last executing test programs:

2m26.129964672s ago: executing program 2 (id=1517):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
write(r0, &(0x7f0000000300)="750e8249d56052220b1f90a7811ee80929b0899bf6013ddfea09a60d", 0x1c)
r1 = syz_open_pts(r0, 0x100)
r2 = dup(r1)
read$FUSE(r2, &(0x7f0000009a00)={0x2020, 0x0, <r3=>0x0}, 0x2020)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffe})
socket$nl_netfilter(0x10, 0x3, 0xc)
eventfd2(0x0, 0x801)
socket$nl_generic(0x10, 0x3, 0x10)
write$FUSE_BMAP(r2, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, r3, {0xf05}}, 0x18)
r4 = syz_io_uring_setup(0x24fd, &(0x7f00000004c0)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000540))
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x2f, 0x0, 0x2, 0x1000000, 0x2c, @mcast2, @private0, 0x7800, 0x80, 0x20003, 0x270}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[@ANYRES64=r5], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

2m25.777687636s ago: executing program 2 (id=1521):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000400)=ANY=[@ANYBLOB="05"]) (fail_nth: 2)

2m24.442231471s ago: executing program 2 (id=1525):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, &(0x7f0000000180)=0xc)
syz_usb_connect(0x0, 0x6b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d22a6640da0320283c52000000010902590001000000000904000000ef040100052406000105240000000d240f0100000000060000000006241a050000152412"], 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0), &(0x7f0000000040)=0x8) (async)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0), &(0x7f0000000040)=0x8)

2m22.974100991s ago: executing program 2 (id=1529):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000000000)={0x4c2a, 0x1, 0x3}, 0x18, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0))
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000640)=ANY=[@ANYBLOB="340000006d0001002dbd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1010010000900000140035"], 0x34}, 0x1, 0x0, 0x0, 0x4810}, 0x20000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000480)={'ip_vti0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x0, 0x7800, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @private, @empty}}}})
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x1d, 0xa, 0x72}, 0x2c)
openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/power/reserved_size', 0x50b141, 0x108)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000620002603600e1208000f0000000401a8000100fe80ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0)

2m21.429846055s ago: executing program 2 (id=1538):
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4000009}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040810)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000000000000000000000400", @ANYRES32=r1, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0xfc, 0x0}}, 0x5)
syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="fffffffffffffffffffffffffcff45000028000000000011905700000000000000000703450000014e20001090780200000000000000"], 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYRES32], 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0xfff3}, {0xfff1, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x38}}, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x100000, @mcast1, 0xffff350f, 0x3}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x4f0, &(0x7f0000000480)={0x0, 0x1704, 0x80, 0x1, 0x292}, &(0x7f0000000380), &(0x7f0000000340))
io_uring_enter(r6, 0x708, 0x41e3, 0x0, 0x0, 0xffffffffffffff8f)
r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
read$qrtrtun(r7, 0x0, 0xeffd)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="6e5a6c70eefae463f3f26831ae8143a7f33363b520e088d5cae17af1fa26888ced757f97ca459e5ada1ba8707bb050481afc1b67a5649d05915893f1a9911613c9bfee9038f84f5cec53229d973e56faa66fd5b715188280ee13fcb9f05b969cd0547ee4acf7b794c58ba502df2b7f92c5889b52145fdc95efdf55494fd2"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x44811)
io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x3000, 0x0, 0x34c})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x13f, 0xa}}, 0x20)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r8, 0x0)
ioctl$HIDIOCGDEVINFO(r8, 0x801c4803, &(0x7f0000000180)=""/85)

2m20.515314831s ago: executing program 2 (id=1542):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0xc0002, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
write$sndseq(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x4, 0x0, [0x8, 0x1, 0x9, 0x6, 0x0, 0x1], 0x0, 0x0, 0x0}, &(0x7f0000000040)=0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000380)=""/197)
r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
r8 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000040)='uid', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r9)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f6164002400028008000440000000560800000000000000040001400000000a08000240000000040900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x1, &(0x7f0000000040)=0x6, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a9b03000000000000000000020000006d0c389394098dc607c4210c000000000040000006031d00"], 0x2c}}, 0x0)

2m13.753128089s ago: executing program 1 (id=1570):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
prctl$PR_SET_KEEPCAPS(0x8, 0x1)
r2 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=@newsa={0x100, 0x10, 0x421, 0x0, 0x0, {{@in6=@remote, @in=@rand_addr=0x64010101, 0x8, 0x0, 0x6e20, 0x8, 0x0, 0x80, 0x0, 0x3c}, {@in6=@mcast1, 0x0, 0x3c}, @in=@loopback, {0x0, 0x2000000000000, 0x0, 0x83, 0x135d}, {}, {0x1}, 0x70bd2b, 0x0, 0x2, 0x0, 0x39, 0x20}, [@coaddr={0x14, 0xe, @in=@local}]}, 0x100}}, 0x20000840) (fail_nth: 6)

2m12.753857519s ago: executing program 1 (id=1572):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)="6dd8eed1e3", 0x5}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_usb_connect$uac1(0x6, 0x85, &(0x7f0000002700)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x73, 0x3, 0x1, 0xff, 0x80, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xf7, 0xff, 0xb, {0x7, 0x25, 0x1, 0x0, 0x9, 0xffff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x9, 0x3, 0xa9, 0x5, "d9e9"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x81, 0x4, 0xff, 0xf, "", '+4'}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x6, 0x0, 0x5, {0x7, 0x25, 0x1, 0x0, 0x97, 0x64a}}}}}}}]}}, &(0x7f0000002b80)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x6, 0x1, 0x1, 0x10, 0x5}, 0x16, &(0x7f00000027c0)={0x5, 0xf, 0x16, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x8, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x40, 0xff, 0xfffa}]}, 0x8, [{0xd5, &(0x7f0000002800)=@string={0xd5, 0x3, "8d57c92c8e5cba6d0b74ee6c955edc1f11359301a9bca5d22d508b7e51c75fc5ece3d600ed699a902b7c89b8233998cb8e08efe05cf550c1a17a19811b3c35b27212bc80e925d928dfebcff2e98d6ef2b07689d4240599aa80574af1161d5fc728f023ec511f9b837a876d0494da616eff3b9878f6021b92a1770f37b85fc89a6b5f59b23b478f9680ad193cc69cf95055ae4869e1c86a87763b8222cb385023e46b7a6726faa5075740dd647753fb958c26306299244e3bce1d617fdd21a2848c3ec350d9e0ef0ae833076901a5e3aefabea3"}}, {0xb5, &(0x7f0000002900)=@string={0xb5, 0x3, "4c05af2f899aa9d3b28bfc3d49605f985b1165f4bb50754d1c73daa7c7c84f7de93b929d28d035f47ee3b23189a677f18d97e10336341993281ad6f0fa089dfdfd85313ccf5dc321730438bb8fc37fd51b2663c14a9b8f767385a7d9a2c221e6ae297f18cb8c0402fc80ad1887f1cdeac695bd427ce4c7b08ca18d9e24f05d4ae51fc9676d5a6ac1f261610e97b3d71fed09826727b3b26c868f8cdd0385654ebafaccc6956d443fb437f16976daa23d047b6c"}}, {0x4, &(0x7f00000029c0)=@lang_id={0x4, 0x3, 0x44f}}, {0x5c, &(0x7f0000002a00)=@string={0x5c, 0x3, "b83c44d4697aef39a89e2dd332186b06f483a10403e07c9d55d40dee22695ead69091223d12b9e8670d99c59210471377b398ba806072bab1332c377690bf203e9ebc08d2aff07f1d7699c080781f1e59798d790548572b4ceca"}}, {0x4, &(0x7f0000002a80)=@lang_id={0x4, 0x3, 0x2801}}, {0x25, &(0x7f0000002ac0)=@string={0x25, 0x3, "d2e0d0a317106d7db52192c625aa0c861ad8502a511a45f4f0e99403a7248063c5eb3e"}}, {0x4, &(0x7f0000002b00)=@lang_id={0x4, 0x3, 0x44d}}, {0x4, &(0x7f0000002b40)=@lang_id={0x4, 0x3, 0x44d}}]})
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0)

2m9.653280876s ago: executing program 1 (id=1584):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
bind$alg(r1, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x800}, 0x4000010)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25) (fail_nth: 1)

2m9.014178064s ago: executing program 1 (id=1587):
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0)

2m8.629743476s ago: executing program 1 (id=1590):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000b00)=0x7)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x10, 0x0, @fd=r2, 0x5f2, {}, 0x5a1, 0xc1640b318c240165, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x41, 0x0, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r0, 0xc0044dff, &(0x7f0000000080)=0x3ff)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7fffffff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0x4, 0x3})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r6, &(0x7f0000000940)=ANY=[], 0xff2e)
socket(0x8, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x0, 0x44850)
recvmmsg(r7, &(0x7f00000000c0), 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x499, 0x0, &(0x7f0000000100)=<r9=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = syz_io_uring_setup(0x50d, &(0x7f0000000380)={0x0, 0xba9, 0x4000, 0xffffffff, 0x0, 0x0, r2}, &(0x7f0000000140)=<r11=>0x0, &(0x7f0000000200)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r10, 0x3516, 0x0, 0x0, 0x0, 0x0)
mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0x0, 0x1, 0x3})

2m8.373811676s ago: executing program 1 (id=1592):
openat$audio1(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0xc0002, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
write$sndseq(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x4, 0x0, [0x8, 0x1, 0x9, 0x6, 0x0, 0x1], 0x0, 0x0, 0x0}, &(0x7f0000000040)=0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000380)=""/197)
r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
r8 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000040)='uid', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r9)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f6164002400028008000440000000560800000000000000040001400000000a08000240000000040900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x1, &(0x7f0000000040)=0x6, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a9b03000000000000000000020000006d0c389394098dc607c4210c000000000040000006031d00"], 0x2c}}, 0x0)

2m4.45398205s ago: executing program 32 (id=1542):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0xc0002, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
write$sndseq(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x4, 0x0, [0x8, 0x1, 0x9, 0x6, 0x0, 0x1], 0x0, 0x0, 0x0}, &(0x7f0000000040)=0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000380)=""/197)
r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
r8 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000040)='uid', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r9)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f6164002400028008000440000000560800000000000000040001400000000a08000240000000040900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x1, &(0x7f0000000040)=0x6, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a9b03000000000000000000020000006d0c389394098dc607c4210c000000000040000006031d00"], 0x2c}}, 0x0)

1m52.884540746s ago: executing program 33 (id=1592):
openat$audio1(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0xc0002, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
write$sndseq(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x4, 0x0, [0x8, 0x1, 0x9, 0x6, 0x0, 0x1], 0x0, 0x0, 0x0}, &(0x7f0000000040)=0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000380)=""/197)
r5 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
r8 = fsopen(&(0x7f0000000480)='adfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000040)='uid', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r9)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f6164002400028008000440000000560800000000000000040001400000000a08000240000000040900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x1, &(0x7f0000000040)=0x6, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a9b03000000000000000000020000006d0c389394098dc607c4210c000000000040000006031d00"], 0x2c}}, 0x0)

8.998011266s ago: executing program 6 (id=2040):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x0, 0x3}, &(0x7f0000002000)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r2, 0x48e9, 0x0, 0x2, 0x0, 0x0)
write$cgroup_subtree(r1, 0x0, 0x9)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = getpid()
syz_pidfd_open(r7, 0x0)
waitid(0x1, r7, &(0x7f0000000100), 0x1, 0x0)
ioctl$EVIOCGMASK(r6, 0x5b03, 0x0)
read$char_usb(r5, 0x0, 0x0)
syz_usb_disconnect(r0)

8.086087375s ago: executing program 0 (id=2043):
io_setup(0x6, &(0x7f0000000000))
r0 = syz_io_uring_setup(0xe91, &(0x7f0000000040)={0x0, 0xb164, 0x8, 0x0, 0x366}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_enter(r0, 0x9bc, 0xba1d, 0x0, &(0x7f0000000140)={[0x2, 0x4]}, 0x8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = fsopen(&(0x7f0000000380)='securityfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', &(0x7f0000000400)='\x00', 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000940), 0x4)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000004d40)={'filter\x00', 0x7, 0x4, 0x3f4, 0x0, 0x0, 0x218, 0x314, 0x314, 0x314, 0x4, &(0x7f0000004d00), {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @multicast2, 0x8}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @empty, @remote, @rand_addr=0x64010101, 0x1}}}, {{@uncond, 0xbc, 0xfc}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x4, 0x1, {0x3}}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x440)

7.677269363s ago: executing program 0 (id=2044):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ac1000/0x3000)=nil, 0x3000, 0x2000000, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000140)=""/98, 0x62, 0x2003, &(0x7f00000000c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81e8943c, &(0x7f0000000400)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, <r6=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81e8943c, &(0x7f0000000600)={0x0, ""/256, 0x0, 0x0, <r7=>0x0})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r5, 0xc0c09425, &(0x7f0000000140)={"370a490ddd5526a793f847b68c49dfd8", r6, r7, {0xa85, 0x1ce}, {0xffffffff, 0x7}, 0x5, [0x904c, 0x33a, 0x8, 0x3, 0x9, 0x7, 0xe, 0x8, 0x200, 0xaaf, 0x0, 0x3, 0x0, 0x5, 0xf52, 0xfffffffffffffff7]})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x14}, @IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x40}]}}}]}, 0x44}}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r5, 0xc020662a, &(0x7f0000000280)={0x1, 0x6, 0x5, 0x5, 0x6, 0x0, [{0xc33, 0x7, 0x10, '\x00', 0x880}, {0x8, 0x8, 0x3, '\x00', 0x4}, {0x101, 0x4, 0x3839, '\x00', 0x30b}, {0x0, 0x9, 0x2, '\x00', 0x800}, {0x3ff, 0x2, 0x1, '\x00', 0x2002}, {0x5, 0xee000000, 0x5, '\x00', 0x2401}]})

7.493032802s ago: executing program 5 (id=2048):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b40)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x20, 0x0, 0xff, r1}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0) (fail_nth: 7)

7.048989342s ago: executing program 5 (id=2050):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={0x44, r1, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}, @NL80211_ATTR_PMK={0x14, 0xfe, "a2bd2ffa14ecadb121de4717915f3322"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4) (fail_nth: 7)

6.32415472s ago: executing program 5 (id=2051):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, 0x0, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, 0x0)
io_uring_enter(r2, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000180)={0x0, <r4=>0x0})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r6=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000380)={'gretap0\x00', r6, 0x1, 0x7800, 0x9973aa4, 0x2, {{0x30, 0x4, 0x1, 0x3, 0xc0, 0x65, 0x0, 0x6, 0x4, 0x0, @broadcast, @empty, {[@timestamp_addr={0x44, 0x4c, 0x29, 0x1, 0x9, [{@loopback}, {@private=0xa010100, 0x3}, {@local, 0x4f990dd9}, {@multicast2, 0x6}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x3}, {@private=0xa010102, 0x5}, {@local, 0x7}, {@private=0xa010100, 0x8}, {@remote, 0x3ff}]}, @generic={0x44, 0x5, "50e7d5"}, @timestamp_addr={0x44, 0xc, 0xdb, 0x1, 0x4, [{@multicast1, 0x1}]}, @cipso={0x86, 0x4d, 0x3, [{0x1, 0x11, "a1797a4c69974179e4e207db42de04"}, {0x2, 0x11, "2e0efbe00c00dc06963dcd025df771"}, {0x1, 0x11, "d7c27602743829427f2125c1349e0c"}, {0x6, 0xc, "6e6708e3bb2459e62f05"}, {0x1, 0x8, "179ee0581eec"}]}]}}}}})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@bridge_setlink={0x34, 0x13, 0xa2f, 0x70bd25, 0x0, {0x7, 0x0, 0x68, r6, 0x900, 0x62010}, [@IFLA_LINKINFO={0x14, 0x1a, 0x0, 0x1, @vlan={{0x9}, {0x4, 0x4}}}]}, 0x34}}, 0x4050)
sched_setattr(r4, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r9, 0xc010640c, &(0x7f0000000300)={0x15})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000005440), 0x0, 0x4000040)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x5b14, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000013ff0000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000700000007000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.781605448s ago: executing program 6 (id=2053):
truncate(&(0x7f0000000080)='./file1\x00', 0xf000)
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
getsockopt$inet_int(r0, 0x10d, 0xb7, 0x0, &(0x7f0000000080))

5.508134596s ago: executing program 6 (id=2055):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)='N', 0x1)
r1 = openat$dlm_plock(0xffffff9c, &(0x7f0000000080), 0x400400, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d0c, &(0x7f00000000c0)=0x31)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r0, r0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000000)={0x210a, r3}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r4, &(0x7f0000000000)={0xa, 0x0, 0xbab4, @remote, 0x4600000, 0x3}, 0x20)
connect$l2tp6(r4, &(0x7f0000000100)={0xa, 0x0, 0xc651, @dev={0xfe, 0x80, '\x00', 0x42}, 0x961, 0x1}, 0x20)
landlock_restrict_self(0xffffffffffffffff, 0x0)
creat(&(0x7f0000000e00)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r2, 0x0, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x3000, 0x2})

5.398226538s ago: executing program 3 (id=2056):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000), 0x4)
r2 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x6a, 0x2, 0x20000002, 0x3)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) (async)
setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc)

5.249937039s ago: executing program 3 (id=2057):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000440)={0x1, 0x0, [{0x80000008, 0x4, 0x5, 0x7fffff39, 0x6, 0x4, 0x3}]})

5.193208365s ago: executing program 6 (id=2058):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r1, 0x0) (async)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x108) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x18, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000100000069"], 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.713998923s ago: executing program 3 (id=2060):
r0 = syz_io_uring_setup(0x6c7f, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x54, 0x0, r5, 0x0, 0x0, 0x0, 0x14, 0x2})
r6 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2b, 0x2000, {0x60, 0x0, 0x0, r8, {0x0, 0x8}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xfffffc9c, 0x2, {0x0, 0x80000000}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000001c)
r9 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r9, 0x400, 0x1)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r9, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x1, 0x5, 0xd08, 0xc90b, 0x69}, &(0x7f0000000200)=0x14)
io_uring_enter(r0, 0x7f5f, 0x0, 0x0, 0x0, 0x0)
sendmsg$unix(r5, 0x0, 0x48810)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f00000004c0)={0x2, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/239, 0xef}, {&(0x7f0000000540)=""/170, 0xaa}], &(0x7f00000002c0)=[0x200, 0x3ff, 0x3, 0x74, 0x3, 0x4, 0x5, 0xbef, 0x2f, 0x16]}, 0x20)
shutdown(r4, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0xfffffffffffffe98)

4.456501163s ago: executing program 0 (id=2061):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x50d)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0x10}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x2004}})
io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

