10
[  543.866118][T12110]  ? __copy_skb_header+0xa7/0x550
[  543.866143][T12110]  ? __asan_memcpy+0x40/0x70
[  543.866167][T12110]  ? __skb_clone+0x63/0x7a0
[  543.866191][T12110]  ? __skb_clone+0x483/0x7a0
[  543.866224][T12110]  ? skb_clone+0x246/0x3a0
[  543.866252][T12110]  __netlink_deliver_tap+0x5ad/0x850
[  543.866303][T12110]  ? netlink_deliver_tap+0x2e/0x1b0
[  543.866339][T12110]  netlink_deliver_tap+0x19c/0x1b0
[  543.866373][T12110]  netlink_sendskb+0x68/0x140
[  543.866407][T12110]  netlink_rcv_skb+0x28c/0x470
[  543.866443][T12110]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  543.866478][T12110]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  543.866526][T12110]  ? netlink_deliver_tap+0x2e/0x1b0
[  543.866559][T12110]  ? netlink_deliver_tap+0x2e/0x1b0
[  543.866598][T12110]  netlink_unicast+0x75c/0x8e0
[  543.866643][T12110]  netlink_sendmsg+0x805/0xb30
[  543.866691][T12110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.866728][T12110]  ? aa_sock_msg_perm+0x94/0x160
[  543.866756][T12110]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  543.866782][T12110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.866817][T12110]  __sock_sendmsg+0x21c/0x270
[  543.866849][T12110]  ____sys_sendmsg+0x505/0x830
[  543.866880][T12110]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.866929][T12110]  ? import_iovec+0x74/0xa0
[  543.866967][T12110]  ___sys_sendmsg+0x21f/0x2a0
[  543.866993][T12110]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.867062][T12110]  ? __fget_files+0x2a/0x420
[  543.867082][T12110]  ? __fget_files+0x3a0/0x420
[  543.867117][T12110]  __x64_sys_sendmsg+0x19b/0x260
[  543.867143][T12110]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  543.867177][T12110]  ? __pfx_ksys_write+0x10/0x10
[  543.867205][T12110]  ? rcu_is_watching+0x15/0xb0
[  543.867241][T12110]  ? do_syscall_64+0xbe/0x3b0
[  543.867274][T12110]  do_syscall_64+0xfa/0x3b0
[  543.867298][T12110]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.867323][T12110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.867347][T12110]  ? clear_bhb_loop+0x60/0xb0
[  543.867375][T12110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.867397][T12110] RIP: 0033:0x7f7ca758e9a9
[  543.867421][T12110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.867441][T12110] RSP: 002b:00007f7ca8424038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.867466][T12110] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758e9a9
[  543.867484][T12110] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  543.867500][T12110] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  543.867516][T12110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  543.867531][T12110] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  543.867570][T12110]  </TASK>
[  544.155763][T12113] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1857'.
[  544.292765][T12115] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1858'.
[  544.345205][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.359892][ T5914] usb 1-1: Product: syz
[  544.370445][ T5914] usb 1-1: Manufacturer: syz
[  544.380832][ T5914] usb 1-1: SerialNumber: syz
[  544.415459][ T5914] usb 1-1: config 0 descriptor??
[  544.540587][T12125] FAULT_INJECTION: forcing a failure.
[  544.540587][T12125] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.557990][T12125] CPU: 1 UID: 0 PID: 12125 Comm: syz.1.1862 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  544.558021][T12125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  544.558039][T12125] Call Trace:
[  544.558047][T12125]  <TASK>
[  544.558057][T12125]  dump_stack_lvl+0x189/0x250
[  544.558088][T12125]  ? __pfx____ratelimit+0x10/0x10
[  544.558112][T12125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  544.558173][T12125]  ? __pfx__printk+0x10/0x10
[  544.558215][T12125]  should_fail_ex+0x414/0x560
[  544.558243][T12125]  _copy_to_user+0x31/0xb0
[  544.558275][T12125]  simple_read_from_buffer+0xe1/0x170
[  544.558312][T12125]  proc_fail_nth_read+0x1df/0x250
[  544.558337][T12125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  544.558360][T12125]  ? rw_verify_area+0x258/0x650
[  544.558385][T12125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  544.558407][T12125]  vfs_read+0x1fd/0x980
[  544.558440][T12125]  ? __pfx___mutex_lock+0x10/0x10
[  544.558467][T12125]  ? __pfx_vfs_read+0x10/0x10
[  544.558496][T12125]  ? __fget_files+0x2a/0x420
[  544.558520][T12125]  ? __fget_files+0x3a0/0x420
[  544.558537][T12125]  ? __fget_files+0x2a/0x420
[  544.558566][T12125]  ksys_read+0x145/0x250
[  544.558597][T12125]  ? __pfx_ksys_read+0x10/0x10
[  544.558621][T12125]  ? rcu_is_watching+0x15/0xb0
[  544.558651][T12125]  ? do_syscall_64+0xbe/0x3b0
[  544.558680][T12125]  do_syscall_64+0xfa/0x3b0
[  544.558704][T12125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.558723][T12125]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  544.558744][T12125]  ? clear_bhb_loop+0x60/0xb0
[  544.558769][T12125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.558787][T12125] RIP: 0033:0x7fb5ed18d3bc
[  544.558802][T12125] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  544.558817][T12125] RSP: 002b:00007fb5edfcd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  544.558835][T12125] RAX: ffffffffffffffda RBX: 00007fb5ed3b5fa0 RCX: 00007fb5ed18d3bc
[  544.558848][T12125] RDX: 000000000000000f RSI: 00007fb5edfcd0a0 RDI: 0000000000000005
[  544.558858][T12125] RBP: 00007fb5edfcd090 R08: 0000000000000000 R09: 0000000000000000
[  544.558869][T12125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  544.558880][T12125] R13: 0000000000000000 R14: 00007fb5ed3b5fa0 R15: 00007fb5ed4dfa28
[  544.558907][T12125]  </TASK>
[  544.853859][ T5914] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  544.860800][T12127] FAULT_INJECTION: forcing a failure.
[  544.860800][T12127] name failslab, interval 1, probability 0, space 0, times 0
[  544.890820][T12127] CPU: 1 UID: 0 PID: 12127 Comm: syz.4.1863 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  544.890857][T12127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  544.890871][T12127] Call Trace:
[  544.890881][T12127]  <TASK>
[  544.890891][T12127]  dump_stack_lvl+0x189/0x250
[  544.890922][T12127]  ? __pfx____ratelimit+0x10/0x10
[  544.890946][T12127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  544.890972][T12127]  ? __pfx__printk+0x10/0x10
[  544.891007][T12127]  ? __pfx___might_resched+0x10/0x10
[  544.891031][T12127]  ? fs_reclaim_acquire+0x7d/0x100
[  544.891057][T12127]  should_fail_ex+0x414/0x560
[  544.891084][T12127]  should_failslab+0xa8/0x100
[  544.891118][T12127]  __kmalloc_cache_noprof+0x70/0x3d0
[  544.891148][T12127]  ? flow_indr_dev_setup_offload+0x255/0x670
[  544.891189][T12127]  flow_indr_dev_setup_offload+0x255/0x670
[  544.891220][T12127]  ? __pfx_tc_block_indr_cleanup+0x10/0x10
[  544.891245][T12127]  tcf_block_offload_cmd+0x273/0x370
[  544.891274][T12127]  ? __pfx_tcf_block_offload_cmd+0x10/0x10
[  544.891303][T12127]  ? __pfx_down_write+0x10/0x10
[  544.891332][T12127]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  544.891368][T12127]  tcf_block_get_ext+0xfce/0x17d0
[  544.891412][T12127]  ? __pfx_drr_init_qdisc+0x10/0x10
[  544.891442][T12127]  tcf_block_get+0x67/0xa0
[  544.891470][T12127]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  544.891505][T12127]  drr_init_qdisc+0x2e/0xd0
[  544.891536][T12127]  qdisc_create+0x7ac/0xea0
[  544.891572][T12127]  tc_modify_qdisc+0x1538/0x20e0
[  544.891617][T12127]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  544.891677][T12127]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  544.891700][T12127]  rtnetlink_rcv_msg+0x779/0xb70
[  544.891731][T12127]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  544.891756][T12127]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  544.891781][T12127]  ? ref_tracker_free+0x63a/0x7d0
[  544.891803][T12127]  ? __copy_skb_header+0xa7/0x550
[  544.891826][T12127]  ? __pfx_ref_tracker_free+0x10/0x10
[  544.891851][T12127]  ? __skb_clone+0x63/0x7a0
[  544.891881][T12127]  netlink_rcv_skb+0x205/0x470
[  544.891913][T12127]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  544.891943][T12127]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  544.891989][T12127]  ? netlink_deliver_tap+0x2e/0x1b0
[  544.892019][T12127]  ? netlink_deliver_tap+0x2e/0x1b0
[  544.892054][T12127]  netlink_unicast+0x75c/0x8e0
[  544.892093][T12127]  netlink_sendmsg+0x805/0xb30
[  544.892135][T12127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.892169][T12127]  ? aa_sock_msg_perm+0x94/0x160
[  544.892203][T12127]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  544.892226][T12127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.892257][T12127]  __sock_sendmsg+0x21c/0x270
[  544.892287][T12127]  ____sys_sendmsg+0x52d/0x830
[  544.892315][T12127]  ? __pfx_____sys_sendmsg+0x10/0x10
[  544.892346][T12127]  ? import_iovec+0x74/0xa0
[  544.892379][T12127]  ___sys_sendmsg+0x21f/0x2a0
[  544.892402][T12127]  ? __pfx____sys_sendmsg+0x10/0x10
[  544.892463][T12127]  ? __fget_files+0x2a/0x420
[  544.892481][T12127]  ? __fget_files+0x3a0/0x420
[  544.892513][T12127]  __sys_sendmmsg+0x227/0x430
[  544.892541][T12127]  ? __pfx___sys_sendmmsg+0x10/0x10
[  544.892558][T12127]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  544.892615][T12127]  ? ksys_write+0x22a/0x250
[  544.892646][T12127]  ? __pfx_ksys_write+0x10/0x10
[  544.892671][T12127]  ? rcu_is_watching+0x15/0xb0
[  544.892704][T12127]  __x64_sys_sendmmsg+0xa0/0xc0
[  544.892728][T12127]  do_syscall_64+0xfa/0x3b0
[  544.892752][T12127]  ? lockdep_hardirqs_on+0x9c/0x150
[  544.892774][T12127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.892794][T12127]  ? clear_bhb_loop+0x60/0xb0
[  544.892819][T12127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.892840][T12127] RIP: 0033:0x7f7ca758e9a9
[  544.892860][T12127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.892878][T12127] RSP: 002b:00007f7ca8424038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  544.892901][T12127] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758e9a9
[  544.892916][T12127] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  544.892931][T12127] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  544.892945][T12127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  544.892958][T12127] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  544.892989][T12127]  </TASK>
[  545.347408][T12129] netlink: 'syz.2.1864': attribute type 4 has an invalid length.
[  545.468189][T11530] usb 4-1: new full-speed USB device number 67 using dummy_hcd
[  545.519619][T12141] FAULT_INJECTION: forcing a failure.
