last executing test programs:

8m12.733615857s ago: executing program 1 (id=395):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0x10)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4205, r0, 0x46e62b7f, &(0x7f0000000240)={0x0})

8m12.120755464s ago: executing program 1 (id=397):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(0x0, 0x1, 0x402)
ioctl$I2C_PEC(r1, 0x708, 0x7)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x7, &(0x7f0000000100)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

8m10.714299714s ago: executing program 1 (id=405):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r0, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff004) (fail_nth: 3)

8m9.246402733s ago: executing program 1 (id=408):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r0 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x80840, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) (async)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) (async)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
rseq(&(0x7f0000000300), 0x20, 0x1, 0x0) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
ppoll(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
shutdown(r7, 0x0)
read$FUSE(r1, &(0x7f0000003400)={0x2020}, 0x2021)

8m8.742840297s ago: executing program 1 (id=410):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x65c, 0x80000)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x9, 0x2, r2})
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x200000, 0x0)
write$sequencer(r3, &(0x7f0000000040)=[@n={0x1, 0x5, @generic=0x24, 0x3}, @raw={0xfe, 0xf, "e32943ff7c9d"}, @t={0x81, 0x8, 0x2, 0x7}, @echo=0x4], 0x18)
lsm_set_self_attr(0x0, &(0x7f0000001a80)={0x0, 0x0, 0x20}, 0x20, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x5, 0x7, 0x7f, 0x0, 0xb, 0x4, 0x3, 0x41, 0x3, 0x58, 0x90, 0x5, 0xb, 0x7f}})

8m7.768640888s ago: executing program 1 (id=415):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(0x0, 0x1, 0x402)
ioctl$I2C_PEC(r1, 0x708, 0x7)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x7, &(0x7f0000000100)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

8m7.334237787s ago: executing program 32 (id=415):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(0x0, 0x1, 0x402)
ioctl$I2C_PEC(r1, 0x708, 0x7)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x7, &(0x7f0000000100)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

5m29.215201098s ago: executing program 0 (id=972):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x4b5, &(0x7f0000000100)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000000080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r4=>0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r5=>0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f00000003c0)='D', 0x1, 0x0, 0x0, 0x0)
shutdown(r6, 0x1)
rt_tgsigqueueinfo(r4, r5, 0x32, &(0x7f0000000300)={0x17, 0x7, 0x4})
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
r7 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000200)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r10, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={<r11=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r10, 0x84, 0x7c, &(0x7f0000000040)={r11, 0x0, 0x3}, 0x8)
syz_io_uring_submit(r8, r9, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r7, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})

5m27.712924892s ago: executing program 0 (id=975):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)={0x20, 0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x7, &(0x7f0000000100)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

5m26.020172619s ago: executing program 0 (id=982):
mincore(&(0x7f0000c00000/0x400000)=nil, 0x400000, &(0x7f0000000100)=""/206)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@mpls_getroute={0x1c, 0x1a, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x900}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000300)={&(0x7f0000000000), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x98, 0x0, 0x7, 0x300, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xe}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xa51d}, @NFACCT_FILTER_MASK={0x8}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x100}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x1000000000}, @NFACCT_FLAGS={0x8}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x97}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4d1}, @NFACCT_QUOTA={0xc}]}, 0x98}, 0x1, 0x0, 0x0, 0x41}, 0xc880)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04220f0100000000000009002e056c0b000091c6b3bd17f66d950641ece3787f7ea25b85cf132f45eceaba8a760f6996eb1f9eb3763f6497b7518b691c2fb85cd9c2c585d346301bc8aa0267ce01500f6b03239fec0ba25347d8735ae6f8eb5584bc3b8a247c28ee4bb6e516befdae00620bbd15fc03869ba2614284af4623473fd4bd4fef2d57ee"], 0x12)

5m25.872506763s ago: executing program 0 (id=984):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f00000000c0)=0xfffffffffffffffd)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x0, 0x1, 0x70bd27, 0x0, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0)
openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1800000000", @ANYRES32=0x0, @ANYRES64=0x0], 0x20)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fspick(r5, &(0x7f0000000000)='.\x00', 0x0)
ioctl$VT_SETMODE(r5, 0x5602, &(0x7f0000000040)={0x5, 0xff, 0x0, 0x87, 0x8})

5m25.312733704s ago: executing program 0 (id=986):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='btrfs_clear_extent_bit\x00'}, 0x18)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x100, 0x70, 0x8, 0x1ff, 0x7, 0x100, 0xfeba, 0x3, 0x8000, 0x0, 0x100, 0x9}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r2, 0x7a6, 0x0)
syz_open_dev$sg(&(0x7f0000000140), 0x5e7d, 0x180)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fe07124081173809499b0102030109022400010000000009040000028b8647000905e8ff000000000009050a", @ANYRES16], 0x0)
r4 = epoll_create1(0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0x6b1, @private2, 0x100}], 0x1c)
sendmmsg$inet(r5, &(0x7f0000001940)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @private=0xa010101}, 0x10, &(0x7f0000001880)=[{&(0x7f0000000400)="c3", 0x1}], 0x1}}], 0x1, 0x4c080)
setsockopt(r5, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000c40)={0x2000000b})
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140001007465616d300000000000000000000000080007"], 0xd8}}, 0x0)

5m22.100723066s ago: executing program 0 (id=997):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000140)={0x5178, 0x1, [{0x1, 0x1}]})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team_slave_1\x00'})

5m6.650025447s ago: executing program 33 (id=997):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000140)={0x5178, 0x1, [{0x1, 0x1}]})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team_slave_1\x00'})

7.933298831s ago: executing program 4 (id=2071):
openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0xd0, 0x1b}, 0xffffffffffffff05)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
syz_open_dev$sg(&(0x7f0000000080), 0x4ef4, 0x149c80)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
close(r2)
syz_open_dev$usbmon(&(0x7f0000000280), 0x80000000000000, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
read$FUSE(r2, &(0x7f0000008100)={0x2020}, 0xfffffddd)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat$sysfs(0xffffffffffffff9c, 0x0, 0x169a82, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000100)={0x11, 0x4, r4}, 0x14)
syz_emit_ethernet(0xe, &(0x7f0000000000)={@broadcast, @remote, @void, {@generic={0xc}}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r0, 0xfffe)
ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000240)={0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r7, 0x4004ae86, &(0x7f0000000440)=0xfffffe00)

7.776603258s ago: executing program 6 (id=2073):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x40, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x9}}, 0x0, 0x0, 0x14, 0x0, "e541b93d3aa6a2bf75e9671e8abcb31c134f63186c7244fc3b3801e79f15ce5bce05c13ed90158fbdeb70322ea3188f818e3db00000000000000000000000000edfab3ba3ff2f05700"}, 0xd8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty=0x300, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x11, 0x5, 0x0, 0x0, {[@md5sig={0x13, 0x12, "9352d97000000000998100"}]}}}}}}}, 0x0)

7.716485203s ago: executing program 6 (id=2074):
userfaultfd(0x801)
syz_open_procfs(0x0, &(0x7f0000000180)='net/tcp6\x00')
socket$alg(0x26, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005600010000dd86f70000000007020000", @ANYRES32=r0, @ANYBLOB="200001"], 0x38}}, 0x0)

7.484487573s ago: executing program 6 (id=2076):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x4b5, &(0x7f0000000100)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000000080), &(0x7f0000000000))
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r3=>0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000003c0)='D', 0x1, 0x0, 0x0, 0x0)
shutdown(r4, 0x1)
rt_tgsigqueueinfo(0x0, r3, 0x32, &(0x7f0000000300)={0x17, 0x7, 0x4})
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, &(0x7f0000000040)={r9, 0x0, 0x3}, 0x8)
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r5, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r5, 0x6e2, 0x600, 0x1, 0x0, 0x0)

7.484055472s ago: executing program 3 (id=2077):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r0)
socket$kcm(0x10, 0x2, 0x4)
madvise(&(0x7f00004a8000/0x1000)=nil, 0x1000, 0x65)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x27eb, 0x10100, 0x0, 0xbd7}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {<r6=>0x0, 0xffffffffffffffff}}, './file0\x00'})
r7 = getgid()
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {r6, r7}}, './file0\x00'})
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r8 = userfaultfd(0x80801)
sendmmsg$sock(r2, 0x0, 0x0, 0x20004090)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
syz_open_dev$vim2m(&(0x7f00000000c0), 0xe, 0x2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r8, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f00006c0000/0x1000)=nil, 0x800000})
syz_io_uring_submit(r9, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000180)='net/igmp6\x00')
mmap$IORING_OFF_CQ_RING(&(0x7f00005a7000/0x1000)=nil, 0x1000, 0xd, 0x13, r10, 0x8000000)

6.445227491s ago: executing program 3 (id=2079):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000940)={0x38, 0x5, 0x0, 0x4, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x9}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24000840)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="000000c6d222406b096cc34801000000647418aaf9b9a332f41ec9591b532723e017c8c54d", 0x25, 0x0)
madvise(&(0x7f0000523000/0x4000)=nil, 0x4000, 0x9)

6.334629828s ago: executing program 4 (id=2081):
r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000140)=@id, &(0x7f0000000180)=0x10, 0x80800)
bind$tipc(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a000090400000103010100092100080001220100090581a6e87b5905d65d0dadec03"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000200)={0x14, &(0x7f0000000300)=ANY=[@ANYRESDEC=r1, @ANYBLOB="fdd98f716c86bbd89ea7e1e52388cbfb99f3e4c6891ccf1a1905fde13acd9f54b0210fec9cb57388bf589cfda66a5f74c151d1edbb443ecdfd1981655801af874d1d85a25c3172b1183b6e12daf1899dc760713d95945b35ff0466bcf655824c146af38381feef694bdb9dbfd5ef3a9831eefbcc538c78f11757d019ae5f2b9e80e92c76bc062ee60d9495c1dab221f30bcef29dfcc6cc6d6f4c1b62795e70b0753739443a93964180a04f5f438ce827e12a6563343ea88e6c0d928dea8703eb04895c"], 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r2, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x69, 0x4, 0x7d, 0x8, 0xabf, 0x3370, 0x30e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb5, 0xbc, 0x65}}]}}]}}, 0x0) (async)
syz_usb_control_io(r2, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000680)={0x2c, &(0x7f00000002c0)={0x20, 0x30, 0x4, 'N{VL'}, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000b40)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109025c000201fe007d0904000001020d0000052406000105240000000d240f0102000000080000000006241a0020000905810308000000100904010000020d00000904010102020d00000905820220"], 0x0)

5.897765903s ago: executing program 6 (id=2084):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
r1 = openat$hwrng(0xffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r3}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000200)={0x7, 0x8, 0xfa00, {r3, 0x24}}, 0x10)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4dd11876d04ce31a}, 0x20040800)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x101502)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
open_by_handle_at(0xffffffffffffffff, 0x0, 0xe0242)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000680)={0x0, &(0x7f00000005c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000780)={0x0, 0xfffffffffffffe71, r6, 0x0, 0x81, 0x8, 0xfffffffa, 0xffffff59, {0x3, 0x0, 0x4000, 0x7, 0xb, 0x1ff, 0x4, 0x7fff, 0x7fff, 0x9, 0xffff, 0x5, 0x82fc6361, 0x8, "0943e32f8c8e713a3c2a390b3d6cd8923a2a56af43fa73c4d4fd4ff34dff31f0"}})
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x18, 0x3c, 0x107, 0x70bd27, 0x0, {0x3, 0x7c}, [@generic="f8f7"]}, 0x18}, 0x1, 0x0, 0x0, 0x488c1}, 0xc000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000ae96b9000000000000434bc0978492b5583f971012fd5bec3fbf68d0b1542e917c04b03da71a4c05ba7e619e933f2bf9e8209c254004dcb5194e3d52b062756c0d8fcc30df0f527c25228949", @ANYRES16=r8, @ANYBLOB="010004000000feffffff1e00000018000180140002006d616373656330000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r9, 0x8, 0x70bd2b, 0x25dfdbfe, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x8, 0x1, 0xfffffffd}]}, 0x8)

5.696004152s ago: executing program 2 (id=2085):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x3}, &(0x7f0000002000)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x48e9, 0x0, 0x2, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r6 = dup2(r2, r2)
r7 = socket(0x2b, 0x1, 0x1)
r8 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0)
fcntl$notify(r8, 0x402, 0x8000003d)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0106434, &(0x7f0000000280)={0x8, 0x0, 0x10001})
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000140)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r6, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r10, 0xffffffffffffffff, 0x0)

5.548319001s ago: executing program 6 (id=2086):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r3 = openat$sw_sync(0xffffff9c, &(0x7f0000000100), 0x20, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r3, 0x40045701, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8})
ioctl$VIDIOC_QUERYMENU(r2, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})
syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x17, 0xd0, 0xf5, 0x20, 0x421, 0x6901, 0x2d1d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x6a, 0x2, 0x0, 0x2, 0xfe, 0x18}}]}}]}}, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1000, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfffffd9d)
sendfile(r0, r4, 0x0, 0x8000002b)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0285628, &(0x7f0000000080)={0xd26edf5e6577f8c6, @win={{0x2, 0x0, 0x5, 0x1000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x1, 0x43, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001600), 0x1, r7}, 0x38)
bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={r7, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}]}, 0x3c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x2, 0x5, 0x460, 0x0, 0x2d4, 0xffffffff, 0x2d4, 0x1e0, 0x3cc, 0x3cc, 0xffffffff, 0x3cc, 0x3cc, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'pim6reg\x00', 'dvmrp0\x00'}, 0xac030000, 0xc0, 0xf4, 0x0, {}, [@common=@inet=@dscp={{0x24}}, @common=@unspec=@connmark={{0x2c}}]}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0x11, @loopback, @empty, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0xb8, 0xec, 0x0, {}, [@common=@unspec=@state={{0x24}}, @common=@inet=@set2={{0x24}}]}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @broadcast, @empty, @port, @gre_key}}}}, {{@ip={@multicast2, @rand_addr, 0x0, 0x0, 'vlan0\x00', 'ip6gretap0\x00'}, 0x0, 0xc0, 0xf4, 0x0, {}, [@common=@inet=@multiport={{0x50}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id}}}}, {{@uncond, 0x0, 0xc4, 0xf8, 0x0, {}, [@common=@addrtype={{0x2c}}, @common=@unspec=@cpu={{0x28}}]}, @SNAT0={0x34}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x4bc)
syz_open_dev$video4linux(&(0x7f0000000140), 0xffff8001, 0x2800)
syz_emit_ethernet(0x6a, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd60828bf700343a00fc020000000000000000000000000000ff02000000005afb0000000000000001020090780000000060fd906300202b00fc010000000000000000b1f400000000fe8000000000000000000000000000aa1e520b4c995c29656916aaf8dfe86c81e403c587ab8aaeb1b4109e1357406e0462915fba5bf67ed3416c74dbd14d2da7ef939970e9f75a087e41e32a0ba3aee8c9406d69e21ac19fffd99dde692ce5d712e17c0463d92bd198bb7409ece89079d3a35dae155244505ac61fce8a5264b1da98b6fd84a3d92134a1ad4b5f37dd2d2e39523e6faea28407e964658d21e5e5274cb9a71ef3a3782922acd0cad2efd04544b3c673b1281ddf64ef55ae5f4c01e6783b51e8c406b962f48becae"], 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x54, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @loopback}, @IFLA_GRE_ENCAP_LIMIT={0x5}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x0)

5.277768732s ago: executing program 4 (id=2087):
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500014000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000fff5dd00000010000100040808004149004001040800", 0x58}], 0x1)

5.057344726s ago: executing program 3 (id=2088):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0xfff0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000020000002c00128009000100626f6e64000000001c000280080003"], 0x4c}}, 0x0)

4.984579987s ago: executing program 4 (id=2089):
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000200)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="40013f0007000000a5051ad2a4550939501673c990a01beb9a3f6da5c8d3034bfe28af7b4fe6709daddb3cae5c809fd0556b1a143478c95bfa31981421ffff35cf7cba3c72"], 0x0, 0x0, 0x0, 0x0}, 0x0)
io_setup(0x1, &(0x7f00000012c0)=<r0=>0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000080)="4e8f", 0x2, 0x200000000004}])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
sendmsg$AUDIT_GET(r3, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x3e8, 0x2, 0x70bd2d, 0x25dfdbfe, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x24000080}, 0x4000040)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x155e, &(0x7f0000000740)={0x0, 0x1c29, 0x10100, 0xfffffffe, 0x345, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r8, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
splice(r8, 0x0, r7, 0x0, 0x7ffff041, 0x1200000000000008)