3.729841835s ago: executing program 3 (id=2063):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
r1 = socket(0x840000000002, 0x3, 0x100)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x181800)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001b00)=@deltfilter={0x30, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {0x7, 0xffff}, {0x6, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}}, 0x20044000)
r9 = openat$vcs(0xffffff9c, &(0x7f0000002280), 0x80000, 0x0)
pread64(r9, 0x0, 0x0, 0x2)
read$FUSE(r9, &(0x7f00000022c0)={0x2020}, 0x2020)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@restrict={0xb, 0x0, 0x0, 0xb, 0x2}, @type_tag={0xb, 0x0, 0x0, 0x12, 0x5}, @float={0x1, 0x0, 0x0, 0x10, 0x10}, @var={0x3, 0x0, 0x0, 0xe, 0x4, 0x7}]}, {0x0, [0x2e]}}, &(0x7f0000000300)=""/4096, 0x4f, 0x1000, 0x1, 0x5, 0x10000, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x3, 0x1, 0xf, 0x3f110, r5, 0x3, '\x00', r8, r9, 0x0, 0x0, 0x0, 0xd, @value=r10, @void, @value}, 0x50)
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000001400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="98000000", @ANYRES16=0x0, @ANYBLOB="00042abd7000ffdbdf252b0000000c009900fcff17ff3e0000001e00940010000709000000000000000900080013000000010c0600000007000004003c000400bf001e009400004405faffffffffffffff60000800080000000003000800000200000a00340001010101010100001c0023800800150014000000060012000500000005001d00000000000400440004004400"], 0x98}, 0x1, 0x0, 0x0, 0x20040000}, 0xc000)
r11 = syz_io_uring_setup(0x71e, &(0x7f0000000140)={0x0, 0x5884, 0x80, 0x2}, &(0x7f0000000340)=<r12=>0x0, &(0x7f00000001c0)=<r13=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x1e, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x1})
io_uring_enter(r11, 0x3516, 0x0, 0x4, 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000180)=ANY=[@ANYRESOCT=0x0, @ANYRES8=r3, @ANYRES32=r0, @ANYRESDEC, @ANYRES32=r2, @ANYRESOCT=r1, @ANYBLOB="c778fc1c86411b1b1ba4680b71e13094be84b380f3f8b193d890a871eb14dcd4648fef044e79f7debaabb373d59d0b3c7971c5953852d8f4077540a6948a9be65bd23c55759f280a83db67d9abaa440eb07628c4de000a08d0c2aeb43b4507af500e16e2256ce5c4e9c144e8e2049149157450f4e529", @ANYRES8=r3, @ANYRES64=r3], 0x0)

3.186405211s ago: executing program 6 (id=2064):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) (async)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000f40)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x40)
r2 = socket$netlink(0x10, 0x3, 0xf)
r3 = socket$netlink(0x10, 0x3, 0xf)
request_key(&(0x7f00000001c0)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1, 0x7}, &(0x7f0000001fee)='y\xa9rustV\x1eS=\xd4\x16\x95:e\x00\x00\x00', 0x0)
bind$netlink(r3, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
getpeername$unix(0xffffffffffffffff, &(0x7f0000000540), &(0x7f0000000180)=0x6e)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
r4 = socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r5, 0x0, 0x7, &(0x7f00000001c0)='`', 0x1)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="48000000101fff0000000000000000000000002100", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="48000000101fff0000000000000000000000002100", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
execve(&(0x7f0000000380)='./file0\x00', &(0x7f00000005c0)={[&(0x7f0000000400)='\x00']}, &(0x7f0000000680)={[&(0x7f0000000600)='-*#-$&%--,+\x00']})
ioctl$RFKILL_IOCTL_NOINPUT(r7, 0x5202)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000001080101000000000000000000000000ff3f6365ceea6949ff16ccd26803872748b0b1bcd2b46e7207d0dad9547a105a59cb871ab837840de1d4d641a846739762b1bc5124fe7de0fd46df1702e3c41cd9a4af366ec74487e81710190a003b7934f1e466b1ff69cf9571593e47b4d6d3642f81733bd55c5cf3ad999c3e8bd54435daada6da3260400a8d2d1378505886f736e9f3c2fd49f8c27d22394cdb87e2210ec8b78e5f55b46d04370dd0c8ab2def3b2c6bdfdc593787ed9d7cbd19dea06844257e6c7dd355742cdba42e8affb9"], 0x14}}, 0x0)

3.046616383s ago: executing program 4 (id=2065):
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x2102008, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89801)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x210)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@remote, 0x0, 0xffff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x8}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb4}}, 0x10)

2.769941366s ago: executing program 3 (id=2066):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000380)=0x3)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x30, r3, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @default=0x9b4}]]}, 0x30}}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000009f80)={0xa84, 0xd, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xa68, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0x3d, 0x6, 0x1, 0x0, "3263d5be59e3e322adb84761022d0a0157d345c3088fd2e7d05bace05c0a2e6bd888c794c75b3a8c33f51fddc162787fd9a6957acecd1739a7"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x1}]}, {0xa14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x4}, @NFTA_SET_ELEM_EXPR={0x50, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7f}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xffffffffffff8001}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x8001}]}}}, @NFTA_SET_ELEM_KEY_END={0x9bc, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9b5, 0x1, "021302f5c6d0160bffdefd1358b397303da55ba22809ff3a2bf2ed2d6081f2ac16b82285146ed7780792b5cd48c1e7805153dcbbaf4b1b20984f932d96d10b9998d14568c294828c4822900138b5afdb3594bee96a420ed2e8e1a260e2590654a8dcf3ef1c52611ddca75b323ef26e6fb41bd40db3fdb62595246b4d581592b23e2570f335043e24b65ca7eb7f6e10cb1560a838c6f14234d912c0171cc13c13a676ef2c1bce953b30baf524cfac78a9368700bf3574d27a057ebd4f3192063b30290b90d65322ce467211ac5445d054ba6a5b93d9458bcb02b2e783ad55d51e7df369df1bc207d8e5ea3f5df74e38d860f215b86b19a428d1b654ac1bf365b1e3fd88f0c473ff584b215dd3ac1e82246a8b5af8939ad82f1b5217db43548e732cffbb0903ac182f1ed8174da6760fa03ac2c464948eb069dae5d67620a62e841e4c95c3e56d7fb6ff8e2397ed1d018c0f313f72c7dd955a0c423ef442a83e9014e295ac74b4124ec2a37951f6e700ebe510a44fe28b39ba7f1676fc2c61e73ae688e7c39673b5475907054b3a8073ff7f9257825cd4f446c018fa619b5bc88ca1bdf6d41de7f5b1b71a22d80d9d5a358fc4d2127c38739cff6a2dc60c89965760a24ba29107f52135d286fe3cac4554d347f315e53c69433301efccd7c48267e748b7fb35133eb27b38434e4318ab4f260101468dbb4e87c2fdf29464c68c01b413d55ff7d714938c6d49dd1f08b633d0f96c08d2038621da79e06020aa30b0da8d916bd5fc1b5a75c0c61f9afa1f096a809af57ed247cfebcbdc5929527c3dc874da375d8d3b77ca0a5985997f2a4e8d4cbaa5cb33ff7ed107830b4e2c6e03a011260643dde894390a5597a8dad97c367084beb673ee3e40b0d1dad3e99416a40795b8beba04404d35e3bebe13e1388ec344960eb1944e96ec359b1c451a0cd0c4fa1917df613d69511933164a37fd205fa760162bb9de93597b053213f2021282b3ef65dd5550435b9d6cb87af94b7335b0ffa0482c8a46a11fde14ce5f8479443b28192460209fdaed6e3be88f97c790817eed774718c53c505f0f7f2c51c5152e1c1423f67e42b722c141dc6fc388b5d20bd3c9511a114abc7a702544e75cdb89425cf5d1cc94ec2634a6f0feea1a35206ab060c81e0c5d4474756f189cfcd35fb5b786ab2cb92b29d3a8612adc30de2c455101b50c2d1eb67478ff300e4b163c7f18cb8c4b9f2fdb3029d050d88efb0abaa01c0d04e650e598eb364d057cf179886bcea30d1757fe7750e28aced8696c29476e24de2623ab0464ec980085248629048d6894ddba8322b81ed12a3d1037c1f7ac396d7fa7455cdc55db4bdfb60c1b1529797c820caa71ec32ffd713b7d2967a9e97d566ba57c9cda0b5dfd45bf84673568f86924bec595f88cdde16d0c698fc0d6b21399a3c88c904743055be659e65e229ff32e7155dfd69b5bb159828aa5588bff6e96f7e2e4bd734d066d4576413c9eb86ec9848f827b679182f4ff06f7ec63805ce83b9fef92858e632d231567def13445650ab878c20bf3f9efe1aed71050e6d2aabbf8e993463deef063d231d6594427976fcd67d2f330108b81f0f829fed67c58090fbda59812a662066dfb7bb7683c5ad707f930b40b88516e6f85bb29d8ed9f3b128c9cc205242b2a1c9b782e5eee97fa845838f3a264c40c9525d030b3a9b61c6d14f2721723c63167a9fdf407278d53fee37b5d111bc6475c28e0368b92d53e67d5b8148a3dfa86f91507fdfe40a4a7916ddaed844a218f207f808a42673c8e6099f79949ea211eadd775e4bd47353ce52d301029590fc1f7bc91fc1bd58aded4770ef6cc83ec9878d88aad8035286db37a84422a80516d4f8ac405432270b775dc7863af35c6a780a94dfe6d7e0bbf2f5e688c02076b4501ecec507d880a6afba07b8728455cc1b2e11688450254c6c016b08f7eb94c11111ed6f80a68c36f16dfbc1168fdd91fb7b04546b8153ecb536ecd9449c60878b17407fd983e00921e5efaba83d8ce5cb9e7f06df56ba02c75a89f4a851306ff8f2cb6d8f130d9ff42145b49d863c89bfe21de94fab697691efa29f00b06d461eb696ace427c35e6e2a2485bb4d0236ede09032117f112bcb3760e64f210d4bd2b7ff745d0508b54ede0275ae5e682941f695609c82e0f7ea9f2771a4d1aed9d2e18ab1ccca7cb9afaaa8af4de24c9c1734a5429c43c9031fda7970c77f7f1160022c207f3fbdaa50a8d75e24f703fe5d474e3cc6e67e1465d6e5946451c422037418ff0120721c44bcf95bb815dfdb52b600f8c439bf9503ad24bc73881c7e7770b7d05f6ec0a47ab7d89fd95dc0ec2625dad9f56c3ed52f192375d945decd0179413d5939050deaae5e44bf776e91dd090653c32fd38b91ae06aeeb463ca7d33da48d7309017a90618eedd397576e9316585faf088a0a76725178b5a53e5b9842810a50142bfa716c4923ca66d1d326d5720c2fa9d433dd0136653e4164e92f48922dc1ea73c3539503813892d4ae15893ae5634685b1fbd26d3d9cfb9e317c9ef9a19b38e3a7c839c649e3e035c45472c1cb24449fbba7e75f79c00947c15ea6380dfcc997b0817b5bc214a728eea2b0810b058a8a37c02e57b0a2c70ff505554ff36239af641d045079320763ae007bd363d37573406f17bdfcf04811fe571cd5c1b51de7addd749d9184b251a40bff1b90d3b1f59cdb23fcfb48de7494e4d2652e0b1d78b532f69f5d6836b057d89559281439f4f702d1361e65352bbeafacce0e2b44d5834698667833411357d5e4a528de99566e7bfc6a86d86759697f8085d8053b3f7c7771336707923739d69c96ec8ca400e1305d458dbf2aed5cea66554b8f0fb3f619cdaddea2ca273087ae4e72847bec3a1ddd89acd26901cca1e0f6c9f871e679d340860bc3d8845d149988494c05ae74976bd9c6fa5026537bea1ea6f2e7a20ee6cc6c1bc7c34034a1efd8498d0ef462e7e161abe421f3faa6a125df110d40d915c2a3060e0af051eb9ab6ec75433099044576f44be1e135908a2c9f2e502e23ea17c60ade3ce42932fd5f71057f20068757e4651004c3b1a638209ad0915b4544b38120f34bdcd1db330e2c158931dd8c188a04af2c58b3cbf0955b48875638b3fc2cee3444117e74b0a49348ebdad9316b55da0050bf8ac78db404979e3dd126549c43e499537f8e5a5a7b4544106e959ae60dade66039b317daf02692b1eb8f8fa204042ebcca65f1b9187b639b44a41f7c9824de71fa6d2b3cc27c86f57d9bacca5c4429d794e3f940a6d2837c5ceb24b83cb102341c9f95a4d95d78ff20e0e08fa32ccb244c29edf74e4fc71b800f1c31aa5c2cad6f7c341c993300d148f7eb63993db8cf0884e087892696be3bab83003f01ac3c6cf0e53c512458eaf9d3cb8e59d480a535a7515550e3cd0bd50a4a91871425fd43cf6a0a5b3a9c2fa181e219f80c38f36562274425255ac81b739c6324e70241"}]}]}]}]}, 0xa84}, 0x1, 0x0, 0x0, 0x20000850}, 0x0)

2.690309792s ago: executing program 4 (id=2067):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vcs(0xffffff9c, &(0x7f0000000000), 0x31f9233178fa8449, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0xc0, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffff}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x5}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010102}}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x6}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x1}]}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6c}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x84)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x60000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e24}, @IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x8000}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x58}}, 0x2000000)

2.681956641s ago: executing program 6 (id=2068):
r0 = socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22042, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x9)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getuid()
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000055000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="1e0074d4", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00'], 0x38}}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r7 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r7, 0x8)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendto$inet(r8, &(0x7f0000000180)="cd", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r8, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r8, &(0x7f0000000200)='x', 0x1, 0x4000050, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8)
quotactl_fd$Q_GETFMT(r0, 0xffffffff80000400, r3, &(0x7f0000000140))
r9 = socket$kcm(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000200)={'bond0\x00', &(0x7f0000000640)=@ethtool_per_queue_op={0x4b, 0x1d, [0x4, 0x8, 0x5, 0x8, 0x0, 0x1, 0x3e9, 0x5, 0x6, 0x6, 0x5, 0x6, 0x7ff, 0x4, 0x4, 0x3ff, 0x4, 0x8, 0x2, 0x4, 0x9, 0x4, 0x8, 0x1, 0xfffffa0c, 0x5, 0x8, 0x9be, 0x3, 0x3ff, 0x6, 0x14dc, 0x147, 0x9, 0x1, 0x3, 0x1, 0x0, 0x9, 0x6, 0x7, 0x5, 0x4, 0xfffffffb, 0x8, 0x80000000, 0x9, 0x100, 0x5, 0x19dd, 0x7, 0x3ff, 0x586, 0x6, 0xf667, 0xfffffffc, 0x7, 0x8, 0x7f, 0x6, 0xc8, 0x6, 0x0, 0xc3, 0x4, 0x10, 0xffffffa8, 0x1, 0x9, 0x1, 0x1, 0x83, 0xe39, 0xcf, 0x10, 0x401, 0x7, 0x7, 0x2a, 0x71c9, 0x1, 0x321, 0xfffffeff, 0x7f, 0x66, 0x1c24, 0x9, 0x9, 0x4, 0x2, 0x3, 0xff, 0x100, 0x126, 0x6, 0x8, 0x40000000, 0xc, 0x4, 0x8, 0xffffffc0, 0x4, 0x10001, 0x5, 0x74a000, 0x4e27, 0x3ff, 0x0, 0x8356, 0x20, 0x6, 0x9b7, 0x1, 0x80000001, 0x7f, 0xea, 0x6, 0x80000000, 0xff, 0x7, 0x4da8e6f3, 0x5, 0x10001, 0x8, 0x69e4, 0x80000001, 0xfffffff4, 0x100]}})
socket$inet_smc(0x2b, 0x1, 0x0)

2.382162243s ago: executing program 4 (id=2069):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000040)=0x100000001, 0x4)
r1 = fcntl$getown(r0, 0x9)
r2 = syz_open_procfs(r1, &(0x7f0000000300)='statm\x00')
sendmsg$nl_route(r2, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20040001)
writev(r2, &(0x7f00000003c0), 0x100000000000022d)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='highspeed\x00', 0xa)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0x9}, @window={0x3, 0x0, 0x401}, @window], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x4044000, 0x0, 0x0)
r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r3, 0xc038563c, &(0x7f0000000340)={0x1, 0x0, {0x4, 0x1, 0x9, 0x89}})
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
sendmmsg(r2, &(0x7f00000002c0)=[{{&(0x7f00000000c0)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x3cdb}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000200)="7cb8cd9e14333471c2acd577e86f7eb0", 0x10}], 0x1}}], 0x1, 0x4000040)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2.298380377s ago: executing program 5 (id=2070):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)="6dd8eed1e34ae4f2a2", 0x9}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_usb_connect$uac1(0x6, 0x0, 0x0, &(0x7f0000002b80)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x6, 0x1, 0x1, 0x10, 0x5}, 0x0, 0x0})
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0)

2.162804865s ago: executing program 4 (id=2071):
io_setup(0x6, &(0x7f0000000000))
r0 = syz_io_uring_setup(0xe91, &(0x7f0000000040)={0x0, 0xb164, 0x8, 0x0, 0x366}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_enter(r0, 0x9bc, 0xba1d, 0x0, &(0x7f0000000140)={[0x2, 0x4]}, 0x8)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = fsopen(&(0x7f0000000380)='securityfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', &(0x7f0000000400)='\x00', 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000940), 0x4)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000004d40)={'filter\x00', 0x7, 0x4, 0x3f4, 0x0, 0x0, 0x218, 0x314, 0x314, 0x314, 0x4, &(0x7f0000004d00), {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @multicast2, 0x8}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @empty, @remote, @rand_addr=0x64010101, 0x1}}}, {{@uncond, 0xbc, 0xfc}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x4, 0x1, {0x3}}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x440)

1.690581093s ago: executing program 4 (id=2072):
syz_usb_connect$cdc_ecm(0x2, 0x5c, &(0x7f0000000000)=ANY=[@ANYBLOB="12010100020000102505a1a440000000010109024a0001010000000904000016020200000d240f01"], 0x0)
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000002481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
syz_usb_connect$cdc_ncm(0x4, 0x192, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x29d4de7d899e4aa6, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x180, 0x2, 0x1, 0xcf, 0x20, 0xf3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "1adc"}, {0x5, 0x24, 0x0, 0xf0ce}, {0xd, 0x24, 0xf, 0x1, 0xafa8, 0x3, 0x2, 0x4}, {0x6, 0x24, 0x1a, 0xfffe, 0x21}, [@dmm={0x7, 0x24, 0x14, 0xb, 0x401}, @mdlm_detail={0xfe, 0x24, 0x13, 0x9, "9e7407cc058573bc9aa449dbb0ba57783d913bdbf81cd81e863d16128f5357b46e1cd0595a1eea3f2a1f85d76220805d2b26f7c3841bbbd6e19eae675688d31bf21bffa8fd7ee349d200a492131fa8c699157f5bf7eabb1722d3a1f15c0dee4dbcce43d0bb6b5f2c1f6c01be1f62a32d058b2f353b15a76e1d074cfa00c17e3a783fbb19771a9e2450a32ee79ffa1fb5ea6fc19be67b9746ab57405d45c45ed034a0e614ba42bdcc5e54b477876c9456fd297c7eccf7fa2fbcf3adfe8859811fa25f70bee10ba4788fda2b6499e3de7cedf90f3e6d7e309a3f363aeeba7bacb844703b6f0418ea3562b34e717cd5399eb72e07ab73492e997575"}, @dmm={0x7, 0x24, 0x14, 0x8000, 0x4}, @country_functional={0xa, 0x24, 0x7, 0xfa, 0xc, [0x5, 0xb87a]}, @dmm={0x7, 0x24, 0x14, 0x0, 0x5}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0xa1}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x81, 0x10, 0xe1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0xae, 0x5, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x80, 0x9}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x300, 0x4, 0xc0, 0x0, 0x20, 0xf8}, 0xa2, &(0x7f0000000240)={0x5, 0xf, 0xa2, 0x6, [@generic={0x36, 0x10, 0x2, "cb9e7fbfff7aabd4c62be74fa5d486ae79e5d62583960c2875a74d64d3b2ef2f7faecb1ef5d23d6cbfdb88aa5b6ebc69c45c80"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "5aac617df88c8cf8b5cdd32be61836f7"}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0xb6, 0x9, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0xb4, "77ecaba0060bd9437c112b7b0c98e3e7"}, @generic={0x32, 0x10, 0x2, "adbee2c073c013a0e7fbdd5a9a7213ceb059009b120d45dc2698cfd388cffef0981703837ac9eaf141e71e1fa4aa66"}]}, 0x4, [{0xfe, &(0x7f0000000300)=@string={0xfe, 0x3, "96c89b8f68ae00166adbf82511cff45ba67a838bbed4cb504a8135ea2bcdab45df4422853f89527d7c0d5213a4ac423c63944d0ce7a6bb9e288d9880ad47a5893b0cd33239b46d88b934452cb2e59c91ea0a807d1edc4e01ccb71784e0ea2e1d97ed231f84588b63ede6087d4bcc8d53d051f90695cc5c21aa4b4a4642ea53b070b4c146590fb69ea9f3e2d6709c692ddc4d41047f22612a280f95b5c33a3512c3820ae804041e832df9b15b6f8742efe54dc92aec27bef8864494997849964921431845316857594a7b14b3802a16b16e4b3259bbae5eaec243d8842008115ae9353d226e9846622310534515cb5b107182484fec06fa63d2837480"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x32}}, {0xda, &(0x7f0000000480)=@string={0xda, 0x3, "29f53c17721670018373fe917e954b4e623efad2018b2903ff55c6c8f3c58e44badd66491fd02362db89e4c9cbb2d51313903cd9d04ddee357300fb9e52fdb9caf2cb084eaf636ce61f7909e6535c812fba93ff35ec87450e8d490b6d5249fe7e27db5588d35dc3d5d21fd4a2580196d5bd43bcf00a831b4038de2b09168c5930c1c9f05ea5d14d66808ad9b4cbbaf54e88c1278b5693b72b31be9e806a0f52c79c5d092cc644a9e06f0ba03429b6859e79a81319f0255e10ef2c90a57639cffdda9560c326e5fe1a80e3efb44e8268fd944c7f93a1bbf04"}}]})