[  545.519619][T12141] name failslab, interval 1, probability 0, space 0, times 0
[  545.535052][T12141] CPU: 1 UID: 0 PID: 12141 Comm: syz.4.1866 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  545.535083][T12141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  545.535097][T12141] Call Trace:
[  545.535109][T12141]  <TASK>
[  545.535119][T12141]  dump_stack_lvl+0x189/0x250
[  545.535150][T12141]  ? __pfx____ratelimit+0x10/0x10
[  545.535175][T12141]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.535201][T12141]  ? __pfx__printk+0x10/0x10
[  545.535236][T12141]  ? __pfx___might_resched+0x10/0x10
[  545.535266][T12141]  should_fail_ex+0x414/0x560
[  545.535294][T12141]  should_failslab+0xa8/0x100
[  545.535328][T12141]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  545.535358][T12141]  ? __alloc_skb+0x112/0x2d0
[  545.535393][T12141]  __alloc_skb+0x112/0x2d0
[  545.535428][T12141]  netlink_sendmsg+0x5c6/0xb30
[  545.535469][T12141]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.535504][T12141]  ? aa_sock_msg_perm+0x94/0x160
[  545.535529][T12141]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  545.535553][T12141]  ? __pfx_netlink_sendmsg+0x10/0x10
[  545.535585][T12141]  __sock_sendmsg+0x21c/0x270
[  545.535615][T12141]  ____sys_sendmsg+0x52d/0x830
[  545.535641][T12141]  ? __pfx_____sys_sendmsg+0x10/0x10
[  545.535672][T12141]  ? import_iovec+0x74/0xa0
[  545.535706][T12141]  ___sys_sendmsg+0x21f/0x2a0
[  545.535729][T12141]  ? __pfx____sys_sendmsg+0x10/0x10
[  545.535796][T12141]  ? __might_fault+0xb0/0x130
[  545.535830][T12141]  __sys_sendmmsg+0x227/0x430
[  545.535864][T12141]  ? __pfx___sys_sendmmsg+0x10/0x10
[  545.535882][T12141]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  545.535936][T12141]  ? ksys_write+0x22a/0x250
[  545.535967][T12141]  ? __pfx_ksys_write+0x10/0x10
[  545.535993][T12141]  ? rcu_is_watching+0x15/0xb0
[  545.536025][T12141]  __x64_sys_sendmmsg+0xa0/0xc0
[  545.536048][T12141]  do_syscall_64+0xfa/0x3b0
[  545.536072][T12141]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.536094][T12141]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.536115][T12141]  ? clear_bhb_loop+0x60/0xb0
[  545.536141][T12141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.536162][T12141] RIP: 0033:0x7f7ca758e9a9
[  545.536181][T12141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.536200][T12141] RSP: 002b:00007f7ca8424038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  545.536222][T12141] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758e9a9
[  545.536238][T12141] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  545.536253][T12141] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  545.536266][T12141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  545.536279][T12141] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  545.536311][T12141]  </TASK>
[  545.912364][T11530] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  545.935982][T12147] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  545.936977][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  545.952843][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  545.964169][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  545.975151][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  545.982605][T12147] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  546.154660][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.175311][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.176534][ T5848] IPVS: starting estimator thread 0...
[  546.195145][T12150] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  546.233511][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.281407][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.282014][T12152] IPVS: using max 37 ests per chain, 88800 per kthread
[  546.297200][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.308162][T12155] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1871'.
[  546.417326][T12157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1868'.
[  546.491996][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.504045][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.518132][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.556576][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.573345][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.584779][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.596010][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.604474][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.613970][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.625974][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.761820][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.771035][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.782695][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.794883][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.810489][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.819638][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.829484][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.844642][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  546.887969][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  546.901846][T11530] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  546.919513][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 10
[  546.973110][T11530] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid maxpacket 134, setting to 64
[  547.001804][T11530] usb 4-1: config 0 interface 0 has no altsetting 0
[  547.012628][T11530] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  547.022506][T11530] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  547.031983][T11530] usb 4-1: Product: syz
[  547.036255][T11530] usb 4-1: Manufacturer: syz
[  547.048542][T11530] usb 4-1: SerialNumber: syz
[  547.082801][T11530] usb 4-1: config 0 descriptor??
[  547.102791][T12119] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  547.195861][T11530] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  547.203563][T12166] FAULT_INJECTION: forcing a failure.
[  547.203563][T12166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.217139][T12156] syz.2.1868: vmalloc error: size 35323904, failed to allocated page array size 68992, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  547.217432][T12156] CPU: 1 UID: 0 PID: 12156 Comm: syz.2.1868 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  547.217458][T12156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  547.217473][T12156] Call Trace:
[  547.217481][T12156]  <TASK>
[  547.217490][T12156]  dump_stack_lvl+0x189/0x250
[  547.217527][T12156]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.217553][T12156]  ? __pfx__printk+0x10/0x10
[  547.217582][T12156]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  547.217611][T12156]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  547.217640][T12156]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  547.217673][T12156]  warn_alloc+0x214/0x310
[  547.217698][T12156]  ? __pfx_warn_alloc+0x10/0x10
[  547.217732][T12156]  ? __get_vm_area_node+0x28f/0x300
[  547.217780][T12156]  ? vb2_vmalloc_alloc+0xef/0x340
[  547.217824][T12156]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  547.217902][T12156]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  547.217947][T12156]  ? __kasan_kmalloc+0x93/0xb0
[  547.217986][T12156]  vmalloc_user_noprof+0xad/0xf0
[  547.218021][T12156]  ? vb2_vmalloc_alloc+0xef/0x340
[  547.218060][T12156]  vb2_vmalloc_alloc+0xef/0x340
[  547.218096][T12156]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  547.218134][T12156]  __vb2_queue_alloc+0x9c2/0x15a0
[  547.218199][T12156]  vb2_core_reqbufs+0xc31/0x1420
[  547.218255][T12156]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  547.218290][T12156]  ? preempt_schedule_thunk+0x16/0x30
[  547.218331][T12156]  ? __kasan_kmalloc+0x93/0xb0
[  547.218366][T12156]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  547.218401][T12156]  ? __vb2_init_fileio+0x1e8/0xff0
[  547.218441][T12156]  __vb2_init_fileio+0x318/0xff0
[  547.218489][T12156]  ? aa_file_perm+0x11f/0xed0
[  547.218528][T12156]  __vb2_perform_fileio+0x284/0x1600
[  547.218587][T12156]  vb2_fop_read+0x273/0x360
[  547.218631][T12156]  v4l2_read+0x19c/0x2c0
[  547.218673][T12156]  loop_rw_iter+0x422/0x660
[  547.218714][T12156]  __io_read+0x1326/0x14f0
[  547.218775][T12156]  ? __pfx___io_read+0x10/0x10
[  547.218815][T12156]  io_read+0x1c/0x60
[  547.218838][T12156]  __io_issue_sqe+0x181/0x4b0
[  547.218877][T12156]  ? io_file_get_normal+0x101/0x2f0
[  547.218903][T12156]  io_issue_sqe+0x165/0xfd0
[  547.218938][T12156]  io_submit_sqes+0xa38/0x1c50
[  547.219000][T12156]  __se_sys_io_uring_enter+0x2df/0x2b20
[  547.219026][T12156]  ? __pfx_futex_wait+0x10/0x10
[  547.219071][T12156]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  547.219093][T12156]  ? do_futex+0x333/0x420
[  547.219134][T12156]  ? __pfx_do_futex+0x10/0x10
[  547.219166][T12156]  ? __pfx_task_mm_cid_work+0x10/0x10
[  547.219204][T12156]  ? __se_sys_futex+0x36f/0x400
[  547.219252][T12156]  ? rcu_is_watching+0x15/0xb0
[  547.219291][T12156]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  547.219319][T12156]  do_syscall_64+0xfa/0x3b0
[  547.219349][T12156]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.219376][T12156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.219401][T12156]  ? clear_bhb_loop+0x60/0xb0
[  547.219431][T12156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.219455][T12156] RIP: 0033:0x7fd70f38e9a9
[  547.219478][T12156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.219502][T12156] RSP: 002b:00007fd710199038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  547.219527][T12156] RAX: ffffffffffffffda RBX: 00007fd70f5b6160 RCX: 00007fd70f38e9a9
[  547.219546][T12156] RDX: 000000000000a9ea RSI: 0000000000000567 RDI: 0000000000000009
[  547.219561][T12156] RBP: 00007fd70f410d69 R08: 0000000000000000 R09: 0000000000000000
[  547.219577][T12156] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[  547.219592][T12156] R13: 0000000000000000 R14: 00007fd70f5b6160 R15: 00007fd70f6dfa28
[  547.219630][T12156]  </TASK>
[  547.629620][T12156] Mem-Info:
[  547.644551][T12156] active_anon:7519 inactive_anon:0 isolated_anon:0
[  547.644551][T12156]  active_file:15669 inactive_file:43282 isolated_file:0
[  547.644551][T12156]  unevictable:768 dirty:93 writeback:24
[  547.644551][T12156]  slab_reclaimable:9298 slab_unreclaimable:108643
[  547.644551][T12156]  mapped:32816 shmem:1374 pagetables:1463
[  547.644551][T12156]  sec_pagetables:0 bounce:0
[  547.644551][T12156]  kernel_misc_reclaimable:0
[  547.644551][T12156]  free:1278404 free_pcp:16735 free_cma:0
[  547.697396][T12166] CPU: 0 UID: 0 PID: 12166 Comm: syz.4.1874 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  547.697432][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  547.697447][T12166] Call Trace:
[  547.697458][T12166]  <TASK>
[  547.697468][T12166]  dump_stack_lvl+0x189/0x250
[  547.697504][T12166]  ? __pfx____ratelimit+0x10/0x10
[  547.697531][T12166]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.697559][T12166]  ? __pfx__printk+0x10/0x10
[  547.697605][T12166]  should_fail_ex+0x414/0x560
[  547.697637][T12166]  _copy_to_user+0x31/0xb0
[  547.697675][T12166]  simple_read_from_buffer+0xe1/0x170
[  547.697716][T12166]  proc_fail_nth_read+0x1df/0x250
[  547.697744][T12166]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  547.697772][T12166]  ? rw_verify_area+0x258/0x650
[  547.697803][T12166]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  547.697829][T12166]  vfs_read+0x1fd/0x980
[  547.697874][T12166]  ? __pfx___mutex_lock+0x10/0x10
[  547.697903][T12166]  ? __pfx_vfs_read+0x10/0x10
[  547.697936][T12166]  ? __fget_files+0x2a/0x420
[  547.697974][T12166]  ? __fget_files+0x3a0/0x420
[  547.697994][T12166]  ? __fget_files+0x2a/0x420
[  547.698026][T12166]  ksys_read+0x145/0x250
[  547.698061][T12166]  ? __pfx_ksys_read+0x10/0x10
[  547.698090][T12166]  ? rcu_is_watching+0x15/0xb0
[  547.698124][T12166]  ? do_syscall_64+0xbe/0x3b0
[  547.698156][T12166]  do_syscall_64+0xfa/0x3b0
[  547.698182][T12166]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.698207][T12166]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.698232][T12166]  ? clear_bhb_loop+0x60/0xb0
[  547.698261][T12166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.698283][T12166] RIP: 0033:0x7f7ca758d3bc
[  547.698306][T12166] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  547.698325][T12166] RSP: 002b:00007f7ca8424030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  547.698349][T12166] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758d3bc
[  547.698367][T12166] RDX: 000000000000000f RSI: 00007f7ca84240a0 RDI: 0000000000000004
[  547.698382][T12166] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  547.698397][T12166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  547.698411][T12166] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  547.698448][T12166]  </TASK>
[  547.948835][T12156] Node 0 active_anon:30076kB inactive_anon:0kB active_file:62616kB inactive_file:172928kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131324kB dirty:344kB writeback:96kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12480kB pagetables:5712kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  548.014525][ T2154] usb 4-1: USB disconnect, device number 67
[  548.025868][ T2154] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  548.210401][T12156] Node 1 active_anon:0kB inactive_anon:0kB active_file:60kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  548.243342][T12156] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  548.278439][ T5914] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  548.301802][T12156] lowmem_reserve[]: 0 2498 2500 2500 2500
[  548.328220][T12156] Node 0 DMA32 free:1201900kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29744kB inactive_anon:0kB active_file:62684kB inactive_file:171352kB unevictable:1536kB writepending:376kB present:3129332kB managed:2558492kB mlocked:0kB bounce:0kB free_pcp:46048kB local_pcp:25484kB free_cma:0kB
[  548.368310][ T5914] usb 1-1: USB disconnect, device number 80
[  548.377659][T12172] FAULT_INJECTION: forcing a failure.