4.383078132s ago: executing program 3 (id=2090):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000240)={0x1, 0x7}, 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
shutdown(r0, 0x1)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x100008, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r2 = creat(&(0x7f0000000080)='./file0/../file0/file0\x00', 0x81)
read$FUSE(r1, &(0x7f000000e280)={0x2020, 0x0, <r3=>0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000380)={0x50, 0x0, r3, {0x7, 0x28, 0x0, 0x40488060, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x24522716a989086f, 0xfffffffc}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000002680)="8e503ba12553ae35664093744598ff2ed98313cfeff69bbb1f3ba451bc98d27cf439225d75522ac543a153ac5284bf131a87e53d0b20f8dddcb2af841def3e560070344be18fcee4983553ba856738012b512e3dc760fb581a17e5622e0e22e22546476d6cc6d6d94d828a2fa22ec77a1cf082f5ca88f1f8976e8b6c3a7a537f8f50b432bf4df69c912bfcc539a65851f86b23f24e714e0643429ec1198ea1647316538a3ce23fad21e19e087c0dedc7aa6d5e4b0dcbfcbe22c857f5a848aef15126b9ecc810249cbbc82c8b6ba49e46b71cb79f6ef9449d0838b9130946398941a4c64f6e2d84118b60ed4ccfed8a26446032fecf87434e71b7989253f64feb6d2e1013673a9600b1915174e55ad78d1d666fb75c24142e44ceca89a18ca66b4b5e66ba953ca42fb6a36d4a3612a2948393f67a7d1d0957a8553c73855fd007abbb6c3d4bbc943f3b102bb2ea6f40e714516a3de91acc6e1468e9e7b66ee57815da23054153d9d5fcb6bdb26ed8f7754d88154d46df2f2e4964ee5d7f47e9218d6877c3b232c945cddeef70b24e5c6c434fa30fd0a2ad1c348c3658494f7cfdfb6bb56b43f1d9b2d049c1166161c3232ada01f3c789b2d6958cdd9f044a654f8397d64cb928f4d57f0c4e9739afbf3afbf0e9f84d56a1aba6db7538d98404b7cdfa97f8770a6df4a13145c1d0cfb7ec0349b5639d9180eada54b2f8c12472fb379901e6d514fbfd6d41d2dd77eb42608a784fc016ae48fb126776b10be5c03f62ee90987e766d20d821a17c03e0d867f4aa3f4902fb803e8261833aa9397e107e6c100daa3d8b792bf4b5081ef56670762b5ae3f528836029ca332f44fc32afa8dd2e80b69cbffc29aa13fcdc0ff811a108794b4154ecaf70e58a9f70a573cf9d1040e23f5a04a873a583e4ab0fa5f77d620c60f0a45cdc789b849e9e8746528846bbbf8251a84f2aa97ccc3e49f4c9b6abf0248344e86a71486eba9e62ff5920bb80ceccc5813f068da0d5aa208c440b7889118d2f4e8baf22a84544f232d6a3a1aedf31d5fc22f0ece56ac611b1363ff35e5071342a0257d3f146dc3ea1cc795d2f06afeb1d6995e50e038dd21dc6c4377a2626dd9486446517d03a4a03c43ef2e255a92b775c198bfe92c21375599235aac33c69190bbbfaad76860d0c9e70ad53273460c370b06bdf94ee8bfc31c48609ff6de0d39f873ec11e8c2835f17b3f18891c8ae335a7074fb5a5c794007a327fbb2622e71d62e43f50a00cc59b7eeb3f8ceed5d87fa5eb62a7a8c74ec90b1096a0b24606bf14b1f13f78ea4ab522304c7ca1d7b8ae47b5859f6a0d9baf3b6ffd29a4fb6782732febcfa51446aa87691ac81bf891717fbf8e4deaccac63477d3bc7b8ed52e9b6ca3fd39eefee6a337c2ad76df9739e2fbff34bf36027be0cfbebfe5b2fd168d75b2fd64479e2faf85654c013955e04044a9b7bf8b3d42da91962796bfe6eb53fe29e36a7a7512a155c712ae561d885703cb26d72e6f1df3976cc665960f871f3110309ffb6b5a79e54057a7a286c62c11e973ef671e86051686f77992f985d729740f38fecf83e03a1fef542cd6b4cee48546f67873a9c682c4afe4a5beccfc64085c622c5a0b5a1f6355f938d16925cabe63bd1de8f261fb995790afe54448fb296a03322f3427e132e8c0623bd311af8a619c2d91415e851744941700f09a2d8471def9dbc448c6aefb4c664f8902c872cc7de9d26e8b300b55b1d08a80257095efef35d9b497487607a22bc95c68f39aeeae243e76ccd40dd1b7ccad6eb39b35d91d239b2b005c8bb6e50037ffb1253276e20384398a5e97ad705fcffd04c720539ddf80cf4e929e82e3fec3d7542e0b7495733eb5da29f6dff5a34ec88a71881f660a5bc9481e755fd3c5683e95ed97cc91ab0edf49afda477aea42bc436b364747d973d61be806e1e63b6982e42814a13c5adb3bd767ec724d2d654afb106198fba6b4c798f4b82f329c2b8055ac4d247da971e32eb4cb971c9ac99d18c0a216d48dd7dffd372e0cad9ce139c6ddac3446fdb163342f8ca8f5401db91d324a6b710f28dece5839d37760c2515d6ad815a746cd7ccd3a438a5d3f28ca331f6874dedbab107c64127a7590a2813c1287ca977807827d52df80a9c19bc7ef335791da1be53c89f6de8ee1f02f26069b786f22bfd23cd8366e3ca02c0b296d0966d7f8fdbc0ef06895c547224f1a01c92d5f43f81b35539469d1fd9cd76dbf8cdd21b479a6474578863c9906ce6b12d0dbf5a458dafc042fcabe64aeebeb70c0da9300ed22e5d2851c5e77b20f9da1cd26cd810e0b8f1ba17d7c819e8a8ad86aa5bc4eb64748b75ab4a85f05bb1dc542234ac175eced1fe8f3fbd86f1c7349a360f5af0244818df303dce6842ea7afa722be19cf162d671256e5659c77c5569d827b28dc44b7dbb7d9433bc9eff26edbff36cf796b8afb285393f2dab6bb9a3ed40dd065ba8a8ab62cb575e696b97a2853b1700835ae429b983a5bb88972e367f5996a21e9a3b00e943e15c1163fdee023e1cf6e8dc42655cb175590fb6b884270000000000006aa94e96cbb71bcf9e7899c489edd9b34ca2d3d0dbd29f135cb158652ded6c959820b26a5fb6e8f3a6cfb80bcfa52c36ae0a3868914bda36b5ac09d2ae6cfccff9859550cfc5c6c3b30cddf6a2130c0c563445ae10634f38c65a47aeb8c72a0f25a6747a6787e703e1723303dd6d5bd4303240cb6d4659ee32d80b92859327e882ec84d9bb2a6976d9c6fa450d5598c6af1c92fc4ed7614e3192a06e62e704278424e2e5d521ec4f2cbd87d9b8a65405e807f6247e3f9228e8a5c44e31c9de9247d1b8248ce71d34663cbfcce728c9f08628629fca3f334566118aeb86470886147d714d2dce240408fac3c971b851dd33cb7997e238a2362195ba4f0e83d5c1c5039328817f258d6645bcbc20512398a7a34e2288585b4dc626c6867f3af5a0f573492cdb04e5613bd95bcfe6a61541c3912b4e841b34db2820ed5aca226dcba496f9586b83ab44ed3b9f34cfd2397f36dc4f9811815b975a208b6cd163031296b289b7d202036bca9c4e862f6b1d6356c3c54d47de63e0d0b38e7b9e41e1b25d94fbd03853f786fcf2325020355469e52dd2cfc879e2758382f609173cb2c01775030d1d48b17d209d6bb04f1ad9bf3e5becfccd7dce72fa8882733d2c32cab1338ce67f301be74b1c51dbacff9bdc22868f3f16531cb86b7597aff03040a821c4f7cae2b5b92db792f327dce81e79ac83d4ca15aa248ddc2fad518ebd360c5ac8ff3636e15e8ff61501b1e5c6338847ff43c0d3ed38c87aa623c318c8facffb72fbad8bf4effdd2013dc60ad91f1f5a791905b572321ce0956ffded80e2152b0672875fe71923de673ce343a665d327560c5267223b6fa636ef188b94d4a42884721b4f2d51f90ff3e5145aab164fb56982648a7215601d23017b749c01b684082e250330d109af89bf5d20ca788fbd95fd8d1c128aad3306c4e1bd1c054def7b7ea1948e3c95826078991d234808f55c2314706c8177d7674b2378792afe66b2d65484b481b0e52d8b60e0980163fcf2fffa2cd81f4dbf57afd76fd4e71ec8a6604a697fcaf57e65bba50489f6f0c5b4c046a14303eac05700550ee10fa29d8f68a9eb02fa504b640865f7e2c21f1451ed7d75c90a4734ba64327bc3597b5aff23d0a8f1229f0539720bece2b980f85e11c5ecbf3a560e5dedc40e1260349ccbc647d4d9763b17a45fe1b63e5d16e1a49d55c0011e3ab898b64a6618682bd7bb7e8ed18dafa1b462f20f6aaf2d7c4777a6fb73aa7a1720d67a644f4f4b0bc3ff965e696fd3513979f2e72289dec447af56b240380cfa2a9ce38a808e961d26b6ee6810c75778e9d23a93b3f79b3b293f138f23ef2596b60ecd4afc2036debb7e14f61774d84c1325ee7b8f95dc80c12b001e32e894516473a82aa2c24b5ff7f8c3374e245f1b3ff2a8cf0cc33ecd4b9b7528c34cf54d77756ed3e1b74a0e66c9c1dd8e53c123872c084f70e8a04efe8a8c3527ba75f4d9ced8469229ad7453a1376cae90b155638696103216a07b02e93e3924c4a98d159ce8633b2c8bda44ef28f37ba5edf1e80184c9ac2c8b0db77096dbf2f866536ac4f5ee9eed4bb8dfe0dad4361e901450ba499c119aa1af2a1a7c527b09562a47d8260bd7647e29ee422432f063a84d195e9c843e6f6fa684dd044bd09b8cb3e7a976df68049f09caba37b69a595cea61667f2631e561be743309568b4c37fdaed8ebc628889bc3bf9c5a63bc74e9358a9c2228f51370eb483ee39e682cd4f56f15a16217904c6189ef50044e04f244da23d1c9f41a5209f4f485df4ad8d1922203d365eb11102d48c93c09b700e177aef00f8bf729c0406b89de32490fca998bd34f80c99be60601d4de10e9a86a5a22652eb9df948daa66529b6445cdde70ad125d06e41a3469216233a8b9eeb928f2d041eded321d518f0435ca377e90ae49e95793aabccf299c1f1a82ddec49b2b8732aecd1610d5f09cc5e509d4065c5cfb4edc55f6a15fbaf4dea24439ea95b63bae312ed90e47787000810f22ab9b6aa0622ab969fa30b724b24d82447d6a357468b2d1ec61a80ae680ff7b8b894158218b0e63f99103879f3c1dae33aedec60a1e755755604e33a6698cd0e378b0a0b04017278411f33eade9c4c0e3b7d0d6e62fdc3ebf5559310e0a2913d5aff1ce1bead51578b3879c0e25d96a7a150ba655c97875d864c3a6d5b595ff9dd9698857b3b0bab2d087bbf7f80f5a7225cdebf794ede16a61ca73201f311f87ef9cececb8fd07b2bf384a22a8ae988a5e91e6355e26ac923e78004968bf7f4ae3b319e61a422a43841831a51e2c41df8a118da5239c87b4b0aceb32854413d53e0228090babc167ed6600041390ce04e96c94c65c51fdc00e617e4ed870fe9ed2bbef84c1e1f3f796b2867b0f383b6e01ba2b82ecfced722ac5a7c092716d18b9b41674c342a1a6a7ef961893d451648cce5d0ccb4c180e0493a53f5453de43a6535c486acbfb9f480f3255f998831b684a468a88840e1e7e8a310ef296ce89bef65b7e54265c88bff204e48963cea9945608260e5de37b949acacc938e8e2de9fff925022c010f94a0cd6c7bf16d4e3132034a8a3301f1c1950b9a31ee8227b17cbf460db666f6207a59783064115eac2d4f29f9483ebcd34e8792809d5c25a380b2137bbcd7cda502f4a41a043f7d626e922adec9b4c6478ac0df9842bd4e8912deb2ad2026461510ca392383ee9a7ad0388ae499951a4283db39ca57ed9bebf43dcaa6caa391169077a189641fda3151d8e3a3a0b525dcafa2d9d7b2a01468e658c10c27a8ba74b487a968b05031a3d53b59139068b28ca87c5bfd9db867c0e9b9abd91142c96dbf8883e1a89db8d96c9f0a8999a4f9d6b07f32d6f8bb2ea6d2eaa8a531edf85f25aef35c84eb4bf3f46ab4213602be20cad885d404ef47fafc7793247247848f1c3a06ea31c23d0cbffa07aa5981714dc85736e95cd4d60ed1f25351b1c723e4f042f55f02d24a089862df124c75cc4f618853914439c1406a393a0f1ec0f2346f4cbd6beb17713149d67b9bf1854c814bd8ba3a199218e6eac655db998c955df382c8dee2b4d30c750a63a08e9a88009840e96a331bde3767bce177fc5c44528cb673e862e24c2dc2399be1435cd20916e9e060f8bef39d4b47f335dde4493e0e44b0f619822a35e69b7c5d93dc69575ff71ced7c858e43dbee46f4e50846288cbc8fecbb9291d455a015fdd6e1412aec0e6104d0377074b8e160ec7d813bbc6d3b8e6b0256bce8d255d7a592b408cdf6e63164c99d94f00a693e06c2ecba9dc6d36c6a35697c1647f942df4c805c18344b8e5ac885689068f864c395e8c970702e40cf6c683d10455c7ad75fc035ae260f359c2d8c91305406c6f56ec535be445601c75ffdde1758904787f29a558d0f3bd04bfa08f1612a7ee8a7acf129ed5eb854bba757d34afa354098ed8b4e3a599db4b7611a665fcbbb182a0774cb026a00714d8b91c7fb8691b629b6a93f92da2f3701348885dcefe5a548c90101e50dbaf3f4907611623f7616bcea943bd3feedecf3b3681b4d04a938ac83d9f18a21991a90dc17005e7c56d2e09a0f4ad9f3c676e7da478e96122046d0a167f7e1a28d97d514aa68d24dac8501a1a35ddb6f3703311b26bfa3319361ff5e4d38cd55a04ef1b4fb417a3b638cde7f8569531a22c0fa12ad3a55dfe3c2642205fe1ba0c82d36f8815ec52f6381fe789fcf89efb305498a9b1f0ffafe01bcc5581f5b5d195bba77797085ab1837fd081cf5f086da2a16b6a7f8ca9efbc4c9cf771961b70626120e3715b16b222932291e4ee2449591b1807d56a53d4d86f25011704e7d5efcb799ab130ec2aacd54afd3c43c8acda1c5874ce23234b090c4eaa8ddaedf979b1218a5b9dfb36b8196ce05924dcdc7f50d96b95d0c288551a0498ff23f56c7ccdfb8966480477849c7471bea99cb0af35dbcaa5e781b5ddecf3cde51d78067aed9ca267550dfae119a3d83710ecb92fe80841837b41a40d262f5fad16c20203d1cc3455ca63ebdf0f5dbb7a498b4629dcb87333f2d58726871e6b5adf60faa0f8c9cb4718005e5e199457330da1a11cd0d7e78f617b6805fff8fa45c2cb56e1e17904773e165d2a39470ce1616418e7e15481c798afed92efad9c2babcc3e3346f8022ce30b3e1db015a2b9f5dbd4560ee9776c77eb9cff5cf2af28ebf1085650e29bd8dac01b814e6c285bf964da2eb1a442aeb671589a02c29d58208829c9501c355644ac28c38835f4025dcdabfd3852b1a16e45e9c032e97f7f2f0f612739c6569f44731692e3f3b97ba5bcd0b7f2dea1ee6303b5f92514c022e54aa4c587eff74a5d509c17785686c613bf6b778e3624ff3653674e6daab3f788ec9cf879f06957a673a20fdccf721ced05a0d23e074de82614f775a84dfcd31c621cf0369e28791ab742b62f271218fa1b09001e9d41b4a93b05cc693013d54d367b1e6e1a7e74b43b44b920192ed8fbb63b89f393e5ffab584d7c201d1b99b7bc6907033109986a4fe7bb79e803315c4df94ed471cba889e148645fd1748374015ea8c696ff64bf6d23bce7e5efa7c7e6215ceefa938cd88aa0374da4ee1e10cbfa96d5283b4a0867f4d76b8492fc618e2bca34ba9bc2ff3368756080a78a1ece2f0d1d1cc30cb721677de3c4cd6da378697c40419bc1f2184b86b8e40abd627aab9c308d8fd2db8daf8b43225003ea9124c11dfcbd1b6ea959a86623e360b40c381d991892c1fa6c0c81bb4d03d8d3656cedd1e48539192fc8bd1474ce961159816dcdc76e95ed9d9893e91a0ca670cd1152cb014310facf952fa9fd0d30900196b604c10596c1a31c1e70416824c207656426b09ef9b558496ae87fc7449bfdba0d5628e9af6397385ddadc986424fde545c07664fb6ef2756ed9e443e39257eef2179fb9e4a9e84062f9b6048125151e2e7fad2560df277323b5e22ab2731dc802d6f372d2a335b5da7e5a86508329b3dceb56f0d4f9f6f9e48507af3ec99fc172c237e67ece3d51198a033a9c66f3243ef694893af85421c36f93ecb95eacceba5fdc1a76810e999af3e14004223da85d40733b46433328b24ee17b718b135b74dd535202c7966de2de5a26412e600971704bb90007e42d3e6a3acd33e7358da6b32883c9ad30c2abb1cdef7452e211734c6fb6d199a397bea8aa3cf1f014929941c34ba06096e70d852fc420effc7924ec29c03bea29f289c82338f0115e00de549007456d5867253a5b9bb4493bcff815a3100fc45a0de0aad7b0b5c641ed1be3e8f07fb3b1a8a496ecfd3dff5abf0d8f5854621faeb4a9920d8c52b7a0338d49fd21d99c24e1943de3ba2668aea7bc95bcf21e2bf0b2d5f899f33d0cec31b60df4ef5a23e1b173cc89390c8bc3ee96e38de06f6016a2b0eafe86af9dc59bead4f5f948a81b1008a95e3ab39f8009bdb4f268f3002245e73ee2ff50cf1cd37e867cbe44ad370b9336e0dddcffb6dd8f2f79155235300bce6385e544105e6d278d345870216e61100337a871ab51b2cde74fe976e1f8b77a90bb8b51eefe7e4201db41915f482edbe1f8ae268314d5af95ffdeb94aba3f4e316990792d281a123d7febbba7f6abaed7ccfc0c567d4bd1c2d9ca217535167c9a09f1ad0ecaa99cc08338fead5deef7fab77d2082d893b91c27f8ea4e48e052a2a31c8e3f9510c4ce94ef16053bcc25eafa324e5a1d045a3de8f7d731e58ec9130427552323bcfde47f6b55b5634e8cb190fe183af132f12d72ef5e4d98508b57106ccb647ab505369c728958a0789c67ee80acc4bbf41b97fa56d8701c3ec5ead411aed16882dfb026c50c28b5fcc442c432837a82f8bfd47650b83aa71b909be61ea77cc029a0c615f8e390874995d19e224c38349c64bc166f50c54332d1a3eff0071d7a0b11a901c56a847b93ab5bd0bfad8f965cbfb53c2184c588fb7dbc5c693a3ade89b303e801a650b79c1ea957aabed937998b5df77ff29fd43515e8a5ffe441e323fefa45a2775237e1c749897d448f1f3ef60c7755d1a1441b96a136a86d341471d57c68c859813656658266c40b8bb8bafded8ed0d940f8c5954923eb43ad5afb58eb452d6430990bc924afb97191f31cd1a1f58e30b0c243f9636245c459280d16da1df1a30ff63de677554d6b252487455e8aff91370c4a0ba9f341384cf8483d18b9d3f2fc51b07ba8a5fa795d7925189ca344f0fddb8bf55e35013f6fab3806b3c4d17499ec1ae819d4f3aa6b6a570c2ea68558fa33373394584dbf11d41f7059b55f186bd54bdc30dea390872737bf0312f4c68dc963d28d5b218eca6314e23b7381cfbcd01c325d9a3869f1176eb82c183b37d65c8500a48e9bbb1c465e27bfb668a16100e5384d9116aa35f3b00b4ee3bc84700ab17283d4db6b420e6140d14d09b51ad020fc8e505d2c820ac307d45b211213c18487ce12dff233a5caf87cd94a77d0eba69d61452f41c1f82cbe32b567a39a4615a6d2155cc73c3b90dc55daf33c8d9eba3eb0e182c79dede1293dd30840ebf048df8a93e38d0136e856d94ea105cd04323406dc429b5551538625109105d88b1ac480d0fb1e9d1977099707f9f9534b683d855c4d3c30a29c6678a3221e0dea7772f8859f572420708da9a030ddf973cf9f221404117b05efb76bb08ecf34aa9b36b0418c74f90a07e8e5c91e1d7c8a8ea596c0de9b10c222e9588c2bbc77d860b7197b42b42a1ab834ce24fccbbe20f2579ec6dbd4efb9aa1a3d2e062de594d289273e98342440045a0c134e400003b50d4243826b029ecd177cf3d2cf3d164ddc58f88a970a0bbdc7f0d60271cab0df2dde79d1b929cd3028effccbe94c05008f4261297024e4f72604d52db9da7b0e5f2f4f59ebe77b319c54aaab9581a8355b75594eb6dc0fc25e91052c89764256ca464f9f6e45bc34d6e5aa28e1fd93997b58f21feff551aa3ecb5375c19ee4543f7339418c11b9ea18fe2637a9bc9744cc9fcb21a7643eb87683694732154bd1eec746f1c57bac65cf18a83267ea437f7993644c510ac44307703ea28b20e52644dbaabbe9ee1e23a38b29b91cf9077fecdb98ff4e4749c9d6ad2901c5a891c07a8b0c26ad1f8126e6db537df7fff65486afeb85eda80e2a04d09d46720330700267cbcf205b5c00076c01d9db0a64d5426864d14cce1781098afdc28f9f5948ab7791627baf78c3e9df2c0ed9ce50b083bc7a34ee0087f4efde579e2dea313e4e20580c5e63d5ef4509c05a9dc38ced91340bbb9cf948bb03ea5e60c666a1a5c4acd385d0c1a01797b9b3183f4afbc925dd2641d21410b4b1af2f21f8cca330fbc08834e1e8210fdcf332f70f08b48a2655cf017ec8a19640f2f263c54876d6f4ad2193be944667f6498baa32225d2b5b82abd3f2fc64033f1db9adff6b1c788555d5ffa1a35d4a691802447b163ba9a615d6c958036528bbab84230d676145054828d530f0e3af417ad0480eaf2004b9002b644bcd8f0ecf860c31766ace95769ab4fd01f297c595b45e6c7b1c9f662044f43fc82b6244e5d08b1e556599096c034600e20ff000d996b6ba3a6700116127b9468c9567ad920ddcf7ccf9c0a74f49984e24a7aaa2321ee58583c1bdba668cb98c319f682ffc5957015ba1799930d4b676bd3bc76037f6bc2d9ddcb47efebd366a90dc7e67076ebc25e2ef2929a89faee06aa04538a3ae7b196dfecd33725ce9f859c5df4713b220ecd18b1613ba76aebbe8f9f93eeaea9e88e46e7ed24c4efbd86fcd57a4f9fc76152175782871ab211a18ae303be8e9459aab930597d17875c5f5034d9b16bd8dc4e25f6a7a1de05763da11ee7e26e1e32ee0a5ab2de5d069d03a6ea95a33abc1025d59800fccfff1f0e0f7335e2778b8731cbae94828dbe70507c5369f36d457e98d6042e342cbffde2ee74e05cf0f8aa7185de485e5050294472cd8c7ae03977b62cb287a9d6e4d66650dbc4d89e58ad4f7c24d46573acf85f633d1af73cf655788b431bf22315bdae78d9f6f9cfe32330cbf77bb0195a60244d4bcd0ea35b94bcdf7255ff58f1fb11a09a06747337c95f332a0ade622d49ce0f2943517fb4da8049f3c1b53cb68475c2eb52551d40cbeaf5e79a748c5314bb531b4fc28494b65ee8513427e1fd3cc990fe4ef5ead14b65f1c3e9e0598edf42e2862e2eb180b3e674fc3005859ac56ad17022a8f48b49dcc97e991cfece1d52b7ca82e711944a877567ca0da0663276480d69fa4be56f425bb84dc9177d3e3ed45fb737ce026b8df38336f9efedb89a8650f9fb73918d300c909e9f9189458e1930f09b05433980e79a2eacd0dda32852bdb1a417e4ba62b83d0e17ac8d39834f41c8cd49517013ec658c4e10b38d0788df96764d13ce074271b51041671240549d18540271c8898a5c9e4be4895881235d59666a1f0f3b3cd098786afd6ab4781b73275232b488fb3d9eff77e71f8448a95c653fc80d069c15aa2a80d5799e6c45eb27ea8d6675f28f7aa7cfe3cef877c91ecf3e576e942a20312ffb48a64a91876ec5d1ad2f6a68946e73db4785894736106906731793c3482365d4151051c8d5f16dcb0348628e3aba4087ea8c9ce24bb93190fa12916f529c8eed6dfd3f5bc24d09b1ad377699de3f687b392ec921d81e35dc27bd14be4d004e713c3d07cf600255d45fdfb326b4327c9507c6f69d01236eb9383133dbaa787ba37de14a12e850ec60381a9ffab939ce16cb9b490685343048c0933bc280e809fc8114096ae2d303bbcbbc941b70b5d1d03f59f0b534fa195cbcf34e57d2aaee9c1dcddb5eafd8399fd1d53bfdb48a6f6d3153bb903ce411800f7220bdcfa312ac603672c163a0896b85409859b817cd304e73f278634fab0b1dbe226d7e4f93f220180c3434c7c22ac3143e06702f9a21e66a46d4980bd20d9b0c62846362d0a1151584a28a87902dd0f35187850d501c68900", 0x2000, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0xfef5, 0x0, 0x8, {0x1, 0x2, 0x16, 0x1, 0xfffffffd, 0x4, {0x5, 0x80, 0x5, 0x0, 0x7, 0x4000000000008, 0x6, 0x820, 0x6, 0x1000, 0x2, r4, r5, 0x0, 0x6}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x20000045, &(0x7f00000002c0)={0xa, 0x2, 0x395, @empty}, 0x1c)
r6 = dup(r0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000001400)={0x114, r7, 0x300, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x5b}}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xec, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xf1}}, {0xa4, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x9e, 0x2, "9827958bfa26bad9f9dbaffd4da380f631125ca7e204670eb767ec8e83dd97a41cd0f37507e238b258378f80770b3a2403c02b0c44c61f1804500fbbb4a37576083adab96adfafadade157fff8588040dd29e62a1f39275a24b5793f5af5adf15c7c43ca4c07506ff69fba319271bae7031f128915540f238b4a72df5ca197743f59fb6c932381e6170fcf704db1fe099bf17732cfc89e4f01ad"}}, {0x38, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x31, 0x1, "ea0e6836a433c5899918abca58a7a018bfc0b5193b4f6eacc2927fb229893db81699837ecd5b798e43febf5475"}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000000}, 0x20008040)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r9 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
pread64(r9, &(0x7f0000000400)=""/4096, 0x1000, 0x25dd)
r10 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xffffffff]}, 0x8)
read(r10, &(0x7f00000002c0)=""/199, 0xc7)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5)
shutdown(r0, 0x1)

4.006504352s ago: executing program 5 (id=2091):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r0, 0x804, 0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12d25}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x3}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x85}, 0x4000000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10)
setsockopt(r3, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x589, 0xb2, 0x5, 0x7fffffff}]})
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1)
listen(0xffffffffffffffff, 0x800000)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r4, 0x6, 0x24, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000f40))
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000080)=0x200000000)
r6 = dup2(r5, r5)
preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000100)=""/224, 0x48}, {0x0}], 0x2, 0x9, 0xe)
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x5)
r7 = msgget(0x1, 0x2b0)
msgrcv(r7, 0x0, 0x0, 0x0, 0x0)
msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x2000)

3.20028817s ago: executing program 2 (id=2092):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r0)
socket$kcm(0x10, 0x2, 0x4)
madvise(&(0x7f00004a8000/0x1000)=nil, 0x1000, 0x65)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x27eb, 0x10100, 0x0, 0xbd7}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {<r6=>0x0, 0xffffffffffffffff}}, './file0\x00'})
r7 = getgid()
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {r6, r7}}, './file0\x00'})
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r8 = userfaultfd(0x80801)
sendmmsg$sock(r2, 0x0, 0x0, 0x20004090)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
syz_open_dev$vim2m(&(0x7f00000000c0), 0xe, 0x2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r8, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f00006c0000/0x1000)=nil, 0x800000})
syz_io_uring_submit(r9, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000180)='net/igmp6\x00')
mmap$IORING_OFF_CQ_RING(&(0x7f00005a7000/0x1000)=nil, 0x1000, 0xd, 0x13, r10, 0x8000000)