1.633244176s ago: executing program 5 (id=2073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xf0a}]}, 0x34}}, 0x0) (fail_nth: 10)

1.428043954s ago: executing program 3 (id=2074):
socket(0x10, 0x3, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x205)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xd7)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r4=>0x0})
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1eed2c00000000000109022400010000000009040000000905810300"/54], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000200)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00j'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xcc, 0x0, 0x1ac, 0x0, 0x1ac, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6, 0x0, 0x0, 0x44}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x138, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00', @ipv4=@private}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x24}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000010000182d1a8e8755e2c399ce808a604e733f0247470319e2805ebeaa9f906e7e0ea87606a000b574251efeb3c1b2812e29f7fa42850ef40df2b", @ANYRES32=r4, @ANYBLOB="ae1e020000000000"], 0x20}}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

673.724156ms ago: executing program 5 (id=2075):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000000000855072626000000000001090224000100003000090400000103000000092100000001220b000905810300939fdf85"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
r2 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000), 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "77746a315690a576", "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
sendto$inet6(r3, &(0x7f0000000100)='S', 0x1, 0x8000, 0x0, 0x0)
close(r3)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x4000}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000280)="27050200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000102821880b0000000000000057180ce88661691192dfeb3f420ab94d7b4656eb34b5a6d05aa918223dc798962d3d3be2d2eade00403b6061549e8fc2ebbc4234133cc54df2476337ebec1a5cf2a2ae64d5a9286ddc8955fcca6c082dd79fd4f1b843f7458defb3dc58d291284dc04f2b5496ff20278af8f0a8f3ddee505f281288091feecccde63af20c741d6c93179373567302e79b211dbeb71073defa647cb5b9e1df8603ad81a4ed344d41", 0xec}, {&(0x7f00000005c0)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a5800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea533340a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c69bff0547efe051f3c5de77fdd3c77afd41a5a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03b000000000000000000a0310dc602dde83c368e2354ff85bcf723ce6991197242945a4a66c8ca86b0aee563", 0x1b6}, {&(0x7f0000000b40)="a9c0322d7c6aab34f2c0b379827f81fc86d27140843bd57788d54711beb800465d1ec82831c2d9c2baca0318b83f32ab97a8edd6497aa1b80fb72603743a07120adbc495eb9a429bbe5fda30455f9161f98e6740d06ed0548b8f35d12bc373f0e1b69636fb56c9bc0f1f64f53c541f64803b5cdc54fb86da50b93708437cf75a4ab051a0876000eabeaad86f85bccebf9c9bdeb471a6fecf24ba1fdb7ee34b005bfbdc867cd666840b85a3ab2c63805953989b468e48bd95e0783134a8e7587e08966ca2c43e39328c45012b853aa587739524c241f722d9689872bffbedfb8797d4faf317e9d0a021f553e829aef201ed0430d426500bd33673b3688bc093263951492b4a818f249f10e33ae240dd84b63fd803daf1c21b85c009f1e391a3dbd40ae39202c128e60b9a8e08a631099accef15fb8d3dd979b7b53d3f13cc70b645847ae89823094eac150fd365d31150a5ecef98640f3b107aca9f3b2f4aa9d7607178f2c327e47687353230ba36ea5938ee1f7a91ba2b4f93fa7feceb376b96d71673f057fd6ca919fabc8f3608150fe7bcea9f0fdd72ddaa92596b12b4ed8c79519302892c6390ba289faaa0e3841ba1f8329a312c563ebe66f020966cddfc4dc6580288b5d68713a8c3c0e123a1ea9f31693adc1505cfa75cd0d3749ec267b6622847ade722dbf7d4622c864634e7a8c11b4bb5fb29eee6ed4c96f300ae0b555d53fce39a2dc8b565ce703027b4bbbb51d44a8cc4f5ad3a57ba590c97990b8e68b24a88e7e055b313195936ff3c47eaa24f248aedabbfb59111d1b76ff96307de6594d215cbe25db1fbb73289af910370fca7123c75fc54116e1b9c832eba10d71a6b030f432ed02e4322bab0462fa9d2b1fd2e999e6c4bce47f1e8ba7c47770116513c6a7de51a9712372c1de2023ec4edbd6bf8b67c603ffd30c93d1a20ebac52d53a5278303c84c39fcaa416e71be19264705980ef20effacb6e14d466d2382f2ef1fbe8655d225b2c75b6d05d38a9a3adfe0f9026414ab0063dd97eec9af1d1f19add00c47a80cb5590425d5e03941799eeacb6479616afe10fd2478fe2844797221b7f35738a9878fa745902a3f0a3e244a1300e41e69a765789a5bc5228f39988c6f681f23b824093b21f0da0b22bf342abc148ed26d215473286d31ce495670e5b8ecdb408793a80a971e76838b28ce5dde90156101a8678c6b0e8e24c9c4629a261140c374c505c7907e5fae9dbf45cc52bc9efd92026b45e8c1b3a8d65b4be577fa907dad7ee23f25448368dfca38f16e3359b57d626049cd42887b9ad85e17447639170136304da8ec00dda44b6e57662f3fbdcc0f2e9737c775893d4558b55d00724531fb401586d0c54f1b2c0e91c4b7c5fdd0e4663e04ca874ac9afaaa6ab8a921fdd9e60e53e866a98591e1ce0cbaaa56d4ebde0a7ecfd7b09796a1c6513c706f35c150c494eee987151f78c478593d9b64ab2fe4d870a6c8fbf32b971a2843b605a67c9af97445edbb62d0ae8e969edec20ff6de5519d56fc9f9d8db6486b81c5052585c7b192f9438304a62384975ba019f6d3b2fb5c644bb34962612a69e6724814aae2d826c39b696290a1e4f9b6bc79058e8f684964ead3464dc3d1bdedc08335625f0a576be89b2efa16a16353b18ab8f5d1c565b279c21cfb95af840e6960f09afb32dd7988360bfc256719b75008cafe633959e97274648c628a432213efe7ba330a325490a9103ef29c11bd66c44086f7ea0e50e6b43ef2b6602651372143b6445e28b6d616905f361e619e91f2ea2242974d413fb5acb33463df72f1a73b6832066eab942fb07fb46405d5f6a012f6499fbc021b6431174acdeb760f69020e5b536a9506ba9f13b2741698d670ce45519e60f37bfacfdadaf52101eaa189f393cb41d6a8763e78591ab1ccecc31622ba30afbb3dbd05266e26dbd0053799ae1953158b7e79d79375621e884019bd9d454e9d4952d501fef01a042d7ee07240a0703244879a176109d850904af1d7b89acc3c15a53f1c04b2f37ca3eb5532c38ce03be94da2906ada25c4e51011d88d0609c0f2335c98a62246b7dd3c150e928ee189087731ca30ef1f1930c4165b2d92f4cdeb3afbe4f5a6ed3c8f5ad5a67fbc3c7d7730a0ed2050e9c9dbdea9819d7386e69441ae74b793bc5788afc83327db2e981af58b14041953a39d3ef0c5d2aff97bf7e8e98865ccb4e65b07f1f0388d2a64fb2d4772d2dbf293e946f3df400325daa55eb66535cf3d16367664d1b373e7f8f94c8a07a0a6759a9e40a89221e091465b401282939c2011b52901df6f7198c9210d35494cbc01f0921ab825e72523cfa54ab133594609ad8ee2b7d35d3489ad78ff7fdffad859f7e05e6e5e67a24dd73ee42527cdb9656a25a570779f7a2db58fa8b9e54f994a5f2cbdd228e5bed954779c87150195440c373d24cccb552ccd6c6ba5ed4a8b2c0d744641a38dfad84673dbbd8f9e029cfce9b40988aa37fa50a68659e60ba70a40fe1a13cb884511fee7394dac82cfd4f8334ccf448cc040f06eda5daaaa1ead63a7816ab6966135081a9f5a07768e5c85c77d26aaf8dce25e1c90f9188b01ee725d1f5888e8128b7b4bbf5c4a29430253cb0a9aaa139e3becb0bbff059b5420dba8395097244ab12938aef94d4c1485f88c358c00c4384f3cda8af0823707a1f618654bf818ff2d9ae4954e4c841a9777f00b1cb6813a8fc8c65fd9c4e5dd5ca273ffa0fd24eb958d2963cf5aaaeff96bd281e861f222f4147fa512ad70d86b3246f8cba321d029e8f34cadd04366751a545457704238d464d2f1741a9a73b3cc4c50eac20219e26610316da4ed548f597c54c882440e2d1cce0de31e8966633d47db9bc21376741005d5926e990f13be2c434ce7586870fb3c99d9b876a884ca1845255c4a86913333cb72f3cce0d68aafcc8ffd4587fa4d8f4c698ae695a79d59ddc8444dfdaacd890885fecf784e7ddd22b5d835148002abecac7c9b130cee22749c281daa84d03e5f20a6a947bba97b706c886242d2dc1eb3c2fd66afc813278d0b5eb0bda43725b413665efbfdfd0e0a557485335428b83c08112886ae70bee3da5cc9a71535178cc51f8422e39318e8d164710ce48ec9b37b7001207a97bc8b140a5283694f649237a63990ea206b48c82b14caa94af63885ea9c555707250c8a3ea565f879bf8424dd50941132bf042447f69bb75b659001587d474c6fa7eaa3203491e55c00f335a0c7eec098e2c8532b3c413bf3b8bfcad1f7e35e407bfe6c22a631cce897c3aedb5dbab4cbf74d01f0a17753fd9ee9b8bd8ee8ee4ad0e1601de81dde6e194cdbf78d838291416366728c385e4143d2fe9195d9b93c97e0fe3e1d4713774bf9992f4c700b303af1b928f86eaae3aa9bf9cac556bb533ae63702e9a75afd6b68bb498bc3358f904e27f43b931bc0d81edc9e784d6e4b1c66833d8710be9fd8047621642ada798b499dfdfaf593c5e116826073b4fe9bcc697ff5af32361d3db2f0b794871906cd388bd84291c043da65247ebddb96f295a740d11a32558dd044751a0523cd570241c30b79352eced989591aaabd3685226ff159238c18d0cf34fabc3876b32ef1804c954338b664f11390a68933211781ae7b84fb563a3f3056901e386cfda2a4c37eae6b7aa69fea1bee394f0187011ce20f040a83ed642f0c8ea6120e425aaf9973a42c153aac7c0c5b555df0b0da6ced2589f8f0586426e6319790b987d57fd4d846a69e32400115b20fd7c14a2375504e03bf8991eebf2d8fc6bb9bd16b2fbae37c8ad3e4ea49c4f391df33508f6d689275f1d66094d96e0d9c06b6cb3b6dd23eb85207136a8c748111346108fcee2761aba87fd5c22511cd2ba82f6e7a0c28e1e248821e44d100b057675caa3083c8974c95e6d8e5f7eddb836aabd8950ceb1bd6147e6b1dc9d8659d90a3a48c3aec9e8ca28e6a464b9e98dd3d8e404f6df3c47266181ae2844aa4fbdcb30e6faa059a9f28bc781af738c9ca4773639c6049c9804fa4913067c6412c639f7422bf2ef2241453f456241ee94edd504436054129f5afb1ef42f430550bed6e7dea3542b9b84611613b9fa1bd23442e8993a2b01861db24e40123e1b8397aeefa03d3ec077e887386da03bfe11fba8c9d41607740ef8b037730c867db0ebf99e6a24c8fd8cb8a69320e2715cc811561c4a1f2c3db1eae5017a477d7ff9365cff3532c6c105c0f657e5f641593cd914f9133fea7406a0a4363805e1eec927263829960332bcb89937f79bd8c4a4c1a9cdc4a8ebbccc2dfa1b7b0f4c47c43c0d8e6e4fb9028a2e6d31e33123009c9b86b1d3fc5d8ea998246544b6ccdff1c923c2a1cb8dde973b49c3548a585023982f5b9dba835eddd30e8f042801ba777a5de75f933b12ae3c295227174dcd0465020e68664822a6b594312dddf7d2983fc03e56696069a5d81c892be77eeec8d82a08d6f7a81e80ce0fc76625f2058466675460b321e3503b805542467c3fff09678919ec7528a62f92f1360e5f1e92021418dba236f7b5b736867a64d570dfd1cf1f4863bc03404e0c505be0a726b2a71d64c318", 0xcb8}], 0x3}, 0x9cdc2384256b4068)
recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4d}, 0x40030162)
syz_open_dev$hiddev(&(0x7f0000000000), 0x100, 0x40000)
syz_usb_control_io$hid(r0, &(0x7f0000000480)={0x24, 0x0, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='\x00\"('], 0x0}, 0x0)
syz_usb_connect$uac1(0x5, 0xfa, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe8, 0x3, 0x1, 0x3, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x2, 0x3, 0x4}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0xfdb, 0xf322, 0x1, "e8cb787dc0e47a"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x81, 0x4, 0x8a, 0x8, "de1296939dcdbd5668"}, @as_header={0x7, 0x24, 0x1, 0x0, 0x0, 0x2}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x1, 0x1, 0x5, 0x8, "b656e1f5f4ceb02de9"}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x5, 0x3, 0x40, 0xb, "bb100e", "1ff2f2"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x5, 0x1, 0xbe, {0x7, 0x25, 0x1, 0x3, 0x6, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x5, 0x2, 0xe5, 0xe, ']{'}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x5, 0x4, 0x2, 0x2, "704b1584"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x0, 0x4, 0x1, 0x4, "bdbe0adfd68bda"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xd, 0x1, 0x6, 0x9, "69651f54"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x6, 0x1, 0x2, 0x64, "dbce"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x1, 0x10, 0xc, {0x7, 0x25, 0x1, 0x0, 0x40, 0x9}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x6, 0xc7, 0x4, 0x60, 0x1}, 0x33, &(0x7f00000001c0)={0x5, 0xf, 0x33, 0x5, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x6, 0x5e, 0x9ac9}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x4, 0x3, 0x20}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "e628a9d1d9116c290c591a0ea56f369b"}]}, 0x5, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x812}}, {0x60, &(0x7f0000000240)=@string={0x60, 0x3, "4e806338bd5b8601b04c2b4a189f6d875d2905e78d37584ac40dafe7dde04d1e8fe0886e9836108de0a9a437e43ad264fee37336bf714143857b7dc93a7ca7472b0d61260f2adf1ac22bab049313221061d778cf80906e72cae54bde1262"}}, {0x23, &(0x7f00000002c0)=@string={0x23, 0x3, "db4ecfd7e30e99b3935943b145bc058c49c6a5b360320da6112e77b5ca5af2d0a7"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4b, &(0x7f0000000340)=@string={0x4b, 0x3, "3013e58c7208883f364d76825f18d4c4132d5b005078eb68b199f5c664b93ebf57df3a3595617c4428a750f66fe4ab6df704e607835659d86d03e6a0d634e392430f61614635db200c"}}]})

629.303588ms ago: executing program 0 (id=2076):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000180)={r2, @in6={{0xa, 0x4e22, 0x1ee, @empty, 0x6}}, 0x6, 0x2}, &(0x7f0000000040)=0x90)

575.592678ms ago: executing program 0 (id=2077):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vcsa(0xffffff9c, &(0x7f0000000840), 0x42400, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000880)={0x640, 0x400, 0xf0, 0xa0, 0xa03c, 0x9, 0xf, 0x2, {0x9d4, 0x200}, {0x5, 0x1ff, 0x1}, {0x9, 0x6}, {0x80000000, 0x96ff}, 0x1, 0x0, 0x40000, 0x1000007, 0x1, 0x9, 0x55d6, 0x83, 0x1, 0x7f, 0xeec, 0x10000, 0x9, 0x0, 0x3, 0x5})
r3 = socket$alg(0x26, 0x5, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4, 0x8a}, 0x20)
r4 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r4, &(0x7f0000000800)={&(0x7f0000000140)=@rc={0x1f, @none, 0x3}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000200)="c2cd68189aedf1d0a76ee4095e2e93c2ff47c127a6181a3bfafd272a233dc0bd7d3b2bbcd52e60c421c6af51c186a0d761a90e9d737f27ff6197eb43dd5e1ffa1023078a4156e0980e50404cf2fd59c2c9a7fb09c8d68bbc3d1ab078fd3ca9518899bd07f960e10ad1caa6087784aeddd19167b1c660df3f03567940737c7f1e21e14d59f8efe89c47938aea108421c8f5e12b594b1fb2724cd297fecd911230d938c3b92d01a04bbf65832b498bb7b174d02e7ec018dd10c8cce0ddea49ed5973b8f0d1c909aea87b38d2029410a90a8aa21933f8550ec3f9115be28327cf9bda2f382da6c40b0aef657e6333556236457c63", 0xf3}, {&(0x7f0000000340)="f29b10718280537adc03f6e4b561a8e28dd3aac04887594dd99400a5f3bd1e5b19bc3f41f6d3627e236200da332d6a67b9808e3f260d1a1665e591521ce2b1e10bb8264d34300dc31482a3285306", 0x4e}, {&(0x7f0000000600)="36d43d894796e495219874427321d83f8198198b2529ac8779d07d51c8a2506b7b4d79058f41a5642e5a53720efe1d0f63c5f160f4412f75b7ef47afccce90c78882e7c5b0f3c71a339531670f1215fc6e9ddf1eee6aaaa70e06af6e79a0af032efc2a117e5b1ec855a01d8b98ca9fa491587f9cc41ec765095a8292909bbd9925773a2757dc04d7aee637b070c9cbac6a30ac9145516a413f76a0e5cb9d93e5c938192c96", 0xa5}, {&(0x7f00000003c0)="7e4ca6e73d8c96fcf7d51291b70b1b978e9412bcdcb78022d7bd736720fc88c0d37853579ca934e42e19b0524bb3ad356e937924d5c4330994d333f354e52a160d3a61045e537701f8adae515db70ef9e6ddd8664eb678e94ee3dfe609b2e9040a2491474b7dde56c136d4635ca649d758ef008d", 0x74}, {&(0x7f0000000000)="a9e6ef7d23ea54bc6e87c091a4f8e1bc8b6679", 0x13}, {&(0x7f0000000080)="cc0263e169860f483c5fe130297543217ae207d761fde5224bf690291f6d2ba30e13c22b579dbca8", 0x28}, {&(0x7f00000006c0)="0abede2b11ebc36c71b501b9364f2c6c4048aca20fba056f50ee5e2585f9abaa755bff881448cda5379bc13458f07afd9c7bf07b9bd45c23f9903490a960b167f4febb96a2ca73333721a1fa31ea4f06319bcf17fa2825a44db70f60153f2ce2bc5c583ddb42c2cd0b5ec2907df49490eaa49d505269eae2338b682421a558dc5f67ebb3e65c5cb7c011adac1c2bd3f702a52e15777cb5c5f13c738eaa235e81f15e2c1185b21a443f6241d46d", 0xad}, {&(0x7f0000000480)="f9c0666039838fedfaeedaf2ef2e0bb200827e5b", 0x14}, {&(0x7f0000000540)="ddd8fde2beac387acfe927e6518668771e6f61f4bf0f609a3c1aa59f82be3e32e8f5348668c1294818087d5ea550e58e65aaffb4044149f12c6467a9b4c187a4355aa09a11dd81a67446244a0455be723c3cee07c95b87bba7b9b94d3be4b41e34caa3616c23a2080f6f67bcf4c944be84947e4a8d02e9b7027f8441a16f63", 0x7f}], 0x9}, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008800}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000440)={0x1, 0x0, [{0x80000008, 0x4, 0x5, 0x7fffffff, 0x6, 0x8, 0x3}]})