[  548.377659][T12172] name failslab, interval 1, probability 0, space 0, times 0
[  548.414847][T12172] CPU: 0 UID: 0 PID: 12172 Comm: syz.3.1877 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  548.414877][T12172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  548.414891][T12172] Call Trace:
[  548.414899][T12172]  <TASK>
[  548.414908][T12172]  dump_stack_lvl+0x189/0x250
[  548.414939][T12172]  ? __pfx____ratelimit+0x10/0x10
[  548.414962][T12172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.414987][T12172]  ? __pfx__printk+0x10/0x10
[  548.415022][T12172]  ? __pfx___might_resched+0x10/0x10
[  548.415046][T12172]  ? fs_reclaim_acquire+0x7d/0x100
[  548.415072][T12172]  should_fail_ex+0x414/0x560
[  548.415101][T12172]  should_failslab+0xa8/0x100
[  548.415134][T12172]  __kmalloc_noprof+0xcb/0x4f0
[  548.415161][T12172]  ? kfree+0x4d/0x440
[  548.415184][T12172]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  548.415216][T12172]  tomoyo_realpath_from_path+0xe3/0x5d0
[  548.415244][T12172]  ? tomoyo_domain+0xd9/0x130
[  548.415276][T12172]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  548.415298][T12172]  tomoyo_path_number_perm+0x1e8/0x5a0
[  548.415321][T12172]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  548.415362][T12172]  ? __lock_acquire+0xab9/0xd20
[  548.415407][T12172]  ? __fget_files+0x2a/0x420
[  548.415429][T12172]  ? __fget_files+0x2a/0x420
[  548.415447][T12172]  ? __fget_files+0x3a0/0x420
[  548.415464][T12172]  ? __fget_files+0x2a/0x420
[  548.415487][T12172]  security_file_ioctl+0xcb/0x2d0
[  548.415522][T12172]  __se_sys_ioctl+0x47/0x170
[  548.415551][T12172]  do_syscall_64+0xfa/0x3b0
[  548.415574][T12172]  ? lockdep_hardirqs_on+0x9c/0x150
[  548.415596][T12172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.415626][T12172]  ? clear_bhb_loop+0x60/0xb0
[  548.415651][T12172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.415671][T12172] RIP: 0033:0x7fb3bed8e9a9
[  548.415690][T12172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.415708][T12172] RSP: 002b:00007fb3bfbb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  548.415730][T12172] RAX: ffffffffffffffda RBX: 00007fb3befb5fa0 RCX: 00007fb3bed8e9a9
[  548.415746][T12172] RDX: 0000200000000100 RSI: 000000004008744b RDI: 0000000000000004
[  548.415759][T12172] RBP: 00007fb3bfbb5090 R08: 0000000000000000 R09: 0000000000000000
[  548.415772][T12172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.415785][T12172] R13: 0000000000000000 R14: 00007fb3befb5fa0 R15: 00007fb3bf0dfa28
[  548.415817][T12172]  </TASK>
[  548.415826][T12172] ERROR: Out of memory at tomoyo_realpath_from_path.
[  548.493377][T12156] lowmem_reserve[]: 0 0 1 1 1
[  548.700989][T12156] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  548.749116][T12156] lowmem_reserve[]: 0 0 0 0 0
[  548.760102][T12156] Node 1 Normal free:3896328kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:60kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21596kB local_pcp:9568kB free_cma:0kB
[  548.794613][T12156] lowmem_reserve[]: 0 0 0 0 0
[  548.809202][T12156] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  548.836404][T12156] Node 0 DMA32: 535*4kB (ME) 688*8kB (ME) 315*16kB (UME) 107*32kB (ME) 238*64kB (ME) 39*128kB (ME) 61*256kB (UME) 24*512kB (UME) 27*1024kB (UM) 6*2048kB (UME) 268*4096kB (UM) = 1201900kB
[  548.884126][T12156] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  548.904244][T12156] Node 1 Normal: 220*4kB (UME) 55*8kB (UME) 44*16kB (UME) 197*32kB (UME) 68*64kB (UME) 15*128kB (UME) 3*256kB (ME) 2*512kB (UM) 1*1024kB (U) 0*2048kB 947*4096kB (M) = 3896328kB
[  548.930170][T12156] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  548.944606][T12156] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  548.958665][T12156] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  548.977584][T12156] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  548.989437][T12156] 60340 total pagecache pages
[  548.999811][T12156] 0 pages in swap cache
[  549.004423][ T5914] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  549.064745][T12156] Free swap  = 124996kB
[  549.069267][T12156] Total swap = 124996kB
[  549.079151][T12156] 2097051 pages RAM
[  549.094513][T12156] 0 pages HighMem/MovableOnly
[  549.108325][T12156] 425386 pages reserved
[  549.113880][T12189] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1884'.
[  549.123756][T12189] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1884'.
[  549.134038][T12156] 0 pages cma reserved
[  549.186525][ T5914] usb 1-1: Using ep0 maxpacket: 32
[  549.262348][ T5914] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  549.270609][ T5914] usb 1-1: config 0 has no interface number 0
[  549.271918][ T2154] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  549.331549][ T5914] usb 1-1: config 0 interface 184 has no altsetting 0
[  549.370404][ T5914] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  549.398657][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.429212][ T5914] usb 1-1: Product: syz
[  549.439412][ T5914] usb 1-1: Manufacturer: syz
[  549.441972][ T2154] usb 2-1: Using ep0 maxpacket: 16
[  549.459864][ T5914] usb 1-1: SerialNumber: syz
[  549.474235][ T5914] usb 1-1: config 0 descriptor??
[  549.474333][ T2154] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  549.514565][ T5914] smsc75xx v1.0.0
[  549.518281][ T5914] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  549.536209][ T5914] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  549.586134][ T2154] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  549.677452][ T2154] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  549.702624][T12176] dlm: non-version read from control device 36
[  549.712052][ T5914] usb 1-1: USB disconnect, device number 81
[  549.719850][ T2154] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.750236][ T2154] usb 2-1: config 0 descriptor??
[  550.016838][T12197] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1886'.
[  550.065602][T12200] fuse: Unknown parameter '%
[  550.065602][T12200] 	Ð�mÞ$aR¨îöp<îE6"Ê5Ž+Ð@K§)I''
[  550.176163][T12202] FAULT_INJECTION: forcing a failure.
[  550.176163][T12202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.223642][ T2154] hid-multitouch 0003:1FD2:6007.001C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[  550.241831][T12202] CPU: 0 UID: 0 PID: 12202 Comm: syz.2.1887 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  550.241870][T12202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  550.241884][T12202] Call Trace:
[  550.241893][T12202]  <TASK>
[  550.241903][T12202]  dump_stack_lvl+0x189/0x250
[  550.241933][T12202]  ? __pfx____ratelimit+0x10/0x10
[  550.241958][T12202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.241983][T12202]  ? __pfx__printk+0x10/0x10
[  550.242030][T12202]  should_fail_ex+0x414/0x560
[  550.242058][T12202]  _copy_to_user+0x31/0xb0
[  550.242092][T12202]  simple_read_from_buffer+0xe1/0x170
[  550.242128][T12202]  proc_fail_nth_read+0x1df/0x250
[  550.242154][T12202]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.242179][T12202]  ? rw_verify_area+0x258/0x650
[  550.242215][T12202]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.242239][T12202]  vfs_read+0x1fd/0x980
[  550.242272][T12202]  ? __pfx___mutex_lock+0x10/0x10
[  550.242297][T12202]  ? __pfx_vfs_read+0x10/0x10
[  550.242326][T12202]  ? __fget_files+0x2a/0x420
[  550.242348][T12202]  ? __fget_files+0x3a0/0x420
[  550.242366][T12202]  ? __fget_files+0x2a/0x420
[  550.242395][T12202]  ksys_read+0x145/0x250
[  550.242426][T12202]  ? __pfx_ksys_read+0x10/0x10
[  550.242451][T12202]  ? rcu_is_watching+0x15/0xb0
[  550.242489][T12202]  ? do_syscall_64+0xbe/0x3b0
[  550.242524][T12202]  do_syscall_64+0xfa/0x3b0
[  550.242547][T12202]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.242570][T12202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.242591][T12202]  ? clear_bhb_loop+0x60/0xb0
[  550.242617][T12202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.242638][T12202] RIP: 0033:0x7fd70f38d3bc
[  550.242657][T12202] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  550.242676][T12202] RSP: 002b:00007fd7101f4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  550.242699][T12202] RAX: ffffffffffffffda RBX: 00007fd70f5b5fa0 RCX: 00007fd70f38d3bc
[  550.242714][T12202] RDX: 000000000000000f RSI: 00007fd7101f40a0 RDI: 0000000000000004
[  550.242726][T12202] RBP: 00007fd7101f4090 R08: 0000000000000000 R09: 0000000000000000
[  550.242740][T12202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  550.242752][T12202] R13: 0000000000000000 R14: 00007fd70f5b5fa0 R15: 00007fd70f6dfa28
[  550.242785][T12202]  </TASK>
[  550.700502][T12214] FAULT_INJECTION: forcing a failure.
[  550.700502][T12214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.730152][T12214] CPU: 1 UID: 0 PID: 12214 Comm: syz.0.1891 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  550.730174][T12214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  550.730184][T12214] Call Trace:
[  550.730190][T12214]  <TASK>
[  550.730198][T12214]  dump_stack_lvl+0x189/0x250
[  550.730222][T12214]  ? __pfx____ratelimit+0x10/0x10
[  550.730239][T12214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.730257][T12214]  ? __pfx__printk+0x10/0x10
[  550.730286][T12214]  should_fail_ex+0x414/0x560
[  550.730306][T12214]  _copy_to_user+0x31/0xb0
[  550.730330][T12214]  simple_read_from_buffer+0xe1/0x170
[  550.730355][T12214]  proc_fail_nth_read+0x1df/0x250
[  550.730373][T12214]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.730391][T12214]  ? rw_verify_area+0x258/0x650
[  550.730410][T12214]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  550.730426][T12214]  vfs_read+0x1fd/0x980
[  550.730514][T12214]  ? __pfx___mutex_lock+0x10/0x10
[  550.730533][T12214]  ? __pfx_vfs_read+0x10/0x10
[  550.730554][T12214]  ? __fget_files+0x2a/0x420
[  550.730571][T12214]  ? __fget_files+0x3a0/0x420
[  550.730583][T12214]  ? __fget_files+0x2a/0x420
[  550.730603][T12214]  ksys_read+0x145/0x250
[  550.730632][T12214]  ? __pfx_ksys_read+0x10/0x10
[  550.730649][T12214]  ? rcu_is_watching+0x15/0xb0
[  550.730675][T12214]  ? do_syscall_64+0xbe/0x3b0
[  550.730697][T12214]  do_syscall_64+0xfa/0x3b0
[  550.730714][T12214]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.730730][T12214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.730744][T12214]  ? clear_bhb_loop+0x60/0xb0
[  550.730763][T12214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.730778][T12214] RIP: 0033:0x7f3839d8d3bc
[  550.730793][T12214] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  550.730806][T12214] RSP: 002b:00007f383ab71030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  550.730822][T12214] RAX: ffffffffffffffda RBX: 00007f3839fb5fa0 RCX: 00007f3839d8d3bc
[  550.730834][T12214] RDX: 000000000000000f RSI: 00007f383ab710a0 RDI: 0000000000000004
[  550.730844][T12214] RBP: 00007f383ab71090 R08: 0000000000000000 R09: 0000000000000000
[  550.730853][T12214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  550.730862][T12214] R13: 0000000000000000 R14: 00007f3839fb5fa0 R15: 00007f383a0dfa28
[  550.730885][T12214]  </TASK>
[  551.039664][ T5848] usb 2-1: USB disconnect, device number 81
[  551.411264][ T5914] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[  551.633186][T12225] FAULT_INJECTION: forcing a failure.