2.720853246s ago: executing program 5 (id=2093):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4205, r0, 0x46e62b7f, &(0x7f0000000240)={0x0})

2.461699306s ago: executing program 5 (id=2094):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r3=>0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000003c0)='D', 0x1, 0x0, 0x0, 0x0)
shutdown(r4, 0x1)
rt_tgsigqueueinfo(0x0, r3, 0x32, &(0x7f0000000300)={0x17, 0x7, 0x4})
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, &(0x7f0000000040)={r9, 0x0, 0x3}, 0x8)
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r5, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r5, 0x6e2, 0x600, 0x1, 0x0, 0x0)

2.237328683s ago: executing program 2 (id=2095):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x78, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'snmp_trap\x00'}}]}, 0x78}}, 0x0)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/kernel/config', 0x210000, 0x1)
fchdir(r1)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x7, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x4004000)

1.986748297s ago: executing program 6 (id=2096):
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x1000}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000000)=<r1=>0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r8 = accept4(r4, 0x0, 0x0, 0x80000)
sendmsg$alg(r8, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x28000054)
sendmsg$nl_route_sched_retired(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000007c0)=@newqdisc={0xe4, 0x24, 0x0, 0x0, 0x0, {}, [@q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x22}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}]}}, @q_dsmark={{0xb}, {0x40, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1e}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xb8cb}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x2b}, @TCA_DSMARK_DEFAULT_INDEX={0x6}]}}, @q_dsmark={{0xb}, {0x48, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xe2a}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x38}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x246}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x4}]}}]}, 0xe4}}, 0x0)
recvmmsg(r8, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/199, 0xc7}, {&(0x7f0000000500)=""/250, 0xfa}, {&(0x7f0000000600)=""/191, 0xbf}, {0x0}, {&(0x7f0000000340)=""/30, 0x1e}], 0x5}, 0x4}], 0x2, 0x60, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000003c000701fcffffff00000000017c0000100036800c00020008000000007000000c000180060206"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

1.904500656s ago: executing program 2 (id=2097):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) (async, rerun: 32)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) (rerun: 32)
r2 = dup(r1)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000000)={0x0, 0x9df, 0x3, 0x515f3157, 0x4, "78e1141009f593233bce41f20613341f43d01f"}) (async)
write$UHID_INPUT(r2, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b5bb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7) (async, rerun: 32)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) (async, rerun: 32)
r3 = socket$inet6(0xa, 0x2, 0x2)
r4 = socket(0x11, 0x3, 0x0) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'gre0\x00', <r6=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @broadcast}, 0x14)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) (async)
sendmsg$netlink(r4, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="02017d29012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304a80500ffffca88faca"], 0xdd12}], 0x1}, 0x0)
sendto$inet6(r3, &(0x7f0000000040)="22349ff21f0caf81df8dd777123314929538a83b3874fe3a90426eab00e6ee9ac9f79704cdfa233d6c1d3eee2a25521da30f153e64e63b7d645e48bd8742", 0x3e, 0x10, &(0x7f0000000080)={0xa, 0x4e20, 0x2e, @remote}, 0x1c)

1.872738921s ago: executing program 4 (id=2098):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000940)={0x38, 0x5, 0x0, 0x4, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x9}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24000840)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="000000c6d222406b096cc34801000000647418aaf9b9a332f41ec9591b532723e017c8c54d", 0x25, 0x0)
madvise(&(0x7f0000523000/0x4000)=nil, 0x4000, 0x9)

1.264740795s ago: executing program 3 (id=2099):
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000100)=@v2={0x2000000, [{0x800, 0x7}, {0x38000, 0x3}]}, 0x14, 0x1)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
recvmmsg(r0, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, &(0x7f0000001180)=""/114, 0x72}, 0x9}, {{0x0, 0x0, &(0x7f0000002400)=[{&(0x7f0000001200)=""/194, 0xc2}, {&(0x7f0000001300)=""/148, 0x94}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/1, 0x1}], 0x4, &(0x7f0000002440)=""/167, 0xa7}, 0xa84}, {{&(0x7f0000002500)=@x25={0x9, @remote}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002580)}], 0x1, &(0x7f0000002600)=""/144, 0x90}, 0x1}, {{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f00000026c0)=""/13, 0xd}], 0x1, &(0x7f0000002740)=""/227, 0xe3}, 0x9}], 0x4, 0x40000000, &(0x7f00000028c0)={0x77359400})
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)='2', 0x1}], 0x1)

823.416113ms ago: executing program 3 (id=2100):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000480)=@broute={'broute\x00', 0x5e04, 0x1, 0x90, [0x0, 0x0, 0x200000000140], 0x2, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}]}, 0xe0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'gretap0\x00', <r4=>0x0})
r5 = socket(0x29, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x7, 0x7, 0x0, 0x3, {{0x5, 0x4, 0x1, 0x7, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x1f}}}}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0xa}]}, 0xfffffffffffffd91}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200004, 0x200004, 0x4, 0x0, 0x0, 0x5})
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x20, 0x3, 0x8, 0x3, 0x0, 0x0, {}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}]}, 0x20}}, 0x0)
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007"], 0x38}}, 0x0)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a060f0200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c100000000200ffffffff", 0x58}], 0x1)
memfd_create(&(0x7f00000000c0)='/!$\x00', 0x5)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x80}]}, 0x40}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0])

822.937132ms ago: executing program 2 (id=2101):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000240)='g', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x6, @empty}, 0x1c)
sendmmsg(r0, &(0x7f0000003bc0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="4601", 0x11}], 0x1}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000180)="3e2a821abeea3e5ae8f2", 0xa}, {0x0}, {0x0}], 0x3, &(0x7f0000001800)=ANY=[@ANYBLOB="f00000000f010000587200000fdd30f2ffb04b8859ec6441b31e00ac8ce6cf52a68be1493e5b16aa98eca9d1512960fd3309b131094485f84cbfd52e4bcbb650d9deff41c88360cd0f3ccbe0009870b5e27835495a938c250d5a07f8cccbb20c653b551b8e086c7ff323af7d7356e6d4bd874da8672bd494043af848b302c74bebfdf95b2a5321030fdd7fc158f165258686bfc47fb9675fec16e6d432dc93507d0c76931ed6f8842388cbd7ad99fc9413aad2ece834729fe9a746714d8a85e7b4cbeee855365d75b99121780357270e13d13b6fe02952a722bc4b1344cc82b695efc3b4bf7d72bc3bc4aa03ef3f7800d8000000000000000d000000920c5ea70e5c286a4d8b74ea994fb4957fbe395b74e2d76355496ca0fa14eb5e3de0815ebbb8e37183d029e18ad2ccaf0113bd4e73476965673685e42baad044d83e92c86628dd0dfaa56de54cc6e96ed0291f987054d9b986e448cded7f4b0b404e4aba42b7336d6acd7af5e03e0a0db1d2ef87a8a38b1c0400a591b5a560415b5c1c2337c48b44e82aad5fa05dff1ed8d918c4d5ea1f1b0569c304e4498dcf278b6607727175416627591076372b2deda8d85b11e053e083902c6ff366b4eccbd7e630d2228f2bcd0000004c000000110100000400000083f3d5c76eec290b12e1af40944222a6d714c0575e1421abfdc9b3e3b955ed89ff0bb10c83d1b16d2139b75dcb1582a866139a6ca224f285d0e016ee6a70f93c18"], 0x22c}}], 0x2, 0x894)

609.666575ms ago: executing program 5 (id=2102):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x2, 0x0, 0x1, 0x0, 0xa4ff}, 0x20)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x89a1, &(0x7f0000000900)={'bridge0\x00'})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000001980)={0x15c, r5, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x4}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}]}, @TIPC_NLA_SOCK={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6fa}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa05}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6b5e}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8d16}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}]}, @TIPC_NLA_NODE={0xac, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xfffffff8}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "02db8312e9376b9cffce42253925f0dbb2ff935c700b11e3714cb7de58087def"}}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "c4f0f26c8b57c902e3df77e6b461c74f6b69d091a5c546899794052e3f781b366d82"}}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x4}]}, 0x15c}, 0x1, 0x0, 0x0, 0x94}, 0x4000000)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000680)={{0x1, 0x1, 0x18, <r6=>r2, {0xfff}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
write$binfmt_elf64(r6, &(0x7f0000000ec0)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0xaa, 0xe5, 0xf, 0x10000, 0x2, 0x3e, 0x9, 0x12c, 0x40, 0x41, 0xf, 0x1, 0x38, 0x4, 0x3}, [{0x3, 0x9, 0x100000001, 0x9, 0xffffffff, 0x9, 0xfffffffffffffbff, 0x9}, {0x1, 0x3, 0x8, 0x8, 0x0, 0x2, 0x6f7d5b, 0x7}, {0x70000000, 0x2, 0x6, 0x8, 0xffff, 0x0, 0x101, 0x61}, {0x3, 0x100, 0x9, 0x3ff, 0x7, 0x3, 0x8, 0x5}], "763907681f04b37fcf59f2360a6b38a7b858ce432e70ee58e2c07903c106c3f690b58f04c1ba1f588e10e0c9e20391b0332edcb8a67017852022fdbbe1e5c67e9a0d42e26d48b965fa92fb2f35abd55964fb95c30d82c8e0430d3f02be9e8fb322ec94c17c1252aa132d92e425f0cad00676a3f857aa04", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa97)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000180)={@multicast, @multicast, @void, {@canfd={0xd, {{0x2}, 0x26, 0x3, 0x0, 0x0, "3eb19143e868863bc335ea426fdb11663893be8944cb383a6ad2f9837c95d38b4030e4f982e4278171257434a6d3406741be8180aa7ee6c38bc9d0060cbddd25"}}}}, 0x0)

470.94151ms ago: executing program 4 (id=2103):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r3 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
close(0x3)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f00000001c0)={r3, 0x1, 0x0, 0x8000})
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
io_uring_enter(r4, 0x3516, 0x7f000000, 0x0, 0x0, 0x0)

424.522907ms ago: executing program 2 (id=2104):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x2000000, 0x0, 0x0, 0xc0}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e23, @rand_addr=0x64010102}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f00000000c0)={r6, 0x4}, 0x8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, {0xa, 0x0, 0x0, @loopback}, 0xffffffffffffffff, 0xfffffffc}}, 0x48)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0x16})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
accept4(r7, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000523000/0x4000)=nil, 0x4000, 0x9)

197.103062ms ago: executing program 5 (id=2105):
unshare(0x22020400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0, 0x18000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

0s ago: executing program 5 (id=2106):
r0 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect$uac1(0x0, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]})
times(0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r1 = socket$netlink(0x10, 0x3, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0xffff, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x8, 0x7, 0x9, 0x4, 0x3c5b, 0xffffffff, 0x24, 0x3, 0xfffffffe, 0x1f461e2c, 0x2, 0xfffffffa, 0x3, 0x9a82, 0x13, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x4, 0xa, 0x0, 0x8006f, 0x8, 0xfffff000, 0x103, 0x0, 0x80, 0x3c, 0x91, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x4, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0x800ffff, 0xfff, 0x10001, 0xc, 0xfffffff5, 0x129432e6, 0x7, 0x6, 0x0, 0x2bf, 0x6c9, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x1, 0x2f, 0xe, 0xfff, 0x78, 0xea4, 0xa, 0x4, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x0, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x7, 0xa, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x8007, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x9bc], [0x7, 0x4, 0x0, 0x64e, 0x1, 0x1, 0x8da, 0x9, 0x5, 0x7fff, 0x0, 0x80000005, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0x6d01, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa0, 0x7, 0x53cf697b, 0x5, 0x8, 0x54fe12d2, 0xbf, 0x9, 0x3, 0x400002, 0x3, 0x0, 0x5, 0x5, 0x0, 0x3, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x9a7, 0xcea, 0x1ff, 0x401, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x2, 0x9, 0x1, 0x2, 0x14c, 0x6, 0xa, 0x6, 0x400007, 0x7ffffffe, 0x5, 0x734, 0x8, 0x3, 0x50fd, 0x7, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x100, 0x4000006, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x3, 0x5, 0xb1c, 0x5, 0xa, 0xffff7443, 0xfff]}, 0x45c)
unshare(0x400)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'veth1\x00', <r10=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14, 0x16, 0x1, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0)

kernel console output (not intermixed with test programs):