185.98083ms ago: executing program 4 (id=2078):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c4, 0x1f0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x2fc, 0x20a, 0x278, 0x2fc, 0x278, 0x3, 0x0, {[{{@uncond, 0x0, 0x188, 0x1f0, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@unspec=@string={{0xc0}, {0x0, 0x2, 'kmp\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x81, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x2, 0x80, 0xffffffff, 0x3, 'pptp\x00', 'syz1\x00', {0x2}}}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x420)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x2c, 0x2, 0x3, "fff600f45fa800be3e27ff7eefad00000000ff00", 0x3032344d})
io_uring_enter(0xffffffffffffffff, 0x3a59, 0xe8ea, 0x22ecfc7657cf50a8, &(0x7f0000000140)={[0x3, 0x8000]}, 0x8)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000300)={0xfffffffc, 0x8, 0xc}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1600004d7386cd47b444"], 0x14}}, 0x10)
r5 = io_uring_setup(0x4fa5, &(0x7f0000000080)={0x0, 0xffffeffe, 0x10000, 0x2})
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bind$netlink(r6, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbfb}, 0xc)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r7=>r3, {0xe}}, './file0\x00'})
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f00000001c0)=0x80000)

0s ago: executing program 0 (id=2079):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0xa2a0, 0x1, 0x3}, 0x18, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
landlock_restrict_self(r0, 0x0) (fail_nth: 5)

kernel console output (not intermixed with test programs):