[  551.633186][T12225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.675209][T12225] CPU: 0 UID: 0 PID: 12225 Comm: syz.4.1896 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  551.675232][T12225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  551.675242][T12225] Call Trace:
[  551.675249][T12225]  <TASK>
[  551.675256][T12225]  dump_stack_lvl+0x189/0x250
[  551.675279][T12225]  ? __pfx____ratelimit+0x10/0x10
[  551.675298][T12225]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.675316][T12225]  ? __pfx__printk+0x10/0x10
[  551.675347][T12225]  should_fail_ex+0x414/0x560
[  551.675370][T12225]  _copy_to_user+0x31/0xb0
[  551.675394][T12225]  simple_read_from_buffer+0xe1/0x170
[  551.675420][T12225]  proc_fail_nth_read+0x1df/0x250
[  551.675438][T12225]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.675456][T12225]  ? rw_verify_area+0x258/0x650
[  551.675475][T12225]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.675492][T12225]  vfs_read+0x1fd/0x980
[  551.675515][T12225]  ? __pfx___mutex_lock+0x10/0x10
[  551.675533][T12225]  ? __pfx_vfs_read+0x10/0x10
[  551.675554][T12225]  ? __fget_files+0x2a/0x420
[  551.675571][T12225]  ? __fget_files+0x3a0/0x420
[  551.675583][T12225]  ? __fget_files+0x2a/0x420
[  551.675609][T12225]  ksys_read+0x145/0x250
[  551.675631][T12225]  ? __pfx_ksys_read+0x10/0x10
[  551.675649][T12225]  ? rcu_is_watching+0x15/0xb0
[  551.675670][T12225]  ? do_syscall_64+0xbe/0x3b0
[  551.675691][T12225]  do_syscall_64+0xfa/0x3b0
[  551.675707][T12225]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.675723][T12225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.675738][T12225]  ? clear_bhb_loop+0x60/0xb0
[  551.675756][T12225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.675770][T12225] RIP: 0033:0x7f7ca758d3bc
[  551.675784][T12225] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  551.675798][T12225] RSP: 002b:00007f7ca8424030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  551.675813][T12225] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758d3bc
[  551.675825][T12225] RDX: 000000000000000f RSI: 00007f7ca84240a0 RDI: 0000000000000005
[  551.675834][T12225] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  551.675844][T12225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  551.675853][T12225] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  551.675876][T12225]  </TASK>
[  551.677117][T12227] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1897'.
[  551.930712][ T2154] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  551.961728][T12227] FAULT_INJECTION: forcing a failure.
[  551.961728][T12227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.979722][T12227] CPU: 1 UID: 0 PID: 12227 Comm: syz.2.1897 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  551.979750][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  551.979763][T12227] Call Trace:
[  551.979770][T12227]  <TASK>
[  551.979779][T12227]  dump_stack_lvl+0x189/0x250
[  551.979807][T12227]  ? __pfx____ratelimit+0x10/0x10
[  551.979831][T12227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.979855][T12227]  ? __pfx__printk+0x10/0x10
[  551.979894][T12227]  should_fail_ex+0x414/0x560
[  551.979921][T12227]  _copy_to_user+0x31/0xb0
[  551.979953][T12227]  simple_read_from_buffer+0xe1/0x170
[  551.979988][T12227]  proc_fail_nth_read+0x1df/0x250
[  551.980012][T12227]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.980037][T12227]  ? rw_verify_area+0x258/0x650
[  551.980063][T12227]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.980085][T12227]  vfs_read+0x1fd/0x980
[  551.980118][T12227]  ? __pfx___mutex_lock+0x10/0x10
[  551.980141][T12227]  ? __pfx_vfs_read+0x10/0x10
[  551.980168][T12227]  ? __fget_files+0x2a/0x420
[  551.980192][T12227]  ? __fget_files+0x3a0/0x420
[  551.980209][T12227]  ? __fget_files+0x2a/0x420
[  551.980235][T12227]  ksys_read+0x145/0x250
[  551.980266][T12227]  ? __pfx_ksys_read+0x10/0x10
[  551.980294][T12227]  ? rcu_is_watching+0x15/0xb0
[  551.980325][T12227]  ? do_syscall_64+0xbe/0x3b0
[  551.980356][T12227]  do_syscall_64+0xfa/0x3b0
[  551.980378][T12227]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.980401][T12227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.980423][T12227]  ? clear_bhb_loop+0x60/0xb0
[  551.980450][T12227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.980471][T12227] RIP: 0033:0x7fd70f38d3bc
[  551.980491][T12227] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  551.980511][T12227] RSP: 002b:00007fd7101f4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  551.980547][T12227] RAX: ffffffffffffffda RBX: 00007fd70f5b5fa0 RCX: 00007fd70f38d3bc
[  551.980564][T12227] RDX: 000000000000000f RSI: 00007fd7101f40a0 RDI: 0000000000000004
[  551.980579][T12227] RBP: 00007fd7101f4090 R08: 0000000000000000 R09: 0000000000000000
[  551.980593][T12227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  551.980607][T12227] R13: 0000000000000000 R14: 00007fd70f5b5fa0 R15: 00007fd70f6dfa28
[  551.980641][T12227]  </TASK>
[  552.335178][ T2154] usb 4-1: Using ep0 maxpacket: 8
[  552.370245][ T2154] usb 4-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  552.372098][T12232] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  552.395688][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.455981][ T2154] usb 4-1: Product: syz
[  552.489080][ T2154] usb 4-1: Manufacturer: syz
[  552.495877][ T2154] usb 4-1: SerialNumber: syz
[  552.519471][ T2154] usb 4-1: config 0 descriptor??
[  552.553140][ T2154] option 4-1:0.0: GSM modem (1-port) converter detected
[  552.763770][T12220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.781944][T12220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.890079][ T2154] usb 4-1: USB disconnect, device number 68
[  552.934487][ T2154] option 4-1:0.0: device disconnected
[  552.979632][T12252] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1906'.
[  554.093822][T12276] FAULT_INJECTION: forcing a failure.
[  554.093822][T12276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.132344][T12276] CPU: 1 UID: 0 PID: 12276 Comm: syz.2.1912 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  554.132383][T12276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  554.132397][T12276] Call Trace:
[  554.132406][T12276]  <TASK>
[  554.132415][T12276]  dump_stack_lvl+0x189/0x250
[  554.132444][T12276]  ? __pfx____ratelimit+0x10/0x10
[  554.132467][T12276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.132492][T12276]  ? __pfx__printk+0x10/0x10
[  554.132518][T12276]  ? __might_fault+0xb0/0x130
[  554.132560][T12276]  should_fail_ex+0x414/0x560
[  554.132589][T12276]  _copy_from_user+0x2d/0xb0
[  554.132620][T12276]  kstrtouint_from_user+0xc4/0x170
[  554.132648][T12276]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  554.132691][T12276]  proc_fail_nth_write+0x88/0x240
[  554.132714][T12276]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  554.132742][T12276]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  554.132765][T12276]  vfs_write+0x27b/0xa90
[  554.132804][T12276]  ? __pfx_vfs_write+0x10/0x10
[  554.132834][T12276]  ? __fget_files+0x2a/0x420
[  554.132858][T12276]  ? __fget_files+0x3a0/0x420
[  554.132875][T12276]  ? __fget_files+0x2a/0x420
[  554.132904][T12276]  ksys_write+0x145/0x250
[  554.132935][T12276]  ? __pfx_ksys_write+0x10/0x10
[  554.132964][T12276]  ? rcu_is_watching+0x15/0xb0
[  554.132995][T12276]  ? do_syscall_64+0xbe/0x3b0
[  554.133024][T12276]  do_syscall_64+0xfa/0x3b0
[  554.133046][T12276]  ? lockdep_hardirqs_on+0x9c/0x150
[  554.133068][T12276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.133089][T12276]  ? clear_bhb_loop+0x60/0xb0
[  554.133114][T12276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.133135][T12276] RIP: 0033:0x7fd70f38d45f
[  554.133153][T12276] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  554.133172][T12276] RSP: 002b:00007fd7101f4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  554.133194][T12276] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd70f38d45f
[  554.133209][T12276] RDX: 0000000000000001 RSI: 00007fd7101f40a0 RDI: 0000000000000004
[  554.133223][T12276] RBP: 00007fd7101f4090 R08: 0000000000000000 R09: 0000000000000000
[  554.133236][T12276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  554.133248][T12276] R13: 0000000000000000 R14: 00007fd70f5b5fa0 R15: 00007fd70f6dfa28
[  554.133281][T12276]  </TASK>
[  554.702710][ T5927] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  554.861708][ T5927] usb 4-1: Using ep0 maxpacket: 8
[  554.876070][ T5927] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  554.904391][ T5927] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  554.945810][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  555.026556][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  555.058594][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  555.135648][ T5927] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  555.206573][ T5927] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  555.243402][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.298052][  T981] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  555.303260][ T5927] usb 4-1: Product: syz
[  555.310053][ T5927] usb 4-1: Manufacturer: syz
[  555.319438][ T5927] usb 4-1: SerialNumber: syz
[  555.338453][ T5927] usb 4-1: config 0 descriptor??
[  555.355351][T12279] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  555.483741][  T981] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  555.504822][  T981] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  555.567394][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.743743][ T6997] udevd[6997]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  555.782349][  T981] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  555.956767][  T981] usb 3-1: USB disconnect, device number 68
[  556.391765][T12306] FAULT_INJECTION: forcing a failure.
[  556.391765][T12306] name failslab, interval 1, probability 0, space 0, times 0
[  556.411550][T12306] CPU: 1 UID: 0 PID: 12306 Comm: syz.1.1923 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  556.411580][T12306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.411593][T12306] Call Trace:
[  556.411603][T12306]  <TASK>
[  556.411612][T12306]  dump_stack_lvl+0x189/0x250
[  556.411642][T12306]  ? __pfx____ratelimit+0x10/0x10
[  556.411667][T12306]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.411691][T12306]  ? __pfx__printk+0x10/0x10
[  556.411724][T12306]  ? __pfx___might_resched+0x10/0x10
[  556.411753][T12306]  should_fail_ex+0x414/0x560
[  556.411781][T12306]  should_failslab+0xa8/0x100
[  556.411815][T12306]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  556.411846][T12306]  ? __alloc_skb+0x112/0x2d0
[  556.411881][T12306]  __alloc_skb+0x112/0x2d0
[  556.411914][T12306]  netlink_sendmsg+0x5c6/0xb30
[  556.411956][T12306]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.411998][T12306]  ? aa_sock_msg_perm+0x94/0x160
[  556.412023][T12306]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  556.412045][T12306]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.412076][T12306]  __sock_sendmsg+0x21c/0x270
[  556.412106][T12306]  ____sys_sendmsg+0x52d/0x830
[  556.412133][T12306]  ? __pfx_____sys_sendmsg+0x10/0x10
[  556.412162][T12306]  ? import_iovec+0x74/0xa0
[  556.412196][T12306]  ___sys_sendmsg+0x21f/0x2a0
[  556.412219][T12306]  ? __pfx____sys_sendmsg+0x10/0x10
[  556.412283][T12306]  ? __might_fault+0xb0/0x130
[  556.412315][T12306]  __sys_sendmmsg+0x227/0x430
[  556.412341][T12306]  ? __pfx___sys_sendmmsg+0x10/0x10
[  556.412357][T12306]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  556.412421][T12306]  ? ksys_write+0x22a/0x250
[  556.412452][T12306]  ? __pfx_ksys_write+0x10/0x10
[  556.412487][T12306]  __x64_sys_sendmmsg+0xa0/0xc0
[  556.412510][T12306]  do_syscall_64+0xfa/0x3b0
[  556.412533][T12306]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.412555][T12306]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.412576][T12306]  ? clear_bhb_loop+0x60/0xb0
[  556.412602][T12306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.412622][T12306] RIP: 0033:0x7fb5ed18e9a9
[  556.412642][T12306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.412661][T12306] RSP: 002b:00007fb5edfcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  556.412683][T12306] RAX: ffffffffffffffda RBX: 00007fb5ed3b5fa0 RCX: 00007fb5ed18e9a9
[  556.412699][T12306] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  556.412713][T12306] RBP: 00007fb5edfcd090 R08: 0000000000000000 R09: 0000000000000000
[  556.412727][T12306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  556.412739][T12306] R13: 0000000000000000 R14: 00007fb5ed3b5fa0 R15: 00007fb5ed4dfa28
[  556.412771][T12306]  </TASK>
[  556.723386][T12309] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1925'.