1740'.
[  648.565414][T12892] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1740'.
[  648.882389][   T43] usb 6-1: new full-speed USB device number 62 using dummy_hcd
[  648.882856][   T90] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  649.051102][T12900] FAULT_INJECTION: forcing a failure.
[  649.051102][T12900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  649.115966][T12900] CPU: 1 UID: 0 PID: 12900 Comm: syz.6.1743 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  649.115998][T12900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.116012][T12900] Call Trace:
[  649.116021][T12900]  <TASK>
[  649.116030][T12900]  dump_stack_lvl+0x189/0x250
[  649.116069][T12900]  ? __pfx____ratelimit+0x10/0x10
[  649.116100][T12900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.116133][T12900]  ? __pfx__printk+0x10/0x10
[  649.116159][T12900]  ? __might_fault+0xb0/0x130
[  649.116188][T12900]  should_fail_ex+0x414/0x560
[  649.116221][T12900]  _copy_from_user+0x2d/0xb0
[  649.116245][T12900]  get_compat_msghdr+0xad/0x4a0
[  649.116279][T12900]  ? __pfx_get_compat_msghdr+0x10/0x10
[  649.116310][T12900]  ? rcu_is_watching+0x15/0xb0
[  649.116341][T12900]  ? ___sys_recvmsg+0x1c4/0x510
[  649.116377][T12900]  ___sys_recvmsg+0x17f/0x510
[  649.116411][T12900]  ? __pfx____sys_recvmsg+0x10/0x10
[  649.116465][T12900]  ? __fget_files+0x3a0/0x420
[  649.116501][T12900]  do_recvmmsg+0x36a/0x770
[  649.116539][T12900]  ? __pfx_do_recvmmsg+0x10/0x10
[  649.116580][T12900]  ? __pfx_vfs_write+0x10/0x10
[  649.116639][T12900]  __sys_recvmmsg+0x19d/0x280
[  649.116670][T12900]  ? __pfx___sys_recvmmsg+0x10/0x10
[  649.116696][T12900]  ? ksys_write+0x22a/0x250
[  649.116724][T12900]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  649.116757][T12900]  __do_fast_syscall_32+0xb6/0x2b0
[  649.116778][T12900]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.116814][T12900]  do_fast_syscall_32+0x34/0x80
[  649.116835][T12900]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  649.116860][T12900] RIP: 0023:0xf7f14539
[  649.116878][T12900] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  649.116896][T12900] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  649.116918][T12900] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  649.116951][T12900] RDX: 0000000000000220 RSI: 0000000000000100 RDI: 0000000000000000
[  649.116964][T12900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  649.116975][T12900] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  649.116988][T12900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  649.117016][T12900]  </TASK>
[  649.131699][   T90] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  649.394893][   T43] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  649.408139][   T90] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.419290][   T90] usb 4-1: Product: syz
[  649.421998][   T43] usb 6-1: config 0 interface 0 has no altsetting 0
[  649.423612][   T90] usb 4-1: Manufacturer: syz
[  649.423631][   T90] usb 4-1: SerialNumber: syz
[  649.430857][   T90] usb 4-1: config 0 descriptor??
[  649.517195][   T43] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  649.594498][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.621254][   T43] usb 6-1: Product: syz
[  649.665555][T12895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.685553][T12895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.706628][   T43] usb 6-1: Manufacturer: syz
[  649.720562][   T43] usb 6-1: SerialNumber: syz
[  649.740487][   T43] usb 6-1: config 0 descriptor??
[  649.814971][   T43] usb 6-1: selecting invalid altsetting 0
[  649.816040][T10617] veth0_to_bond: left promiscuous mode
[  650.014756][T12895] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  650.031044][   T90] usb 4-1: Firmware version (0.0) predates our first public release.
[  650.040170][   T90] usb 4-1: Please update to version 0.2 or newer
[  650.181483][   T90] usb 4-1: USB disconnect, device number 62
[  650.757969][T12912] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1745'.
[  650.767416][T12912] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1745'.
[  651.061291][T12917] IPv6: NLM_F_REPLACE set, but no existing node found!
[  651.322861][ T5899] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  651.377883][   T43] IPVS: starting estimator thread 0...
[  651.485011][T12927] IPVS: using max 27 ests per chain, 64800 per kthread
[  651.522373][ T5899] usb 4-1: Using ep0 maxpacket: 8
[  651.534872][ T5899] usb 4-1: config 0 has no interfaces?
[  651.546977][ T5899] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  651.581798][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.608483][ T5899] usb 4-1: config 0 descriptor??
[  652.215196][ T5899] usb 4-1: USB disconnect, device number 63
[  652.469057][   T90] usb 6-1: USB disconnect, device number 62
[  652.614474][T12937] FAULT_INJECTION: forcing a failure.
[  652.614474][T12937] name failslab, interval 1, probability 0, space 0, times 0
[  652.651352][T12937] CPU: 1 UID: 0 PID: 12937 Comm: syz.4.1754 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  652.651386][T12937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  652.651401][T12937] Call Trace:
[  652.651410][T12937]  <TASK>
[  652.651421][T12937]  dump_stack_lvl+0x189/0x250
[  652.651461][T12937]  ? __pfx____ratelimit+0x10/0x10
[  652.651494][T12937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.651528][T12937]  ? __pfx__printk+0x10/0x10
[  652.651555][T12937]  ? __pfx___might_resched+0x10/0x10
[  652.651588][T12937]  ? fs_reclaim_acquire+0x7d/0x100
[  652.651619][T12937]  should_fail_ex+0x414/0x560
[  652.651652][T12937]  should_failslab+0xa8/0x100
[  652.651678][T12937]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  652.651700][T12937]  ? __lock_acquire+0xab9/0xd20
[  652.651728][T12937]  ? __alloc_skb+0x112/0x2d0
[  652.651757][T12937]  __alloc_skb+0x112/0x2d0
[  652.651787][T12937]  alloc_skb_with_frags+0xca/0x890
[  652.651821][T12937]  ? is_bpf_text_address+0x26/0x2b0
[  652.651860][T12937]  sock_alloc_send_pskb+0x857/0x990
[  652.651910][T12937]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  652.651943][T12937]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.651977][T12937]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  652.652007][T12937]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  652.652047][T12937]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  652.652072][T12937]  __ip_append_data+0x2cd3/0x40f0
[  652.652146][T12937]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  652.652198][T12937]  ? ipv4_mtu+0x23/0x5c0
[  652.652230][T12937]  ? __pfx___ip_append_data+0x10/0x10
[  652.652261][T12937]  ? ipv4_mtu+0x4b2/0x5c0
[  652.652294][T12937]  ? ip_setup_cork+0x577/0x9a0
[  652.652330][T12937]  ip_make_skb+0x1de/0x3f0
[  652.652370][T12937]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  652.652403][T12937]  ? __pfx_ip_make_skb+0x10/0x10
[  652.652457][T12937]  udp_sendmsg+0x191e/0x2300
[  652.652486][T12937]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  652.652522][T12937]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  652.652554][T12937]  ? __pfx_udp_sendmsg+0x10/0x10
[  652.652573][T12937]  ? __up_read+0x280/0x680
[  652.652600][T12937]  ? do_user_addr_fault+0xbc1/0x1390
[  652.652634][T12937]  ? do_user_addr_fault+0xc8a/0x1390
[  652.652673][T12937]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.652713][T12937]  ? sock_rps_record_flow+0x19/0x410
[  652.652739][T12937]  ? inet_sendmsg+0x29c/0x370
[  652.652759][T12937]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  652.652792][T12937]  __sock_sendmsg+0x19c/0x270
[  652.652831][T12937]  ____sys_sendmsg+0x52d/0x830
[  652.652865][T12937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  652.652912][T12937]  ___sys_sendmsg+0x21f/0x2a0
[  652.652945][T12937]  ? __pfx____sys_sendmsg+0x10/0x10
[  652.653013][T12937]  ? __fget_files+0x2a/0x420
[  652.653038][T12937]  ? __fget_files+0x3a0/0x420
[  652.653082][T12937]  __sys_sendmmsg+0x28e/0x430
[  652.653119][T12937]  ? __pfx___sys_sendmmsg+0x10/0x10
[  652.653159][T12937]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  652.653201][T12937]  ? ksys_write+0x22a/0x250
[  652.653235][T12937]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  652.653271][T12937]  __do_fast_syscall_32+0xb6/0x2b0
[  652.653307][T12937]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.653343][T12937]  do_fast_syscall_32+0x34/0x80
[  652.653365][T12937]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  652.653392][T12937] RIP: 0023:0xf7f23539
[  652.653411][T12937] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  652.653430][T12937] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  652.653453][T12937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080007fc0
[  652.653468][T12937] RDX: 000000000800001d RSI: 0000000000000000 RDI: 0000000000000000
[  652.653481][T12937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  652.653493][T12937] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  652.653505][T12937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  652.653535][T12937]  </TASK>
[  653.157971][   T43] IPVS: starting estimator thread 0...
[  653.271536][T12940] IPVS: using max 24 ests per chain, 57600 per kthread
[  653.728659][T12954] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1759'.
[  653.831683][T12954] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1759'.
[  654.698040][T12964] netlink: 'syz.3.1762': attribute type 1 has an invalid length.
[  654.859915][T12964] 8021q: adding VLAN 0 to HW filter on device bond4
[  654.910173][T12967] bond3: (slave veth0_to_bond): Releasing active interface
[  654.944643][T12974] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  654.969088][T12967] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  655.208269][T12973] vlan3: entered allmulticast mode
[  655.914863][   T43] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  656.072716][   T43] usb 3-1: Using ep0 maxpacket: 32
[  656.081588][   T43] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  656.103558][   T43] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  656.116515][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.127262][   T43] usb 3-1: Product: syz
[  656.131642][   T43] usb 3-1: Manufacturer: syz
[  656.141830][   T43] usb 3-1: SerialNumber: syz
[  656.227581][   T43] usb 3-1: config 0 descriptor??
[  656.235781][T12983] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  656.250883][   T43] hub 3-1:0.0: bad descriptor, ignoring hub
[  656.261678][   T43] hub 3-1:0.0: probe with driver hub failed with error -5
[  656.486351][T12983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.496604][T12983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.620140][T12992] netlink: 'syz.5.1769': attribute type 11 has an invalid length.
[  656.652833][   T43] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input69
[  656.674544][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  656.680926][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  656.774015][   T43] usb 3-1: USB disconnect, device number 104
[  656.780190][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  656.892392][ T5899] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  657.052469][ T5899] usb 6-1: Using ep0 maxpacket: 16
[  657.061996][ T5899] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  657.083738][ T5899] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  657.104933][ T5899] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  657.134931][ T5899] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  657.169114][ T5899] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.201810][ T5899] usb 6-1: config 0 descriptor??
[  657.393709][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  657.393750][   T30] audit: type=1326 audit(1749819164.597:5838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.425574][T12992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.445657][T12992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.455068][   T30] audit: type=1326 audit(1749819164.637:5839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.506606][   T30] audit: type=1326 audit(1749819164.637:5840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.552359][   T30] audit: type=1326 audit(1749819164.637:5841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.598045][   T30] audit: type=1326 audit(1749819164.637:5842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.660609][   T30] audit: type=1326 audit(1749819164.637:5843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.742369][   T30] audit: type=1326 audit(1749819164.637:5844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.802413][   T30] audit: type=1326 audit(1749819164.637:5845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.848262][T13008] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1775'.
[  657.857754][   T30] audit: type=1326 audit(1749819164.637:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.900298][   T30] audit: type=1326 audit(1749819164.637:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.1773" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23558 code=0x7ffc0000
[  657.953722][T12992] random: crng reseeded on system resumption
[  658.477137][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  658.483730][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  658.697298][ T5899] usbhid 6-1:0.0: can't add hid device: -71
[  658.706775][ T5899] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  658.747137][ T5899] usb 6-1: USB disconnect, device number 63
[  658.902440][   T43] usb 5-1: new full-speed USB device number 73 using dummy_hcd
[  659.068205][   T43] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  659.127072][   T43] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  659.176836][   T43] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  659.232259][   T43] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  659.364797][   T43] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  659.391988][   T43] usb 5-1: config 0 interface 0 has no altsetting 0
[  659.413711][   T43] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  659.533182][   T43] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  659.554588][   T43] usb 5-1: Product: syz
[  659.563789][   T43] usb 5-1: Manufacturer: syz
[  659.575294][   T43] usb 5-1: SerialNumber: syz
[  659.811332][   T43] usb 5-1: config 0 descriptor??
[  659.820638][T13021] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  659.847590][   T43] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  659.884306][   T43] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  661.620267][   T43] usb 5-1: USB disconnect, device number 73
[  661.651791][   T43] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  661.830716][T13065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1790'.
[  662.179944][T13072] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1793'.
[  662.207550][T13072] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1793'.
[  662.272428][ T5970] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  662.402629][ T5970] usb 6-1: device descriptor read/64, error -71
[  662.542374][ T5899] usb 5-1: new full-speed USB device number 74 using dummy_hcd
[  662.642629][ T5970] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  662.714983][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  662.727399][ T5899] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  662.745414][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  662.779320][ T5899] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  662.792709][ T5970] usb 6-1: device descriptor read/64, error -71
[  662.793946][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.822020][ T5899] usb 5-1: Product: syz
[  662.834062][ T5899] usb 5-1: Manufacturer: syz
[  662.844963][ T5899] usb 5-1: SerialNumber: syz
[  662.885151][ T5899] usb 5-1: config 0 descriptor??
[  662.895231][T13070] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  662.907640][T13070] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  662.919336][ T5970] usb usb6-port1: attempt power cycle
[  662.935431][ T5899] usb 5-1: ucan: probing device on interface #0
[  663.152494][ T5899] usb 5-1: ucan: device protocol version 0 is not supported
[  663.167558][ T5899] usb 5-1: ucan: probe failed; try to update the device firmware
[  663.302933][ T5970] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  663.344493][ T5970] usb 6-1: device descriptor read/8, error -71
[  663.383813][T13070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.458438][T13090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1796'.
[  663.494225][T13070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.548664][   T43] usb 5-1: USB disconnect, device number 74
[  663.622323][ T5970] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  663.658226][ T5970] usb 6-1: device descriptor read/8, error -71
[  663.780561][ T5970] usb usb6-port1: unable to enumerate USB device
[  663.991980][T13083] syz.6.1795 (13083): drop_caches: 2
[  664.882304][   T43] usb 7-1: new full-speed USB device number 34 using dummy_hcd
[  665.069020][   T43] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  665.080495][   T43] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  665.107949][   T43] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  665.138426][T13121] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1805'.
[  665.141894][   T43] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  665.197505][   T43] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  665.273265][   T43] usb 7-1: config 0 interface 0 has no altsetting 0
[  665.282830][   T43] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  665.294948][   T43] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  665.304372][   T43] usb 7-1: Product: syz
[  665.308561][   T43] usb 7-1: Manufacturer: syz
[  665.348741][   T43] usb 7-1: SerialNumber: syz
[  665.373716][   T43] usb 7-1: config 0 descriptor??
[  665.468393][T13111] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  665.518059][   T43] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  665.550958][   T43] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  666.472029][T13136] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  667.002399][   T90] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  667.165678][   T90] usb 3-1: config 0 has no interfaces?
[  667.175887][   T90] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  667.197626][   T90] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  667.217894][   T90] usb 3-1: Product: syz
[  667.223035][   T90] usb 3-1: Manufacturer: syz
[  667.228010][   T90] usb 3-1: SerialNumber: syz
[  667.252809][   T90] usb 3-1: config 0 descriptor??
[  667.429436][T13148] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1813'.
[  667.439805][T13148] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1813'.
[  667.522927][   T90] usb 7-1: USB disconnect, device number 34
[  667.585304][   T90] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  667.625583][   T43] usb 3-1: USB disconnect, device number 105
[  667.731362][T13153] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  668.131706][T13159] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1816'.
[  668.141334][T13157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1814'.
[  668.172530][T13159] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1816'.
[  668.323029][T13155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1814'.
[  668.983066][ T5960] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  669.150530][ T5960] usb 4-1: config 0 has no interfaces?
[  669.392472][ T5960] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  669.411961][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.562290][ T5960] usb 4-1: Product: syz
[  669.566536][ T5960] usb 4-1: Manufacturer: syz
[  669.571190][ T5960] usb 4-1: SerialNumber: syz
[  669.624725][ T5960] usb 4-1: config 0 descriptor??
[  670.393614][T13192] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.096118][ T5970] usb 6-1: new full-speed USB device number 68 using dummy_hcd
[  671.139171][T13197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1824'.
[  671.183073][T13197] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1824'.
[  671.239096][T13197] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1824'.
[  671.284589][ T5970] usb 6-1: config 1 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  671.325995][ T5970] usb 6-1: config 1 interface 0 has no altsetting 0
[  671.356131][ T5970] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  671.375655][ T5970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.409264][ T5899] usb 4-1: USB disconnect, device number 64
[  671.425978][ T5970] usb 6-1: Product: syz
[  671.475480][ T5970] usb 6-1: Manufacturer: syz
[  671.480184][ T5970] usb 6-1: SerialNumber: syz
[  671.624791][T13199] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1836'.
[  672.062494][ T5899] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[  672.133557][ T5926] usb 3-1: new full-speed USB device number 106 using dummy_hcd
[  672.225567][ T5899] usb 5-1: config 1 interface 0 has no altsetting 0
[  672.265873][ T5970] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 68 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  672.269030][ T5899] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  672.290887][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.299515][ T5899] usb 5-1: Product: syz
[  672.304145][ T5899] usb 5-1: Manufacturer: syz
[  672.304583][ T5926] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  672.308898][ T5899] usb 5-1: SerialNumber: syz
[  672.422965][ T5926] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  672.447994][ T5926] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  672.469304][ T5926] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  672.485851][ T5926] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  672.815147][ T5926] usb 3-1: config 0 interface 0 has no altsetting 0
[  672.827811][ T5926] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  672.833994][T13195] xt_CT: No such helper "snmp_trap"
[  672.837653][ T5926] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  672.856854][ T5926] usb 3-1: Product: syz
[  672.862121][ T5926] usb 3-1: Manufacturer: syz
[  672.868346][ T5926] usb 3-1: SerialNumber: syz
[  672.898339][ T5926] usb 3-1: config 0 descriptor??
[  672.906590][T13211] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  672.941349][ T5926] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  672.961069][ T5926] ldusb 3-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  673.216826][ T5899] usblp 5-1:1.0: usblp2: USB Unidirectional printer dev 75 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  673.338885][T13227] FAULT_INJECTION: forcing a failure.
[  673.338885][T13227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  673.353231][T13227] CPU: 0 UID: 0 PID: 13227 Comm: syz.3.1832 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  673.353262][T13227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  673.353277][T13227] Call Trace:
[  673.353286][T13227]  <TASK>
[  673.353308][T13227]  dump_stack_lvl+0x189/0x250
[  673.353345][T13227]  ? __pfx____ratelimit+0x10/0x10
[  673.353378][T13227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  673.353411][T13227]  ? __pfx__printk+0x10/0x10
[  673.353433][T13227]  ? __might_fault+0xb0/0x130
[  673.353464][T13227]  should_fail_ex+0x414/0x560
[  673.353497][T13227]  _copy_from_iter+0x1db/0x16f0
[  673.353533][T13227]  ? rcu_is_watching+0x15/0xb0
[  673.353567][T13227]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  673.353590][T13227]  ? __pfx__copy_from_iter+0x10/0x10
[  673.353622][T13227]  ? __build_skb_around+0x257/0x3e0
[  673.353650][T13227]  ? netlink_sendmsg+0x642/0xb30
[  673.353674][T13227]  ? skb_put+0x11b/0x210
[  673.353702][T13227]  netlink_sendmsg+0x6b2/0xb30
[  673.353736][T13227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  673.353764][T13227]  ? __import_iovec+0x5d4/0x7f0
[  673.353783][T13227]  ? aa_sock_msg_perm+0x94/0x160
[  673.353811][T13227]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  673.353837][T13227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  673.353866][T13227]  __sock_sendmsg+0x219/0x270
[  673.353900][T13227]  ____sys_sendmsg+0x505/0x830
[  673.353933][T13227]  ? __pfx_____sys_sendmsg+0x10/0x10
[  673.353976][T13227]  ___sys_sendmsg+0x21f/0x2a0
[  673.354005][T13227]  ? __pfx____sys_sendmsg+0x10/0x10
[  673.354068][T13227]  ? __fget_files+0x2a/0x420
[  673.354091][T13227]  ? __fget_files+0x3a0/0x420
[  673.354123][T13227]  __sys_sendmsg+0x164/0x220
[  673.354160][T13227]  ? __pfx___sys_sendmsg+0x10/0x10
[  673.354201][T13227]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  673.354239][T13227]  ? lockdep_hardirqs_on+0x9c/0x150
[  673.354273][T13227]  __do_fast_syscall_32+0xb6/0x2b0
[  673.354294][T13227]  ? lockdep_hardirqs_on+0x9c/0x150
[  673.354330][T13227]  do_fast_syscall_32+0x34/0x80
[  673.354368][T13227]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  673.354395][T13227] RIP: 0023:0xf70de539
[  673.354414][T13227] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  673.354433][T13227] RSP: 002b:00000000f50ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  673.354456][T13227] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000e80
[  673.354471][T13227] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  673.354484][T13227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  673.354496][T13227] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  673.354509][T13227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  673.354539][T13227]  </TASK>
[  673.695816][T13206] xt_CT: No such helper "snmp_trap"
[  674.053601][T13206] FAULT_INJECTION: forcing a failure.
[  674.053601][T13206] name failslab, interval 1, probability 0, space 0, times 0
[  674.071872][T13206] CPU: 0 UID: 0 PID: 13206 Comm: syz.4.1827 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  674.071905][T13206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  674.071920][T13206] Call Trace:
[  674.071929][T13206]  <TASK>
[  674.071939][T13206]  dump_stack_lvl+0x189/0x250
[  674.071978][T13206]  ? __pfx____ratelimit+0x10/0x10
[  674.072012][T13206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  674.072046][T13206]  ? __pfx__printk+0x10/0x10
[  674.072082][T13206]  ? __pfx___might_resched+0x10/0x10
[  674.072135][T13206]  ? fs_reclaim_acquire+0x7d/0x100
[  674.072170][T13206]  should_fail_ex+0x414/0x560
[  674.072204][T13206]  should_failslab+0xa8/0x100
[  674.072230][T13206]  __kmalloc_noprof+0xcb/0x4f0
[  674.072249][T13206]  ? tomoyo_encode+0x28b/0x550
[  674.072284][T13206]  tomoyo_encode+0x28b/0x550
[  674.072321][T13206]  tomoyo_realpath_from_path+0x58d/0x5d0
[  674.072367][T13206]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  674.072394][T13206]  tomoyo_path_number_perm+0x1e8/0x5a0
[  674.072423][T13206]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  674.072471][T13206]  ? __lock_acquire+0xab9/0xd20
[  674.072524][T13206]  ? __fget_files+0x2a/0x420
[  674.072554][T13206]  ? __fget_files+0x3a0/0x420
[  674.072577][T13206]  ? __fget_files+0x2a/0x420
[  674.072605][T13206]  security_file_ioctl_compat+0xcb/0x2d0
[  674.072632][T13206]  __ia32_compat_sys_ioctl+0x128/0x840
[  674.072669][T13206]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  674.072702][T13206]  ? __fget_files+0x3a0/0x420