000000000 R11: 0000000000000206 R12: 0000000000000000
[  500.840011][T11331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  500.840041][T11331]  </TASK>
[  501.263360][T11331] tipc: Publication distribution failure
[  501.332246][T11067] veth0_macvtap: entered promiscuous mode
[  501.341494][T11183] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  501.361523][T11067] veth1_macvtap: entered promiscuous mode
[  501.384541][T11067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  501.396096][T11067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  501.406371][T11067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  501.417075][T11067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  501.429030][T11067] batman_adv: batadv0: Interface activated: batadv_slave_0
[  501.454948][T11067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  501.470932][T11067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  501.481491][T11067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  501.492458][T11067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  501.507858][T11067] batman_adv: batadv0: Interface activated: batadv_slave_1
[  501.548312][T11067] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  501.557619][T11067] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  501.566917][T11067] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  501.576854][T11067] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  501.777860][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.795339][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.862594][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.878281][T11183] 8021q: adding VLAN 0 to HW filter on device bond0
[  501.887723][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.034604][T11183] 8021q: adding VLAN 0 to HW filter on device team0
[  502.090822][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.099331][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state
[  502.160728][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.168168][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state
[  502.753049][T11183] 8021q: adding VLAN 0 to HW filter on device batadv0
[  502.859061][T11364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1662'.
[  503.111998][T11183] veth0_vlan: entered promiscuous mode
[  503.178740][T11183] veth1_vlan: entered promiscuous mode
[  503.449038][T11183] veth0_macvtap: entered promiscuous mode
[  503.521807][T11183] veth1_macvtap: entered promiscuous mode
[  503.617973][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  503.668641][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  503.689376][   T49] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  503.715784][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  503.738952][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  503.783182][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  503.847687][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  503.903523][   T49] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.915183][T11183] batman_adv: batadv0: Interface activated: batadv_slave_0
[  503.951968][   T49] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  503.989620][   T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.121342][   T49] usb 6-1: Product: syz
[  504.125663][   T49] usb 6-1: Manufacturer: syz
[  504.130570][   T49] usb 6-1: SerialNumber: syz
[  504.142644][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.181034][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.193025][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.220213][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.231417][T11183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  504.244029][T11183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.258642][T11183] batman_adv: batadv0: Interface activated: batadv_slave_1
[  504.291659][T11183] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  504.322111][T11183] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  504.336912][T11183] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  504.349866][T11183] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  504.979546][   T49] cdc_ncm 6-1:1.0: failed to get mac address
[  504.987411][   T49] cdc_ncm 6-1:1.0: bind() failure
[  505.026395][   T49] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  505.057105][   T49] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  505.102797][ T2925] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  505.109574][   T49] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  505.182912][ T2925] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.244650][   T49] usb 6-1: USB disconnect, device number 2
[  505.401137][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  505.409147][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.662095][   T49] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  505.931781][   T49] usb 6-1: config 8 has an invalid interface number: 130 but max is 0
[  505.948172][   T49] usb 6-1: config 8 has no interface number 0
[  505.961235][   T49] usb 6-1: config 8 interface 130 has no altsetting 0
[  505.985177][   T49] usb 6-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=e2.0f
[  506.003470][   T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.027972][   T49] usb 6-1: Product: syz
[  506.035316][   T49] usb 6-1: Manufacturer: syz
[  506.047141][   T49] usb 6-1: SerialNumber: syz
[  506.278418][T11404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.302741][T11404] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.337111][T11404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.391190][T11404] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.485941][   T49] gspca_main: conex-2.14.0 probing 0572:0041
[  506.709061][   T49] usb 6-1: USB disconnect, device number 3
[  506.732619][T11432] FAULT_INJECTION: forcing a failure.
[  506.732619][T11432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.784480][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  506.791415][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  506.816519][T11432] CPU: 0 UID: 0 PID: 11432 Comm: syz.4.1673 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  506.816551][T11432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  506.816565][T11432] Call Trace:
[  506.816574][T11432]  <TASK>
[  506.816584][T11432]  dump_stack_lvl+0x241/0x360
[  506.816624][T11432]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.816655][T11432]  ? __pfx__printk+0x10/0x10
[  506.816698][T11432]  should_fail_ex+0x424/0x570
[  506.816737][T11432]  _copy_from_user+0x2d/0xb0
[  506.816769][T11432]  move_addr_to_kernel+0x7f/0x170
[  506.816797][T11432]  __sys_sendto+0x26a/0x4c0
[  506.816833][T11432]  ? __pfx___sys_sendto+0x10/0x10
[  506.816905][T11432]  __se_compat_sys_socketcall+0xad6/0x1420
[  506.816942][T11432]  ? __pfx___se_compat_sys_socketcall+0x10/0x10
[  506.816978][T11432]  ? ksys_write+0x275/0x2d0
[  506.817012][T11432]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  506.817034][T11432]  ? lockdep_hardirqs_on+0x9d/0x150
[  506.817059][T11432]  __do_fast_syscall_32+0xb4/0x110
[  506.817081][T11432]  ? exc_page_fault+0x5f8/0x920
[  506.817128][T11432]  do_fast_syscall_32+0x34/0x80
[  506.817152][T11432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  506.817177][T11432] RIP: 0023:0xf744d579
[  506.817196][T11432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  506.817215][T11432] RSP: 002b:00000000f50d5430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  506.817244][T11432] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f50d5444
[  506.817259][T11432] RDX: 0000000000000000 RSI: 00000000f50d5560 RDI: 00000000f743cff4
[  506.817274][T11432] RBP: 00000000f50d5560 R08: 0000000000000000 R09: 0000000000000000
[  506.817287][T11432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  506.817300][T11432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  506.817331][T11432]  </TASK>
[  507.204097][T11439] FAULT_INJECTION: forcing a failure.
[  507.204097][T11439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.217865][T11439] CPU: 0 UID: 0 PID: 11439 Comm: syz.4.1674 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  507.217887][T11439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  507.217897][T11439] Call Trace:
[  507.217904][T11439]  <TASK>
[  507.217910][T11439]  dump_stack_lvl+0x241/0x360
[  507.217939][T11439]  ? __pfx_dump_stack_lvl+0x10/0x10
[  507.217961][T11439]  ? __pfx__printk+0x10/0x10
[  507.217991][T11439]  should_fail_ex+0x424/0x570
[  507.218024][T11439]  _copy_from_user+0x2d/0xb0
[  507.218049][T11439]  copy_from_sockptr+0x57/0xb0
[  507.218070][T11439]  do_ip_getsockopt+0x1b7d/0x2ba0
[  507.218093][T11439]  ? _parse_integer_limit+0x1b4/0x200
[  507.218111][T11439]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  507.218132][T11439]  ? kstrtoull+0x1d3/0x2f0
[  507.218148][T11439]  ? __pfx_kstrtoull+0x10/0x10
[  507.218167][T11439]  ? aa_label_sk_perm+0x4f4/0x6d0
[  507.218191][T11439]  ? kstrtouint+0xfc/0x190
[  507.218205][T11439]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  507.218239][T11439]  ? __pfx___might_resched+0x10/0x10
[  507.218286][T11439]  ip_getsockopt+0xef/0x2e0
[  507.218306][T11439]  ? __pfx_ip_getsockopt+0x10/0x10
[  507.218326][T11439]  ? aa_sk_perm+0x96f/0xac0
[  507.218349][T11439]  tcp_getsockopt+0x16f/0x1d0
[  507.218370][T11439]  ? __pfx_tcp_getsockopt+0x10/0x10
[  507.218391][T11439]  ? aa_sock_opt_perm+0x79/0x120
[  507.218411][T11439]  ? sock_common_getsockopt+0x2e/0xb0
[  507.218430][T11439]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  507.218452][T11439]  do_sock_getsockopt+0x391/0x740
[  507.218481][T11439]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  507.218502][T11439]  ? __fget_files+0x2a/0x420
[  507.218518][T11439]  ? __fget_files+0x39d/0x420
[  507.218531][T11439]  ? __fget_files+0x2a/0x420
[  507.218551][T11439]  __ia32_sys_getsockopt+0x2a1/0x370
[  507.218580][T11439]  ? __pfx___ia32_sys_getsockopt+0x10/0x10
[  507.218606][T11439]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  507.218623][T11439]  ? lockdep_hardirqs_on+0x9d/0x150
[  507.218640][T11439]  __do_fast_syscall_32+0xb4/0x110
[  507.218656][T11439]  ? exc_page_fault+0x5f8/0x920
[  507.218683][T11439]  do_fast_syscall_32+0x34/0x80
[  507.218700][T11439]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  507.218718][T11439] RIP: 0023:0xf744d579
[  507.218732][T11439] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  507.218745][T11439] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[  507.218764][T11439] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  507.218774][T11439] RDX: 0000000000000029 RSI: 0000000080000000 RDI: 0000000080695ffc
[  507.218785][T11439] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  507.218794][T11439] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  507.218803][T11439] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.218825][T11439]  </TASK>
[  508.220945][T11465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  508.240908][T11465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.838739][T11477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  508.913135][T11472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  508.913411][T11477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.958766][T11465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  508.970884][T11472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  509.020378][T11465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  509.168710][T11487] program syz.0.1684 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  509.393140][T11486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  509.481304][T11497] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  509.755881][T11504] netlink: 'syz.6.1685': attribute type 1 has an invalid length.
[  509.780118][ T5897] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  509.951680][ T5897] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  509.994069][ T5897] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  510.024406][ T5897] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  510.074567][ T5897] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  510.113639][ T5897] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  510.132791][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  510.168393][ T5897] usb 6-1: Product: syz
[  510.186409][ T5897] usb 6-1: Manufacturer: syz
[  510.227809][ T5897] cdc_wdm 6-1:1.0: skipping garbage
[  510.241466][ T5897] cdc_wdm 6-1:1.0: skipping garbage
[  510.276872][ T5897] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  510.495144][   T49] usb 6-1: USB disconnect, device number 4
[  510.874497][T11534] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  510.891251][T11535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1693'.
[  510.905568][T11535] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  510.935523][T11534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.978664][T11534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.022875][T11534] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1694'.
[  511.255539][T11535] batman_adv: batadv0: Removing interface: batadv_slave_1
[  512.642890][T11568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.699145][T11568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  512.889892][ T5899] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  513.070083][ T5899] usb 7-1: Using ep0 maxpacket: 8
[  513.078191][ T5899] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.090118][ T5899] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.140923][T11580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.154357][ T5899] usb 7-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  513.164423][T11580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.186300][ T5899] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.208527][T11580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.234156][ T5899] usb 7-1: config 0 descriptor??
[  513.236778][T11580] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.250887][ T5899] usbhid 7-1:0.0: can't add hid device: -22
[  513.267013][ T5899] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  513.448903][  T919] usb 7-1: USB disconnect, device number 2
[  514.311361][T11604] netlink: 'syz.4.1710': attribute type 1 has an invalid length.
[  515.019620][   T49] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  515.199519][   T49] usb 7-1: Using ep0 maxpacket: 8
[  515.207681][   T49] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  515.218689][   T49] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  515.239185][   T49] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  515.273580][   T49] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  515.316660][   T49] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  515.539960][   T49] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  515.617331][   T49] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.782024][T11636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1718'.
[  515.989441][   T49] usb 7-1: usb_control_msg returned -32
[  515.995246][   T49] usbtmc 7-1:16.0: can't read capabilities
[  516.359404][T11616] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  516.458788][   T10] usb 7-1: USB disconnect, device number 3
[  516.829126][T11657] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  516.852700][T11657] warn_alloc: 1 callbacks suppressed
[  516.852765][T11657] syz.3.1725: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  516.894474][T11657] CPU: 1 UID: 0 PID: 11657 Comm: syz.3.1725 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  516.894509][T11657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  516.894524][T11657] Call Trace:
[  516.894533][T11657]  <TASK>
[  516.894543][T11657]  dump_stack_lvl+0x241/0x360
[  516.894585][T11657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  516.894617][T11657]  ? __pfx__printk+0x10/0x10
[  516.894645][T11657]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  516.894682][T11657]  ? __rcu_read_unlock+0xa1/0x110
[  516.894707][T11657]  warn_alloc+0x27c/0x410
[  516.894731][T11657]  ? __vmalloc_node_range_noprof+0x108/0x1390
[  516.894754][T11657]  ? __pfx_warn_alloc+0x10/0x10
[  516.894778][T11657]  ? kasan_save_track+0x3f/0x80
[  516.894801][T11657]  ? __kasan_kmalloc+0x9d/0xb0
[  516.894829][T11657]  ? xsk_setsockopt+0x449/0x840
[  516.894858][T11657]  ? do_sock_setsockopt+0x3b1/0x710
[  516.894891][T11657]  ? __ia32_sys_setsockopt+0x1f2/0x280
[  516.894923][T11657]  ? __do_fast_syscall_32+0xb4/0x110
[  516.894962][T11657]  ? do_fast_syscall_32+0x34/0x80
[  516.894984][T11657]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  516.895022][T11657]  __vmalloc_node_range_noprof+0x128/0x1390
[  516.895075][T11657]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  516.895104][T11657]  ? __kasan_kmalloc+0x9d/0xb0
[  516.895136][T11657]  vmalloc_user_noprof+0x74/0x80
[  516.895159][T11657]  ? xskq_create+0xb6/0x170
[  516.895189][T11657]  xskq_create+0xb6/0x170
[  516.895224][T11657]  xsk_init_queue+0xa1/0x100
[  516.895259][T11657]  xsk_setsockopt+0x449/0x840
[  516.895293][T11657]  ? __pfx_xsk_setsockopt+0x10/0x10
[  516.895328][T11657]  ? security_socket_setsockopt+0xa5/0x2a0
[  516.895361][T11657]  ? security_socket_setsockopt+0x242/0x2a0
[  516.895388][T11657]  ? __pfx_xsk_setsockopt+0x10/0x10
[  516.895418][T11657]  do_sock_setsockopt+0x3b1/0x710
[  516.895458][T11657]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  516.895510][T11657]  __ia32_sys_setsockopt+0x1f2/0x280
[  516.895552][T11657]  __do_fast_syscall_32+0xb4/0x110
[  516.895576][T11657]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  516.895599][T11657]  ? lockdep_hardirqs_on+0x9d/0x150
[  516.895625][T11657]  do_fast_syscall_32+0x34/0x80
[  516.895649][T11657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  516.895675][T11657] RIP: 0023:0xf7f61579
[  516.895694][T11657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  516.895714][T11657] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  516.895737][T11657] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 000000000000011b
[  516.895753][T11657] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000052
[  516.895767][T11657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  516.895780][T11657] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  516.895794][T11657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  516.895827][T11657]  </TASK>
[  516.895990][T11657] Mem-Info:
[  516.898414][T11659] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1726'.
[  516.928212][T11657] active_anon:5421 inactive_anon:0 isolated_anon:0
[  516.928212][T11657]  active_file:16421 inactive_file:38453 isolated_file:0
[  516.928212][T11657]  unevictable:780 dirty:306 writeback:0
[  516.928212][T11657]  slab_reclaimable:10195 slab_unreclaimable:110424
[  516.928212][T11657]  mapped:30483 shmem:1468 pagetables:1000
[  516.928212][T11657]  sec_pagetables:0 bounce:0
[  516.928212][T11657]  kernel_misc_reclaimable:0
[  516.928212][T11657]  free:1301916 free_pcp:4479 free_cma:0
[  517.425999][T11657] Node 0 active_anon:22188kB inactive_anon:0kB active_file:65684kB inactive_file:153744kB unevictable:1584kB isolated(anon):0kB isolated(file):0kB mapped:120388kB dirty:1228kB writeback:0kB shmem:4340kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11380kB pagetables:3908kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  517.551817][T11657] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  517.585329][T11663] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1726'.
[  517.608677][T11664] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.621316][T11657] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  517.651700][T11657] lowmem_reserve[]: 0 2487 2487 2487 2487
[  517.658432][T11657] Node 0 DMA32 free:1294184kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:22380kB inactive_anon:0kB active_file:65684kB inactive_file:153652kB unevictable:1584kB writepending:1228kB present:3129332kB managed:2547304kB mlocked:0kB bounce:0kB free_pcp:4276kB local_pcp:956kB free_cma:0kB
[  517.699064][T11667] bridge0: port 1(bridge_slave_0) entered blocking state
[  517.707552][T11667] bridge0: port 1(bridge_slave_0) entered forwarding state
[  517.789364][T11657] lowmem_reserve[]: 0 0 0 0 0
[  517.827507][T11657] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  518.002652][T11657] lowmem_reserve[]: 0 0 0 0 0
[  518.028840][T11657] Node 1 Normal free:3899020kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14412kB local_pcp:8800kB free_cma:0kB
[  518.089453][T11657] lowmem_reserve[]: 0 0 0 0 0
[  518.094444][T11657] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  518.144146][T11657] Node 0 DMA32: 874*4kB (UE) 919*8kB (UME) 804*16kB (UME) 511*32kB (ME) 202*64kB (UME) 96*128kB (UME) 131*256kB (UM) 192*512kB (UME) 109*1024kB (UM) 11*2048kB (UME) 235*4096kB (UM) = 1293824kB
[  518.236985][T11657] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  518.297584][T11657] Node 1 Normal: 8*4kB (UME) 6*8kB (UME) 11*16kB (UME) 196*32kB (UME) 109*64kB (UME) 34*128kB (UME) 9*256kB (U) 2*512kB (U) 5*1024kB (UM) 3*2048kB (UM) 944*4096kB (ME) = 3899072kB
[  518.333935][T11657] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  518.356895][T11657] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  518.385319][T11657] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  518.433953][T11657] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  518.471627][T11657] 56345 total pagecache pages
[  518.489395][T11657] 0 pages in swap cache
[  518.503671][T11657] Free swap  = 124996kB
[  518.514797][T11657] Total swap = 124996kB
[  518.524683][T11657] 2097051 pages RAM
[  518.545940][T11657] 0 pages HighMem/MovableOnly
[  518.555651][T11680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.563313][T11657] 428567 pages reserved
[  518.574884][T11657] 0 pages cma reserved
[  518.580528][T11680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.247527][T11693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1738'.
[  519.307711][T11693] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1738'.
[  519.537122][T11701] netlink: 'syz.5.1739': attribute type 1 has an invalid length.
[  519.782231][T11704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.869787][T11704] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  521.838609][T11742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  521.859150][T11742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.027450][T11746] netlink: 'syz.5.1751': attribute type 1 has an invalid length.
[  523.313084][T11753] kernel profiling enabled (shift: 9)
[  523.480037][ T5897] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  523.501823][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  523.501842][   T30] audit: type=1326 audit(1743617383.863:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.501914][   T30] audit: type=1326 audit(1743617383.863:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.501948][   T30] audit: type=1326 audit(1743617383.863:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf744d5a7 code=0x7ffc0000
[  523.501980][   T30] audit: type=1326 audit(1743617383.863:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.502031][   T30] audit: type=1326 audit(1743617383.863:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.502063][   T30] audit: type=1326 audit(1743617383.863:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf744d5a7 code=0x7ffc0000
[  523.502095][   T30] audit: type=1326 audit(1743617383.863:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.502134][   T30] audit: type=1326 audit(1743617383.863:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.502186][   T30] audit: type=1326 audit(1743617383.863:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf744d5a7 code=0x7ffc0000
[  523.502219][   T30] audit: type=1326 audit(1743617383.863:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.4.1754" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf744d579 code=0x7ffc0000
[  523.809806][ T5897] usb 6-1: config 0 has no interfaces?
[  523.817240][ T5897] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  524.450486][T11779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.570705][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.606125][ T5897] usb 6-1: Product: syz
[  524.611355][T11779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.634111][ T5897] usb 6-1: Manufacturer: syz
[  524.757412][ T5897] usb 6-1: SerialNumber: syz
[  524.936862][ T5897] usb 6-1: config 0 descriptor??
[  525.560645][T11796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.587982][T11796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.864250][T11802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1765'.
[  526.032861][T11802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1765'.
[  526.078309][T11804] batadv_slave_1: entered promiscuous mode
[  526.086551][T11804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.095686][T11804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.486070][   T24] usb 6-1: USB disconnect, device number 5
[  527.017157][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  527.128367][T11826] netlink: 'syz.4.1767': attribute type 1 has an invalid length.
[  527.197835][   T24] usb 6-1: Using ep0 maxpacket: 8
[  527.304112][T11801] batadv_slave_1: left promiscuous mode
[  527.317155][   T24] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  527.343031][   T24] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  527.368063][   T24] usb 6-1: config 1 has no interface number 1
[  527.379491][   T24] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  527.405806][   T24] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  527.421386][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.430504][   T24] usb 6-1: Product: syz
[  527.435007][   T24] usb 6-1: Manufacturer: syz
[  527.441139][   T24] usb 6-1: SerialNumber: syz
[  528.522875][T11838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  528.563227][T11838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  529.405385][T11790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.584386][T11860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  529.801093][T11860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  529.974575][T11860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.014703][   T24] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  530.027092][T11860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.189840][   T24] usb 6-1: USB disconnect, device number 6
[  530.496877][T11065] udevd[11065]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  531.431068][T11888] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1778'.
[  533.242816][T11918] netlink: 'syz.6.1784': attribute type 1 has an invalid length.
[  533.640694][T11925] loop2: detected capacity change from 0 to 7
[  533.730009][T11925] Dev loop2: unable to read RDB block 7
[  533.735772][T11925]  loop2: unable to read partition table
[  533.829636][T11925] loop2: partition table beyond EOD, truncated
[  533.837183][T11925] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  534.605903][T11927] netlink: 'syz.0.1786': attribute type 29 has an invalid length.
[  534.661073][T11943] dccp_invalid_packet: P.Data Offset(0) too small
[  535.228094][T11927] netlink: 'syz.0.1786': attribute type 29 has an invalid length.
[  536.220415][T11978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.277057][T11978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.724590][T11997] FAULT_INJECTION: forcing a failure.
[  536.724590][T11997] name failslab, interval 1, probability 0, space 0, times 0
[  536.837306][T11997] CPU: 1 UID: 0 PID: 11997 Comm: syz.4.1801 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  536.837336][T11997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  536.837346][T11997] Call Trace:
[  536.837353][T11997]  <TASK>
[  536.837360][T11997]  dump_stack_lvl+0x241/0x360
[  536.837390][T11997]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.837413][T11997]  ? __pfx__printk+0x10/0x10
[  536.837444][T11997]  ? __pfx___might_resched+0x10/0x10
[  536.837466][T11997]  should_fail_ex+0x424/0x570
[  536.837495][T11997]  should_failslab+0xac/0x100
[  536.837518][T11997]  __kvmalloc_node_noprof+0x170/0x5a0
[  536.837548][T11997]  ? xfrm_user_rcv_msg_compat+0x4c8/0x1540
[  536.837575][T11997]  xfrm_user_rcv_msg_compat+0x4c8/0x1540
[  536.837595][T11997]  ? nlmon_xmit+0xaf/0x100
[  536.837620][T11997]  ? preempt_schedule_common+0x84/0xd0