[  556.842807][T12313] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1926'.
[  556.898487][T12313] FAULT_INJECTION: forcing a failure.
[  556.898487][T12313] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  556.951658][ T5927] rc_core: IR keymap rc-snapstream-firefly not found
[  556.958398][ T5927] Registered IR keymap rc-empty
[  556.970025][ T5927] rc rc0: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  556.997765][T12313] CPU: 1 UID: 0 PID: 12313 Comm: syz.1.1926 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  556.997795][T12313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.997810][T12313] Call Trace:
[  556.997819][T12313]  <TASK>
[  556.997828][T12313]  dump_stack_lvl+0x189/0x250
[  556.997859][T12313]  ? __pfx____ratelimit+0x10/0x10
[  556.997883][T12313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.997916][T12313]  ? __pfx__printk+0x10/0x10
[  556.997958][T12313]  should_fail_ex+0x414/0x560
[  556.997986][T12313]  _copy_to_user+0x31/0xb0
[  556.998018][T12313]  simple_read_from_buffer+0xe1/0x170
[  556.998054][T12313]  proc_fail_nth_read+0x1df/0x250
[  556.998080][T12313]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  556.998105][T12313]  ? rw_verify_area+0x258/0x650
[  556.998131][T12313]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  556.998154][T12313]  vfs_read+0x1fd/0x980
[  556.998187][T12313]  ? __pfx___mutex_lock+0x10/0x10
[  556.998213][T12313]  ? __pfx_vfs_read+0x10/0x10
[  556.998242][T12313]  ? __fget_files+0x2a/0x420
[  556.998264][T12313]  ? __fget_files+0x3a0/0x420
[  556.998281][T12313]  ? __fget_files+0x2a/0x420
[  556.998309][T12313]  ksys_read+0x145/0x250
[  556.998339][T12313]  ? __pfx_ksys_read+0x10/0x10
[  556.998364][T12313]  ? rcu_is_watching+0x15/0xb0
[  556.998395][T12313]  ? do_syscall_64+0xbe/0x3b0
[  556.998423][T12313]  do_syscall_64+0xfa/0x3b0
[  556.998446][T12313]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.998467][T12313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.998489][T12313]  ? clear_bhb_loop+0x60/0xb0
[  556.998514][T12313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.998542][T12313] RIP: 0033:0x7fb5ed18d3bc
[  556.998561][T12313] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  556.998580][T12313] RSP: 002b:00007fb5edfcd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  556.998602][T12313] RAX: ffffffffffffffda RBX: 00007fb5ed3b5fa0 RCX: 00007fb5ed18d3bc
[  556.998617][T12313] RDX: 000000000000000f RSI: 00007fb5edfcd0a0 RDI: 0000000000000004
[  556.998631][T12313] RBP: 00007fb5edfcd090 R08: 0000000000000000 R09: 0000000000000000
[  556.998645][T12313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  556.998657][T12313] R13: 0000000000000000 R14: 00007fb5ed3b5fa0 R15: 00007fb5ed4dfa28
[  556.998690][T12313]  </TASK>
[  557.235451][ T5927] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input47
[  557.266390][ T5927] input: syz syz mouse as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input48
[  557.395145][ T5927] usb 4-1: USB disconnect, device number 69
[  557.401775][    C0] ati_remote 4-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  557.505420][T12327] autofs4:pid:12327:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4), cmd(0xc018937e)
[  557.572236][T12327] autofs4:pid:12327:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e)
[  558.351386][ T5914] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  558.431820][ T5848] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  558.513744][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  558.542688][ T5914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  558.579341][ T5914] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  558.601995][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.606029][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  558.614435][ T5914] usb 1-1: Product: syz
[  558.619804][ T5914] usb 1-1: Manufacturer: syz
[  558.625428][ T5914] usb 1-1: SerialNumber: syz
[  558.639229][ T5914] usb 1-1: config 0 descriptor??
[  558.639579][ T5848] usb 3-1: config index 0 descriptor too short (expected 2340, got 36)
[  558.656377][ T5914] gspca_main: stk014-2.14.0 probing 05e1:0893
[  558.664804][ T5914] usb 1-1: selecting invalid altsetting 1
[  558.678564][ T5848] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  558.702490][ T5848] usb 3-1: config 6 has 0 interfaces, different from the descriptor's value: 5
[  558.734655][ T5848] usb 3-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  558.770159][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.824516][ T5848] usb 3-1: Product: syz
[  559.291254][ T5914] gspca_stk014: reg_r err -110
[  559.297581][ T5914] stk014 1-1:0.0: probe with driver stk014 failed with error -110
[  559.317933][ T5848] usb 3-1: Manufacturer: syz
[  559.335144][ T5848] usb 3-1: SerialNumber: syz
[  559.436187][T12362] lo: entered allmulticast mode
[  559.483917][T12362] tunl0: entered allmulticast mode
[  559.499095][T12362] gre0: entered allmulticast mode
[  559.755431][T12362] gretap0: entered allmulticast mode
[  559.773835][T12362] erspan0: entered allmulticast mode
[  559.815638][T12362] ip_vti0: entered allmulticast mode
[  559.824746][T12362] ip6_vti0: entered allmulticast mode
[  559.845734][T12362] sit0: entered allmulticast mode
[  559.887756][T12362] ip6tnl0: entered allmulticast mode
[  559.898991][ T5848] usb 3-1: USB disconnect, device number 69
[  559.916842][T12362] ip6gre0: entered allmulticast mode
[  559.978315][T12362] ip6gretap0: entered allmulticast mode
[  560.006541][T12362] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.014165][T12362] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.034836][T11530] usb 1-1: USB disconnect, device number 82
[  560.052416][T12362] bridge0: entered allmulticast mode
[  560.104808][T12362] vcan0: entered allmulticast mode
[  560.166542][T12362] team0: entered allmulticast mode
[  560.201564][T12362] team_slave_0: entered allmulticast mode
[  560.224525][T12362] team_slave_1: entered allmulticast mode
[  560.279958][T12362] dummy0: entered allmulticast mode
[  560.311170][T12362] nlmon0: entered allmulticast mode
[  560.319047][T12362] caif0: entered allmulticast mode
[  560.330499][T12362] batadv0: entered allmulticast mode
[  560.343678][T12362] veth0: entered allmulticast mode
[  560.354235][T12362] veth1: entered allmulticast mode
[  560.367695][T12362] wg0: entered allmulticast mode
[  560.376944][T12362] wg1: entered allmulticast mode
[  560.386140][T12362] wg2: entered allmulticast mode
[  560.394937][T12362] veth0_to_bridge: entered allmulticast mode
[  560.410713][T12362] veth1_to_bridge: entered allmulticast mode
[  560.421905][ T5848] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[  560.437229][T12362] veth0_to_bond: entered allmulticast mode
[  560.467930][T12362] veth1_to_bond: entered allmulticast mode
[  560.501234][   T30] audit: type=1326 audit(1753713234.150:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.1.1948" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb5ed18e9a9 code=0x0
[  560.557715][T12387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1948'.
[  560.569314][T12362] veth0_to_team: entered allmulticast mode
[  560.594406][ T5848] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  560.609069][T12362] veth1_to_team: entered allmulticast mode
[  560.610134][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.646902][T12362] veth0_to_batadv: entered allmulticast mode
[  560.650162][ T5848] usb 3-1: config 0 descriptor??
[  560.713189][T12362] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  560.726548][T12362] batadv_slave_0: entered allmulticast mode
[  560.739399][T12362] veth1_to_batadv: entered allmulticast mode
[  560.754888][T12362] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  560.770228][T12362] batadv_slave_1: entered allmulticast mode
[  560.785505][T12362] xfrm0: entered allmulticast mode
[  560.800800][T12362] veth0_to_hsr: entered allmulticast mode
[  560.817456][T12362] hsr_slave_0: entered allmulticast mode
[  560.829008][T12362] veth1_to_hsr: entered allmulticast mode
[  560.845525][T12362] hsr_slave_1: entered allmulticast mode
[  560.859521][T12362] veth1_virt_wifi: entered allmulticast mode
[  560.877732][ T5848] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  560.886943][T12362] veth0_virt_wifi: entered allmulticast mode
[  560.906300][T12362] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  560.918946][T12362] veth1_vlan: entered allmulticast mode
[  560.945990][T12362] vlan1: entered allmulticast mode
[  560.965909][T12362] macvlan0: entered allmulticast mode
[  560.979231][T12362] macvlan1: entered allmulticast mode
[  561.009050][T12362] ipvlan0: entered allmulticast mode
[  561.080213][ T5848] [drm:udl_init] *ERROR* Selecting channel failed
[  561.088267][T12362] ipvlan1: entered allmulticast mode
[  561.104956][T12362] veth1_macvtap: entered allmulticast mode
[  561.170866][T12362] veth0_macvtap: entered allmulticast mode
[  561.186578][ T5848] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  561.226578][ T5848] [drm] Initialized udl on minor 2
[  561.244457][ T5848] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  561.270732][ T5848] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  561.287102][    T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  561.314228][T12362] macvtap0: entered allmulticast mode
[  561.347492][T12362] macsec0: entered allmulticast mode
[  561.363152][ T5848] usb 3-1: USB disconnect, device number 70
[  561.376017][    T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  561.433581][T12362] geneve0: entered allmulticast mode
[  561.456056][T12362] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  561.478158][T12362] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  561.507721][T12362] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  561.530434][T12362] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  561.543276][T12362] geneve1: entered allmulticast mode
[  561.564257][T12362] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  561.606441][T12362] netdevsim netdevsim4 netdevsim1: entered allmulticast mode
[  561.626822][T12362] netdevsim netdevsim4 netdevsim2: entered allmulticast mode
[  561.635172][ T5927] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  561.692016][T12362] netdevsim netdevsim4 netdevsim3: entered allmulticast mode
[  561.715770][T12362] mac80211_hwsim hwsim12 wlan0: entered allmulticast mode
[  561.723921][T12362] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode
[  561.732797][T12362] bond1: entered allmulticast mode
[  561.738768][T12362] gre1: entered allmulticast mode
[  561.783592][T12362] bridge1: left promiscuous mode
[  561.788618][T12362] bridge1: entered allmulticast mode
[  561.815498][ T5927] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  561.832814][ T5927] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  561.842916][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  561.851836][ T5927] usb 4-1: SerialNumber: syz
[  561.864302][T12362] macsec1: entered allmulticast mode
[  561.897036][T12362] macvlan2: entered allmulticast mode
[  561.914571][T12362] syztnl0: entered allmulticast mode
[  561.936669][T12362] bond0: left promiscuous mode
[  561.960371][T12362] bond_slave_0: left promiscuous mode
[  561.993346][T12362] bond_slave_1: left promiscuous mode
[  562.007827][T12362] macvtap1: left promiscuous mode
[  562.026796][T12362] bridge2: entered allmulticast mode
[  562.041646][T12362] syztnl2: entered allmulticast mode
[  562.058741][T12362] bridge3: entered allmulticast mode
[  562.087756][T12362] gre2: entered allmulticast mode
[  562.465938][T12403] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1953'.