[  674.072734][T13206]  ? fput+0xa0/0xd0
[  674.072762][T13206]  ? ksys_write+0x22a/0x250
[  674.072791][T13206]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  674.072827][T13206]  ? lockdep_hardirqs_on+0x9c/0x150
[  674.072863][T13206]  __do_fast_syscall_32+0xb6/0x2b0
[  674.072895][T13206]  do_fast_syscall_32+0x34/0x80
[  674.072917][T13206]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  674.072942][T13206] RIP: 0023:0xf7f23539
[  674.072960][T13206] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  674.072979][T13206] RSP: 002b:00000000f5045504 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  674.073002][T13206] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0085508
[  674.073018][T13206] RDX: 00000000f5045548 RSI: 00000000f73b2ff4 RDI: 0000000080007680
[  674.073032][T13206] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[  674.073045][T13206] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  674.073059][T13206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  674.073097][T13206]  </TASK>
[  674.342880][T13206] ERROR: Out of memory at tomoyo_realpath_from_path.
[  674.482526][ T5970] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  674.645730][ T5970] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  674.676697][ T5970] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129
[  674.681865][   T90] usb 6-1: USB disconnect, device number 68
[  674.710472][ T5970] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  674.728229][   T90] usblp0: removed
[  674.733257][ T5970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.752056][ T5926] usb 3-1: USB disconnect, device number 106
[  674.768515][ T5970] usb 4-1: Product: syz
[  674.791771][ T5970] usb 4-1: Manufacturer: syz
[  674.798550][ T5926] ldusb 3-1:0.0: LD USB Device #1 now disconnected
[  674.810948][ T5970] usb 4-1: SerialNumber: syz
[  674.832695][ T5970] usb 4-1: config 0 descriptor??
[  674.853414][T13237] netlink: zone id is out of range
[  674.858834][T13237] netlink: zone id is out of range
[  674.881462][T13237] netlink: zone id is out of range
[  674.894721][T13237] netlink: zone id is out of range
[  674.901218][T13237] netlink: zone id is out of range
[  674.909324][T13237] netlink: zone id is out of range
[  674.914931][T13237] netlink: zone id is out of range
[  674.920862][T13237] netlink: zone id is out of range
[  674.929311][T13237] netlink: zone id is out of range
[  674.936691][T13237] netlink: zone id is out of range
[  675.060596][ T5970] mos7840 4-1:0.0: required endpoints missing
[  675.086173][ T5970] usb 4-1: USB disconnect, device number 65
[  675.174021][T13244] __nla_validate_parse: 2 callbacks suppressed
[  675.174042][T13244] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1839'.
[  675.194348][T13244] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1839'.
[  675.204690][T13244] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1839'.
[  675.457610][ T5970] usb 5-1: USB disconnect, device number 75
[  675.470766][ T5970] usblp2: removed
[  675.699262][T13255] 8021q: adding VLAN 0 to HW filter on device bond5
[  675.782853][T13259] FAULT_INJECTION: forcing a failure.
[  675.782853][T13259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.812496][T13259] CPU: 0 UID: 0 PID: 13259 Comm: syz.4.1843 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  675.812530][T13259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  675.812544][T13259] Call Trace:
[  675.812553][T13259]  <TASK>
[  675.812562][T13259]  dump_stack_lvl+0x189/0x250
[  675.812603][T13259]  ? __pfx____ratelimit+0x10/0x10
[  675.812637][T13259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.812673][T13259]  ? __pfx__printk+0x10/0x10
[  675.812696][T13259]  ? __might_fault+0xb0/0x130
[  675.812734][T13259]  should_fail_ex+0x414/0x560
[  675.812766][T13259]  _copy_from_iter+0x1db/0x16f0
[  675.812801][T13259]  ? rcu_is_watching+0x15/0xb0
[  675.812836][T13259]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  675.812859][T13259]  ? __pfx__copy_from_iter+0x10/0x10
[  675.812894][T13259]  ? __build_skb_around+0x257/0x3e0
[  675.812923][T13259]  ? netlink_sendmsg+0x642/0xb30
[  675.812948][T13259]  ? skb_put+0x11b/0x210
[  675.812977][T13259]  netlink_sendmsg+0x6b2/0xb30
[  675.813010][T13259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.813039][T13259]  ? __import_iovec+0x5d4/0x7f0
[  675.813059][T13259]  ? aa_sock_msg_perm+0x94/0x160
[  675.813088][T13259]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  675.813116][T13259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.813145][T13259]  __sock_sendmsg+0x219/0x270
[  675.813181][T13259]  ____sys_sendmsg+0x505/0x830
[  675.813206][T13259]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.813238][T13259]  ___sys_sendmsg+0x21f/0x2a0
[  675.813272][T13259]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.813317][T13259]  ? __fget_files+0x2a/0x420
[  675.813333][T13259]  ? __fget_files+0x3a0/0x420
[  675.813357][T13259]  __sys_sendmsg+0x164/0x220
[  675.813377][T13259]  ? __pfx___sys_sendmsg+0x10/0x10
[  675.813406][T13259]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  675.813431][T13259]  ? lockdep_hardirqs_on+0x9c/0x150
[  675.813454][T13259]  __do_fast_syscall_32+0xb6/0x2b0
[  675.813469][T13259]  ? lockdep_hardirqs_on+0x9c/0x150
[  675.813493][T13259]  do_fast_syscall_32+0x34/0x80
[  675.813508][T13259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  675.813526][T13259] RIP: 0023:0xf7f23539
[  675.813539][T13259] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  675.813552][T13259] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  675.813568][T13259] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  675.813578][T13259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  675.813586][T13259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  675.813595][T13259] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  675.813603][T13259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  675.813623][T13259]  </TASK>
[  676.411391][T13270] FAULT_INJECTION: forcing a failure.
[  676.411391][T13270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.424832][T13270] CPU: 0 UID: 0 PID: 13270 Comm: syz.6.1848 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  676.424864][T13270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  676.424874][T13270] Call Trace:
[  676.424881][T13270]  <TASK>
[  676.424888][T13270]  dump_stack_lvl+0x189/0x250
[  676.424916][T13270]  ? __pfx____ratelimit+0x10/0x10
[  676.424939][T13270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  676.424962][T13270]  ? __pfx__printk+0x10/0x10
[  676.424979][T13270]  ? __might_fault+0xb0/0x130
[  676.425000][T13270]  should_fail_ex+0x414/0x560
[  676.425024][T13270]  _copy_from_iter+0x1db/0x16f0
[  676.425050][T13270]  ? rcu_is_watching+0x15/0xb0
[  676.425074][T13270]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  676.425095][T13270]  ? __pfx__copy_from_iter+0x10/0x10
[  676.425119][T13270]  ? __build_skb_around+0x257/0x3e0
[  676.425139][T13270]  ? netlink_sendmsg+0x642/0xb30
[  676.425157][T13270]  ? skb_put+0x11b/0x210
[  676.425177][T13270]  netlink_sendmsg+0x6b2/0xb30
[  676.425202][T13270]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.425222][T13270]  ? __import_iovec+0x5d4/0x7f0
[  676.425236][T13270]  ? aa_sock_msg_perm+0x94/0x160
[  676.425258][T13270]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  676.425277][T13270]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.425296][T13270]  __sock_sendmsg+0x219/0x270
[  676.425322][T13270]  ____sys_sendmsg+0x505/0x830
[  676.425346][T13270]  ? __pfx_____sys_sendmsg+0x10/0x10
[  676.425376][T13270]  ___sys_sendmsg+0x21f/0x2a0
[  676.425397][T13270]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.425442][T13270]  ? __fget_files+0x2a/0x420
[  676.425458][T13270]  ? __fget_files+0x3a0/0x420
[  676.425481][T13270]  __sys_sendmsg+0x164/0x220
[  676.425502][T13270]  ? __pfx___sys_sendmsg+0x10/0x10
[  676.425532][T13270]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  676.425557][T13270]  ? lockdep_hardirqs_on+0x9c/0x150
[  676.425581][T13270]  __do_fast_syscall_32+0xb6/0x2b0
[  676.425597][T13270]  ? lockdep_hardirqs_on+0x9c/0x150
[  676.425622][T13270]  do_fast_syscall_32+0x34/0x80
[  676.425636][T13270]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  676.425654][T13270] RIP: 0023:0xf7f14539
[  676.425667][T13270] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  676.425685][T13270] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  676.425701][T13270] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003700
[  676.425711][T13270] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  676.425720][T13270] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  676.425729][T13270] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  676.425738][T13270] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  676.425758][T13270]  </TASK>
[  676.994736][T13278] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1851'.
[  677.015070][T13278] netlink: 168 bytes leftover after parsing attributes in process `syz.6.1851'.
[  677.032569][T13278] netlink: 168 bytes leftover after parsing attributes in process `syz.6.1851'.
[  677.076005][T13284] FAULT_INJECTION: forcing a failure.
[  677.076005][T13284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  677.125222][T13284] CPU: 1 UID: 0 PID: 13284 Comm: syz.3.1852 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  677.125256][T13284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  677.125269][T13284] Call Trace:
[  677.125290][T13284]  <TASK>
[  677.125299][T13284]  dump_stack_lvl+0x189/0x250
[  677.125336][T13284]  ? __pfx____ratelimit+0x10/0x10
[  677.125367][T13284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  677.125398][T13284]  ? __pfx__printk+0x10/0x10
[  677.125432][T13284]  should_fail_ex+0x414/0x560
[  677.125464][T13284]  _copy_to_user+0x31/0xb0
[  677.125492][T13284]  simple_read_from_buffer+0xe1/0x170
[  677.125518][T13284]  proc_fail_nth_read+0x1df/0x250
[  677.125546][T13284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.125573][T13284]  ? rw_verify_area+0x258/0x650
[  677.125602][T13284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.125628][T13284]  vfs_read+0x200/0x980
[  677.125664][T13284]  ? __pfx___mutex_lock+0x10/0x10
[  677.125684][T13284]  ? __pfx_vfs_read+0x10/0x10
[  677.125716][T13284]  ? __fget_files+0x2a/0x420
[  677.125743][T13284]  ? __fget_files+0x3a0/0x420
[  677.125763][T13284]  ? __fget_files+0x2a/0x420
[  677.125802][T13284]  ksys_read+0x145/0x250
[  677.125823][T13284]  ? __pfx_ksys_read+0x10/0x10
[  677.125855][T13284]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  677.125888][T13284]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.125921][T13284]  __do_fast_syscall_32+0xb6/0x2b0
[  677.125942][T13284]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.125975][T13284]  do_fast_syscall_32+0x34/0x80
[  677.125995][T13284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  677.126019][T13284] RIP: 0023:0xf70de539
[  677.126037][T13284] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  677.126055][T13284] RSP: 002b:00000000f50ce590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  677.126075][T13284] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ce620
[  677.126089][T13284] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  677.126102][T13284] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  677.126113][T13284] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  677.126125][T13284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  677.126153][T13284]  </TASK>
[  677.644415][T13292] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1853'.
[  677.686931][T13292] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1853'.
[  677.906682][T13292] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1853'.
[  677.917526][T13292] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1853'.
[  678.042710][   T90] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  678.218284][   T90] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  678.244151][   T90] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129
[  678.265901][   T90] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  678.275409][   T90] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.283993][   T90] usb 4-1: Product: syz
[  678.288682][   T90] usb 4-1: Manufacturer: syz
[  678.293779][   T90] usb 4-1: SerialNumber: syz
[  678.319486][   T90] usb 4-1: config 0 descriptor??
[  678.440100][T13306] FAULT_INJECTION: forcing a failure.
[  678.440100][T13306] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  678.498076][T13306] CPU: 0 UID: 0 PID: 13306 Comm: syz.4.1857 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  678.498111][T13306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  678.498128][T13306] Call Trace:
[  678.498135][T13306]  <TASK>
[  678.498142][T13306]  dump_stack_lvl+0x189/0x250
[  678.498170][T13306]  ? __pfx____ratelimit+0x10/0x10
[  678.498194][T13306]  ? __pfx_dump_stack_lvl+0x10/0x10
[  678.498218][T13306]  ? __pfx__printk+0x10/0x10
[  678.498243][T13306]  should_fail_ex+0x414/0x560
[  678.498267][T13306]  _copy_to_user+0x31/0xb0
[  678.498285][T13306]  simple_read_from_buffer+0xe1/0x170
[  678.498304][T13306]  proc_fail_nth_read+0x1df/0x250
[  678.498325][T13306]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  678.498346][T13306]  ? rw_verify_area+0x258/0x650
[  678.498368][T13306]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  678.498387][T13306]  vfs_read+0x200/0x980
[  678.498414][T13306]  ? __pfx___mutex_lock+0x10/0x10
[  678.498430][T13306]  ? __pfx_vfs_read+0x10/0x10
[  678.498453][T13306]  ? __fget_files+0x2a/0x420
[  678.498473][T13306]  ? __fget_files+0x3a0/0x420
[  678.498489][T13306]  ? __fget_files+0x2a/0x420
[  678.498512][T13306]  ksys_read+0x145/0x250
[  678.498527][T13306]  ? __pfx_ksys_read+0x10/0x10
[  678.498552][T13306]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  678.498577][T13306]  ? lockdep_hardirqs_on+0x9c/0x150
[  678.498601][T13306]  __do_fast_syscall_32+0xb6/0x2b0
[  678.498621][T13306]  do_fast_syscall_32+0x34/0x80
[  678.498636][T13306]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  678.498655][T13306] RIP: 0023:0xf7f23539
[  678.498674][T13306] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  678.498689][T13306] RSP: 002b:00000000f5046590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  678.498705][T13306] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5046620
[  678.498716][T13306] RDX: 000000000000000f RSI: 00000000f73b2ff4 RDI: 0000000000000000
[  678.498725][T13306] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  678.498734][T13306] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  678.498743][T13306] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  678.498765][T13306]  </TASK>
[  678.984761][   T90] mos7840 4-1:0.0: required endpoints missing
[  679.002207][   T90] usb 4-1: USB disconnect, device number 66
[  679.501590][T13323] netlink: 'syz.6.1864': attribute type 4 has an invalid length.
[  679.982612][T13337] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  680.017853][T13337] net_ratelimit: 10 callbacks suppressed
[  680.017870][T13337] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  681.326347][T13353] __nla_validate_parse: 5 callbacks suppressed
[  681.326410][T13353] netlink: 84 bytes leftover after parsing attributes in process `syz.6.1869'.
[  681.800209][T13359] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1872'.
[  681.852424][T13359] netlink: 35 bytes leftover after parsing attributes in process `syz.4.1872'.
[  681.995406][T13361] netlink: 'syz.5.1874': attribute type 1 has an invalid length.
[  682.148247][T13361] 8021q: adding VLAN 0 to HW filter on device bond4
[  682.243153][T13364] bond2: (slave veth0_to_bond): Releasing active interface
[  682.324212][T13364] bond4: (slave veth0_to_bond): making interface the new active one
[  682.336882][T13364] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  682.509442][T13370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1876'.
[  682.530885][T13370] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1876'.
[  682.545780][T13363] bond4: (slave veth9): Enslaving as an active interface with a down link
[  682.562544][T13370] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1876'.
[  682.672578][ T5960] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  682.822654][ T5960] usb 5-1: Using ep0 maxpacket: 16
[  682.832514][ T5970] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  682.842899][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  682.913045][ T5960] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  682.930322][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.939758][ T5960] usb 5-1: Product: syz
[  682.944494][ T5960] usb 5-1: Manufacturer: syz
[  682.949746][ T5960] usb 5-1: SerialNumber: syz
[  683.064055][ T5960] usb 5-1: config 0 descriptor??
[  683.112381][ T5970] usb 7-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  683.121677][ T5970] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 129
[  683.147783][ T5970] usb 7-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  683.176367][ T5970] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.186608][ T5970] usb 7-1: Product: syz
[  683.193342][ T5970] usb 7-1: Manufacturer: syz
[  683.295009][ T5970] usb 7-1: SerialNumber: syz
[  683.326929][ T5970] usb 7-1: config 0 descriptor??
[  683.915710][ T5970] mos7840 7-1:0.0: required endpoints missing
[  683.932761][ T5970] usb 7-1: USB disconnect, device number 35
[  684.610980][T13397] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1885'.
[  685.052702][ T5970] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  685.262617][ T5970] usb 4-1: Using ep0 maxpacket: 16
[  685.270193][ T5970] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  685.281130][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  685.370965][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  685.421353][ T5970] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  685.461646][ T5970] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  685.479624][ T5960] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  685.523989][ T5960] em28xx 5-1:0.0: DVB interface 0 found: isoc
[  685.591842][ T5970] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  685.601755][ T5970] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  685.641597][ T5970] usb 4-1: Manufacturer: syz
[  685.642830][ T5960] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  685.730631][ T5970] usb 4-1: config 0 descriptor??
[  685.856019][ T5960] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  685.890192][ T5960] em28xx 5-1:0.0: board has no eeprom
[  685.974226][ T5960] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  685.996324][ T5960] em28xx 5-1:0.0: dvb set to isoc mode.
[  686.016071][ T5899] em28xx 5-1:0.0: Binding DVB extension
[  686.042048][ T5960] usb 5-1: USB disconnect, device number 76
[  686.175795][ T5960] em28xx 5-1:0.0: Disconnecting em28xx
[  686.222288][ T5970] rc_core: IR keymap rc-hauppauge not found
[  686.228329][ T5970] Registered IR keymap rc-empty
[  686.234916][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.253805][T13415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1890'.
[  686.272707][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.293428][ T5970] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  686.324556][ T5970] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input70
[  686.351676][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.373482][T13415] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1890'.
[  686.383234][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.390927][T13415] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1890'.
[  686.403025][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.423677][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.454933][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.486667][ T5899] em28xx 5-1:0.0: Registering input extension
[  686.499568][ T5960] em28xx 5-1:0.0: Closing input extension
[  686.543977][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.607005][T13418] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  686.638431][ T5960] em28xx 5-1:0.0: Freeing device
[  686.702874][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.732426][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.797032][T13418] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  686.822345][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.887280][ T5970] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  686.963049][ T5970] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  686.995562][ T5970] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  687.073561][ T5970] usb 4-1: USB disconnect, device number 67
[  687.551039][T13433] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[  688.396422][T13442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1895'.
[  688.722588][ T5960] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  688.792299][ T5906] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  688.874431][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  688.897435][ T5960] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  688.910543][ T5960] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.949398][ T5960] usb 3-1: Product: syz
[  688.962079][ T5906] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  688.974049][ T5960] usb 3-1: Manufacturer: syz
[  689.032869][ T5906] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129
[  689.042104][ T5960] usb 3-1: SerialNumber: syz
[  689.121936][ T5960] usb 3-1: config 0 descriptor??
[  689.127948][ T5906] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  689.172434][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.184112][ T5960] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[  689.205520][ T5906] usb 4-1: Product: syz
[  689.223537][ T5906] usb 4-1: Manufacturer: syz
[  689.228478][ T5906] usb 4-1: SerialNumber: syz
[  689.259418][ T5906] usb 4-1: config 0 descriptor??
[  689.390197][ T5960] usb 3-1: USB disconnect, device number 107
[  689.479438][ T5906] mos7840 4-1:0.0: required endpoints missing
[  689.544191][ T5906] usb 4-1: USB disconnect, device number 68
[  689.572604][   T43] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  689.716104][   T43] usb 7-1: device descriptor read/64, error -71
[  689.973414][   T43] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  690.115663][   T43] usb 7-1: device descriptor read/64, error -71
[  690.237541][   T43] usb usb7-port1: attempt power cycle
[  690.626306][   T43] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  690.654798][   T43] usb 7-1: device descriptor read/8, error -71
[  690.902473][   T43] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  691.048808][   T43] usb 7-1: device descriptor read/8, error -71
[  691.203540][   T43] usb usb7-port1: unable to enumerate USB device
[  691.580083][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  691.586589][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  692.019057][T13475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1906'.
[  692.029183][T13475] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1906'.
[  692.039475][T13475] netlink: 'syz.4.1906': attribute type 18 has an invalid length.
[  692.180100][T13477] program syz.4.1907 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  692.612263][ T5906] usb 7-1: new full-speed USB device number 40 using dummy_hcd
[  692.767937][T13490] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1911'.
[  692.833942][ T5906] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  692.844992][ T5906] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  692.866335][ T5906] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  692.879326][ T5906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.890398][ T5906] usb 7-1: Product: syz
[  692.898771][ T5906] usb 7-1: Manufacturer: syz
[  692.904382][ T5906] usb 7-1: SerialNumber: syz
[  693.328672][ T5906] usb 7-1: 0:2 : does not exist
[  693.387183][ T5906] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[  693.517277][ T5906] usb 7-1: USB disconnect, device number 40
[  693.634463][ T5820] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  693.797161][ T5820] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  693.817676][ T5820] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129
[  693.845276][ T5820] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  693.857781][ T5820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.868136][ T5820] usb 4-1: Product: syz
[  693.873532][ T5820] usb 4-1: Manufacturer: syz
[  693.878278][ T5820] usb 4-1: SerialNumber: syz
[  693.889275][ T5820] usb 4-1: config 0 descriptor??
[  694.118030][ T5820] mos7840 4-1:0.0: required endpoints missing
[  694.135770][ T5820] usb 4-1: USB disconnect, device number 69
[  694.312384][   T43] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  694.472371][   T43] usb 3-1: Using ep0 maxpacket: 16
[  694.490012][   T43] usb 3-1: New USB device found, idVendor=110a, idProduct=1653, bcdDevice=5e.a7
[  694.499741][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.519942][   T43] usb 3-1: Product: syz
[  694.524628][   T43] usb 3-1: Manufacturer: syz
[  694.529436][   T43] usb 3-1: SerialNumber: syz
[  694.539263][   T43] usb 3-1: config 0 descriptor??
[  694.838329][T13511] netlink: 388 bytes leftover after parsing attributes in process `syz.5.1918'.
[  695.025163][   T43] mxuport 3-1:0.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  695.034525][   T43] mxuport 3-1:0.0: probe with driver mxuport failed with error -5
[  695.064005][   T43] usb 3-1: USB disconnect, device number 108
[  695.112732][ T5906] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  695.352478][ T5906] usb 6-1: Using ep0 maxpacket: 32
[  695.370940][ T5906] usb 6-1: config 0 has no interfaces?
[  695.381978][ T5906] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  695.410215][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.429819][T13517] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1916'.
[  695.855171][ T5906] usb 6-1: config 0 descriptor??
[  696.212852][ T5899] usb 6-1: USB disconnect, device number 69
[  696.944814][T13540] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1927'.
[  696.959415][T13541] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[  697.109805][   T43] usb 7-1: new full-speed USB device number 41 using dummy_hcd
[  697.275670][   T43] usb 7-1: not running at top speed; connect to a high speed hub
[  697.286151][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  697.300640][   T43] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 96, changing to 4
[  697.319971][   T43] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  697.329295][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.339386][   T43] usb 7-1: Product: Άᕨꀜ즮ꙏಶ줭ȳ剕牮䅜鐪劫輦熐휩쩶ᴮ笒⛑琴갬宽䉥꺏訇㸖鹨蓭쇙誳䑧㡤㟖⋡ꛟⷡ繡ⱏ馃荾꘍褣徖ḒꜨꪜᷭ鐕鞎为᛭杖맾⮿♀ុ䛼﹚ᅌꁌ䠮䋐⯮顯쎆鷺꓋⡀蛪鋳歭╱䩠ʣ찛À欧䒝췉붢냪ꠟ㉖者
[  697.384671][   T43] usb 7-1: Manufacturer: ᑕ
[  697.391602][   T43] usb 7-1: SerialNumber: 包뫊䰥០깔鷛᠀핸놊觕뫆
[  697.432306][ T5926] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  697.587758][ T5926] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  697.599914][ T5926] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129
[  697.614840][ T5926] usb 4-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  697.624399][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.637855][ T5926] usb 4-1: Product: syz