[  536.837647][T11997]  ? __pfx_xfrm_user_rcv_msg_compat+0x10/0x10
[  536.837699][T11997]  ? xfrm_get_translator+0x19/0x240
[  536.837719][T11997]  ? xfrm_get_translator+0x19/0x240
[  536.837739][T11997]  xfrm_user_rcv_msg+0x30b/0xca0
[  536.837761][T11997]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  536.837807][T11997]  ? __mutex_trylock_common+0x184/0x2e0
[  536.837833][T11997]  ? __pfx___mutex_trylock_common+0x10/0x10
[  536.837861][T11997]  netlink_rcv_skb+0x208/0x480
[  536.837883][T11997]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  536.837901][T11997]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  536.837936][T11997]  ? netlink_deliver_tap+0x2e/0x1b0
[  536.837959][T11997]  xfrm_netlink_rcv+0x79/0x90
[  536.837976][T11997]  netlink_unicast+0x7f8/0x9a0
[  536.838000][T11997]  ? __pfx_netlink_unicast+0x10/0x10
[  536.838019][T11997]  ? skb_put+0x114/0x1f0
[  536.838045][T11997]  netlink_sendmsg+0x8c3/0xcd0
[  536.838074][T11997]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.838096][T11997]  ? __import_iovec+0x585/0x830
[  536.838115][T11997]  ? aa_sock_msg_perm+0x91/0x160
[  536.838140][T11997]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.838158][T11997]  __sock_sendmsg+0x221/0x270
[  536.838180][T11997]  ____sys_sendmsg+0x523/0x860
[  536.838201][T11997]  ? __pfx_____sys_sendmsg+0x10/0x10
[  536.838229][T11997]  __sys_sendmsg+0x271/0x360
[  536.838248][T11997]  ? __pfx___sys_sendmsg+0x10/0x10
[  536.838300][T11997]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  536.838316][T11997]  ? lockdep_hardirqs_on+0x9d/0x150
[  536.838336][T11997]  __do_fast_syscall_32+0xb4/0x110
[  536.838352][T11997]  ? exc_page_fault+0x5f8/0x920
[  536.838380][T11997]  do_fast_syscall_32+0x34/0x80
[  536.838396][T11997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  536.838414][T11997] RIP: 0023:0xf744d579
[  536.838428][T11997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  536.838441][T11997] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  536.838457][T11997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  536.838468][T11997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  536.838478][T11997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  536.838487][T11997] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  536.838496][T11997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  536.838518][T11997]  </TASK>
[  538.131682][T12025] input: syz1 as /devices/virtual/input/input41
[  538.190102][ T5896] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  538.215241][T12025] input: syz0 as /devices/virtual/input/input42
[  538.365077][ T5896] usb 6-1: Using ep0 maxpacket: 8
[  538.385884][ T5896] usb 6-1: unable to get BOS descriptor or descriptor too short
[  538.410011][ T5896] usb 6-1: config 1 has an invalid interface number: 213 but max is 0
[  538.432290][ T5896] usb 6-1: config 1 has no interface number 0
[  538.467528][ T5896] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0023, bcdDevice=e3.39
[  538.512289][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.542626][ T5896] usb 6-1: Product: syz
[  538.568834][ T5896] usb 6-1: Manufacturer: syz
[  538.594177][ T5896] usb 6-1: SerialNumber: syz
[  538.826792][T12019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  538.849889][T12019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.941147][ T5896] kvaser_usb 6-1:1.213: error -ENODEV: Cannot get usb endpoint(s)
[  538.968440][ T5896] usb 6-1: bad CDC descriptors
[  539.067201][ T5896] usb 6-1: USB disconnect, device number 7
[  539.597687][   T30] kauditd_printk_skb: 179 callbacks suppressed
[  539.597709][   T30] audit: type=1326 audit(1743617399.963:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.665309][   T30] audit: type=1326 audit(1743617400.013:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.702081][   T30] audit: type=1326 audit(1743617400.063:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.754903][   T30] audit: type=1326 audit(1743617400.063:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.796194][   T30] audit: type=1326 audit(1743617400.063:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.878843][   T30] audit: type=1326 audit(1743617400.063:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  539.916440][T12048] xt_bpf: check failed: parse error
[  539.957605][   T30] audit: type=1326 audit(1743617400.063:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  540.043625][   T30] audit: type=1326 audit(1743617400.073:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=427 compat=1 ip=0xf744d579 code=0x7ffc0000
[  540.120052][   T30] audit: type=1326 audit(1743617400.073:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf744d579 code=0x7ffc0000
[  540.165729][   T30] audit: type=1326 audit(1743617400.093:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12046 comm="syz.4.1815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf744d579 code=0x7ffc0000
[  540.397984][T12059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1820'.
[  540.415794][T12063] FAULT_INJECTION: forcing a failure.
[  540.415794][T12063] name failslab, interval 1, probability 0, space 0, times 0
[  540.435170][T12063] CPU: 0 UID: 0 PID: 12063 Comm: syz.0.1821 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  540.435203][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  540.435218][T12063] Call Trace:
[  540.435227][T12063]  <TASK>
[  540.435237][T12063]  dump_stack_lvl+0x241/0x360
[  540.435276][T12063]  ? __pfx_dump_stack_lvl+0x10/0x10
[  540.435307][T12063]  ? __pfx__printk+0x10/0x10
[  540.435341][T12063]  ? __pfx___might_resched+0x10/0x10
[  540.435380][T12063]  should_fail_ex+0x424/0x570
[  540.435420][T12063]  should_failslab+0xac/0x100
[  540.435451][T12063]  __kmalloc_noprof+0xdf/0x4d0
[  540.435479][T12063]  ? sock_kmalloc+0xd7/0x160
[  540.435506][T12063]  sock_kmalloc+0xd7/0x160
[  540.435530][T12063]  cmsghdr_from_user_compat_to_kern+0x30b/0x980
[  540.435576][T12063]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[  540.435618][T12063]  ____sys_sendmsg+0x1ad/0x860
[  540.435648][T12063]  ? __pfx_____sys_sendmsg+0x10/0x10
[  540.435686][T12063]  __sys_sendmsg+0x271/0x360
[  540.435712][T12063]  ? __pfx___sys_sendmsg+0x10/0x10
[  540.435787][T12063]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  540.435809][T12063]  ? lockdep_hardirqs_on+0x9d/0x150
[  540.435833][T12063]  __do_fast_syscall_32+0xb4/0x110
[  540.435855][T12063]  ? exc_page_fault+0x5f8/0x920
[  540.435892][T12063]  do_fast_syscall_32+0x34/0x80
[  540.435916][T12063]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  540.435940][T12063] RIP: 0023:0xf7f22579
[  540.435959][T12063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  540.435978][T12063] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  540.436000][T12063] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001180
[  540.436017][T12063] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  540.436029][T12063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  540.436041][T12063] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  540.436054][T12063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  540.436083][T12063]  </TASK>
[  541.049056][T12081] netlink: 2048 bytes leftover after parsing attributes in process `syz.4.1820'.
[  541.406444][T12081] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1820'.
[  541.676488][ T5899] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  541.923827][ T5899] usb 6-1: config 0 has an invalid interface number: 95 but max is 0
[  541.936943][ T5899] usb 6-1: config 0 has no interface number 0
[  541.958664][ T5899] usb 6-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8
[  541.987485][T12092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.014815][ T5899] usb 6-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  542.028360][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.044320][T12092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.068948][ T5899] usb 6-1: Product: syz
[  542.075617][ T5899] usb 6-1: Manufacturer: syz
[  542.083965][ T5899] usb 6-1: SerialNumber: syz
[  542.112024][ T5899] usb 6-1: config 0 descriptor??
[  542.119030][T12080] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  542.132455][T12092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.141318][T12092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.185097][T12092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.252349][T12092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.372982][ T5899] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  542.445202][ T5899] usb 6-1: MIDIStreaming interface descriptor not found
[  542.485168][T12097] FAULT_INJECTION: forcing a failure.
[  542.485168][T12097] name failslab, interval 1, probability 0, space 0, times 0
[  542.520247][T12097] CPU: 0 UID: 0 PID: 12097 Comm: syz.4.1831 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  542.520280][T12097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  542.520295][T12097] Call Trace:
[  542.520303][T12097]  <TASK>
[  542.520312][T12097]  dump_stack_lvl+0x241/0x360
[  542.520352][T12097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  542.520381][T12097]  ? __pfx__printk+0x10/0x10
[  542.520413][T12097]  should_fail_ex+0x424/0x570
[  542.520446][T12097]  should_failslab+0xac/0x100
[  542.520478][T12097]  __kmalloc_noprof+0xdf/0x4d0
[  542.520506][T12097]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  542.520534][T12097]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  542.520560][T12097]  tomoyo_realpath_from_path+0xcf/0x5e0
[  542.520592][T12097]  tomoyo_path_number_perm+0x245/0x790
[  542.520610][T12097]  ? __lock_acquire+0xad5/0xd80
[  542.520627][T12097]  ? tomoyo_path_number_perm+0x215/0x790
[  542.520648][T12097]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  542.520695][T12097]  ? __fget_files+0x2a/0x420
[  542.520709][T12097]  ? __fget_files+0x2a/0x420
[  542.520725][T12097]  ? __fget_files+0x2a/0x420
[  542.520743][T12097]  security_file_ioctl_compat+0xc6/0x2a0
[  542.520763][T12097]  __se_compat_sys_ioctl+0xd8/0xc30
[  542.520782][T12097]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  542.520800][T12097]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  542.520820][T12097]  ? __fget_files+0x2a/0x420
[  542.520839][T12097]  ? fput+0x9b/0xd0
[  542.520873][T12097]  ? ksys_write+0x275/0x2d0
[  542.520897][T12097]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  542.520912][T12097]  ? lockdep_hardirqs_on+0x9d/0x150
[  542.520929][T12097]  __do_fast_syscall_32+0xb4/0x110
[  542.520945][T12097]  ? exc_page_fault+0x5f8/0x920
[  542.520972][T12097]  do_fast_syscall_32+0x34/0x80
[  542.520988][T12097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  542.521007][T12097] RIP: 0023:0xf744d579
[  542.521021][T12097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  542.521035][T12097] RSP: 002b:00000000f50b555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  542.521052][T12097] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000040187542
[  542.521063][T12097] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  542.521073][T12097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  542.521082][T12097] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  542.521091][T12097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  542.521115][T12097]  </TASK>
[  542.521123][T12097] ERROR: Out of memory at tomoyo_realpath_from_path.
[  542.875449][ T5899] usb 6-1: USB disconnect, device number 8
[  543.438773][T12102] Invalid logical block size (5)
[  543.529691][T12104] input: syz1 as /devices/virtual/input/input43
[  543.609951][T11571] udevd[11571]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  543.649023][T12104] input: syz0 as /devices/virtual/input/input44
[  545.811056][T12132] netlink: 'syz.6.1842': attribute type 1 has an invalid length.
[  545.835387][T12132] netlink: 'syz.6.1842': attribute type 2 has an invalid length.
[  545.870567][T12132] netlink: 'syz.6.1842': attribute type 1 has an invalid length.
[  545.893377][T12132] netlink: 'syz.6.1842': attribute type 2 has an invalid length.
[  546.068789][T12137] netlink: 14 bytes leftover after parsing attributes in process `syz.6.1842'.
[  546.555705][T12140] dvmrp5: entered allmulticast mode
[  546.575326][T12140] dvmrp5: left allmulticast mode
[  546.880312][T12147] FAULT_INJECTION: forcing a failure.
[  546.880312][T12147] name failslab, interval 1, probability 0, space 0, times 0
[  547.145987][T12147] CPU: 1 UID: 0 PID: 12147 Comm: syz.6.1846 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  547.146023][T12147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  547.146038][T12147] Call Trace:
[  547.146049][T12147]  <TASK>
[  547.146057][T12147]  dump_stack_lvl+0x241/0x360
[  547.146086][T12147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.146109][T12147]  ? __pfx__printk+0x10/0x10
[  547.146134][T12147]  ? __pfx___might_resched+0x10/0x10
[  547.146158][T12147]  should_fail_ex+0x424/0x570
[  547.146187][T12147]  should_failslab+0xac/0x100
[  547.146211][T12147]  __kmalloc_cache_noprof+0x73/0x370
[  547.146233][T12147]  ? register_netdevice+0x59a/0x1b80
[  547.146252][T12147]  register_netdevice+0x59a/0x1b80
[  547.146388][T12147]  ? rcu_is_watching+0x15/0xb0
[  547.146409][T12147]  ? validate_linkmsg+0x82a/0xa40
[  547.146425][T12147]  ? read_word_at_a_time+0xe/0x20
[  547.146443][T12147]  ? __pfx_register_netdevice+0x10/0x10
[  547.146469][T12147]  ? __pfx_validate_linkmsg+0x10/0x10
[  547.146486][T12147]  ? alloc_netdev_mqs+0xe01/0x1210
[  547.146510][T12147]  br_dev_newlink+0x67/0x140
[  547.146532][T12147]  ? rtnl_newlink_create+0x386/0xcb0
[  547.146553][T12147]  ? __pfx_br_dev_newlink+0x10/0x10
[  547.146575][T12147]  rtnl_newlink_create+0x39b/0xcb0
[  547.146597][T12147]  ? __mutex_lock+0x380/0x10c0
[  547.146616][T12147]  ? __pfx_aa_get_newest_label+0x10/0x10
[  547.146641][T12147]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  547.146676][T12147]  ? __pfx___mutex_lock+0x10/0x10
[  547.146707][T12147]  ? ns_capable+0x8a/0xf0
[  547.146733][T12147]  rtnl_newlink+0x18b0/0x1fe0
[  547.146762][T12147]  ? stack_depot_save_flags+0x44/0x940
[  547.146793][T12147]  ? __pfx_rtnl_newlink+0x10/0x10
[  547.146811][T12147]  ? __netlink_deliver_tap+0x561/0x7f0
[  547.146830][T12147]  ? netlink_deliver_tap+0x19d/0x1b0
[  547.146847][T12147]  ? netlink_unicast+0x7c6/0x9a0
[  547.146862][T12147]  ? netlink_sendmsg+0x8c3/0xcd0
[  547.146880][T12147]  ? __sock_sendmsg+0x221/0x270
[  547.146896][T12147]  ? ____sys_sendmsg+0x523/0x860
[  547.146909][T12147]  ? __sys_sendmsg+0x271/0x360
[  547.146921][T12147]  ? __do_fast_syscall_32+0xb4/0x110
[  547.146936][T12147]  ? do_fast_syscall_32+0x34/0x80
[  547.146959][T12147]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  547.147015][T12147]  ? kasan_quarantine_put+0xdc/0x230
[  547.147039][T12147]  ? lockdep_hardirqs_on+0x9d/0x150
[  547.147063][T12147]  ? nlmon_xmit+0xaf/0x100
[  547.147103][T12147]  ? __local_bh_enable_ip+0x168/0x200
[  547.147118][T12147]  ? lockdep_hardirqs_on+0x9d/0x150
[  547.147140][T12147]  ? aa_get_newest_label+0x101/0x6f0
[  547.147166][T12147]  ? __lock_acquire+0xad5/0xd80
[  547.147198][T12147]  ? __pfx_rtnl_newlink+0x10/0x10
[  547.147220][T12147]  rtnetlink_rcv_msg+0x80f/0xd70
[  547.147239][T12147]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  547.147262][T12147]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  547.147296][T12147]  ? ref_tracker_free+0x63e/0x7e0
[  547.147318][T12147]  netlink_rcv_skb+0x208/0x480
[  547.147338][T12147]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  547.147359][T12147]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  547.147392][T12147]  ? netlink_deliver_tap+0x2e/0x1b0
[  547.147414][T12147]  ? netlink_deliver_tap+0x2e/0x1b0
[  547.147440][T12147]  netlink_unicast+0x7f8/0x9a0
[  547.147475][T12147]  ? __pfx_netlink_unicast+0x10/0x10
[  547.147501][T12147]  ? skb_put+0x114/0x1f0
[  547.147536][T12147]  netlink_sendmsg+0x8c3/0xcd0
[  547.147572][T12147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.147595][T12147]  ? __import_iovec+0x585/0x830
[  547.147615][T12147]  ? aa_sock_msg_perm+0x91/0x160
[  547.147639][T12147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.147657][T12147]  __sock_sendmsg+0x221/0x270
[  547.147678][T12147]  ____sys_sendmsg+0x523/0x860
[  547.147700][T12147]  ? __pfx_____sys_sendmsg+0x10/0x10
[  547.147728][T12147]  __sys_sendmsg+0x271/0x360
[  547.147747][T12147]  ? __pfx___sys_sendmsg+0x10/0x10
[  547.147818][T12147]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  547.147842][T12147]  ? lockdep_hardirqs_on+0x9d/0x150
[  547.147866][T12147]  __do_fast_syscall_32+0xb4/0x110
[  547.147889][T12147]  ? exc_page_fault+0x5f8/0x920
[  547.147921][T12147]  do_fast_syscall_32+0x34/0x80
[  547.147938][T12147]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  547.147957][T12147] RIP: 0023:0xf7f35579
[  547.147971][T12147] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  547.147984][T12147] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  547.148002][T12147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  547.148013][T12147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  547.148022][T12147] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  547.148032][T12147] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  547.148041][T12147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  547.148063][T12147]  </TASK>
[  547.667023][T12152] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1848'.
[  548.148522][T12152] 8021q: adding VLAN 0 to HW filter on device bond1
[  548.331310][T12153] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  548.356955][T12159] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1850'.
[  548.697805][T12167] netlink: 'syz.0.1849': attribute type 1 has an invalid length.
[  549.232605][T12171] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1853'.
[  549.518548][T12173] syz_tun: entered allmulticast mode
[  549.620286][T12170] syz_tun: left allmulticast mode
[  549.937385][T12178] FAULT_INJECTION: forcing a failure.
[  549.937385][T12178] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.951064][T12178] CPU: 0 UID: 0 PID: 12178 Comm: syz.3.1856 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  549.951092][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  549.951104][T12178] Call Trace:
[  549.951114][T12178]  <TASK>
[  549.951123][T12178]  dump_stack_lvl+0x241/0x360
[  549.951161][T12178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.951190][T12178]  ? __pfx__printk+0x10/0x10
[  549.951230][T12178]  should_fail_ex+0x424/0x570
[  549.951274][T12178]  _copy_from_user+0x2d/0xb0
[  549.951303][T12178]  get_compat_msghdr+0xb3/0x730
[  549.951336][T12178]  ? __pfx_get_compat_msghdr+0x10/0x10
[  549.951369][T12178]  ? do_recvmmsg+0x566/0xab0
[  549.951394][T12178]  do_recvmmsg+0x4d5/0xab0
[  549.951425][T12178]  ? __pfx_do_recvmmsg+0x10/0x10
[  549.951469][T12178]  ? rcu_read_lock_any_held+0xbb/0x160
[  549.951517][T12178]  ? ksys_write+0x24e/0x2d0
[  549.951571][T12178]  __sys_recvmmsg+0x1aa/0x280
[  549.951593][T12178]  ? fput+0x9b/0xd0
[  549.951611][T12178]  ? __pfx___sys_recvmmsg+0x10/0x10
[  549.951630][T12178]  ? ksys_write+0x275/0x2d0
[  549.951665][T12178]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xd0
[  549.951700][T12178]  __do_fast_syscall_32+0xb4/0x110
[  549.951722][T12178]  ? exc_page_fault+0x5f8/0x920
[  549.951760][T12178]  do_fast_syscall_32+0x34/0x80
[  549.951783][T12178]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.951808][T12178] RIP: 0023:0xf7f61579
[  549.951825][T12178] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  549.951843][T12178] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  549.951866][T12178] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001740
[  549.951880][T12178] RDX: 0000000004000210 RSI: 0000000000000002 RDI: 0000000000000000
[  549.951893][T12178] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  549.951905][T12178] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  549.951918][T12178] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  549.951948][T12178]  </TASK>
[  549.953609][T12179] ip6t_rpfilter: unknown options
[  550.460632][ T5897] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  550.519874][T12185] netlink: 'syz.3.1857': attribute type 1 has an invalid length.
[  550.558468][T12185] netlink: 'syz.3.1857': attribute type 2 has an invalid length.
[  550.630679][T12185] netlink: 'syz.3.1857': attribute type 1 has an invalid length.
[  550.662475][T12185] netlink: 'syz.3.1857': attribute type 2 has an invalid length.
[  550.712262][ T5897] usb 6-1: Using ep0 maxpacket: 32
[  550.763240][ T5897] usb 6-1: unable to get BOS descriptor or descriptor too short
[  550.794414][ T5897] usb 6-1: config 2 has an invalid interface number: 147 but max is 0
[  550.805626][T12191] FAULT_INJECTION: forcing a failure.
[  550.805626][T12191] name failslab, interval 1, probability 0, space 0, times 0
[  550.817309][ T5897] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  550.829950][T12189] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1857'.
[  550.858569][ T5897] usb 6-1: config 2 has no interface number 0
[  550.866127][T12191] CPU: 1 UID: 0 PID: 12191 Comm: syz.4.1851 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  550.866160][T12191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  550.866173][T12191] Call Trace:
[  550.866182][T12191]  <TASK>
[  550.866191][T12191]  dump_stack_lvl+0x241/0x360
[  550.866229][T12191]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.866260][T12191]  ? __pfx__printk+0x10/0x10
[  550.866300][T12191]  ? __pfx___might_resched+0x10/0x10
[  550.866332][T12191]  should_fail_ex+0x424/0x570
[  550.866372][T12191]  should_failslab+0xac/0x100
[  550.866404][T12191]  __kmalloc_noprof+0xdf/0x4d0
[  550.866433][T12191]  ? tomoyo_encode+0x26f/0x540
[  550.866469][T12191]  tomoyo_encode+0x26f/0x540
[  550.866501][T12191]  ? __pfx_sockfs_dname+0x10/0x10
[  550.866530][T12191]  tomoyo_realpath_from_path+0x59e/0x5e0
[  550.866574][T12191]  tomoyo_path_number_perm+0x245/0x790
[  550.866601][T12191]  ? __lock_acquire+0xad5/0xd80
[  550.866626][T12191]  ? tomoyo_path_number_perm+0x215/0x790
[  550.866655][T12191]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  550.866723][T12191]  ? __fget_files+0x2a/0x420
[  550.866741][T12191]  ? __fget_files+0x2a/0x420
[  550.866764][T12191]  ? __fget_files+0x2a/0x420
[  550.866790][T12191]  security_file_ioctl_compat+0xc6/0x2a0
[  550.866818][T12191]  __se_compat_sys_ioctl+0xd8/0xc30
[  550.866857][T12191]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  550.866882][T12191]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  550.866911][T12191]  ? __fget_files+0x2a/0x420
[  550.866937][T12191]  ? fput+0x9b/0xd0
[  550.866956][T12191]  ? ksys_write+0x275/0x2d0
[  550.866990][T12191]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  550.867012][T12191]  ? lockdep_hardirqs_on+0x9d/0x150
[  550.867036][T12191]  __do_fast_syscall_32+0xb4/0x110
[  550.867058][T12191]  ? exc_page_fault+0x5f8/0x920
[  550.867097][T12191]  do_fast_syscall_32+0x34/0x80
[  550.867126][T12191]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.867152][T12191] RIP: 0023:0xf744d579
[  550.867170][T12191] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  550.867189][T12191] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  550.867213][T12191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008b1b
[  550.867228][T12191] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  550.867242][T12191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  550.867254][T12191] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  550.867267][T12191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  550.867299][T12191]  </TASK>
[  550.867322][T12191] ERROR: Out of memory at tomoyo_realpath_from_path.
[  550.889536][ T5897] usb 6-1: config 2 interface 147 has no altsetting 0
[  551.169841][T12189] syz_tun (unregistering): left allmulticast mode
[  551.175185][ T5897] usb 6-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=c8.8e
[  551.175221][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.175244][ T5897] usb 6-1: Product: syz
[  551.175263][ T5897] usb 6-1: Manufacturer: syz
[  551.175280][ T5897] usb 6-1: SerialNumber: syz
[  551.436992][ T5897] ims_pcu 6-1:2.147: Missing CDC union descriptor
[  551.470318][ T5897] ims_pcu 6-1:2.147: probe with driver ims_pcu failed with error -22
[  551.518187][ T5897] usb 6-1: USB disconnect, device number 9
[  551.546325][T12207] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  551.746605][T12215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.766125][T12215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.115719][T12222] FAULT_INJECTION: forcing a failure.
[  552.115719][T12222] name failslab, interval 1, probability 0, space 0, times 0
[  552.131298][T12222] CPU: 0 UID: 0 PID: 12222 Comm: syz.4.1868 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  552.131330][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  552.131345][T12222] Call Trace:
[  552.131354][T12222]  <TASK>
[  552.131363][T12222]  dump_stack_lvl+0x241/0x360
[  552.131403][T12222]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.131434][T12222]  ? __pfx__printk+0x10/0x10
[  552.131468][T12222]  ? __pfx___might_resched+0x10/0x10
[  552.131501][T12222]  should_fail_ex+0x424/0x570
[  552.131539][T12222]  should_failslab+0xac/0x100
[  552.131570][T12222]  __kmalloc_noprof+0xdf/0x4d0
[  552.131598][T12222]  ? snd_pcm_hw_refine+0x389/0x1b80
[  552.131618][T12222]  ? snd_pcm_hw_refine+0x978/0x1b80
[  552.131644][T12222]  snd_pcm_hw_refine+0x978/0x1b80
[  552.131684][T12222]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  552.131784][T12222]  snd_pcm_hw_param_first+0x43a/0x700
[  552.131824][T12222]  snd_pcm_hw_params+0x5be/0x1f40
[  552.131856][T12222]  ? kfree+0x198/0x430
[  552.131881][T12222]  ? snd_pcm_hw_param_near+0x3e3/0x790
[  552.131917][T12222]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  552.131943][T12222]  ? __pfx_snd_pcm_hw_param_near+0x10/0x10
[  552.131972][T12222]  ? __asan_memset+0x23/0x50
[  552.132002][T12222]  snd_pcm_oss_change_params_locked+0x2366/0x4150
[  552.132064][T12222]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  552.132094][T12222]  ? snd_pcm_oss_write+0x263/0x1280
[  552.132118][T12222]  ? aa_file_perm+0x3f1/0xf60
[  552.132158][T12222]  ? __lock_acquire+0xad5/0xd80
[  552.132182][T12222]  ? __pfx_aa_file_perm+0x10/0x10
[  552.132221][T12222]  snd_pcm_oss_write+0x2d4/0x1280
[  552.132269][T12222]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  552.132298][T12222]  ? bpf_lsm_file_permission+0x9/0x10
[  552.132324][T12222]  ? rw_verify_area+0x246/0x630
[  552.132347][T12222]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  552.132376][T12222]  vfs_write+0x2bc/0xd10
[  552.132414][T12222]  ? __pfx_vfs_write+0x10/0x10
[  552.132439][T12222]  ? __fget_files+0x2a/0x420
[  552.132458][T12222]  ? __fget_files+0x2a/0x420
[  552.132479][T12222]  ? __fget_files+0x39d/0x420
[  552.132498][T12222]  ? __fget_files+0x2a/0x420
[  552.132527][T12222]  ksys_write+0x19d/0x2d0
[  552.132554][T12222]  ? __pfx_ksys_write+0x10/0x10
[  552.132582][T12222]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  552.132606][T12222]  ? lockdep_hardirqs_on+0x9d/0x150
[  552.132630][T12222]  __do_fast_syscall_32+0xb4/0x110
[  552.132652][T12222]  ? exc_page_fault+0x5f8/0x920
[  552.132691][T12222]  do_fast_syscall_32+0x34/0x80
[  552.132714][T12222]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  552.132740][T12222] RIP: 0023:0xf744d579
[  552.132767][T12222] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  552.132787][T12222] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  552.132811][T12222] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  552.132825][T12222] RDX: 00000000000004cd RSI: 0000000000000000 RDI: 0000000000000000
[  552.132839][T12222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  552.132851][T12222] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  552.132864][T12222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  552.132894][T12222]  </TASK>
[  552.637616][T12229] netlink: 'syz.5.1869': attribute type 21 has an invalid length.
[  552.857662][T12235] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  552.869034][T12235] sctp: [Deprecated]: syz.3.1872 (pid 12235) Use of int in maxseg socket option.
[  552.869034][T12235] Use struct sctp_assoc_value instead
[  553.862995][ T5896] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  553.923794][T12245] netlink: 'syz.4.1875': attribute type 1 has an invalid length.