[  562.493130][T12403] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  562.500308][ T5927] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  562.624398][ T5927] usb 4-1: USB disconnect, device number 70
[  563.160017][T11530] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  563.431533][T12429] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  563.452164][T11530] usb 1-1: Using ep0 maxpacket: 8
[  563.460049][T11530] usb 1-1: config 0 has no interfaces?
[  563.481538][T11530] usb 1-1: New USB device found, idVendor=0b43, idProduct=0083, bcdDevice= 0.00
[  563.577019][T11530] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.660688][T11530] usb 1-1: config 0 descriptor??
[  564.576093][   T30] audit: type=1326 audit(1753713238.220:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  564.702903][   T30] audit: type=1326 audit(1753713238.220:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  564.829182][   T30] audit: type=1326 audit(1753713238.220:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  564.981758][   T30] audit: type=1326 audit(1753713238.220:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  565.195723][   T30] audit: type=1326 audit(1753713238.220:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  565.371841][   T30] audit: type=1326 audit(1753713238.220:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  565.524094][   T30] audit: type=1326 audit(1753713238.220:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  565.547070][T12450] FAULT_INJECTION: forcing a failure.
[  565.547070][T12450] name failslab, interval 1, probability 0, space 0, times 0
[  565.547106][T12450] CPU: 1 UID: 0 PID: 12450 Comm: syz.3.1969 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  565.547133][T12450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  565.547147][T12450] Call Trace:
[  565.547156][T12450]  <TASK>
[  565.547165][T12450]  dump_stack_lvl+0x189/0x250
[  565.547195][T12450]  ? __pfx____ratelimit+0x10/0x10
[  565.547220][T12450]  ? __pfx_dump_stack_lvl+0x10/0x10
[  565.547245][T12450]  ? __pfx__printk+0x10/0x10
[  565.547280][T12450]  ? ref_tracker_alloc+0x318/0x460
[  565.547307][T12450]  should_fail_ex+0x414/0x560
[  565.547333][T12450]  should_failslab+0xa8/0x100
[  565.547365][T12450]  kmem_cache_alloc_noprof+0x73/0x3c0
[  565.547391][T12450]  ? skb_clone+0x212/0x3a0
[  565.547417][T12450]  skb_clone+0x212/0x3a0
[  565.547441][T12450]  __netlink_deliver_tap+0x404/0x850
[  565.547483][T12450]  ? netlink_deliver_tap+0x2e/0x1b0
[  565.547526][T12450]  netlink_deliver_tap+0x19c/0x1b0
[  565.547563][T12450]  netlink_unicast+0x730/0x8e0
[  565.547608][T12450]  netlink_sendmsg+0x805/0xb30
[  565.547654][T12450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  565.547693][T12450]  ? aa_sock_msg_perm+0x94/0x160
[  565.547722][T12450]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  565.547748][T12450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  565.547783][T12450]  __sock_sendmsg+0x21c/0x270
[  565.547815][T12450]  ____sys_sendmsg+0x52d/0x830
[  565.547844][T12450]  ? __pfx_____sys_sendmsg+0x10/0x10
[  565.547879][T12450]  ? import_iovec+0x74/0xa0
[  565.547916][T12450]  ___sys_sendmsg+0x21f/0x2a0
[  565.547942][T12450]  ? __pfx____sys_sendmsg+0x10/0x10
[  565.548017][T12450]  ? __might_fault+0xb0/0x130
[  565.548054][T12450]  __sys_sendmmsg+0x227/0x430
[  565.548083][T12450]  ? __pfx___sys_sendmmsg+0x10/0x10
[  565.548104][T12450]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  565.548163][T12450]  ? ksys_write+0x22a/0x250
[  565.548199][T12450]  ? __pfx_ksys_write+0x10/0x10
[  565.548226][T12450]  ? rcu_is_watching+0x15/0xb0
[  565.548261][T12450]  __x64_sys_sendmmsg+0xa0/0xc0
[  565.548286][T12450]  do_syscall_64+0xfa/0x3b0
[  565.548313][T12450]  ? lockdep_hardirqs_on+0x9c/0x150
[  565.548336][T12450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.548361][T12450]  ? clear_bhb_loop+0x60/0xb0
[  565.548388][T12450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.548411][T12450] RIP: 0033:0x7fb3bed8e9a9
[  565.548433][T12450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.548453][T12450] RSP: 002b:00007fb3bfbb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  565.548477][T12450] RAX: ffffffffffffffda RBX: 00007fb3befb5fa0 RCX: 00007fb3bed8e9a9
[  565.548500][T12450] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[  565.548517][T12450] RBP: 00007fb3bfbb5090 R08: 0000000000000000 R09: 0000000000000000
[  565.548532][T12450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  565.548546][T12450] R13: 0000000000000000 R14: 00007fb3befb5fa0 R15: 00007fb3bf0dfa28
[  565.548582][T12450]  </TASK>
[  566.073860][   T30] audit: type=1326 audit(1753713238.220:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  566.097490][   T30] audit: type=1326 audit(1753713238.220:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  566.168482][   T30] audit: type=1326 audit(1753713238.220:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  566.241803][   T30] audit: type=1326 audit(1753713238.220:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  566.322004][    T9] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[  566.354194][   T30] audit: type=1326 audit(1753713238.240:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  566.411251][T12463] vivid-000: disconnect
[  566.445335][   T30] audit: type=1326 audit(1753713238.240:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  566.483798][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  566.495744][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  566.518718][   T30] audit: type=1326 audit(1753713238.240:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  566.518912][    T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  566.552318][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.583249][    T9] usb 4-1: config 0 descriptor??
[  566.605923][   T30] audit: type=1326 audit(1753713238.240:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3839d8e9a9 code=0x7ffc0000
[  566.629392][   T30] audit: type=1326 audit(1753713238.240:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3839d2ab89 code=0x7ffc0000
[  566.784381][T11530] usb 1-1: USB disconnect, device number 83
[  567.016602][ T2154] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[  567.085953][    T9] hid-u2fzero 0003:10C4:8ACF.001D: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.3-1/input0
[  567.127399][    T9] hid-u2fzero 0003:10C4:8ACF.001D: U2F Zero LED initialised
[  567.172409][    T9] hid-u2fzero 0003:10C4:8ACF.001D: U2F Zero RNG initialised
[  567.206499][ T2154] usb 3-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  567.263250][ T2154] usb 3-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  567.264787][ T5914] usb 4-1: USB disconnect, device number 71
[  567.297610][ T2154] usb 3-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  567.324624][T12462] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1975'.
[  567.402461][ T2154] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  567.412952][T12476] fido_id[12476]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  567.445463][ T2154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  567.501453][ T2154] usb 3-1: SerialNumber: syz
[  567.829497][T12468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1976'.
[  567.927020][T12469] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1976'.
[  568.378891][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  568.387693][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  568.468458][T12469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.552886][T12469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  570.096037][T12513] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1987'.
[  570.142299][T12513] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1987'.
[  571.800559][T12540] ipvlan2: entered allmulticast mode
[  571.807285][T12540] team0: entered allmulticast mode
[  571.815683][T12540] team_slave_0: entered allmulticast mode
[  571.822608][T12540] team_slave_1: entered allmulticast mode
[  571.830994][T12540] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  572.154873][T12550] tipc: Started in network mode
[  572.170693][T12550] tipc: Node identity 76736a0f2026, cluster identity 4711
[  572.191644][T12550] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  572.222283][T12551] syzkaller0: entered promiscuous mode
[  572.227994][T12551] syzkaller0: entered allmulticast mode
[  572.370697][T12545] tipc: Resetting bearer <eth:syzkaller0>
[  572.437646][T12555] FAULT_INJECTION: forcing a failure.
[  572.437646][T12555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.451906][T12555] CPU: 1 UID: 0 PID: 12555 Comm: syz.3.1999 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  572.451932][T12555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  572.451945][T12555] Call Trace:
[  572.451954][T12555]  <TASK>
[  572.451964][T12555]  dump_stack_lvl+0x189/0x250
[  572.452003][T12555]  ? __pfx____ratelimit+0x10/0x10
[  572.452027][T12555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  572.452052][T12555]  ? __pfx__printk+0x10/0x10
[  572.452094][T12555]  should_fail_ex+0x414/0x560
[  572.452123][T12555]  _copy_to_user+0x31/0xb0
[  572.452156][T12555]  simple_read_from_buffer+0xe1/0x170
[  572.452193][T12555]  proc_fail_nth_read+0x1df/0x250
[  572.452218][T12555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  572.452243][T12555]  ? rw_verify_area+0x258/0x650
[  572.452270][T12555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  572.452293][T12555]  vfs_read+0x1fd/0x980
[  572.452327][T12555]  ? __pfx___mutex_lock+0x10/0x10
[  572.452353][T12555]  ? __pfx_vfs_read+0x10/0x10
[  572.452383][T12555]  ? __fget_files+0x2a/0x420
[  572.452407][T12555]  ? __fget_files+0x3a0/0x420
[  572.452426][T12555]  ? __fget_files+0x2a/0x420
[  572.452454][T12555]  ksys_read+0x145/0x250
[  572.452485][T12555]  ? __pfx_ksys_read+0x10/0x10
[  572.452510][T12555]  ? rcu_is_watching+0x15/0xb0
[  572.452541][T12555]  ? do_syscall_64+0xbe/0x3b0
[  572.452571][T12555]  do_syscall_64+0xfa/0x3b0
[  572.452594][T12555]  ? lockdep_hardirqs_on+0x9c/0x150
[  572.452617][T12555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.452638][T12555]  ? clear_bhb_loop+0x60/0xb0
[  572.452664][T12555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.452684][T12555] RIP: 0033:0x7fb3bed8d3bc
[  572.452704][T12555] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  572.452723][T12555] RSP: 002b:00007fb3bfbb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  572.452746][T12555] RAX: ffffffffffffffda RBX: 00007fb3befb5fa0 RCX: 00007fb3bed8d3bc
[  572.452762][T12555] RDX: 000000000000000f RSI: 00007fb3bfbb50a0 RDI: 0000000000000004
[  572.452775][T12555] RBP: 00007fb3bfbb5090 R08: 0000000000000000 R09: 0000000000000000
[  572.452788][T12555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  572.452801][T12555] R13: 0000000000000000 R14: 00007fb3befb5fa0 R15: 00007fb3bf0dfa28
[  572.452834][T12555]  </TASK>
[  572.611018][ T2154] rndis_host 3-1:253.0: RNDIS init failed, -32
[  572.739352][ T2154] rndis_host 3-1:253.0: probe with driver rndis_host failed with error -32
[  572.948044][T12543] tipc: Resetting bearer <eth:syzkaller0>
[  573.055669][T12543] tipc: Disabling bearer <eth:syzkaller0>
[  573.551706][T12575] vlan2: entered promiscuous mode
[  573.566975][T12575] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  573.968369][T12585] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  574.444845][T12590] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  574.457886][T12591] syzkaller0: entered promiscuous mode
[  574.464521][T12591] syzkaller0: entered allmulticast mode
[  574.516326][T12589] tipc: Resetting bearer <eth:syzkaller0>
[  574.555074][T12588] tipc: Resetting bearer <eth:syzkaller0>
[  574.646393][T12588] tipc: Disabling bearer <eth:syzkaller0>
[  575.172551][    T9] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  575.442238][T12600] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2012'.
[  575.482130][    T9] usb 4-1: Using ep0 maxpacket: 32
[  575.498204][    T9] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  575.516340][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.545366][    T9] usb 4-1: Product: syz
[  575.549728][    T9] usb 4-1: Manufacturer: syz
[  575.577910][    T9] usb 4-1: SerialNumber: syz
[  575.596151][    T9] usb 4-1: config 0 descriptor??