[  697.642362][ T5926] usb 4-1: Manufacturer: syz
[  697.647300][ T5926] usb 4-1: SerialNumber: syz
[  697.879954][ T5926] usb 4-1: config 0 descriptor??
[  698.061200][T13546] FAULT_INJECTION: forcing a failure.
[  698.061200][T13546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  698.074921][T13546] CPU: 0 UID: 0 PID: 13546 Comm: syz.2.1929 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  698.074950][T13546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.074965][T13546] Call Trace:
[  698.074974][T13546]  <TASK>
[  698.074983][T13546]  dump_stack_lvl+0x189/0x250
[  698.075025][T13546]  ? __pfx____ratelimit+0x10/0x10
[  698.075058][T13546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.075094][T13546]  ? __pfx__printk+0x10/0x10
[  698.075129][T13546]  should_fail_ex+0x414/0x560
[  698.075159][T13546]  _copy_to_user+0x31/0xb0
[  698.075179][T13546]  simple_read_from_buffer+0xe1/0x170
[  698.075203][T13546]  proc_fail_nth_read+0x1df/0x250
[  698.075228][T13546]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  698.075258][T13546]  ? rw_verify_area+0x258/0x650
[  698.075290][T13546]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  698.075312][T13546]  vfs_read+0x200/0x980
[  698.075344][T13546]  ? __pfx___mutex_lock+0x10/0x10
[  698.075363][T13546]  ? __pfx_vfs_read+0x10/0x10
[  698.075399][T13546]  ? __fget_files+0x2a/0x420
[  698.075423][T13546]  ? __fget_files+0x3a0/0x420
[  698.075442][T13546]  ? __fget_files+0x2a/0x420
[  698.075469][T13546]  ksys_read+0x145/0x250
[  698.075487][T13546]  ? __pfx_ksys_read+0x10/0x10
[  698.075519][T13546]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  698.075552][T13546]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.075581][T13546]  __do_fast_syscall_32+0xb6/0x2b0
[  698.075599][T13546]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.075629][T13546]  do_fast_syscall_32+0x34/0x80
[  698.075646][T13546]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  698.075673][T13546] RIP: 0023:0xf7f34539
[  698.075690][T13546] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  698.075706][T13546] RSP: 002b:00000000f5056590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  698.075725][T13546] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5056620
[  698.075737][T13546] RDX: 000000000000000f RSI: 00000000f73c2ff4 RDI: 0000000000000000
[  698.075748][T13546] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  698.075758][T13546] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  698.075768][T13546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  698.075795][T13546]  </TASK>
[  698.194181][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057a88c00: rx timeout, send abort
[  698.322083][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888057a88c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  698.339720][   T43] usb 7-1: 2:1 : format type 0 is detected, processed as PCM
[  698.347632][   T43] usb 7-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  698.372733][ T5926] mos7840 4-1:0.0: required endpoints missing
[  698.389299][   T43] usb 7-1: USB disconnect, device number 41
[  698.396877][ T5926] usb 4-1: USB disconnect, device number 70
[  698.517208][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  698.573299][T13550] netlink: 'syz.5.1931': attribute type 3 has an invalid length.
[  698.731407][T13552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1933'.
[  698.741064][T13552] FAULT_INJECTION: forcing a failure.
[  698.741064][T13552] name failslab, interval 1, probability 0, space 0, times 0
[  698.756619][T13552] CPU: 1 UID: 0 PID: 13552 Comm: syz.2.1933 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  698.756648][T13552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.756662][T13552] Call Trace:
[  698.756671][T13552]  <TASK>
[  698.756681][T13552]  dump_stack_lvl+0x189/0x250
[  698.756719][T13552]  ? __pfx____ratelimit+0x10/0x10
[  698.756753][T13552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.756786][T13552]  ? __pfx__printk+0x10/0x10
[  698.756813][T13552]  ? __pfx___might_resched+0x10/0x10
[  698.756846][T13552]  ? fs_reclaim_acquire+0x7d/0x100
[  698.756876][T13552]  should_fail_ex+0x414/0x560
[  698.756910][T13552]  should_failslab+0xa8/0x100
[  698.756934][T13552]  __kmalloc_cache_noprof+0x70/0x3d0
[  698.756955][T13552]  ? alloc_netdev_mqs+0xc36/0x11e0
[  698.756992][T13552]  alloc_netdev_mqs+0xc36/0x11e0
[  698.757031][T13552]  rtnl_create_link+0x31f/0xd10
[  698.757075][T13552]  rtnl_newlink_create+0x25c/0xb00
[  698.757110][T13552]  ? __pfx_aa_get_newest_label+0x10/0x10
[  698.757142][T13552]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  698.757166][T13552]  ? rtnl_newlink+0x8db/0x1c70
[  698.757191][T13552]  ? __pfx___mutex_lock+0x10/0x10
[  698.757223][T13552]  ? ns_capable+0x8a/0xf0
[  698.757259][T13552]  rtnl_newlink+0x16d6/0x1c70
[  698.757283][T13552]  ? netlink_sendmsg+0x805/0xb30
[  698.757322][T13552]  ? __pfx_rtnl_newlink+0x10/0x10
[  698.757370][T13552]  ? kasan_quarantine_put+0xdd/0x220
[  698.757400][T13552]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.757437][T13552]  ? nlmon_xmit+0xb0/0x100
[  698.757467][T13552]  ? kmem_cache_free+0x18f/0x400
[  698.757495][T13552]  ? __local_bh_enable_ip+0x12d/0x1c0
[  698.757527][T13552]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.757558][T13552]  ? __local_bh_enable_ip+0x12d/0x1c0
[  698.757589][T13552]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  698.757626][T13552]  ? __dev_queue_xmit+0x27e/0x3a70
[  698.757670][T13552]  ? __lock_acquire+0xab9/0xd20
[  698.757727][T13552]  ? __pfx_rtnl_newlink+0x10/0x10
[  698.757749][T13552]  rtnetlink_rcv_msg+0x7cc/0xb70
[  698.757776][T13552]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  698.757798][T13552]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  698.757819][T13552]  ? ref_tracker_free+0x63a/0x7d0
[  698.757846][T13552]  ? __copy_skb_header+0xa7/0x550
[  698.757877][T13552]  ? __pfx_ref_tracker_free+0x10/0x10
[  698.757917][T13552]  netlink_rcv_skb+0x208/0x470
[  698.757944][T13552]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  698.757968][T13552]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  698.758008][T13552]  ? netlink_deliver_tap+0x2e/0x1b0
[  698.758032][T13552]  ? netlink_deliver_tap+0x2e/0x1b0
[  698.758069][T13552]  netlink_unicast+0x75b/0x8d0
[  698.758105][T13552]  netlink_sendmsg+0x805/0xb30
[  698.758142][T13552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.758170][T13552]  ? __import_iovec+0x5d4/0x7f0
[  698.758190][T13552]  ? aa_sock_msg_perm+0x94/0x160
[  698.758218][T13552]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  698.758244][T13552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.758271][T13552]  __sock_sendmsg+0x219/0x270
[  698.758308][T13552]  ____sys_sendmsg+0x505/0x830
[  698.758342][T13552]  ? __pfx_____sys_sendmsg+0x10/0x10
[  698.758388][T13552]  ___sys_sendmsg+0x21f/0x2a0
[  698.758419][T13552]  ? __pfx____sys_sendmsg+0x10/0x10
[  698.758487][T13552]  ? __fget_files+0x2a/0x420
[  698.758509][T13552]  ? __fget_files+0x3a0/0x420
[  698.758544][T13552]  __sys_sendmsg+0x164/0x220
[  698.758574][T13552]  ? __pfx___sys_sendmsg+0x10/0x10
[  698.758618][T13552]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  698.758651][T13552]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.758686][T13552]  __do_fast_syscall_32+0xb6/0x2b0
[  698.758708][T13552]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.758743][T13552]  do_fast_syscall_32+0x34/0x80
[  698.758764][T13552]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  698.758808][T13552] RIP: 0023:0xf7f34539
[  698.758827][T13552] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  698.758848][T13552] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  698.758871][T13552] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  698.758886][T13552] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  698.758899][T13552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  698.758912][T13552] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  698.758925][T13552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  698.758957][T13552]  </TASK>
[  699.512320][ T5899] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  699.532541][ T5960] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  699.676688][ T5899] usb 7-1: Using ep0 maxpacket: 32
[  699.682376][ T5960] usb 6-1: Using ep0 maxpacket: 16
[  699.704151][ T5899] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  699.727133][ T5960] usb 6-1: New USB device found, idVendor=110a, idProduct=1653, bcdDevice=5e.a7
[  699.746969][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.764812][ T5899] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  699.794242][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  699.802889][ T5960] usb 6-1: Product: syz
[  699.807115][ T5960] usb 6-1: Manufacturer: syz
[  699.811757][ T5960] usb 6-1: SerialNumber: syz
[  699.825651][T13565] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1934'.
[  699.836101][ T5899] usb 7-1: Product: syz
[  699.840322][ T5899] usb 7-1: Manufacturer: syz
[  699.848748][ T5899] usb 7-1: SerialNumber: syz
[  699.855561][ T5960] usb 6-1: config 0 descriptor??
[  699.865182][ T5899] usb 7-1: config 0 descriptor??
[  699.871068][T13555] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  699.906221][ T5899] hub 7-1:0.0: bad descriptor, ignoring hub
[  699.915225][ T5899] hub 7-1:0.0: probe with driver hub failed with error -5
[  700.857904][ T5960] mxuport 6-1:0.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  700.876070][ T5960] mxuport 6-1:0.0: probe with driver mxuport failed with error -5
[  701.014662][   T43] usb 7-1: reset high-speed USB device number 42 using dummy_hcd
[  701.098893][ T5960] usb 6-1: USB disconnect, device number 70
[  701.288816][   T43] usb 7-1: device firmware changed
[  701.304751][   T43] usb 7-1: USB disconnect, device number 42
[  701.462578][   T43] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  701.632507][   T43] usb 7-1: Using ep0 maxpacket: 32
[  701.662472][   T43] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  701.705946][T13582] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1938'.
[  701.724575][   T43] usb 7-1: string descriptor 0 read error: -22
[  701.731034][   T43] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  701.744698][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1938'.
[  701.754207][   T43] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  701.783986][   T43] usb 7-1: config 0 descriptor??
[  701.794829][T13570] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  701.803638][T13582] netlink: 'syz.3.1938': attribute type 3 has an invalid length.
[  701.823699][   T43] hub 7-1:0.0: bad descriptor, ignoring hub
[  701.829694][   T43] hub 7-1:0.0: probe with driver hub failed with error -5
[  701.886856][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1939'.
[  701.925679][T13585] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  701.946146][T13585] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  702.065674][T13573] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1936'.
[  702.076223][T13573] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  702.084725][T13573] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  702.123197][   T43] usb 7-1: USB disconnect, device number 43
[  702.252557][ T5960] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  702.588883][ T5960] usb 6-1: Using ep0 maxpacket: 8
[  702.623410][ T5960] usb 6-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a
[  702.667579][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.695384][ T5960] usb 6-1: Product: syz
[  702.705521][ T5960] usb 6-1: Manufacturer: syz
[  702.714916][ T5960] usb 6-1: SerialNumber: syz
[  702.734981][ T5960] usb 6-1: config 0 descriptor??
[  703.019930][ T5960] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[  703.317898][ T5960] gspca_sn9c2028: read1 error -32
[  703.360002][ T5960] gspca_sn9c2028: read1 error -32
[  703.982826][ T5899] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  704.134930][ T5899] usb 7-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  704.145687][ T5899] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 129
[  704.160292][ T5899] usb 7-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  704.177092][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.186277][ T5899] usb 7-1: Product: syz
[  704.196757][ T5899] usb 7-1: Manufacturer: syz
[  704.208301][ T5899] usb 7-1: SerialNumber: syz
[  704.238204][ T5899] usb 7-1: config 0 descriptor??
[  704.475916][ T5899] mos7840 7-1:0.0: required endpoints missing
[  704.496475][ T5899] usb 7-1: USB disconnect, device number 44
[  704.874757][T13620] FAULT_INJECTION: forcing a failure.
[  704.874757][T13620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.888437][T13620] CPU: 1 UID: 0 PID: 13620 Comm: syz.4.1950 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  704.888467][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  704.888480][T13620] Call Trace:
[  704.888489][T13620]  <TASK>
[  704.888498][T13620]  dump_stack_lvl+0x189/0x250
[  704.888536][T13620]  ? __pfx____ratelimit+0x10/0x10
[  704.888569][T13620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  704.888601][T13620]  ? __pfx__printk+0x10/0x10
[  704.888638][T13620]  should_fail_ex+0x414/0x560
[  704.888671][T13620]  _copy_to_user+0x31/0xb0
[  704.888696][T13620]  simple_read_from_buffer+0xe1/0x170
[  704.888723][T13620]  proc_fail_nth_read+0x1df/0x250
[  704.888752][T13620]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.888781][T13620]  ? rw_verify_area+0x258/0x650
[  704.888812][T13620]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.888840][T13620]  vfs_read+0x200/0x980
[  704.888877][T13620]  ? __pfx___mutex_lock+0x10/0x10
[  704.888899][T13620]  ? __pfx_vfs_read+0x10/0x10
[  704.888933][T13620]  ? __fget_files+0x2a/0x420
[  704.888961][T13620]  ? __fget_files+0x3a0/0x420
[  704.888983][T13620]  ? __fget_files+0x2a/0x420
[  704.889016][T13620]  ksys_read+0x145/0x250
[  704.889037][T13620]  ? __pfx_ksys_read+0x10/0x10
[  704.889072][T13620]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  704.889105][T13620]  ? lockdep_hardirqs_on+0x9c/0x150
[  704.889139][T13620]  __do_fast_syscall_32+0xb6/0x2b0
[  704.889160][T13620]  ? lockdep_hardirqs_on+0x9c/0x150
[  704.889196][T13620]  do_fast_syscall_32+0x34/0x80
[  704.889217][T13620]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.889243][T13620] RIP: 0023:0xf7f23539
[  704.889262][T13620] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  704.889288][T13620] RSP: 002b:00000000f5025590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  704.889309][T13620] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5025620
[  704.889324][T13620] RDX: 000000000000000f RSI: 00000000f73b2ff4 RDI: 0000000000000000
[  704.889337][T13620] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  704.889349][T13620] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  704.889361][T13620] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.889391][T13620]  </TASK>
[  705.185686][ T5899] usb 6-1: USB disconnect, device number 71
[  705.263573][T13622] netlink: 'syz.4.1952': attribute type 10 has an invalid length.
[  705.271825][T13622] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1952'.
[  705.345337][T13622] team0: entered promiscuous mode
[  705.350602][T13622] bond0: entered promiscuous mode
[  705.357356][T13622] team0: entered allmulticast mode
[  705.362665][T13622] bond0: entered allmulticast mode
[  705.368812][T13622] bridge0: port 1(team0) entered blocking state
[  705.375501][T13622] bridge0: port 1(team0) entered disabled state
[  705.385748][T13627] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1952'.
[  705.673573][ T5926] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  705.742266][ T5899] usb 6-1: new low-speed USB device number 72 using dummy_hcd
[  705.812544][ T5926] usb 3-1: device descriptor read/64, error -71
[  705.906214][ T5899] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  705.917019][ T5899] usb 6-1: config 0 has no interface number 0
[  705.932339][ T5899] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  705.946497][ T5899] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  705.957772][ T5899] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  705.968931][ T5899] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.977121][ T5960] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  705.998385][ T5899] usb 6-1: config 0 descriptor??
[  706.011165][T13629] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  706.031060][ T5899] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  706.062303][ T5926] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[  706.137691][ T5960] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  706.148029][ T5960] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  706.160527][ T5960] usb 5-1: config 1 has no interface number 0
[  706.166812][ T5960] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  706.182744][ T5960] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  706.192004][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.200119][ T5960] usb 5-1: Product: syz
[  706.204457][ T5960] usb 5-1: Manufacturer: syz
[  706.209737][ T5960] usb 5-1: SerialNumber: syz
[  706.222058][ T5960] cdc_ncm 5-1:1.1: NCM or ECM functional descriptors missing
[  706.222833][ T5926] usb 3-1: device descriptor read/64, error -71
[  706.230426][ T5960] cdc_ncm 5-1:1.1: bind() failure
[  706.342287][ T5899] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  706.362905][ T5926] usb usb3-port1: attempt power cycle
[  706.426594][T13638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  706.436617][T13638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  706.449561][ T5960] usb 5-1: USB disconnect, device number 77
[  706.494325][ T5899] usb 7-1: Using ep0 maxpacket: 16
[  706.506892][ T5899] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  706.519899][ T5899] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  706.531640][ T5899] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  706.542325][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.550389][ T5899] usb 7-1: Product: syz
[  706.555693][ T5899] usb 7-1: Manufacturer: syz
[  706.560406][ T5899] usb 7-1: SerialNumber: syz
[  706.568819][ T5899] usb 7-1: config 0 descriptor??
[  706.702563][ T5926] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  706.723784][ T5926] usb 3-1: device descriptor read/8, error -71
[  706.800494][ T5899] usb 6-1: USB disconnect, device number 72
[  706.962314][ T5926] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  707.003191][ T5926] usb 3-1: device descriptor read/8, error -71
[  707.213590][ T5926] usb usb3-port1: unable to enumerate USB device
[  707.652261][ T5899] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  707.854223][ T5899] usb 5-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  707.865166][ T5899] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 129
[  707.881809][ T5899] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  707.911389][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.946886][ T5899] usb 5-1: Product: syz
[  707.952477][ T5899] usb 5-1: Manufacturer: syz
[  707.957109][ T5899] usb 5-1: SerialNumber: syz
[  708.004916][ T5899] usb 5-1: config 0 descriptor??
[  708.022408][   T10] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  708.128240][T13657] FAULT_INJECTION: forcing a failure.
[  708.128240][T13657] name failslab, interval 1, probability 0, space 0, times 0
[  708.141975][T13657] CPU: 1 UID: 0 PID: 13657 Comm: syz.5.1963 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  708.141996][T13657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.142005][T13657] Call Trace:
[  708.142012][T13657]  <TASK>
[  708.142018][T13657]  dump_stack_lvl+0x189/0x250
[  708.142063][T13657]  ? __pfx____ratelimit+0x10/0x10
[  708.142096][T13657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.142156][T13657]  ? __pfx__printk+0x10/0x10
[  708.142182][T13657]  ? __pfx___might_resched+0x10/0x10
[  708.142216][T13657]  ? fs_reclaim_acquire+0x7d/0x100
[  708.142246][T13657]  should_fail_ex+0x414/0x560
[  708.142280][T13657]  should_failslab+0xa8/0x100
[  708.142305][T13657]  __kmalloc_cache_noprof+0x70/0x3d0
[  708.142326][T13657]  ? alloc_netdev_mqs+0xc36/0x11e0
[  708.142364][T13657]  alloc_netdev_mqs+0xc36/0x11e0
[  708.142403][T13657]  rtnl_create_link+0x31f/0xd10
[  708.142442][T13657]  rtnl_newlink_create+0x25c/0xb00
[  708.142478][T13657]  ? __pfx_aa_get_newest_label+0x10/0x10
[  708.142511][T13657]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  708.142536][T13657]  ? rtnl_newlink+0x8db/0x1c70
[  708.142562][T13657]  ? __pfx___mutex_lock+0x10/0x10
[  708.142594][T13657]  ? ns_capable+0x8a/0xf0
[  708.142630][T13657]  rtnl_newlink+0x16d6/0x1c70
[  708.142656][T13657]  ? netlink_sendmsg+0x805/0xb30
[  708.142696][T13657]  ? __pfx_rtnl_newlink+0x10/0x10
[  708.142746][T13657]  ? kasan_quarantine_put+0xdd/0x220
[  708.142778][T13657]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.142819][T13657]  ? nlmon_xmit+0xb0/0x100
[  708.142849][T13657]  ? kmem_cache_free+0x18f/0x400
[  708.142878][T13657]  ? __local_bh_enable_ip+0x12d/0x1c0
[  708.142910][T13657]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.142956][T13657]  ? __local_bh_enable_ip+0x12d/0x1c0
[  708.142988][T13657]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  708.143025][T13657]  ? __dev_queue_xmit+0x27e/0x3a70
[  708.143072][T13657]  ? __lock_acquire+0xab9/0xd20
[  708.143131][T13657]  ? __pfx_rtnl_newlink+0x10/0x10
[  708.143154][T13657]  rtnetlink_rcv_msg+0x7cc/0xb70
[  708.143181][T13657]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  708.143206][T13657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  708.143227][T13657]  ? ref_tracker_free+0x63a/0x7d0
[  708.143255][T13657]  ? __copy_skb_header+0xa7/0x550
[  708.143286][T13657]  ? __pfx_ref_tracker_free+0x10/0x10
[  708.143340][T13657]  netlink_rcv_skb+0x208/0x470
[  708.143366][T13657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  708.143391][T13657]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  708.143431][T13657]  ? netlink_deliver_tap+0x2e/0x1b0
[  708.143456][T13657]  ? netlink_deliver_tap+0x2e/0x1b0
[  708.143487][T13657]  netlink_unicast+0x75b/0x8d0
[  708.143523][T13657]  netlink_sendmsg+0x805/0xb30
[  708.143560][T13657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.143588][T13657]  ? __import_iovec+0x5d4/0x7f0
[  708.143607][T13657]  ? aa_sock_msg_perm+0x94/0x160
[  708.143635][T13657]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  708.143663][T13657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.143690][T13657]  __sock_sendmsg+0x219/0x270
[  708.143727][T13657]  ____sys_sendmsg+0x505/0x830
[  708.143760][T13657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  708.143804][T13657]  ___sys_sendmsg+0x21f/0x2a0
[  708.143835][T13657]  ? __pfx____sys_sendmsg+0x10/0x10
[  708.143902][T13657]  ? __fget_files+0x2a/0x420
[  708.143924][T13657]  ? __fget_files+0x3a0/0x420
[  708.143965][T13657]  __sys_sendmsg+0x164/0x220
[  708.143996][T13657]  ? __pfx___sys_sendmsg+0x10/0x10
[  708.144039][T13657]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  708.144072][T13657]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.144107][T13657]  __do_fast_syscall_32+0xb6/0x2b0
[  708.144130][T13657]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.144165][T13657]  do_fast_syscall_32+0x34/0x80
[  708.144186][T13657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  708.144212][T13657] RIP: 0023:0xf70fe539
[  708.144232][T13657] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  708.144250][T13657] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  708.144272][T13657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  708.144287][T13657] RDX: 000000000000c0b0 RSI: 0000000000000000 RDI: 0000000000000000
[  708.144299][T13657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  708.144311][T13657] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  708.144323][T13657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  708.144354][T13657]  </TASK>
[  708.578722][   T10] usb 4-1: Using ep0 maxpacket: 16
[  708.699292][   T43] usb 7-1: USB disconnect, device number 45
[  708.757369][   T10] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  708.767458][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.799677][ T5899] mos7840 5-1:0.0: required endpoints missing
[  708.826515][   T10] usb 4-1: Product: syz
[  708.847538][   T10] usb 4-1: Manufacturer: syz
[  708.856694][   T10] usb 4-1: SerialNumber: syz
[  708.881880][ T5899] usb 5-1: USB disconnect, device number 78
[  708.954971][   T10] usb 4-1: config 0 descriptor??
[  708.990748][   T10] ums-onetouch 4-1:0.0: USB Mass Storage device detected
[  709.302435][ T5926] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  709.362592][   T43] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  709.467940][ T5926] usb 6-1: Using ep0 maxpacket: 8
[  709.530616][ T5926] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  709.545520][ T5926] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  709.590203][   T43] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  709.599794][   T43] usb 3-1: config 0 has no interface number 0
[  709.608171][   T43] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  709.623560][ T5926] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  709.789876][   T43] usb 3-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  709.807867][ T5926] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  709.871936][   T43] usb 3-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[  709.885655][ T5926] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  709.899884][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.910789][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.085689][   T43] usb 3-1: config 0 descriptor??
[  710.267830][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  710.342079][ T5926] usb 6-1: GET_CAPABILITIES returned 0
[  710.347320][   T10] usb 3-1: USB disconnect, device number 113
[  710.349535][ T5926] usbtmc 6-1:16.0: can't read capabilities
[  710.532697][ T5899] usb 4-1: USB disconnect, device number 71
[  710.573505][   T30] kauditd_printk_skb: 681 callbacks suppressed
[  710.573534][   T30] audit: type=1326 audit(1749819217.757:6529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.644897][   T30] audit: type=1326 audit(1749819217.757:6530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=308 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.701578][   T30] audit: type=1326 audit(1749819217.757:6531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.732984][   T30] audit: type=1326 audit(1749819217.757:6532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.758797][   T30] audit: type=1326 audit(1749819217.757:6533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.788281][   T30] audit: type=1326 audit(1749819217.757:6534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  710.957979][   T30] audit: type=1326 audit(1749819217.757:6535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  711.066800][   T30] audit: type=1326 audit(1749819217.757:6536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  711.176119][   T30] audit: type=1326 audit(1749819217.757:6537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  711.200095][ T5970] usb 6-1: USB disconnect, device number 73