[  553.984205][T12245] netlink: 'syz.4.1875': attribute type 2 has an invalid length.
[  554.047583][ T5896] usb 7-1: Using ep0 maxpacket: 32
[  554.055284][T12248] netlink: 'syz.4.1875': attribute type 1 has an invalid length.
[  554.107165][ T5896] usb 7-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice= e.22
[  554.139901][T12248] netlink: 'syz.4.1875': attribute type 2 has an invalid length.
[  554.161119][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.188917][ T5896] usb 7-1: Product: syz
[  554.222539][ T5896] usb 7-1: Manufacturer: syz
[  554.245560][ T5896] usb 7-1: SerialNumber: syz
[  554.278400][T12248] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1875'.
[  554.301256][ T5896] usb 7-1: config 0 descriptor??
[  554.338292][ T5896] usb 7-1: selecting invalid altsetting 3
[  554.357083][ T5896] comedi comedi0: could not set alternate setting 3 in high speed
[  554.388401][ T5896] usbdux 7-1:0.0: driver 'usbdux' failed to auto-configure device.
[  554.438818][T12248] syz_tun (unregistering): left allmulticast mode
[  554.447369][ T5896] usbdux 7-1:0.0: probe with driver usbdux failed with error -22
[  554.658120][ T5896] usb 7-1: USB disconnect, device number 4
[  555.061633][T12262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  555.078215][T12262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.306346][T12262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  555.327469][T12262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.518640][T12268] FAULT_INJECTION: forcing a failure.
[  555.518640][T12268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  555.535281][T12268] CPU: 1 UID: 0 PID: 12268 Comm: syz.6.1881 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  555.535322][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  555.535337][T12268] Call Trace:
[  555.535346][T12268]  <TASK>
[  555.535356][T12268]  dump_stack_lvl+0x241/0x360
[  555.535395][T12268]  ? __pfx_dump_stack_lvl+0x10/0x10
[  555.535426][T12268]  ? __pfx__printk+0x10/0x10
[  555.535469][T12268]  should_fail_ex+0x424/0x570
[  555.535508][T12268]  _copy_from_user+0x2d/0xb0
[  555.535539][T12268]  move_addr_to_kernel+0x7f/0x170
[  555.535568][T12268]  __sys_sendto+0x26a/0x4c0
[  555.535604][T12268]  ? __pfx___sys_sendto+0x10/0x10
[  555.535676][T12268]  __se_compat_sys_socketcall+0xad6/0x1420
[  555.535714][T12268]  ? __pfx___se_compat_sys_socketcall+0x10/0x10
[  555.535752][T12268]  ? ksys_write+0x275/0x2d0
[  555.535785][T12268]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  555.535808][T12268]  ? lockdep_hardirqs_on+0x9d/0x150
[  555.535832][T12268]  __do_fast_syscall_32+0xb4/0x110
[  555.535854][T12268]  ? exc_page_fault+0x5f8/0x920
[  555.535902][T12268]  do_fast_syscall_32+0x34/0x80
[  555.535925][T12268]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  555.535951][T12268] RIP: 0023:0xf7f35579
[  555.535971][T12268] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  555.535990][T12268] RSP: 002b:00000000f5055430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  555.536013][T12268] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5055444
[  555.536029][T12268] RDX: 0000000000000000 RSI: 00000000f5055560 RDI: 00000000f73bcff4
[  555.536044][T12268] RBP: 00000000f5055560 R08: 0000000000000000 R09: 0000000000000000
[  555.536057][T12268] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  555.536070][T12268] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  555.536101][T12268]  </TASK>
[  555.731724][    C1] vkms_vblank_simulate: vblank timer overrun
[  555.895999][T12274] netlink: 'syz.6.1884': attribute type 10 has an invalid length.
[  555.930403][   T13] bond0: (slave bond_slave_0): interface is now down
[  555.937532][   T13] bond0: (slave bond_slave_1): interface is now down
[  555.948970][   T13] bond0: now running without any active interface!
[  556.093191][T12278] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  556.104284][T12278] sctp: [Deprecated]: syz.6.1886 (pid 12278) Use of int in maxseg socket option.
[  556.104284][T12278] Use struct sctp_assoc_value instead
[  556.193144][T12282] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1887'.
[  556.443619][T12292] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1891'.
[  557.153141][T12311] netlink: 'syz.3.1896': attribute type 1 has an invalid length.
[  557.198704][T12315] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1898'.
[  557.229490][T12316] netlink: 'syz.5.1895': attribute type 1 has an invalid length.
[  557.868984][T12322] FAULT_INJECTION: forcing a failure.
[  557.868984][T12322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  557.897981][T12322] CPU: 1 UID: 0 PID: 12322 Comm: syz.0.1900 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  557.898015][T12322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  557.898028][T12322] Call Trace:
[  557.898037][T12322]  <TASK>
[  557.898055][T12322]  dump_stack_lvl+0x241/0x360
[  557.898095][T12322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.898126][T12322]  ? __pfx__printk+0x10/0x10
[  557.898170][T12322]  should_fail_ex+0x424/0x570
[  557.898209][T12322]  _copy_from_user+0x2d/0xb0
[  557.898238][T12322]  get_compat_msghdr+0xb3/0x730
[  557.898274][T12322]  ? __pfx_get_compat_msghdr+0x10/0x10
[  557.898307][T12322]  ? __sys_sendmmsg+0x54d/0x7b0
[  557.898336][T12322]  __sys_sendmmsg+0x464/0x7b0
[  557.898369][T12322]  ? __pfx___sys_sendmmsg+0x10/0x10
[  557.898396][T12322]  ? __lock_acquire+0xad5/0xd80
[  557.898459][T12322]  ? vfs_write+0xb29/0xd10
[  557.898536][T12322]  ? ksys_write+0x266/0x2d0
[  557.898571][T12322]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  557.898604][T12322]  __do_fast_syscall_32+0xb4/0x110
[  557.898627][T12322]  ? exc_page_fault+0x5f8/0x920
[  557.898664][T12322]  do_fast_syscall_32+0x34/0x80
[  557.898687][T12322]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.898713][T12322] RIP: 0023:0xf7f22579
[  557.898731][T12322] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  557.898749][T12322] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  557.898772][T12322] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800bd000
[  557.898787][T12322] RDX: 0000000000000318 RSI: 0000000000000000 RDI: 0000000000000000
[  557.898800][T12322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  557.898812][T12322] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  557.898825][T12322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  557.898856][T12322]  </TASK>
[  558.409478][   T49] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  558.539937][   T49] usb 7-1: device descriptor read/64, error -71
[  558.619897][ T5928] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  558.769311][ T5928] usb 6-1: Using ep0 maxpacket: 32
[  558.777196][ T5928] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  558.789732][   T49] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  558.797891][ T5928] usb 6-1: New USB device found, idVendor=07ca, idProduct=2835, bcdDevice=f5.ac
[  558.827294][ T5928] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.872794][ T5928] usb 6-1: config 0 descriptor??
[  558.895565][ T5928] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  558.916464][ T5928] dvb_usb_af9035 6-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  558.929334][   T49] usb 7-1: device descriptor read/64, error -71
[  559.042150][   T49] usb usb7-port1: attempt power cycle
[  559.148970][ T5928] usb 6-1: USB disconnect, device number 10
[  559.436505][   T49] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  559.500524][   T49] usb 7-1: device descriptor read/8, error -71
[  559.739428][   T49] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  559.766492][   T49] usb 7-1: device descriptor read/8, error -71
[  559.881523][   T49] usb usb7-port1: unable to enumerate USB device
[  560.564182][T12345] netlink: 'syz.3.1909': attribute type 4 has an invalid length.
[  560.778178][T12347] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1910'.
[  561.173805][T12353] netlink: 'syz.4.1911': attribute type 1 has an invalid length.
[  561.573435][T12356] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  561.611086][T12356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  561.681006][T12356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.804173][T12356] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1913'.
[  561.875218][T12360] lo: entered allmulticast mode
[  561.887538][T12357] lo: left allmulticast mode
[  562.630644][ T5896] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  562.758707][T12378] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0
[  562.781603][T12377] program syz.5.1921 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  562.849359][T12380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  562.859019][T12380] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  562.888918][ T5896] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  562.899317][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.907781][ T5896] usb 7-1: Product: syz
[  562.921094][ T5896] usb 7-1: Manufacturer: syz
[  562.928765][ T5896] usb 7-1: SerialNumber: syz
[  562.946260][ T5896] usb 7-1: config 0 descriptor??
[  562.964441][ T5896] ch341 7-1:0.0: ch341-uart converter detected
[  563.164852][T12367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.178144][T12367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.580833][ T5896] usb 7-1: failed to send control message: -71
[  563.587119][ T5896] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  563.679751][ T5896] usb 7-1: USB disconnect, device number 9
[  563.687351][ T5896] ch341 7-1:0.0: device disconnected
[  564.294007][T12392] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:2
[  564.549760][ T5928] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  564.678150][T12399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.689782][ T5928] usb 7-1: device descriptor read/64, error -71
[  564.722602][T12396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.750400][T12399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.761014][T12396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.993546][ T5928] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  565.016457][T12407] netlink: 'syz.5.1929': attribute type 1 has an invalid length.
[  565.114117][T12408] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  565.160701][ T5928] usb 7-1: device descriptor read/64, error -71
[  565.176030][T12408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  565.214009][T12408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  565.261027][T12408] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1930'.
[  565.344554][ T5928] usb usb7-port1: attempt power cycle
[  565.709543][ T5928] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  565.730195][ T5928] usb 7-1: device descriptor read/8, error -71
[  565.969343][ T5928] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  566.030932][ T5928] usb 7-1: device descriptor read/8, error -71
[  566.151109][ T5928] usb usb7-port1: unable to enumerate USB device
[  566.300207][   T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  566.461621][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  566.476869][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  566.487078][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  566.500335][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  566.509510][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.520982][   T24] usb 6-1: config 0 descriptor??
[  566.952296][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  566.958376][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  567.007482][   T24] usb 6-1: USB disconnect, device number 11
[  567.383061][T12433] netlink: 'syz.4.1935': attribute type 1 has an invalid length.
[  567.391892][   T24] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  567.551622][   T24] usb 6-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.00
[  567.561738][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.578958][   T24] usb 6-1: config 0 descriptor??
[  568.230757][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  568.237238][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  568.312124][T12429] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1936'.
[  568.332477][T12440] delete_channel: no stack
[  568.359631][T12440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.377711][T12440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.392594][ T5897] usb 6-1: USB disconnect, device number 12
[  568.795293][T12444] lo: entered allmulticast mode
[  568.864884][T12443] lo: left allmulticast mode
[  569.181033][T12451] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1942'.
[  569.204548][T12451] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1942'.
[  569.244507][T12451] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1942'.
[  569.286485][T12451] FAULT_INJECTION: forcing a failure.
[  569.286485][T12451] name failslab, interval 1, probability 0, space 0, times 0
[  569.319158][T12451] CPU: 0 UID: 0 PID: 12451 Comm: syz.4.1942 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  569.319195][T12451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  569.319207][T12451] Call Trace:
[  569.319216][T12451]  <TASK>
[  569.319226][T12451]  dump_stack_lvl+0x241/0x360
[  569.319264][T12451]  ? __pfx_dump_stack_lvl+0x10/0x10
[  569.319294][T12451]  ? __pfx__printk+0x10/0x10
[  569.319328][T12451]  ? __pfx___might_resched+0x10/0x10
[  569.319359][T12451]  should_fail_ex+0x424/0x570
[  569.319399][T12451]  should_failslab+0xac/0x100
[  569.319432][T12451]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  569.319464][T12451]  ? __alloc_skb+0x1c2/0x480
[  569.319498][T12451]  __alloc_skb+0x1c2/0x480
[  569.319527][T12451]  ? __nla_validate_parse+0x2a05/0x32e0
[  569.319553][T12451]  ? __pfx___alloc_skb+0x10/0x10
[  569.319594][T12451]  xfrm_get_policy+0x666/0x1060
[  569.319643][T12451]  ? __pfx_xfrm_get_policy+0x10/0x10
[  569.319701][T12451]  ? __nla_parse+0x40/0x60
[  569.319731][T12451]  xfrm_user_rcv_msg+0x9c3/0xca0
[  569.319763][T12451]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  569.319828][T12451]  ? __mutex_trylock_common+0x184/0x2e0
[  569.319864][T12451]  ? __pfx___mutex_trylock_common+0x10/0x10
[  569.319904][T12451]  netlink_rcv_skb+0x208/0x480
[  569.319940][T12451]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  569.319968][T12451]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  569.320019][T12451]  ? netlink_deliver_tap+0x2e/0x1b0
[  569.320052][T12451]  xfrm_netlink_rcv+0x79/0x90
[  569.320077][T12451]  netlink_unicast+0x7f8/0x9a0
[  569.320112][T12451]  ? __pfx_netlink_unicast+0x10/0x10
[  569.320138][T12451]  ? skb_put+0x114/0x1f0
[  569.320174][T12451]  netlink_sendmsg+0x8c3/0xcd0
[  569.320215][T12451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.320247][T12451]  ? __import_iovec+0x585/0x830
[  569.320274][T12451]  ? aa_sock_msg_perm+0x91/0x160
[  569.320309][T12451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.320335][T12451]  __sock_sendmsg+0x221/0x270
[  569.320364][T12451]  ____sys_sendmsg+0x523/0x860
[  569.320395][T12451]  ? __pfx_____sys_sendmsg+0x10/0x10
[  569.320435][T12451]  __sys_sendmsg+0x271/0x360
[  569.320462][T12451]  ? __pfx___sys_sendmsg+0x10/0x10
[  569.320539][T12451]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  569.320562][T12451]  ? lockdep_hardirqs_on+0x9d/0x150
[  569.320586][T12451]  __do_fast_syscall_32+0xb4/0x110
[  569.320609][T12451]  ? exc_page_fault+0x5f8/0x920
[  569.320647][T12451]  do_fast_syscall_32+0x34/0x80
[  569.320677][T12451]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  569.320703][T12451] RIP: 0023:0xf744d579
[  569.320722][T12451] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  569.320741][T12451] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  569.320764][T12451] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180
[  569.320836][T12451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  569.320849][T12451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  569.320862][T12451] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  569.320876][T12451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  569.320907][T12451]  </TASK>
[  569.757314][T12455] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  569.773593][ T5899] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  569.853406][T12457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1946'.
[  569.929902][ T5899] usb 6-1: Using ep0 maxpacket: 16
[  569.938687][ T5899] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  569.949417][ T5899] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  569.963103][ T5899] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  570.004601][ T5899] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  570.014472][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.028746][ T5899] usb 6-1: Product: syz
[  570.043902][ T5899] usb 6-1: Manufacturer: syz
[  570.060994][ T5899] usb 6-1: SerialNumber: syz
[  570.338407][ T5899] usb 6-1: 0:2 : does not exist
[  570.396166][ T5899] usb 6-1: USB disconnect, device number 13
[  570.652378][T12471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  570.662394][T12471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  570.693815][T11065] udevd[11065]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  571.650217][ T5899] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  571.790977][ T5899] usb 6-1: device descriptor read/64, error -71
[  572.040074][ T5899] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  572.200850][ T5899] usb 6-1: device descriptor read/64, error -71
[  572.310401][ T5899] usb usb6-port1: attempt power cycle
[  572.519634][ T5928] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  572.671482][ T5928] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.688095][ T5928] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.709894][ T5899] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  572.738349][ T5928] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  572.740552][ T5899] usb 6-1: device descriptor read/8, error -71
[  572.761063][ T5928] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  572.807649][ T5928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.832054][ T5928] usb 7-1: config 0 descriptor??
[  572.999984][ T5899] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  573.031798][ T5899] usb 6-1: device descriptor read/8, error -71
[  573.152699][ T5899] usb usb6-port1: unable to enumerate USB device
[  573.247393][ T5928] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  573.260488][ T5928] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  573.595582][ T5899] usb 7-1: USB disconnect, device number 14
[  574.443140][T12508] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1965'.
[  574.477476][T12508] FAULT_INJECTION: forcing a failure.
[  574.477476][T12508] name failslab, interval 1, probability 0, space 0, times 0
[  574.547742][T12508] CPU: 0 UID: 0 PID: 12508 Comm: syz.4.1965 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  574.547766][T12508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  574.547787][T12508] Call Trace:
[  574.547794][T12508]  <TASK>
[  574.547801][T12508]  dump_stack_lvl+0x241/0x360
[  574.547830][T12508]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.547853][T12508]  ? __pfx__printk+0x10/0x10
[  574.547875][T12508]  ? __mutex_trylock_common+0x184/0x2e0
[  574.547902][T12508]  should_fail_ex+0x424/0x570
[  574.547931][T12508]  should_failslab+0xac/0x100
[  574.547954][T12508]  __kmalloc_cache_noprof+0x73/0x370
[  574.547975][T12508]  ? __hw_addr_add_ex+0x1fb/0x760
[  574.548008][T12508]  __hw_addr_add_ex+0x1fb/0x760
[  574.548036][T12508]  dev_addr_init+0x159/0x240
[  574.548070][T12508]  ? __pfx_dev_addr_init+0x10/0x10
[  574.548096][T12508]  ? read_word_at_a_time+0xe/0x20
[  574.548118][T12508]  alloc_netdev_mqs+0x307/0x1210
[  574.548134][T12508]  ? __pfx_geneve_setup+0x10/0x10
[  574.548153][T12508]  rtnl_create_link+0x2f9/0xc90
[  574.548175][T12508]  rtnl_newlink_create+0x2f2/0xcb0
[  574.548199][T12508]  ? __mutex_lock+0x380/0x10c0
[  574.548217][T12508]  ? __pfx_aa_get_newest_label+0x10/0x10
[  574.548242][T12508]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  574.548267][T12508]  ? __pfx___mutex_lock+0x10/0x10
[  574.548290][T12508]  ? ns_capable+0x8a/0xf0
[  574.548311][T12508]  rtnl_newlink+0x18b0/0x1fe0
[  574.548333][T12508]  ? stack_depot_save_flags+0x44/0x940
[  574.548360][T12508]  ? __pfx_rtnl_newlink+0x10/0x10
[  574.548378][T12508]  ? __netlink_deliver_tap+0x561/0x7f0
[  574.548401][T12508]  ? netlink_deliver_tap+0x19d/0x1b0
[  574.548418][T12508]  ? netlink_unicast+0x7c6/0x9a0
[  574.548433][T12508]  ? netlink_sendmsg+0x8c3/0xcd0
[  574.548452][T12508]  ? __sock_sendmsg+0x221/0x270
[  574.548468][T12508]  ? ____sys_sendmsg+0x523/0x860
[  574.548481][T12508]  ? __sys_sendmsg+0x271/0x360
[  574.548493][T12508]  ? __do_fast_syscall_32+0xb4/0x110
[  574.548508][T12508]  ? do_fast_syscall_32+0x34/0x80
[  574.548523][T12508]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  574.548568][T12508]  ? kasan_quarantine_put+0xdc/0x230
[  574.548583][T12508]  ? lockdep_hardirqs_on+0x9d/0x150
[  574.548600][T12508]  ? nlmon_xmit+0xaf/0x100
[  574.548627][T12508]  ? __local_bh_enable_ip+0x168/0x200
[  574.548641][T12508]  ? lockdep_hardirqs_on+0x9d/0x150
[  574.548662][T12508]  ? aa_get_newest_label+0x101/0x6f0
[  574.548686][T12508]  ? __lock_acquire+0xad5/0xd80
[  574.548718][T12508]  ? __pfx_rtnl_newlink+0x10/0x10
[  574.548739][T12508]  rtnetlink_rcv_msg+0x80f/0xd70
[  574.548757][T12508]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  574.548780][T12508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  574.548805][T12508]  ? ref_tracker_free+0x63e/0x7e0
[  574.548826][T12508]  netlink_rcv_skb+0x208/0x480
[  574.548846][T12508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  574.548867][T12508]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  574.548899][T12508]  ? netlink_deliver_tap+0x2e/0x1b0
[  574.548920][T12508]  ? netlink_deliver_tap+0x2e/0x1b0
[  574.548940][T12508]  netlink_unicast+0x7f8/0x9a0
[  574.548964][T12508]  ? __pfx_netlink_unicast+0x10/0x10
[  574.548983][T12508]  ? skb_put+0x114/0x1f0
[  574.549009][T12508]  netlink_sendmsg+0x8c3/0xcd0
[  574.549038][T12508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  574.549067][T12508]  ? __import_iovec+0x585/0x830
[  574.549087][T12508]  ? aa_sock_msg_perm+0x91/0x160
[  574.549112][T12508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  574.549131][T12508]  __sock_sendmsg+0x221/0x270
[  574.549152][T12508]  ____sys_sendmsg+0x523/0x860
[  574.549181][T12508]  ? __pfx_____sys_sendmsg+0x10/0x10
[  574.549217][T12508]  __sys_sendmsg+0x271/0x360
[  574.549243][T12508]  ? __pfx___sys_sendmsg+0x10/0x10
[  574.549316][T12508]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  574.549338][T12508]  ? lockdep_hardirqs_on+0x9d/0x150
[  574.549361][T12508]  __do_fast_syscall_32+0xb4/0x110
[  574.549379][T12508]  ? exc_page_fault+0x5f8/0x920
[  574.549406][T12508]  do_fast_syscall_32+0x34/0x80
[  574.549422][T12508]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  574.549441][T12508] RIP: 0023:0xf744d579
[  574.549455][T12508] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  574.549468][T12508] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  574.549485][T12508] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  574.549496][T12508] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  574.549505][T12508] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  574.549514][T12508] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  574.549525][T12508] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  574.549555][T12508]  </TASK>
[  575.131755][T12509] bridge0: port 3(hsr0) entered blocking state
[  575.140390][T12509] bridge0: port 3(hsr0) entered disabled state
[  575.146911][T12509] hsr0: entered allmulticast mode
[  575.189900][T12509] hsr_slave_0: entered allmulticast mode
[  575.200004][T12509] hsr_slave_1: entered allmulticast mode
[  575.223166][T12509] hsr0: entered promiscuous mode
[  575.284418][T12522] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1968'.
[  575.299505][T12522] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1968'.
[  575.308702][T12522] FAULT_INJECTION: forcing a failure.
[  575.308702][T12522] name failslab, interval 1, probability 0, space 0, times 0
[  575.328271][T12522] CPU: 0 UID: 0 PID: 12522 Comm: syz.4.1968 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  575.328294][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  575.328304][T12522] Call Trace:
[  575.328311][T12522]  <TASK>
[  575.328318][T12522]  dump_stack_lvl+0x241/0x360
[  575.328347][T12522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  575.328370][T12522]  ? __pfx__printk+0x10/0x10
[  575.328395][T12522]  ? __pfx___might_resched+0x10/0x10
[  575.328417][T12522]  should_fail_ex+0x424/0x570
[  575.328446][T12522]  should_failslab+0xac/0x100
[  575.328469][T12522]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  575.328491][T12522]  ? __alloc_skb+0x1c2/0x480
[  575.328516][T12522]  __alloc_skb+0x1c2/0x480
[  575.328538][T12522]  ? __nla_validate_parse+0x2a05/0x32e0
[  575.328558][T12522]  ? __pfx___alloc_skb+0x10/0x10
[  575.328587][T12522]  xfrm_get_policy+0x666/0x1060
[  575.328616][T12522]  ? __pfx_xfrm_get_policy+0x10/0x10
[  575.328650][T12522]  ? __nla_parse+0x40/0x60
[  575.328670][T12522]  xfrm_user_rcv_msg+0x9c3/0xca0
[  575.328693][T12522]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  575.328737][T12522]  ? __mutex_trylock_common+0x184/0x2e0
[  575.328762][T12522]  ? __pfx___mutex_trylock_common+0x10/0x10
[  575.328790][T12522]  netlink_rcv_skb+0x208/0x480
[  575.328811][T12522]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  575.328830][T12522]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  575.328864][T12522]  ? netlink_deliver_tap+0x2e/0x1b0
[  575.328887][T12522]  xfrm_netlink_rcv+0x79/0x90
[  575.328905][T12522]  netlink_unicast+0x7f8/0x9a0
[  575.328928][T12522]  ? __pfx_netlink_unicast+0x10/0x10
[  575.328947][T12522]  ? skb_put+0x114/0x1f0
[  575.328972][T12522]  netlink_sendmsg+0x8c3/0xcd0
[  575.329003][T12522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  575.329026][T12522]  ? __import_iovec+0x585/0x830
[  575.329045][T12522]  ? aa_sock_msg_perm+0x91/0x160
[  575.329071][T12522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  575.329089][T12522]  __sock_sendmsg+0x221/0x270
[  575.329111][T12522]  ____sys_sendmsg+0x523/0x860
[  575.329132][T12522]  ? __pfx_____sys_sendmsg+0x10/0x10
[  575.329159][T12522]  __sys_sendmsg+0x271/0x360
[  575.329188][T12522]  ? __pfx___sys_sendmsg+0x10/0x10
[  575.329265][T12522]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  575.329285][T12522]  ? lockdep_hardirqs_on+0x9d/0x150
[  575.329302][T12522]  __do_fast_syscall_32+0xb4/0x110
[  575.329319][T12522]  ? exc_page_fault+0x5f8/0x920
[  575.329346][T12522]  do_fast_syscall_32+0x34/0x80
[  575.329362][T12522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  575.329381][T12522] RIP: 0023:0xf744d579
[  575.329394][T12522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  575.329408][T12522] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  575.329424][T12522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  575.329435][T12522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  575.329444][T12522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  575.329453][T12522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  575.329462][T12522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  575.329484][T12522]  </TASK>
[  575.680636][T12509] bridge0: port 3(hsr0) entered blocking state
[  575.687672][T12509] bridge0: port 3(hsr0) entered forwarding state
[  576.251865][T12536] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1972'.
[  576.276348][T12535] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  576.685244][T12551] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1977'.
[  578.016985][T12578] bridge0: port 1(hsr0) entered blocking state
[  578.025385][T12578] bridge0: port 1(hsr0) entered disabled state
[  578.034757][T12578] hsr0: entered allmulticast mode
[  578.042167][T12578] hsr_slave_0: entered allmulticast mode
[  578.047914][T12578] hsr_slave_1: entered allmulticast mode
[  578.067753][T12578] hsr0: entered promiscuous mode
[  578.388703][T12585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.532904][T12585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.790299][T12588] 