[  575.712658][T12606] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  576.331774][    T9] airspy 4-1:0.0: Board ID: 00
[  576.562370][    T9] airspy 4-1:0.0: Firmware version: 
[  577.634939][    T9] airspy 4-1:0.0: usb_control_msg() failed -110 request 11
[  577.654053][    T9] airspy 4-1:0.0: Registered as swradio24
[  577.667758][    T9] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  577.856836][ T5914] usb 4-1: USB disconnect, device number 72
[  577.871820][    T9] usb 2-1: new full-speed USB device number 82 using dummy_hcd
[  578.004419][T12628] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2019'.
[  578.045570][    T9] usb 2-1: config index 0 descriptor too short (expected 5924, got 36)
[  578.067211][    T9] usb 2-1: config 250 has an invalid interface number: 228 but max is -1
[  578.094587][    T9] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0
[  578.117958][    T9] usb 2-1: config 250 has no interface number 0
[  578.130086][    T9] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 64
[  578.146817][    T9] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  578.163875][    T9] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  578.179553][    T9] usb 2-1: config 250 interface 228 has no altsetting 0
[  578.197940][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  578.231950][    T9] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  578.240297][    T9] usb 2-1: Product: syz
[  578.245903][    T9] usb 2-1: SerialNumber: syz
[  578.258235][    T9] hub 2-1:250.228: bad descriptor, ignoring hub
[  578.268424][    T9] hub 2-1:250.228: probe with driver hub failed with error -5
[  578.463868][    T9] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 82 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  578.661835][ T5927] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  578.751871][    T9] usb 5-1: new full-speed USB device number 57 using dummy_hcd
[  578.781819][ T5914] usb 2-1: USB disconnect, device number 82
[  578.796117][ T5914] usblp0: removed
[  578.832425][ T5927] usb 1-1: Using ep0 maxpacket: 8
[  578.839356][ T5927] usb 1-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  578.856790][ T5927] usb 1-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C
[  578.881809][ T5927] usb 1-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  578.912235][ T5927] usb 1-1: config 6 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0
[  578.937407][ T5927] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  578.964508][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  578.978684][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  578.995382][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.016641][    T9] usb 5-1: config 7 has an invalid interface number: 79 but max is 0
[  579.025873][ T5927] usb 1-1: Product: syz
[  579.030106][ T5927] usb 1-1: Manufacturer: syz
[  579.039868][    T9] usb 5-1: config 7 has no interface number 0
[  579.066043][ T5927] usb 1-1: SerialNumber: syz
[  579.071880][    T9] usb 5-1: config 7 interface 79 altsetting 6 endpoint 0xF has invalid maxpacket 512, setting to 64
[  579.103386][    T9] usb 5-1: config 7 interface 79 altsetting 6 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  579.123064][ T5927] hso 1-1:6.0: Can't find BULK OUT endpoint
[  579.141175][    T9] usb 5-1: config 7 interface 79 has no altsetting 0
[  579.157753][    T9] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=f4.98
[  579.201828][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.209910][    T9] usb 5-1: Product: syz
[  579.227412][    T9] usb 5-1: SerialNumber: syz
[  579.250633][T12636] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[  579.378620][ T5914] usb 1-1: USB disconnect, device number 84
[  579.749871][T11530] usb 5-1: USB disconnect, device number 57
[  579.802137][    T9] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  579.821218][  T981] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  579.964613][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  579.975505][    T9] usb 4-1: config 5 has an invalid interface number: 150 but max is 0
[  579.984889][    T9] usb 4-1: config 5 has no interface number 0
[  579.993321][  T981] usb 2-1: Using ep0 maxpacket: 16
[  579.994868][    T9] usb 4-1: config 5 interface 150 has no altsetting 0
[  580.002816][  T981] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  580.018353][  T981] usb 2-1: config 0 has no interface number 0
[  580.024951][  T981] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  580.041183][  T981] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  580.068979][    T9] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a2a, bcdDevice=2d.59
[  580.070450][  T981] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  580.079159][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.153247][  T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.211979][    T9] usb 4-1: Product: syz
[  580.222307][    T9] usb 4-1: Manufacturer: syz
[  580.229354][    T9] usb 4-1: SerialNumber: syz
[  580.242984][  T981] usb 2-1: Product: syz
[  580.257559][  T981] usb 2-1: Manufacturer: syz
[  580.271177][  T981] usb 2-1: SerialNumber: syz
[  580.278884][  T981] usb 2-1: config 0 descriptor??
[  580.297171][T12659] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  580.535011][T12659] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  580.964119][    T9] usb 4-1: USB disconnect, device number 73
[  580.986042][T12659] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  581.072717][T12659] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  581.093609][T12667] FAULT_INJECTION: forcing a failure.
[  581.093609][T12667] name failslab, interval 1, probability 0, space 0, times 0
[  581.112385][T12667] CPU: 1 UID: 0 PID: 12667 Comm: syz.4.2033 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  581.112420][T12667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  581.112433][T12667] Call Trace:
[  581.112443][T12667]  <TASK>
[  581.112453][T12667]  dump_stack_lvl+0x189/0x250
[  581.112484][T12667]  ? __pfx____ratelimit+0x10/0x10
[  581.112509][T12667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  581.112534][T12667]  ? __pfx__printk+0x10/0x10
[  581.112564][T12667]  ? __pfx___might_resched+0x10/0x10
[  581.112589][T12667]  ? fs_reclaim_acquire+0x7d/0x100
[  581.112616][T12667]  should_fail_ex+0x414/0x560
[  581.112645][T12667]  should_failslab+0xa8/0x100
[  581.112679][T12667]  __kmalloc_noprof+0xcb/0x4f0
[  581.112708][T12667]  ? encrypted_update+0x138/0x560
[  581.112743][T12667]  encrypted_update+0x138/0x560
[  581.112772][T12667]  ? key_task_permission+0x3c0/0x4f0
[  581.112801][T12667]  __key_update+0x17f/0x380
[  581.112825][T12667]  ? __key_link_end+0xc3/0x130
[  581.112865][T12667]  ? __pfx___key_update+0x10/0x10
[  581.112896][T12667]  ? __key_link_end+0xe1/0x130
[  581.112925][T12667]  __key_create_or_update+0x833/0xa30
[  581.112962][T12667]  ? __pfx___key_create_or_update+0x10/0x10
[  581.113010][T12667]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  581.113051][T12667]  key_create_or_update+0x42/0x60
[  581.113082][T12667]  __se_sys_add_key+0x329/0x400
[  581.113115][T12667]  ? __pfx___se_sys_add_key+0x10/0x10
[  581.113155][T12667]  ? do_syscall_64+0xbe/0x3b0
[  581.113178][T12667]  ? __x64_sys_add_key+0x20/0xc0
[  581.113209][T12667]  do_syscall_64+0xfa/0x3b0
[  581.113232][T12667]  ? lockdep_hardirqs_on+0x9c/0x150
[  581.113255][T12667]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.113276][T12667]  ? clear_bhb_loop+0x60/0xb0
[  581.113303][T12667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.113324][T12667] RIP: 0033:0x7f7ca758e9a9
[  581.113343][T12667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.113363][T12667] RSP: 002b:00007f7ca8424038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  581.113385][T12667] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758e9a9
[  581.113401][T12667] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140
[  581.113417][T12667] RBP: 00007f7ca8424090 R08: fffffffffffffffe R09: 0000000000000000
[  581.113431][T12667] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001
[  581.113444][T12667] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  581.113478][T12667]  </TASK>
[  581.417419][  T981] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  581.427825][  T981] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  581.440335][  T981] asix 2-1:0.251: probe with driver asix failed with error -5
[  581.593524][   T30] kauditd_printk_skb: 51 callbacks suppressed
[  581.593544][   T30] audit: type=1326 audit(1753713255.270:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12670 comm="syz.4.2035" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ca758e9a9 code=0x0
[  581.629732][T12664] syz.0.2032 (12664): drop_caches: 2
[  582.003933][T12680] netlink: 'syz.0.2039': attribute type 3 has an invalid length.
[  582.012825][T12680] netlink: 'syz.0.2039': attribute type 3 has an invalid length.
[  582.024265][T12680] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2039'.
[  582.053930][T12680] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2039'.
[  582.132846][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  582.148360][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  582.158129][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  582.167283][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  582.177641][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  582.321377][ T5914] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  582.476011][T12693] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2042'.
[  582.488761][T12693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2042'.
[  582.501684][ T5914] usb 4-1: Using ep0 maxpacket: 8
[  582.515143][T12693] chnl_net:caif_netlink_parms(): no params data found
[  582.527511][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short
[  582.535744][ T5914] usb 4-1: no configurations
[  582.540496][ T5914] usb 4-1: can't read configurations, error -22
[  582.702691][    T9] usb 2-1: USB disconnect, device number 83
[  582.788161][T12686] chnl_net:caif_netlink_parms(): no params data found
[  582.795941][ T2154] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  582.979065][ T2154] usb 1-1: config index 0 descriptor too short (expected 8192, got 77)
[  582.990774][ T2154] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  583.024157][ T2154] usb 1-1: config 0 has no interfaces?
[  583.049467][ T2154] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  583.096170][ T2154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.131847][ T2154] usb 1-1: Product: syz
[  583.136105][ T2154] usb 1-1: Manufacturer: syz
[  583.140803][ T2154] usb 1-1: SerialNumber: syz
[  583.174463][T12686] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.189398][ T2154] usb 1-1: config 0 descriptor??
[  583.198823][T12686] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.199407][T12718] FAULT_INJECTION: forcing a failure.
[  583.199407][T12718] name failslab, interval 1, probability 0, space 0, times 0
[  583.224470][T12718] CPU: 0 UID: 0 PID: 12718 Comm: syz.3.2050 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  583.224508][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  583.224524][T12718] Call Trace:
[  583.224534][T12718]  <TASK>
[  583.224545][T12718]  dump_stack_lvl+0x189/0x250
[  583.224580][T12718]  ? __pfx____ratelimit+0x10/0x10
[  583.224607][T12718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  583.224635][T12718]  ? __pfx__printk+0x10/0x10
[  583.224671][T12718]  ? __pfx___might_resched+0x10/0x10
[  583.224700][T12718]  ? fs_reclaim_acquire+0x7d/0x100
[  583.224730][T12718]  should_fail_ex+0x414/0x560
[  583.224762][T12718]  should_failslab+0xa8/0x100
[  583.224799][T12718]  __kmalloc_noprof+0xcb/0x4f0
[  583.224831][T12718]  ? encrypted_update+0x138/0x560
[  583.224869][T12718]  encrypted_update+0x138/0x560
[  583.224917][T12718]  ? key_task_permission+0x3c0/0x4f0
[  583.224949][T12718]  __key_update+0x17f/0x380
[  583.224981][T12718]  ? __key_link_end+0xc3/0x130
[  583.225018][T12718]  ? __pfx___key_update+0x10/0x10
[  583.225052][T12718]  ? __key_link_end+0xe1/0x130
[  583.225086][T12718]  __key_create_or_update+0x833/0xa30
[  583.225123][T12718]  ? __pfx___key_create_or_update+0x10/0x10
[  583.225178][T12718]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  583.225215][T12718]  key_create_or_update+0x42/0x60
[  583.225248][T12718]  __se_sys_add_key+0x329/0x400
[  583.225286][T12718]  ? __pfx___se_sys_add_key+0x10/0x10
[  583.225331][T12718]  ? do_syscall_64+0xbe/0x3b0
[  583.225356][T12718]  ? __x64_sys_add_key+0x20/0xc0
[  583.225391][T12718]  do_syscall_64+0xfa/0x3b0
[  583.225416][T12718]  ? lockdep_hardirqs_on+0x9c/0x150
[  583.225442][T12718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.225466][T12718]  ? clear_bhb_loop+0x60/0xb0
[  583.225496][T12718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.225519][T12718] RIP: 0033:0x7fb3bed8e9a9
[  583.225540][T12718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  583.225562][T12718] RSP: 002b:00007fb3bfbb5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  583.225587][T12718] RAX: ffffffffffffffda RBX: 00007fb3befb5fa0 RCX: 00007fb3bed8e9a9
[  583.225605][T12718] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140
[  583.225622][T12718] RBP: 00007fb3bfbb5090 R08: fffffffffffffffe R09: 0000000000000000
[  583.225639][T12718] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001
[  583.225654][T12718] R13: 0000000000000000 R14: 00007fb3befb5fa0 R15: 00007fb3bf0dfa28
[  583.225691][T12718]  </TASK>
[  583.245136][T12686] bridge_slave_0: entered allmulticast mode
[  583.573635][T12686] bridge_slave_0: entered promiscuous mode
[  583.594896][T12686] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.608627][T12686] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.616459][T12686] bridge_slave_1: entered allmulticast mode
[  583.852941][T12686] bridge_slave_1: entered promiscuous mode
[  584.017095][T12730] FAULT_INJECTION: forcing a failure.