[  711.206657][   T43] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  711.366534][   T43] usb 3-1: Using ep0 maxpacket: 16
[  711.398231][   T30] audit: type=1326 audit(1749819217.757:6538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13664 comm="syz.5.1966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  711.445403][   T43] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  711.484443][   T43] usb 3-1: config 0 has no interface number 0
[  711.490741][   T43] usb 3-1: config 0 interface 255 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  711.555043][   T43] usb 3-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid maxpacket 4672, setting to 1024
[  711.571052][   T43] usb 3-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  711.585593][   T43] usb 3-1: New USB device found, idVendor=2001, idProduct=1a02, bcdDevice=bb.ee
[  711.595368][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.604916][   T43] usb 3-1: Product: syz
[  711.613526][   T43] usb 3-1: Manufacturer: syz
[  711.626662][   T43] usb 3-1: SerialNumber: syz
[  711.636018][   T43] usb 3-1: config 0 descriptor??
[  711.641797][T13696] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  711.649621][T13696] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  711.722426][   T10] usb 6-1: new full-speed USB device number 74 using dummy_hcd
[  711.865325][T13696] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  711.874721][T13696] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  711.910943][   T10] usb 6-1: config 0 has an invalid interface number: 230 but max is 0
[  711.928712][   T10] usb 6-1: config 0 has no interface number 0
[  711.935013][   T10] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  711.947002][   T10] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  711.958106][   T10] usb 6-1: config 0 interface 230 has no altsetting 0
[  711.970502][   T10] usb 6-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  711.981224][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.989454][   T10] usb 6-1: Product: syz
[  712.000816][   T10] usb 6-1: Manufacturer: syz
[  712.006244][   T10] usb 6-1: SerialNumber: syz
[  712.028783][   T10] usb 6-1: config 0 descriptor??
[  712.043833][T13699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  712.051288][T13699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  712.066721][   T10] ums-usbat 6-1:0.230: USB Mass Storage device detected
[  712.083343][   T10] ums-usbat 6-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  712.086474][   T43] asix 3-1:0.255 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  712.117982][T13696] @: renamed from vlan0 (while UP)
[  712.137476][   T43] asix 3-1:0.255: probe with driver asix failed with error -32
[  712.238551][T13696] netlink: 'syz.2.1974': attribute type 10 has an invalid length.
[  712.249641][T13696] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.276787][T13696] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.284182][T13696] bridge0: port 2(bridge_slave_1) entered forwarding state
[  712.292846][T13696] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.300102][T13696] bridge0: port 1(bridge_slave_0) entered forwarding state
[  712.347554][T13709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1974'.
[  712.349143][T13696] bridge0: entered promiscuous mode
[  712.366399][T13696] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  712.382033][T13709] macsec0: left allmulticast mode
[  712.389135][T13709] macsec0: left promiscuous mode
[  712.395240][T13709] bridge0: port 3(macsec0) entered disabled state
[  712.408446][T13711] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1978'.
[  712.418474][T13711] netlink: 'syz.3.1978': attribute type 3 has an invalid length.
[  712.419415][T13709] bridge_slave_1: left allmulticast mode
[  712.438654][T13709] bridge_slave_1: left promiscuous mode
[  712.446980][T13709] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.463596][T13709] bridge_slave_0: left allmulticast mode
[  712.469771][T13709] bridge_slave_0: left promiscuous mode
[  712.476215][T13709] bridge0: port 1(bridge_slave_0) entered disabled state
[  712.510523][T13709] bond0: (slave bridge0): Releasing backup interface
[  712.519029][T13709] bridge0 (unregistering): left promiscuous mode
[  712.601898][   T43] usb 3-1: USB disconnect, device number 114
[  713.653816][ T5899] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  713.670627][T13732] FAULT_INJECTION: forcing a failure.
[  713.670627][T13732] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  713.685596][T13732] CPU: 1 UID: 0 PID: 13732 Comm: syz.6.1985 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  713.685624][T13732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  713.685638][T13732] Call Trace:
[  713.685647][T13732]  <TASK>
[  713.685657][T13732]  dump_stack_lvl+0x189/0x250
[  713.685694][T13732]  ? __pfx____ratelimit+0x10/0x10
[  713.685733][T13732]  ? __pfx_dump_stack_lvl+0x10/0x10
[  713.685767][T13732]  ? __pfx__printk+0x10/0x10
[  713.685791][T13732]  ? __might_fault+0xb0/0x130
[  713.685820][T13732]  should_fail_ex+0x414/0x560
[  713.685844][T13732]  _copy_from_user+0x2d/0xb0
[  713.685860][T13732]  memdup_user+0x5e/0xd0
[  713.685879][T13732]  kvm_arch_vm_ioctl+0x7c6/0x16f0
[  713.685901][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.685922][T13732]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  713.685963][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.685988][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.686017][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.686045][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.686079][T13732]  ? is_bpf_text_address+0x26/0x2b0
[  713.686104][T13732]  ? is_bpf_text_address+0x292/0x2b0
[  713.686126][T13732]  ? is_bpf_text_address+0x26/0x2b0
[  713.686150][T13732]  ? kernel_text_address+0xa5/0xe0
[  713.686169][T13732]  ? __kernel_text_address+0xd/0x40
[  713.686186][T13732]  ? unwind_get_return_address+0x4d/0x90
[  713.686209][T13732]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  713.686225][T13732]  ? arch_stack_walk+0xfc/0x150
[  713.686248][T13732]  ? stack_trace_save+0x9c/0xe0
[  713.686268][T13732]  kvm_vm_ioctl+0x85f/0xc60
[  713.686291][T13732]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  713.686312][T13732]  ? kasan_save_track+0x4f/0x80
[  713.686332][T13732]  ? kasan_save_track+0x3e/0x80
[  713.686352][T13732]  ? kasan_save_free_info+0x46/0x50
[  713.686369][T13732]  ? __kasan_slab_free+0x62/0x70
[  713.686381][T13732]  ? kfree+0x18e/0x440
[  713.686401][T13732]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  713.686417][T13732]  ? security_file_ioctl_compat+0xcb/0x2d0
[  713.686432][T13732]  ? __ia32_compat_sys_ioctl+0x128/0x840
[  713.686453][T13732]  ? __do_fast_syscall_32+0xb6/0x2b0
[  713.686467][T13732]  ? do_fast_syscall_32+0x34/0x80
[  713.686481][T13732]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  713.686508][T13732]  ? kvm_arch_vm_compat_ioctl+0x119/0x220
[  713.686528][T13732]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  713.686553][T13732]  ? do_vfs_ioctl+0x12ba/0x1990
[  713.686577][T13732]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  713.686603][T13732]  ? kasan_quarantine_put+0xdd/0x220
[  713.686632][T13732]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  713.686650][T13732]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  713.686667][T13732]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  713.686683][T13732]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  713.686701][T13732]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  713.686737][T13732]  ? __lock_acquire+0xab9/0xd20
[  713.686766][T13732]  kvm_vm_compat_ioctl+0x265/0x330
[  713.686792][T13732]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  713.686816][T13732]  ? __fget_files+0x3a0/0x420
[  713.686832][T13732]  ? __fget_files+0x2a/0x420
[  713.686850][T13732]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  713.686874][T13732]  __ia32_compat_sys_ioctl+0x540/0x840
[  713.686898][T13732]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  713.686920][T13732]  ? __fget_files+0x3a0/0x420
[  713.686941][T13732]  ? fput+0xa0/0xd0
[  713.686959][T13732]  ? ksys_write+0x22a/0x250
[  713.686977][T13732]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  713.687001][T13732]  ? lockdep_hardirqs_on+0x9c/0x150
[  713.687024][T13732]  __do_fast_syscall_32+0xb6/0x2b0
[  713.687039][T13732]  ? lockdep_hardirqs_on+0x9c/0x150
[  713.687063][T13732]  do_fast_syscall_32+0x34/0x80
[  713.687077][T13732]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  713.687095][T13732] RIP: 0023:0xf7f14539
[  713.687109][T13732] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  713.687121][T13732] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  713.687137][T13732] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000008208ae63
[  713.687146][T13732] RDX: 0000000080000600 RSI: 0000000000000000 RDI: 0000000000000000
[  713.687155][T13732] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  713.687163][T13732] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  713.687172][T13732] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  713.687192][T13732]  </TASK>
[  714.183807][T13736] --map-set only usable from mangle table
[  714.233245][ T5899] usb 4-1: Using ep0 maxpacket: 16
[  714.417440][   T10] ums-usbat 6-1:0.230: probe with driver ums-usbat failed with error -5
[  714.675728][T13744] FAULT_INJECTION: forcing a failure.
[  714.675728][T13744] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  714.696192][T13744] CPU: 1 UID: 0 PID: 13744 Comm: syz.4.1987 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  714.696227][T13744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  714.696241][T13744] Call Trace:
[  714.696250][T13744]  <TASK>
[  714.696260][T13744]  dump_stack_lvl+0x189/0x250
[  714.696296][T13744]  ? __pfx____ratelimit+0x10/0x10
[  714.696320][T13744]  ? __pfx_dump_stack_lvl+0x10/0x10
[  714.696354][T13744]  ? __pfx__printk+0x10/0x10
[  714.696380][T13744]  ? __might_fault+0xb0/0x130
[  714.696412][T13744]  should_fail_ex+0x414/0x560
[  714.696445][T13744]  _copy_from_iter+0x1db/0x16f0
[  714.696484][T13744]  ? rcu_is_watching+0x15/0xb0
[  714.696520][T13744]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  714.696545][T13744]  ? __pfx__copy_from_iter+0x10/0x10
[  714.696580][T13744]  ? __build_skb_around+0x257/0x3e0
[  714.696610][T13744]  ? netlink_sendmsg+0x642/0xb30
[  714.696636][T13744]  ? skb_put+0x11b/0x210
[  714.696666][T13744]  netlink_sendmsg+0x6b2/0xb30
[  714.696704][T13744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  714.696735][T13744]  ? __import_iovec+0x5d4/0x7f0
[  714.696754][T13744]  ? aa_sock_msg_perm+0x94/0x160
[  714.696785][T13744]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  714.696813][T13744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  714.696842][T13744]  __sock_sendmsg+0x219/0x270
[  714.696881][T13744]  ____sys_sendmsg+0x505/0x830
[  714.696915][T13744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  714.696963][T13744]  ___sys_sendmsg+0x21f/0x2a0
[  714.696996][T13744]  ? __pfx____sys_sendmsg+0x10/0x10
[  714.697062][T13744]  ? __fget_files+0x2a/0x420
[  714.697086][T13744]  ? __fget_files+0x3a0/0x420
[  714.697122][T13744]  __sys_sendmsg+0x164/0x220
[  714.697154][T13744]  ? __pfx___sys_sendmsg+0x10/0x10
[  714.697213][T13744]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  714.697249][T13744]  ? lockdep_hardirqs_on+0x9c/0x150
[  714.697282][T13744]  __do_fast_syscall_32+0xb6/0x2b0
[  714.697304][T13744]  ? lockdep_hardirqs_on+0x9c/0x150
[  714.697366][T13744]  do_fast_syscall_32+0x34/0x80
[  714.697387][T13744]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  714.697413][T13744] RIP: 0023:0xf7f23539
[  714.697432][T13744] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  714.697453][T13744] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  714.697476][T13744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000e80
[  714.697491][T13744] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  714.697505][T13744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  714.697517][T13744] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  714.697529][T13744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  714.697561][T13744]  </TASK>
[  715.768422][T13752] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1989'.
[  716.370423][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short
[  716.401642][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -71
[  716.447337][ T5899] usb 4-1: can't read configurations, error -71
[  716.583714][ T5960] usb 6-1: USB disconnect, device number 74
[  717.101801][T13781] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1996'.
[  717.121215][ T5899] usb 4-1: new low-speed USB device number 73 using dummy_hcd
[  717.272322][ T5899] usb 4-1: device descriptor read/64, error -71
[  717.382820][ T5899] usb usb4-port1: attempt power cycle
[  717.732746][ T5899] usb 4-1: new low-speed USB device number 74 using dummy_hcd
[  717.773689][ T5899] usb 4-1: device descriptor read/8, error -71
[  718.012600][ T5899] usb 4-1: new low-speed USB device number 75 using dummy_hcd
[  718.048400][ T5899] usb 4-1: device descriptor read/8, error -71
[  718.173931][ T5899] usb usb4-port1: unable to enumerate USB device
[  718.354576][T13802] --map-set only usable from mangle table
[  718.403596][   T10] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  718.527393][T13807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  718.572610][   T10] usb 7-1: Using ep0 maxpacket: 32
[  718.579933][   T10] usb 7-1: config 0 has an invalid interface number: 19 but max is 0
[  718.592372][   T10] usb 7-1: config 0 has an invalid descriptor of length 190, skipping remainder of the config
[  718.615002][   T10] usb 7-1: config 0 has no interface number 0
[  718.621287][   T10] usb 7-1: config 0 interface 19 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  718.633656][   T10] usb 7-1: config 0 interface 19 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  718.656168][   T10] usb 7-1: New USB device found, idVendor=04a4, idProduct=0014, bcdDevice=c9.57
[  718.669655][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.678344][   T10] usb 7-1: Product: syz
[  718.682983][   T10] usb 7-1: Manufacturer: syz
[  718.687661][   T10] usb 7-1: SerialNumber: syz
[  718.697054][   T10] usb 7-1: config 0 descriptor??
[  719.009239][ T5926] usb 7-1: USB disconnect, device number 46
[  719.445893][T13822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2008'.
[  719.458744][T13822] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2008'.
[  719.500901][T13822] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2008'.
[  719.981568][T13829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2011'.
[  720.557821][T13839] FAULT_INJECTION: forcing a failure.
[  720.557821][T13839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  720.605813][T13839] CPU: 0 UID: 0 PID: 13839 Comm: syz.5.2015 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  720.605846][T13839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  720.605860][T13839] Call Trace:
[  720.605869][T13839]  <TASK>
[  720.605879][T13839]  dump_stack_lvl+0x189/0x250
[  720.605918][T13839]  ? __pfx____ratelimit+0x10/0x10
[  720.605952][T13839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  720.605985][T13839]  ? __pfx__printk+0x10/0x10
[  720.606009][T13839]  ? __might_fault+0xb0/0x130
[  720.606043][T13839]  should_fail_ex+0x414/0x560
[  720.606083][T13839]  _copy_from_user+0x2d/0xb0
[  720.606115][T13839]  kstrtouint_from_user+0xc4/0x170
[  720.606149][T13839]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  720.606198][T13839]  proc_fail_nth_write+0x88/0x240
[  720.606225][T13839]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  720.606257][T13839]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  720.606286][T13839]  vfs_write+0x27e/0xa90
[  720.606329][T13839]  ? __pfx_vfs_write+0x10/0x10
[  720.606363][T13839]  ? __fget_files+0x2a/0x420
[  720.606391][T13839]  ? __fget_files+0x3a0/0x420
[  720.606413][T13839]  ? __fget_files+0x2a/0x420
[  720.606446][T13839]  ksys_write+0x145/0x250
[  720.606469][T13839]  ? __pfx_ksys_write+0x10/0x10
[  720.606492][T13839]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  720.606527][T13839]  ? lockdep_hardirqs_on+0x9c/0x150
[  720.606565][T13839]  __do_fast_syscall_32+0xb6/0x2b0
[  720.606587][T13839]  ? lockdep_hardirqs_on+0x9c/0x150
[  720.606624][T13839]  do_fast_syscall_32+0x34/0x80
[  720.606645][T13839]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  720.606671][T13839] RIP: 0023:0xf70fe539
[  720.606690][T13839] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  720.606708][T13839] RSP: 002b:00000000f50ee590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  720.606731][T13839] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ee620
[  720.606745][T13839] RDX: 0000000000000001 RSI: 00000000f7462ff4 RDI: 0000000000000000
[  720.606759][T13839] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  720.606772][T13839] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  720.606785][T13839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  720.606816][T13839]  </TASK>
[  721.243527][ T5926] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  721.243694][ T5820] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  721.342349][   T43] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  721.392695][ T5820] usb 7-1: Using ep0 maxpacket: 8
[  721.400046][ T5926] usb 5-1: Using ep0 maxpacket: 32
[  721.407481][ T5820] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  721.407574][ T5926] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  721.429111][ T5820] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  721.449426][ T5820] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  721.459868][ T5926] usb 5-1: config 0 has no interface number 0
[  721.468555][ T5820] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  721.481768][ T5926] usb 5-1: config 0 interface 106 has no altsetting 0
[  721.491583][ T5820] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  721.506318][ T5820] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.515077][ T5926] usb 5-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[  721.528086][   T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  721.539028][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.547690][   T43] usb 6-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4
[  721.558995][ T5926] usb 5-1: Product: syz
[  721.565864][ T5926] usb 5-1: Manufacturer: syz
[  721.572599][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.588706][ T5926] usb 5-1: SerialNumber: syz
[  721.598146][   T43] usb 6-1: config 0 descriptor??
[  721.608976][ T5926] usb 5-1: config 0 descriptor??
[  721.616331][   T43] rndis_host 6-1:0.0: probe with driver rndis_host failed with error -22
[  721.627710][ T5926] cdc_phonet 5-1:0.106: probe with driver cdc_phonet failed with error -22
[  721.772885][ T5820] usb 7-1: GET_CAPABILITIES returned 0
[  721.778473][ T5820] usbtmc 7-1:16.0: can't read capabilities
[  721.811301][ T5820] usb 6-1: USB disconnect, device number 75
[  721.992008][ T5899] usb 7-1: USB disconnect, device number 47
[  722.060780][T13858] netlink: 'syz.4.2016': attribute type 5 has an invalid length.
[  722.635626][T13865] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2023'.
[  723.051648][T13860] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  723.057912][T13860] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  723.657365][ T5899] usb 5-1: USB disconnect, device number 79
[  724.639287][ T5960] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  724.964012][ T5960] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  724.977453][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.004256][ T5960] usb 4-1: config 0 descriptor??
[  725.090579][ T5960] cp210x 4-1:0.0: cp210x converter detected
[  725.132481][   T10] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  725.332410][   T10] usb 6-1: Using ep0 maxpacket: 16
[  725.344053][   T10] usb 6-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  725.362977][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.390062][   T10] usb 6-1: Product: syz
[  725.398086][   T10] usb 6-1: Manufacturer: syz
[  725.403296][   T10] usb 6-1: SerialNumber: syz
[  725.429147][   T10] usb 6-1: config 0 descriptor??
[  725.431197][   T10] ums-onetouch 6-1:0.0: USB Mass Storage device detected
[  725.493984][ T5960] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121
[  725.494035][ T5960] cp210x 4-1:0.0: querying part number failed
[  725.504504][ T5960] usb 4-1: cp210x converter now attached to ttyUSB0
[  725.580893][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2034'.
[  726.765968][T13925] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2037'.
[  727.045340][ T5820] usb 4-1: USB disconnect, device number 76
[  727.077403][ T5820] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  727.129871][ T5820] cp210x 4-1:0.0: device disconnected
[  727.137539][T13921] delete_channel: no stack
[  727.371095][   T10] usb 6-1: USB disconnect, device number 76
[  727.390743][T13931] syz_tun: entered allmulticast mode
[  727.471459][T13930] syz_tun: left allmulticast mode
[  727.949155][T13945] bond4: (slave veth0_to_bond): Releasing active interface
[  728.104238][T13950] vlan2: entered allmulticast mode
[  729.133159][   T10] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  729.302252][ T5820] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  729.302312][   T10] usb 5-1: Using ep0 maxpacket: 8
[  729.319047][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  729.332507][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  729.345016][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  729.389957][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  729.427927][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  729.448279][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.464830][ T5820] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  729.502834][ T5820] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.541344][ T5820] usb 6-1: config 0 descriptor??
[  729.566000][ T5820] cp210x 6-1:0.0: cp210x converter detected
[  729.689537][   T10] usb 5-1: GET_CAPABILITIES returned 0
[  729.713322][   T10] usbtmc 5-1:16.0: can't read capabilities
[  729.895406][   T43] usb 5-1: USB disconnect, device number 80
[  731.020358][   T43] usb 7-1: new full-speed USB device number 48 using dummy_hcd
[  731.152614][T13982] SET target dimension over the limit!
[  731.229953][   T43] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  731.242329][   T43] usb 7-1: config 0 has no interface number 0
[  731.257024][   T43] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  731.267168][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.302901][   T43] usb 7-1: config 0 descriptor??
[  731.326297][   T43] usb 7-1: selecting invalid altsetting 1
[  731.343736][   T43] dvb_ttusb_budget: ttusb_init_controller: error
[  731.359770][   T43] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  731.644451][   T43] DVB: Unable to find symbol cx22700_attach()
[  731.736124][   T43] DVB: Unable to find symbol tda10046_attach()
[  731.747663][   T43] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  731.805427][   T43] usb 7-1: USB disconnect, device number 48
[  731.949759][ T5820] cp210x 6-1:0.0: failed to get vendor val 0x370b size 1: -71
[  731.967029][ T5820] cp210x 6-1:0.0: querying part number failed
[  732.034859][ T5820] usb 6-1: cp210x converter now attached to ttyUSB0
[  732.084882][ T5820] usb 6-1: USB disconnect, device number 77
[  732.114772][ T5820] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  732.132573][ T5820] cp210x 6-1:0.0: device disconnected
[  732.177378][T13999] fuse: Unknown parameter 'dont_appraise'
[  732.196081][T13998] netlink: 'syz.5.2058': attribute type 1 has an invalid length.
[  732.218641][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  732.218661][   T30] audit: type=1326 audit(1749819239.417:6591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14000 comm="syz.4.2059" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f23539 code=0x0
[  732.402970][T14003] bond4: (slave veth0_to_bond): Releasing active interface
[  732.410832][T14003] bond4: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  732.573286][   T10] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  732.732571][   T10] usb 5-1: Using ep0 maxpacket: 16
[  732.739688][   T10] usb 5-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  732.752647][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  732.772026][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.812672][   T10] usb 5-1: Product: syz
[  732.823106][   T10] usb 5-1: Manufacturer: syz
[  732.829064][   T10] usb 5-1: SerialNumber: syz
[  732.846786][   T10] usb 5-1: config 0 descriptor??
[  735.053204][T14036] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2067'.
[  735.258424][   T10] usb 5-1: USB disconnect, device number 81
[  735.545549][T14032] delete_channel: no stack
[  735.603386][T14040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2069'.
[  735.639516][T14044] IPv6: NLM_F_REPLACE set, but no existing node found!
[  735.658534][T14043] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2070'.
[  735.892525][   T10] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  736.072778][   T10] usb 3-1: Using ep0 maxpacket: 32
[  736.088149][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 114, changing to 10
[  736.110880][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26122, setting to 1024
[  736.143477][   T10] usb 3-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[  736.164241][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.183257][   T10] usb 3-1: config 0 descriptor??
[  736.203093][T14040] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  736.623745][T14040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.639726][T14040] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.806690][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  736.882449][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  736.933828][   T10] usb 3-1: USB disconnect, device number 115
[  737.586519][T14081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2083'.
[  737.612649][T14082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2083'.
[  737.657625][T14081] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2083'.
[  737.657632][T14082] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2083'.
[  737.683041][   T10] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  737.852464][   T10] usb 5-1: Using ep0 maxpacket: 32
[  737.864028][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 31720, setting to 1024
[  737.891169][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024
[  737.921340][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  737.933981][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.964610][   T10] usb 5-1: config 0 descriptor??
[  738.013441][T14077] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  738.037217][   T10] hub 5-1:0.0: bad descriptor, ignoring hub
[  738.064276][   T10] hub 5-1:0.0: probe with driver hub failed with error -5
[  738.113049][   T10] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  738.495232][   T43] usb 5-1: USB disconnect, device number 82
[  738.595450][ T5820] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[  738.746810][T14102] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2088'.