[  584.017095][T12730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.059700][T12730] CPU: 1 UID: 0 PID: 12730 Comm: syz.4.2052 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  584.059730][T12730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  584.059743][T12730] Call Trace:
[  584.059752][T12730]  <TASK>
[  584.059761][T12730]  dump_stack_lvl+0x189/0x250
[  584.059794][T12730]  ? __pfx____ratelimit+0x10/0x10
[  584.059819][T12730]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.059845][T12730]  ? __pfx__printk+0x10/0x10
[  584.059885][T12730]  should_fail_ex+0x414/0x560
[  584.059909][T12730]  _copy_to_user+0x31/0xb0
[  584.059933][T12730]  simple_read_from_buffer+0xe1/0x170
[  584.059968][T12730]  proc_fail_nth_read+0x1df/0x250
[  584.059993][T12730]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  584.060017][T12730]  ? rw_verify_area+0x258/0x650
[  584.060044][T12730]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  584.060068][T12730]  vfs_read+0x1fd/0x980
[  584.060094][T12730]  ? __pfx___mutex_lock+0x10/0x10
[  584.060120][T12730]  ? __pfx_vfs_read+0x10/0x10
[  584.060150][T12730]  ? __fget_files+0x2a/0x420
[  584.060172][T12730]  ? __fget_files+0x3a0/0x420
[  584.060189][T12730]  ? __fget_files+0x2a/0x420
[  584.060213][T12730]  ksys_read+0x145/0x250
[  584.060235][T12730]  ? __pfx_ksys_read+0x10/0x10
[  584.060252][T12730]  ? rcu_is_watching+0x15/0xb0
[  584.060286][T12730]  ? do_syscall_64+0xbe/0x3b0
[  584.060314][T12730]  do_syscall_64+0xfa/0x3b0
[  584.060335][T12730]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.060357][T12730]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.060371][T12730]  ? clear_bhb_loop+0x60/0xb0
[  584.060390][T12730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.060404][T12730] RIP: 0033:0x7f7ca758d3bc
[  584.060426][T12730] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  584.060445][T12730] RSP: 002b:00007f7ca8424030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  584.060466][T12730] RAX: ffffffffffffffda RBX: 00007f7ca77b5fa0 RCX: 00007f7ca758d3bc
[  584.060481][T12730] RDX: 000000000000000f RSI: 00007f7ca84240a0 RDI: 0000000000000004
[  584.060494][T12730] RBP: 00007f7ca8424090 R08: 0000000000000000 R09: 0000000000000000
[  584.060507][T12730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  584.060516][T12730] R13: 0000000000000000 R14: 00007f7ca77b5fa0 R15: 00007f7ca78dfa28
[  584.060539][T12730]  </TASK>
[  584.317216][ T5855] Bluetooth: hci5: command tx timeout
[  584.427238][T12686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  584.699513][T12686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  585.328493][T12686] team0: Port device team_slave_0 added
[  585.359127][T12686] team0: Port device team_slave_1 added
[  585.568734][ T2154] usb 1-1: USB disconnect, device number 85
[  585.679287][T12686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  585.720180][T12686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  585.746197][    C0] vkms_vblank_simulate: vblank timer overrun
[  585.894042][T12686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  586.014370][T12686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  586.048459][T12686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  586.074661][    C0] vkms_vblank_simulate: vblank timer overrun
[  586.121956][T12686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  586.285782][T12750] 
[  586.288268][T12750] ============================================
[  586.294458][T12750] WARNING: possible recursive locking detected
[  586.300820][T12750] 6.16.0-syzkaller #0 Not tainted
[  586.305982][T12750] --------------------------------------------
[  586.312167][T12750] syz.3.2057/12750 is trying to acquire lock:
[  586.318264][T12750] ffff88805725cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __netdev_update_features+0xcb1/0x1a20
[  586.329300][T12750] 
[  586.329300][T12750] but task is already holding lock:
[  586.336687][T12750] ffff88805725cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x1990
[  586.346613][T12750] and the lock comparison function returns 0:
[  586.352789][T12750] 
[  586.352789][T12750] other info that might help us debug this:
[  586.360977][T12750]  Possible unsafe locking scenario:
[  586.360977][T12750] 
[  586.368533][T12750]        CPU0
[  586.371922][T12750]        ----
[  586.375217][T12750]   lock(&dev_instance_lock_key#20);
[  586.380536][T12750]   lock(&dev_instance_lock_key#20);
[  586.385899][T12750] 
[  586.385899][T12750]  *** DEADLOCK ***
[  586.385899][T12750] 
[  586.394147][T12750]  May be due to missing lock nesting notation
[  586.394147][T12750] 
[  586.403019][T12750] 2 locks held by syz.3.2057/12750:
[  586.408235][T12750]  #0: ffffffff8f51c1c8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x1990
[  586.417249][T12750]  #1: ffff88805725cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x1990
[  586.427567][T12750] 
[  586.427567][T12750] stack backtrace:
[  586.433509][T12750] CPU: 1 UID: 0 PID: 12750 Comm: syz.3.2057 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  586.433533][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  586.433545][T12750] Call Trace:
[  586.433553][T12750]  <TASK>
[  586.433561][T12750]  dump_stack_lvl+0x189/0x250
[  586.433589][T12750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  586.433609][T12750]  ? __pfx__printk+0x10/0x10
[  586.433633][T12750]  ? print_lock_name+0xde/0x100
[  586.433656][T12750]  print_deadlock_bug+0x28b/0x2a0
[  586.433678][T12750]  validate_chain+0x1a3f/0x2140
[  586.433701][T12750]  ? __lock_acquire+0xab9/0xd20
[  586.433724][T12750]  __lock_acquire+0xab9/0xd20
[  586.433742][T12750]  ? __netdev_update_features+0xcb1/0x1a20
[  586.433759][T12750]  lock_acquire+0x120/0x360
[  586.433775][T12750]  ? __netdev_update_features+0xcb1/0x1a20
[  586.433797][T12750]  __mutex_lock+0x182/0xe80
[  586.433816][T12750]  ? __netdev_update_features+0xcb1/0x1a20
[  586.433837][T12750]  ? __netdev_update_features+0xcb1/0x1a20
[  586.433855][T12750]  ? __pfx___mutex_lock+0x10/0x10
[  586.433873][T12750]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  586.433889][T12750]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  586.433911][T12750]  __netdev_update_features+0xcb1/0x1a20
[  586.433934][T12750]  ? __pfx___netdev_update_features+0x10/0x10
[  586.433952][T12750]  ? __lock_acquire+0xab9/0xd20
[  586.433987][T12750]  __netdev_update_features+0xd02/0x1a20
[  586.434010][T12750]  ? __pfx___netdev_update_features+0x10/0x10
[  586.434027][T12750]  ? __lock_acquire+0xab9/0xd20
[  586.434045][T12750]  ? __lock_acquire+0xab9/0xd20
[  586.434069][T12750]  netdev_change_features+0x72/0xd0
[  586.434086][T12750]  ? __pfx_netdev_change_features+0x10/0x10
[  586.434102][T12750]  ? __team_compute_features+0x488/0x4c0
[  586.434121][T12750]  team_device_event+0x489/0xa20
[  586.434139][T12750]  notifier_call_chain+0x1b6/0x3e0
[  586.434162][T12750]  netdev_update_features+0xa3/0xe0
[  586.434184][T12750]  ? __pfx_netdev_update_features+0x10/0x10
[  586.434208][T12750]  ? netif_inherit_tso_max+0x1ec/0x340
[  586.434224][T12750]  macvlan_device_event+0x541/0x860
[  586.434243][T12750]  ? __pfx_macvlan_device_event+0x10/0x10
[  586.434264][T12750]  notifier_call_chain+0x1b6/0x3e0
[  586.434286][T12750]  netdev_features_change+0x85/0xc0
[  586.434307][T12750]  ? __pfx_netdev_features_change+0x10/0x10
[  586.434328][T12750]  ? security_capable+0x7e/0x2e0
[  586.434348][T12750]  dev_ethtool+0x1520/0x1990
[  586.434369][T12750]  ? __pfx_dev_ethtool+0x10/0x10
[  586.434390][T12750]  ? dev_load+0x21/0x1f0
[  586.434412][T12750]  dev_ioctl+0x392/0x1150
[  586.434435][T12750]  sock_do_ioctl+0x22c/0x300
[  586.434454][T12750]  ? __pfx_sock_do_ioctl+0x10/0x10
[  586.434471][T12750]  ? __lock_acquire+0xab9/0xd20
[  586.434492][T12750]  sock_ioctl+0x576/0x790
[  586.434510][T12750]  ? __pfx_sock_ioctl+0x10/0x10
[  586.434527][T12750]  ? __fget_files+0x2a/0x420
[  586.434541][T12750]  ? __fget_files+0x3a0/0x420
[  586.434555][T12750]  ? __fget_files+0x2a/0x420
[  586.434569][T12750]  ? bpf_lsm_file_ioctl+0x9/0x20
[  586.434590][T12750]  ? __pfx_sock_ioctl+0x10/0x10
[  586.434606][T12750]  __se_sys_ioctl+0xfc/0x170
[  586.434627][T12750]  do_syscall_64+0xfa/0x3b0
[  586.434645][T12750]  ? lockdep_hardirqs_on+0x9c/0x150
[  586.434662][T12750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.434678][T12750]  ? clear_bhb_loop+0x60/0xb0
[  586.434695][T12750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.434711][T12750] RIP: 0033:0x7fb3bed8e9a9
[  586.434817][T12750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  586.434833][T12750] RSP: 002b:00007fb3bfb94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  586.434853][T12750] RAX: ffffffffffffffda RBX: 00007fb3befb6080 RCX: 00007fb3bed8e9a9
[  586.434866][T12750] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000004
[  586.434878][T12750] RBP: 00007fb3bee10d69 R08: 0000000000000000 R09: 0000000000000000
[  586.434889][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  586.434899][T12750] R13: 0000000000000000 R14: 00007fb3befb6080 R15: 00007fb3bf0dfa28
[  586.434918][T12750]  </TASK>
[  586.875902][ T5855] Bluetooth: hci5: command tx timeout
[  586.978204][T12761] xt_CT: No such helper "syz0"
[  587.352084][    T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  587.638595][    T9] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  587.663015][    T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  587.705178][    T9] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  587.734460][    T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  587.753249][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.781983][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  587.789414][    T9] usb 5-1: invalid MIDI out EP 0
[  587.897805][    T9] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  588.921693][ T5849] Bluetooth: hci5: command tx timeout
[  590.991975][ T5849] Bluetooth: hci5: command tx timeout