[  738.923234][ T5820] usb 7-1: Using ep0 maxpacket: 32
[  739.038301][ T5820] usb 7-1: config 0 has an invalid interface number: 106 but max is 0
[  739.046610][ T5820] usb 7-1: config 0 has no interface number 0
[  739.053226][ T5820] usb 7-1: config 0 interface 106 has no altsetting 0
[  739.112385][ T5820] usb 7-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[  739.121708][ T5820] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.132917][ T5820] usb 7-1: Product: syz
[  739.144372][ T5820] usb 7-1: Manufacturer: syz
[  739.235820][ T5820] usb 7-1: SerialNumber: syz
[  739.255171][ T5820] usb 7-1: config 0 descriptor??
[  739.266561][ T5820] cdc_phonet 7-1:0.106: probe with driver cdc_phonet failed with error -22
[  739.788506][T14115] netlink: 'syz.6.2086': attribute type 5 has an invalid length.
[  741.041741][   T90] usb 7-1: USB disconnect, device number 49
[  742.073025][ T5820] usb 3-1: new full-speed USB device number 116 using dummy_hcd
[  742.275212][ T5820] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  742.284053][ T5820] usb 3-1: config 0 has no interface number 0
[  742.292994][ T5820] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  742.303597][ T5820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.321791][ T5820] usb 3-1: Product: syz
[  742.335855][ T5820] usb 3-1: Manufacturer: syz
[  742.375596][ T5820] usb 3-1: SerialNumber: syz
[  742.433139][ T5820] usb 3-1: config 0 descriptor??
[  742.646775][ T5820] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[  742.680790][T14149] syz.3.2099 (14149): drop_caches: 2
[  742.732697][ T5820] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[  742.775267][ T5820] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[  742.800469][ T5820] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[  742.853700][ T5820] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  742.897712][ T5820] usb 3-1: USB disconnect, device number 116
[  742.957020][ T5820] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  743.010139][T14159] netlink: 'syz.6.2096': attribute type 2 has an invalid length.
[  743.047396][ T5820] keyspan 3-1:0.133: device disconnected
[  743.242678][   T90] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  743.406226][T14159] : entered promiscuous mode
[  743.422744][   T90] usb 4-1: Using ep0 maxpacket: 8
[  743.472465][   T90] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  743.480863][   T90] usb 4-1: config 179 has no interface number 0
[  743.504170][   T90] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  743.567985][   T90] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  743.600881][   T90] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  743.644122][   T90] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  743.697232][   T90] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  743.758867][   T90] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  743.779621][   T90] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.830238][T14158] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  744.337217][T14174] netlink: 'syz.5.2106': attribute type 1 has an invalid length.
[  744.527352][ T5926] usb 4-1: USB disconnect, device number 77
[  744.527462][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  744.541791][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  744.551405][    C0] ==================================================================
[  744.559504][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  744.567318][    C0] Read of size 4 at addr ffff88805f50f85c by task udevd/5207
[  744.574688][    C0] 
[  744.577011][    C0] CPU: 0 UID: 0 PID: 5207 Comm: udevd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  744.577030][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  744.577040][    C0] Call Trace:
[  744.577047][    C0]  <IRQ>
[  744.577054][    C0]  dump_stack_lvl+0x189/0x250
[  744.577080][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  744.577095][    C0]  ? rcu_is_watching+0x15/0xb0
[  744.577118][    C0]  ? __kasan_check_byte+0x12/0x40
[  744.577134][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.577157][    C0]  ? rcu_is_watching+0x15/0xb0
[  744.577180][    C0]  ? lock_release+0x4b/0x3e0
[  744.577202][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  744.577217][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  744.577233][    C0]  print_report+0xd2/0x2b0
[  744.577253][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  744.577269][    C0]  kasan_report+0x118/0x150
[  744.577285][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  744.577304][    C0]  do_raw_spin_lock+0x23d/0x290
[  744.577320][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  744.577339][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  744.577359][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  744.577381][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  744.577403][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  744.577424][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  744.577445][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[  744.577463][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  744.577480][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  744.577500][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  744.577517][    C0]  dummy_timer+0x862/0x4550
[  744.577544][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  744.577571][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  744.577588][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  744.577604][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  744.577619][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  744.577649][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  744.577671][    C0]  ? read_tsc+0x9/0x20
[  744.577689][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  744.577715][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  744.577730][    C0]  handle_softirqs+0x286/0x870
[  744.577754][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  744.577778][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  744.577802][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  744.577821][    C0]  __irq_exit_rcu+0xca/0x1f0
[  744.577848][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  744.577873][    C0]  irq_exit_rcu+0x9/0x30
[  744.577894][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  744.577917][    C0]  </IRQ>
[  744.577922][    C0]  <TASK>
[  744.577928][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  744.577945][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  744.577966][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b aa fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  744.577979][    C0] RSP: 0018:ffffc900032a6738 EFLAGS: 00000206
[  744.577993][    C0] RAX: 8c77a253b1c13b00 RBX: 0000000000000000 RCX: 8c77a253b1c13b00
[  744.578005][    C0] RDX: 0000000000000000 RSI: ffffffff8db6e013 RDI: ffffffff8be28300
[  744.578016][    C0] RBP: ffffffff81729de5 R08: 0000000000000000 R09: ffffffff81729de5
[  744.578026][    C0] R10: ffffc900032a6908 R11: fffff52000654d2d R12: 0000000000000002
[  744.578037][    C0] R13: ffffffff8e13eda0 R14: 0000000000000000 R15: 0000000000000246
[  744.578048][    C0]  ? unwind_next_frame+0xa5/0x2390
[  744.578071][    C0]  ? unwind_next_frame+0xa5/0x2390
[  744.578099][    C0]  ? __unwind_start+0xf8/0x760
[  744.578122][    C0]  ? unwind_next_frame+0xa5/0x2390
[  744.578144][    C0]  unwind_next_frame+0xc2/0x2390
[  744.578165][    C0]  ? unwind_next_frame+0xa5/0x2390
[  744.578190][    C0]  ? get_stack_info_noinstr+0x1b/0x130
[  744.578211][    C0]  __unwind_start+0x5b9/0x760
[  744.578235][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  744.578252][    C0]  arch_stack_walk+0xe4/0x150
[  744.578268][    C0]  ? __unwind_start+0xf8/0x760
[  744.578292][    C0]  stack_trace_save+0x9c/0xe0
[  744.578308][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  744.578327][    C0]  ? __lock_acquire+0xab9/0xd20
[  744.578347][    C0]  kasan_save_track+0x3e/0x80
[  744.578388][    C0]  ? __es_remove_extent+0x8c2/0x1780
[  744.578408][    C0]  kasan_save_free_info+0x46/0x50
[  744.578427][    C0]  __kasan_slab_free+0x62/0x70
[  744.578440][    C0]  kmem_cache_free+0x18f/0x400
[  744.578457][    C0]  __es_remove_extent+0x8c2/0x1780
[  744.578484][    C0]  ? __pfx___es_remove_extent+0x10/0x10
[  744.578508][    C0]  ext4_es_insert_extent+0x54b/0x3120
[  744.578535][    C0]  ? __pfx_ext4_es_insert_extent+0x10/0x10
[  744.578557][    C0]  ? __lock_acquire+0xab9/0xd20
[  744.578579][    C0]  ext4_map_query_blocks+0x296/0x930
[  744.578603][    C0]  ? __pfx_ext4_map_query_blocks+0x10/0x10
[  744.578623][    C0]  ? rcu_is_watching+0x15/0xb0
[  744.578647][    C0]  ? down_read+0x1ad/0x2e0
[  744.578663][    C0]  ext4_map_blocks+0x3e9/0x18d0
[  744.578682][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  744.578708][    C0]  ? __kernel_text_address+0xd/0x40
[  744.578728][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  744.578745][    C0]  ? __pfx_ext4_map_blocks+0x10/0x10
[  744.578772][    C0]  ext4_getblk+0x1a9/0x760
[  744.578793][    C0]  ? __pfx_ext4_getblk+0x10/0x10
[  744.578812][    C0]  ? walk_component+0x2d2/0x400
[  744.578830][    C0]  ? vfs_fstatat+0x118/0x170
[  744.578853][    C0]  ? __pfx___might_resched+0x10/0x10
[  744.578879][    C0]  ext4_bread_batch+0x67/0x4b0
[  744.578901][    C0]  __ext4_find_entry+0x1082/0x1f20
[  744.578929][    C0]  ? __pfx___ext4_find_entry+0x10/0x10
[  744.578951][    C0]  ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[  744.578976][    C0]  ? d_alloc_parallel+0x13d0/0x14e0
[  744.578999][    C0]  ext4_lookup+0x13d/0x6c0
[  744.579019][    C0]  ? __pfx_ext4_lookup+0x10/0x10
[  744.579041][    C0]  ? __raw_spin_lock_init+0x45/0x100
[  744.579058][    C0]  ? __init_waitqueue_head+0xa9/0x150
[  744.579077][    C0]  __lookup_slow+0x294/0x3d0
[  744.579099][    C0]  ? __pfx___lookup_slow+0x10/0x10
[  744.579121][    C0]  ? bpf_lsm_inode_permission+0x9/0x20
[  744.579140][    C0]  ? security_inode_permission+0xb7/0x310
[  744.579167][    C0]  ? down_read+0x1ad/0x2e0
[  744.579183][    C0]  lookup_slow+0x53/0x70
[  744.579203][    C0]  walk_component+0x2d2/0x400
[  744.579220][    C0]  ? path_lookupat+0x156/0x430
[  744.579240][    C0]  path_lookupat+0x163/0x430
[  744.579261][    C0]  filename_lookup+0x212/0x570
[  744.579279][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  744.579302][    C0]  ? getname_flags+0xb8/0x540
[  744.579321][    C0]  ? __pfx_filename_lookup+0x10/0x10
[  744.579350][    C0]  ? __might_fault+0xb0/0x130
[  744.579367][    C0]  vfs_statx+0xf8/0x550
[  744.579387][    C0]  ? __pfx_vfs_statx+0x10/0x10
[  744.579403][    C0]  ? strncpy_from_user+0x150/0x290
[  744.579423][    C0]  ? getname_flags+0x1e5/0x540
[  744.579441][    C0]  vfs_fstatat+0x118/0x170
[  744.579459][    C0]  __x64_sys_newfstatat+0x116/0x190
[  744.579479][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  744.579499][    C0]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[  744.579518][    C0]  ? handle_softirqs+0x717/0x870
[  744.579550][    C0]  ? do_syscall_64+0xbe/0x3b0
[  744.579565][    C0]  do_syscall_64+0xfa/0x3b0
[  744.579579][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.579593][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  744.579609][    C0]  ? clear_bhb_loop+0x60/0xb0
[  744.579625][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.579640][    C0] RIP: 0033:0x7f2d61311b0a
[  744.579654][    C0] Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7
[  744.579667][    C0] RSP: 002b:00007ffe12e1e398 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[  744.579682][    C0] RAX: ffffffffffffffda RBX: 000055aa4eddb408 RCX: 00007f2d61311b0a
[  744.579693][    C0] RDX: 00007ffe12e1e3a0 RSI: 000055aa4edc9ef3 RDI: 00000000ffffff9c
[  744.579704][    C0] RBP: 000055aa7ee73118 R08: 00063489548db180 R09: 7fffffffffffffff
[  744.579716][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.579725][    C0] R13: 00007ffe12e1e3a0 R14: 0000000000000000 R15: 00063489548db180
[  744.579741][    C0]  </TASK>
[  744.579747][    C0] 
[  745.362982][    C0] Allocated by task 90:
[  745.367131][    C0]  kasan_save_track+0x3e/0x80
[  745.371822][    C0]  __kasan_kmalloc+0x93/0xb0
[  745.376410][    C0]  __kmalloc_cache_noprof+0x230/0x3d0
[  745.381777][    C0]  xpad_probe+0x428/0x1fc0
[  745.386209][    C0]  usb_probe_interface+0x641/0xbc0
[  745.391322][    C0]  really_probe+0x26a/0x9a0
[  745.395826][    C0]  __driver_probe_device+0x18c/0x2f0
[  745.401111][    C0]  driver_probe_device+0x4f/0x430
[  745.406135][    C0]  __device_attach_driver+0x2ce/0x530
[  745.411503][    C0]  bus_for_each_drv+0x251/0x2e0
[  745.416359][    C0]  __device_attach+0x2b8/0x400
[  745.421120][    C0]  bus_probe_device+0x185/0x260
[  745.425975][    C0]  device_add+0x7b6/0xb50
[  745.430303][    C0]  usb_set_configuration+0x1a87/0x20e0
[  745.435766][    C0]  usb_generic_driver_probe+0x8d/0x150
[  745.441242][    C0]  usb_probe_device+0x1c4/0x390
[  745.446092][    C0]  really_probe+0x26a/0x9a0
[  745.450601][    C0]  __driver_probe_device+0x18c/0x2f0
[  745.455885][    C0]  driver_probe_device+0x4f/0x430
[  745.460931][    C0]  __device_attach_driver+0x2ce/0x530
[  745.466303][    C0]  bus_for_each_drv+0x251/0x2e0
[  745.471158][    C0]  __device_attach+0x2b8/0x400
[  745.475918][    C0]  bus_probe_device+0x185/0x260
[  745.480771][    C0]  device_add+0x7b6/0xb50
[  745.485108][    C0]  usb_new_device+0xa39/0x16c0
[  745.489892][    C0]  hub_event+0x2941/0x4a00
[  745.494307][    C0]  process_scheduled_works+0xae1/0x17b0
[  745.499856][    C0]  worker_thread+0x8a0/0xda0
[  745.504441][    C0]  kthread+0x70e/0x8a0
[  745.508512][    C0]  ret_from_fork+0x3fc/0x770
[  745.513111][    C0]  ret_from_fork_asm+0x1a/0x30
[  745.517875][    C0] 
[  745.520197][    C0] Freed by task 5926:
[  745.524170][    C0]  kasan_save_track+0x3e/0x80
[  745.528851][    C0]  kasan_save_free_info+0x46/0x50
[  745.533879][    C0]  __kasan_slab_free+0x62/0x70
[  745.538643][    C0]  kfree+0x18e/0x440
[  745.542549][    C0]  xpad_disconnect+0x350/0x480
[  745.547331][    C0]  usb_unbind_interface+0x26b/0x8f0
[  745.552531][    C0]  device_release_driver_internal+0x4d9/0x7c0
[  745.558601][    C0]  bus_remove_device+0x34d/0x410
[  745.563545][    C0]  device_del+0x511/0x8e0
[  745.567873][    C0]  usb_disable_device+0x3e9/0x8a0
[  745.572903][    C0]  usb_disconnect+0x330/0x910
[  745.577581][    C0]  hub_event+0x1cdb/0x4a00
[  745.581991][    C0]  process_scheduled_works+0xae1/0x17b0
[  745.587551][    C0]  worker_thread+0x8a0/0xda0
[  745.592149][    C0]  kthread+0x70e/0x8a0
[  745.596240][    C0]  ret_from_fork+0x3fc/0x770
[  745.600836][    C0]  ret_from_fork_asm+0x1a/0x30
[  745.605608][    C0] 
[  745.607933][    C0] The buggy address belongs to the object at ffff88805f50f800
[  745.607933][    C0]  which belongs to the cache kmalloc-1k of size 1024
[  745.621983][    C0] The buggy address is located 92 bytes inside of
[  745.621983][    C0]  freed 1024-byte region [ffff88805f50f800, ffff88805f50fc00)
[  745.635787][    C0] 
[  745.638112][    C0] The buggy address belongs to the physical page:
[  745.644517][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f508
[  745.653274][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  745.661772][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  745.669316][    C0] page_type: f5(slab)
[  745.673312][    C0] raw: 00fff00000000040 ffff88801a441dc0 ffffea0001f04400 dead000000000002
[  745.681894][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  745.690494][    C0] head: 00fff00000000040 ffff88801a441dc0 ffffea0001f04400 dead000000000002
[  745.699168][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  745.707839][    C0] head: 00fff00000000003 ffffea00017d4201 00000000ffffffff 00000000ffffffff
[  745.716507][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  745.725169][    C0] page dumped because: kasan: bad access detected
[  745.731578][    C0] page_owner tracks the page as allocated
[  745.737294][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 10566, tgid 10566 (kworker/u8:1), ts 682251164285, free_ts 682134909581
[  745.756920][    C0]  post_alloc_hook+0x240/0x2a0
[  745.761686][    C0]  get_page_from_freelist+0x21e4/0x22c0
[  745.767236][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  745.773043][    C0]  alloc_pages_mpol+0x232/0x4a0
[  745.777893][    C0]  allocate_slab+0x8a/0x3b0
[  745.782411][    C0]  ___slab_alloc+0xbfc/0x1480
[  745.787103][    C0]  __kmalloc_noprof+0x305/0x4f0
[  745.791948][    C0]  ieee802_11_parse_elems_full+0x152/0x2b20
[  745.797837][    C0]  ieee80211_inform_bss+0x10c/0x10a0
[  745.803122][    C0]  cfg80211_inform_single_bss_data+0xd02/0x1ac0
[  745.809367][    C0]  cfg80211_inform_bss_data+0x1fb/0x3b20
[  745.815002][    C0]  cfg80211_inform_bss_frame_data+0x417/0x7b0
[  745.821082][    C0]  ieee80211_bss_info_update+0x746/0x9e0
[  745.826716][    C0]  ieee80211_ibss_rx_queued_mgmt+0xa36/0x2ae0
[  745.832787][    C0]  ieee80211_iface_work+0x806/0xfe0
[  745.837992][    C0]  cfg80211_wiphy_work+0x2dc/0x460
[  745.843102][    C0] page last free pid 13361 tgid 13360 stack trace:
[  745.849598][    C0]  __free_frozen_pages+0xc71/0xe70
[  745.854712][    C0]  __slab_free+0x326/0x400
[  745.859130][    C0]  qlist_free_all+0x97/0x140
[  745.863722][    C0]  kasan_quarantine_reduce+0x148/0x160
[  745.869186][    C0]  __kasan_slab_alloc+0x22/0x80
[  745.874035][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  745.879534][    C0]  __kernfs_new_node+0xd7/0x7e0
[  745.884391][    C0]  kernfs_new_node+0x102/0x210
[  745.889160][    C0]  __kernfs_create_file+0x4b/0x2e0
[  745.894281][    C0]  sysfs_add_file_mode_ns+0x238/0x300
[  745.899666][    C0]  internal_create_group+0x66d/0x1110
[  745.905054][    C0]  sysfs_create_groups+0x59/0x120
[  745.910078][    C0]  netdev_queue_update_kobjects+0x2a6/0x6c0
[  745.915976][    C0]  netdev_register_kobject+0x236/0x2f0
[  745.921438][    C0]  register_netdevice+0x126c/0x1ae0
[  745.926659][    C0]  bond_newlink+0x60/0xb0
[  745.931002][    C0] 
[  745.933335][    C0] Memory state around the buggy address:
[  745.938958][    C0]  ffff88805f50f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  745.947014][    C0]  ffff88805f50f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  745.955070][    C0] >ffff88805f50f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  745.963126][    C0]                                                     ^
[  745.970060][    C0]  ffff88805f50f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  745.978119][    C0]  ffff88805f50f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  745.986177][    C0] ==================================================================
[  745.994243][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  746.001452][    C0] CPU: 0 UID: 0 PID: 5207 Comm: udevd Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  746.013000][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  746.023059][    C0] Call Trace:
[  746.026341][    C0]  <IRQ>
[  746.029183][    C0]  dump_stack_lvl+0x99/0x250
[  746.033790][    C0]  ? __asan_memcpy+0x40/0x70
[  746.038388][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  746.043594][    C0]  ? __pfx__printk+0x10/0x10
[  746.048189][    C0]  panic+0x2db/0x790
[  746.052096][    C0]  ? __pfx_panic+0x10/0x10
[  746.056589][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  746.062493][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  746.068826][    C0]  ? print_memory_metadata+0x314/0x400
[  746.074294][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  746.079332][    C0]  check_panic_on_warn+0x89/0xb0
[  746.084286][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  746.089313][    C0]  end_report+0x78/0x160
[  746.093555][    C0]  kasan_report+0x129/0x150
[  746.098063][    C0]  ? do_raw_spin_lock+0x23d/0x290
[  746.103091][    C0]  do_raw_spin_lock+0x23d/0x290
[  746.107947][    C0]  ? __wake_up_common_lock+0x2f/0x1f0
[  746.113322][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  746.118716][    C0]  _raw_spin_lock_irqsave+0xb3/0xf0
[  746.123925][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  746.129858][    C0]  ? kcov_remote_stop+0x78/0x6d0
[  746.134836][    C0]  __wake_up_common_lock+0x2f/0x1f0
[  746.140052][    C0]  __usb_hcd_giveback_urb+0x4d7/0x690
[  746.145437][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  746.151344][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  746.157245][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  746.162622][    C0]  dummy_timer+0x862/0x4550
[  746.167137][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  746.172520][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  746.177461][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  746.182410][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  746.187400][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  746.192645][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  746.198375][    C0]  ? read_tsc+0x9/0x20
[  746.202452][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  746.208281][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  746.213402][    C0]  handle_softirqs+0x286/0x870
[  746.218180][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  746.222954][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  746.228253][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  746.233466][    C0]  __irq_exit_rcu+0xca/0x1f0
[  746.238060][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  746.243268][    C0]  irq_exit_rcu+0x9/0x30
[  746.247550][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  746.253194][    C0]  </IRQ>
[  746.256124][    C0]  <TASK>
[  746.259056][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  746.265123][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  746.270417][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b aa fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  746.290062][    C0] RSP: 0018:ffffc900032a6738 EFLAGS: 00000206
[  746.296140][    C0] RAX: 8c77a253b1c13b00 RBX: 0000000000000000 RCX: 8c77a253b1c13b00
[  746.304113][    C0] RDX: 0000000000000000 RSI: ffffffff8db6e013 RDI: ffffffff8be28300
[  746.312082][    C0] RBP: ffffffff81729de5 R08: 0000000000000000 R09: ffffffff81729de5
[  746.320277][    C0] R10: ffffc900032a6908 R11: fffff52000654d2d R12: 0000000000000002
[  746.328344][    C0] R13: ffffffff8e13eda0 R14: 0000000000000000 R15: 0000000000000246
[  746.336324][    C0]  ? unwind_next_frame+0xa5/0x2390
[  746.341449][    C0]  ? unwind_next_frame+0xa5/0x2390
[  746.346581][    C0]  ? __unwind_start+0xf8/0x760
[  746.351350][    C0]  ? unwind_next_frame+0xa5/0x2390
[  746.356468][    C0]  unwind_next_frame+0xc2/0x2390
[  746.361418][    C0]  ? unwind_next_frame+0xa5/0x2390
[  746.366555][    C0]  ? get_stack_info_noinstr+0x1b/0x130
[  746.372024][    C0]  __unwind_start+0x5b9/0x760
[  746.376711][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  746.382880][    C0]  arch_stack_walk+0xe4/0x150
[  746.387582][    C0]  ? __unwind_start+0xf8/0x760
[  746.392362][    C0]  stack_trace_save+0x9c/0xe0
[  746.397070][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  746.402450][    C0]  ? __lock_acquire+0xab9/0xd20
[  746.407399][    C0]  kasan_save_track+0x3e/0x80
[  746.412121][    C0]  ? __es_remove_extent+0x8c2/0x1780
[  746.417432][    C0]  kasan_save_free_info+0x46/0x50
[  746.422462][    C0]  __kasan_slab_free+0x62/0x70
[  746.427247][    C0]  kmem_cache_free+0x18f/0x400
[  746.432011][    C0]  __es_remove_extent+0x8c2/0x1780
[  746.437139][    C0]  ? __pfx___es_remove_extent+0x10/0x10
[  746.442696][    C0]  ext4_es_insert_extent+0x54b/0x3120
[  746.448166][    C0]  ? __pfx_ext4_es_insert_extent+0x10/0x10
[  746.453992][    C0]  ? __lock_acquire+0xab9/0xd20
[  746.458865][    C0]  ext4_map_query_blocks+0x296/0x930
[  746.464173][    C0]  ? __pfx_ext4_map_query_blocks+0x10/0x10
[  746.469992][    C0]  ? rcu_is_watching+0x15/0xb0
[  746.474768][    C0]  ? down_read+0x1ad/0x2e0
[  746.479187][    C0]  ext4_map_blocks+0x3e9/0x18d0
[  746.484047][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  746.489350][    C0]  ? __kernel_text_address+0xd/0x40
[  746.494553][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  746.500723][    C0]  ? __pfx_ext4_map_blocks+0x10/0x10
[  746.506035][    C0]  ext4_getblk+0x1a9/0x760
[  746.510469][    C0]  ? __pfx_ext4_getblk+0x10/0x10
[  746.515422][    C0]  ? walk_component+0x2d2/0x400
[  746.520285][    C0]  ? vfs_fstatat+0x118/0x170
[  746.524877][    C0]  ? __pfx___might_resched+0x10/0x10
[  746.530188][    C0]  ext4_bread_batch+0x67/0x4b0
[  746.534966][    C0]  __ext4_find_entry+0x1082/0x1f20
[  746.540092][    C0]  ? __pfx___ext4_find_entry+0x10/0x10
[  746.545555][    C0]  ? ext4_fname_prepare_lookup+0x3b8/0x4c0
[  746.551373][    C0]  ? d_alloc_parallel+0x13d0/0x14e0
[  746.556583][    C0]  ext4_lookup+0x13d/0x6c0
[  746.561008][    C0]  ? __pfx_ext4_lookup+0x10/0x10
[  746.565957][    C0]  ? __raw_spin_lock_init+0x45/0x100
[  746.571244][    C0]  ? __init_waitqueue_head+0xa9/0x150
[  746.576619][    C0]  __lookup_slow+0x294/0x3d0
[  746.581214][    C0]  ? __pfx___lookup_slow+0x10/0x10
[  746.586333][    C0]  ? bpf_lsm_inode_permission+0x9/0x20
[  746.591797][    C0]  ? security_inode_permission+0xb7/0x310
[  746.597527][    C0]  ? down_read+0x1ad/0x2e0
[  746.601943][    C0]  lookup_slow+0x53/0x70
[  746.606191][    C0]  walk_component+0x2d2/0x400
[  746.610871][    C0]  ? path_lookupat+0x156/0x430
[  746.615645][    C0]  path_lookupat+0x163/0x430
[  746.620242][    C0]  filename_lookup+0x212/0x570
[  746.625010][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  746.630652][    C0]  ? getname_flags+0xb8/0x540
[  746.635356][    C0]  ? __pfx_filename_lookup+0x10/0x10
[  746.640668][    C0]  ? __might_fault+0xb0/0x130
[  746.645348][    C0]  vfs_statx+0xf8/0x550
[  746.649510][    C0]  ? __pfx_vfs_statx+0x10/0x10
[  746.654272][    C0]  ? strncpy_from_user+0x150/0x290
[  746.659388][    C0]  ? getname_flags+0x1e5/0x540
[  746.664157][    C0]  vfs_fstatat+0x118/0x170
[  746.668575][    C0]  __x64_sys_newfstatat+0x116/0x190
[  746.673776][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  746.679079][    C0]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[  746.684803][    C0]  ? handle_softirqs+0x717/0x870
[  746.689759][    C0]  ? do_syscall_64+0xbe/0x3b0
[  746.694442][    C0]  do_syscall_64+0xfa/0x3b0
[  746.698948][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.705015][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  746.711182][    C0]  ? clear_bhb_loop+0x60/0xb0
[  746.715908][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.721815][    C0] RIP: 0033:0x7f2d61311b0a
[  746.726235][    C0] Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7
[  746.745851][    C0] RSP: 002b:00007ffe12e1e398 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[  746.754270][    C0] RAX: ffffffffffffffda RBX: 000055aa4eddb408 RCX: 00007f2d61311b0a
[  746.762248][    C0] RDX: 00007ffe12e1e3a0 RSI: 000055aa4edc9ef3 RDI: 00000000ffffff9c
[  746.770220][    C0] RBP: 000055aa7ee73118 R08: 00063489548db180 R09: 7fffffffffffffff
[  746.778200][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  746.786328][    C0] R13: 00007ffe12e1e3a0 R14: 0000000000000000 R15: 00063489548db180
[  746.794313][    C0]  </TASK>
[  746.797783][    C0] Kernel Offset: disabled
[  746.802211][    C0] Rebooting in 86400 seconds..