: renamed from bond_slave_0 (while UP)
[  578.926192][T12593] FAULT_INJECTION: forcing a failure.
[  578.926192][T12593] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.970046][T12593] CPU: 0 UID: 0 PID: 12593 Comm: syz.6.1990 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  578.970079][T12593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  578.970093][T12593] Call Trace:
[  578.970102][T12593]  <TASK>
[  578.970112][T12593]  dump_stack_lvl+0x241/0x360
[  578.970153][T12593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.970183][T12593]  ? __pfx__printk+0x10/0x10
[  578.970228][T12593]  should_fail_ex+0x424/0x570
[  578.970268][T12593]  _copy_from_user+0x2d/0xb0
[  578.970297][T12593]  kstrtouint_from_user+0xce/0x1a0
[  578.970326][T12593]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  578.970355][T12593]  ? __lock_acquire+0xad5/0xd80
[  578.970390][T12593]  proc_fail_nth_write+0xac/0x2d0
[  578.970413][T12593]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  578.970444][T12593]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  578.970473][T12593]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  578.970497][T12593]  vfs_write+0x2bc/0xd10
[  578.970529][T12593]  ? fdget_pos+0x247/0x310
[  578.970561][T12593]  ? __pfx_vfs_write+0x10/0x10
[  578.970590][T12593]  ? __fget_files+0x2a/0x420
[  578.970611][T12593]  ? __fget_files+0x39d/0x420
[  578.970630][T12593]  ? __fget_files+0x2a/0x420
[  578.970660][T12593]  ksys_write+0x19d/0x2d0
[  578.970687][T12593]  ? __pfx_ksys_write+0x10/0x10
[  578.970715][T12593]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  578.970738][T12593]  ? lockdep_hardirqs_on+0x9d/0x150
[  578.970762][T12593]  __do_fast_syscall_32+0xb4/0x110
[  578.970784][T12593]  ? exc_page_fault+0x5f8/0x920
[  578.970823][T12593]  do_fast_syscall_32+0x34/0x80
[  578.970845][T12593]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  578.970872][T12593] RIP: 0023:0xf7f35579
[  578.970890][T12593] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  578.970910][T12593] RSP: 002b:00000000f5035590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  578.970933][T12593] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5035620
[  578.970949][T12593] RDX: 0000000000000001 RSI: 00000000f73bcff4 RDI: 0000000000000000
[  578.970962][T12593] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  578.970975][T12593] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  578.970995][T12593] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  578.971027][T12593]  </TASK>
[  579.263949][T12596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.309850][T12596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.288191][T12604] veth1_macvtap: left promiscuous mode
[  580.315435][T12604] macsec0: entered promiscuous mode
[  580.383456][T12604] veth1_macvtap: entered promiscuous mode
[  580.414171][T12604] macsec0: left promiscuous mode
[  580.619931][T12604] 8021q: VLANs not supported on vcan0
[  581.543448][T12624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.582634][T12624] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.332919][T12634] vlan0: entered allmulticast mode
[  583.385752][T12634] team0: entered allmulticast mode
[  583.405134][T12634] team_slave_0: entered allmulticast mode
[  583.419446][T12637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  583.453871][T12634] team_slave_1: entered allmulticast mode
[  583.478011][T12637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.560670][T12634] bridge0: port 4(vlan0) entered blocking state
[  583.607090][T12634] bridge0: port 4(vlan0) entered disabled state
[  583.619675][T12634] vlan0: entered promiscuous mode
[  583.634979][T12634] team0: entered promiscuous mode
[  583.756898][T12634] team_slave_0: entered promiscuous mode
[  583.768372][T12634] team_slave_1: entered promiscuous mode
[  583.786136][T12634] bridge0: port 4(vlan0) entered blocking state
[  583.792590][T12634] bridge0: port 4(vlan0) entered forwarding state
[  583.933002][ T5899] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  584.090418][ T5899] usb 6-1: Using ep0 maxpacket: 8
[  584.097524][ T5899] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  584.108958][ T5899] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  584.119140][ T5899] usb 6-1: config 1 has no interface number 1
[  584.126717][ T5899] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  584.146620][ T5899] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  584.158667][ T5899] usb 6-1: config 1 interface 2 has no altsetting 0
[  584.177101][ T5899] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  584.187789][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.198624][ T5899] usb 6-1: Product: syz
[  584.204940][ T5899] usb 6-1: Manufacturer: syz
[  584.215904][ T5899] usb 6-1: SerialNumber: syz
[  584.614350][T12640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.641667][T12640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.683278][ T5899] usb 6-1: 2:1 : invalid UAC_AS_GENERAL desc
[  584.738106][ T5899] usb 6-1: selecting invalid altsetting 0
[  584.827621][ T5899] usb 6-1: USB disconnect, device number 18
[  585.210291][ T5899] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  585.230259][ T5899] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  585.393963][T12663] FAULT_INJECTION: forcing a failure.
[  585.393963][T12663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  585.469820][T12663] CPU: 0 UID: 0 PID: 12663 Comm: syz.3.2009 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  585.469846][T12663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  585.469856][T12663] Call Trace:
[  585.469863][T12663]  <TASK>
[  585.469871][T12663]  dump_stack_lvl+0x241/0x360
[  585.469905][T12663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  585.469927][T12663]  ? __pfx__printk+0x10/0x10
[  585.469960][T12663]  should_fail_ex+0x424/0x570
[  585.469993][T12663]  _copy_to_user+0x31/0xb0
[  585.470016][T12663]  simple_read_from_buffer+0xc4/0x170
[  585.470048][T12663]  proc_fail_nth_read+0x1ef/0x260
[  585.470067][T12663]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.470085][T12663]  ? rw_verify_area+0x246/0x630
[  585.470101][T12663]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.470119][T12663]  vfs_read+0x21f/0xb90
[  585.470140][T12663]  ? __pfx___mutex_lock+0x10/0x10
[  585.470157][T12663]  ? __pfx_vfs_read+0x10/0x10
[  585.470176][T12663]  ? __fget_files+0x2a/0x420
[  585.470191][T12663]  ? __fget_files+0x39d/0x420
[  585.470209][T12663]  ? __fget_files+0x2a/0x420
[  585.470229][T12663]  ksys_read+0x19d/0x2d0
[  585.470250][T12663]  ? __pfx_ksys_read+0x10/0x10
[  585.470270][T12663]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  585.470285][T12663]  ? lockdep_hardirqs_on+0x9d/0x150
[  585.470302][T12663]  __do_fast_syscall_32+0xb4/0x110
[  585.470322][T12663]  ? exc_page_fault+0x5f8/0x920
[  585.470352][T12663]  do_fast_syscall_32+0x34/0x80
[  585.470369][T12663]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  585.470388][T12663] RIP: 0023:0xf7f61579
[  585.470401][T12663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  585.470418][T12663] RSP: 002b:00000000f5065590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  585.470439][T12663] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5065620
[  585.470449][T12663] RDX: 000000000000000f RSI: 00000000f73ecff4 RDI: 0000000000000000
[  585.470462][T12663] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  585.470472][T12663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  585.470481][T12663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  585.470502][T12663]  </TASK>
[  585.862662][T12671] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2013'.
[  585.871334][T12672] loop2: detected capacity change from 0 to 7
[  585.886632][T12672]  loop2: [POWERTEC] p1 p2 p3
[  585.939738][T12672] loop2: p1 start 1600481121 is beyond EOD, truncated
[  585.946614][T12672] loop2: p2 start 1868915817 is beyond EOD, truncated
[  585.998903][T12672] loop2: p3 start 393216 is beyond EOD, truncated
[  586.233471][T12686] netlink: 'syz.3.2015': attribute type 1 has an invalid length.
[  586.780552][T12706] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  587.019414][ T5899] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  587.111269][ T5896] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  587.235699][ T5899] usb 6-1: config 0 has no interfaces?
[  587.267182][ T5899] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  587.293184][ T5896] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  587.483733][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.499851][ T5896] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  587.610141][ T5899] usb 6-1: Product: syz
[  587.614392][ T5899] usb 6-1: Manufacturer: syz
[  587.643681][T12712] netlink: 'syz.4.2021': attribute type 21 has an invalid length.
[  587.659461][T12712] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2021'.
[  587.660033][ T5896] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  587.680925][ T5899] usb 6-1: SerialNumber: syz
[  587.687697][T12712] netlink: 'syz.4.2021': attribute type 5 has an invalid length.
[  587.695741][ T5896] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  587.697707][ T5899] usb 6-1: config 0 descriptor??
[  587.731434][ T5896] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  587.756902][T12712] netlink: 'syz.4.2021': attribute type 6 has an invalid length.
[  587.766890][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  587.775371][T12712] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2021'.
[  587.957920][ T5896] usb 7-1: Product: syz
[  587.969841][ T5896] usb 7-1: Manufacturer: syz
[  588.080325][ T5896] cdc_wdm 7-1:1.0: skipping garbage
[  588.085622][ T5896] cdc_wdm 7-1:1.0: skipping garbage
[  588.127120][ T5896] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  588.297919][ T5896] usb 7-1: USB disconnect, device number 15
[  588.654363][T12729] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:2
[  588.816704][T12733] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2028'.
[  588.880656][T12733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.921834][T12733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.987400][T12733] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2028'.
[  589.127791][T12733] VFS: Mount too revealing
[  589.144890][T12738] netlink: 'syz.6.2029': attribute type 8 has an invalid length.
[  590.253518][ T5896] usb 6-1: USB disconnect, device number 19
[  590.477382][T12757] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2033'.
[  590.530071][T12756] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2033'.
[  591.608250][T12767] input: syz1 as /devices/virtual/input/input45
[  591.889871][ T5897] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  592.129995][ T5897] usb 7-1: Using ep0 maxpacket: 8
[  592.138815][ T5897] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  592.149899][ T5897] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  592.205735][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  592.248883][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  592.315458][ T5897] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  592.346669][ T5897] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  592.369392][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.642828][ T5897] usb 7-1: GET_CAPABILITIES returned 0
[  592.648420][ T5897] usbtmc 7-1:16.0: can't read capabilities
[  592.794177][T12802] FAULT_INJECTION: forcing a failure.
[  592.794177][T12802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.880047][T12802] CPU: 0 UID: 0 PID: 12802 Comm: syz.3.2047 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  592.880081][T12802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  592.880094][T12802] Call Trace:
[  592.880102][T12802]  <TASK>
[  592.880114][T12802]  dump_stack_lvl+0x241/0x360
[  592.880148][T12802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  592.880174][T12802]  ? __pfx__printk+0x10/0x10
[  592.880216][T12802]  should_fail_ex+0x424/0x570
[  592.880248][T12802]  strncpy_from_user+0x36/0x280
[  592.880277][T12802]  path_setxattrat+0x20e/0x4c0
[  592.880303][T12802]  ? __pfx_path_setxattrat+0x10/0x10
[  592.880351][T12802]  ? ksys_write+0x275/0x2d0
[  592.880377][T12802]  __ia32_sys_fsetxattr+0xbc/0xe0
[  592.880397][T12802]  __do_fast_syscall_32+0xb4/0x110
[  592.880416][T12802]  ? exc_page_fault+0x5f8/0x920
[  592.880446][T12802]  do_fast_syscall_32+0x34/0x80
[  592.880465][T12802]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  592.880485][T12802] RIP: 0023:0xf7f61579
[  592.880499][T12802] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  592.880515][T12802] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 00000000000000e4
[  592.880534][T12802] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  592.880547][T12802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  592.880557][T12802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  592.880567][T12802] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  592.880578][T12802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  592.880601][T12802]  </TASK>
[  593.283673][T12782] usbtmc 7-1:16.0: usb_control_msg returned -71
[  593.284928][   T24] usb 7-1: USB disconnect, device number 16
[  593.325478][T12809] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -19
[  593.501542][T12812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.532323][T12814] FAULT_INJECTION: forcing a failure.
[  593.532323][T12814] name failslab, interval 1, probability 0, space 0, times 0
[  593.555768][T12812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.574274][T12814] CPU: 1 UID: 0 PID: 12814 Comm: syz.5.2050 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  593.574308][T12814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  593.574322][T12814] Call Trace:
[  593.574331][T12814]  <TASK>
[  593.574341][T12814]  dump_stack_lvl+0x241/0x360
[  593.574381][T12814]  ? __pfx_dump_stack_lvl+0x10/0x10
[  593.574412][T12814]  ? __pfx__printk+0x10/0x10
[  593.574448][T12814]  ? __pfx___might_resched+0x10/0x10
[  593.574480][T12814]  should_fail_ex+0x424/0x570
[  593.574519][T12814]  should_failslab+0xac/0x100
[  593.574552][T12814]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  593.574584][T12814]  ? __alloc_skb+0x1c2/0x480
[  593.574612][T12814]  ? __dev_queue_xmit+0x1780/0x3f60
[  593.574638][T12814]  __alloc_skb+0x1c2/0x480
[  593.574670][T12814]  ? __do_fast_syscall_32+0xb4/0x110
[  593.574697][T12814]  ? __pfx___alloc_skb+0x10/0x10
[  593.574736][T12814]  ? netlink_ack_tlv_len+0x6e/0x200
[  593.574765][T12814]  netlink_ack+0x147/0xa70
[  593.574792][T12814]  ? __pfx_nl80211_del_pmksa+0x10/0x10
[  593.574839][T12814]  netlink_rcv_skb+0x296/0x480
[  593.574868][T12814]  ? __pfx_genl_rcv_msg+0x10/0x10
[  593.574904][T12814]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  593.574954][T12814]  ? netlink_deliver_tap+0x2e/0x1b0
[  593.574988][T12814]  genl_rcv+0x28/0x40
[  593.575018][T12814]  netlink_unicast+0x7f8/0x9a0
[  593.575052][T12814]  ? __pfx_netlink_unicast+0x10/0x10
[  593.575079][T12814]  ? skb_put+0x114/0x1f0
[  593.575122][T12814]  netlink_sendmsg+0x8c3/0xcd0
[  593.575164][T12814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  593.575196][T12814]  ? __import_iovec+0x585/0x830
[  593.575223][T12814]  ? aa_sock_msg_perm+0x91/0x160
[  593.575258][T12814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  593.575283][T12814]  __sock_sendmsg+0x221/0x270
[  593.575314][T12814]  ____sys_sendmsg+0x523/0x860
[  593.575345][T12814]  ? __pfx_____sys_sendmsg+0x10/0x10
[  593.575385][T12814]  __sys_sendmsg+0x271/0x360
[  593.575411][T12814]  ? __pfx___sys_sendmsg+0x10/0x10
[  593.575488][T12814]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  593.575510][T12814]  ? lockdep_hardirqs_on+0x9d/0x150
[  593.575535][T12814]  __do_fast_syscall_32+0xb4/0x110
[  593.575558][T12814]  ? exc_page_fault+0x5f8/0x920
[  593.575597][T12814]  do_fast_syscall_32+0x34/0x80
[  593.575619][T12814]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  593.575645][T12814] RIP: 0023:0xf746d579
[  593.575664][T12814] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  593.575683][T12814] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  593.575707][T12814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  593.575723][T12814] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  593.575736][T12814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  593.575749][T12814] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  593.575762][T12814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  593.575792][T12814]  </TASK>
[  594.166784][T12819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.233098][T12819] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.352599][ T5899] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  594.520632][ T5899] usb 6-1: Using ep0 maxpacket: 8
[  594.736097][ T5899] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  594.804455][T12828] "syz.6.2055" (12828) uses obsolete ecb(arc4) skcipher
[  594.890087][ T5899] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  594.925280][ T5899] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  594.967708][ T5899] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  595.061779][ T5899] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  595.090120][ T5899] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.261492][T12843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.305286][T12843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.339892][T12843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.359059][T12843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.629351][   T24] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  595.679909][T12849] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2060'.
[  595.779337][   T24] usb 7-1: Using ep0 maxpacket: 8
[  595.808164][   T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  595.821931][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.898723][   T24] usb 7-1: Product: syz
[  595.911144][   T24] usb 7-1: Manufacturer: syz
[  595.923580][   T24] usb 7-1: SerialNumber: syz
[  595.970695][   T24] usb 7-1: config 0 descriptor??
[  596.261432][   T24] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  596.317144][T12856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.352596][T12856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.651728][T12860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.708123][T12860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.045265][   T24] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  597.139633][   T24] usb 7-1: USB disconnect, device number 17
[  597.782499][ T5899] usb 6-1: usb_control_msg returned -71
[  597.941833][ T5899] usbtmc 6-1:16.0: can't read capabilities
[  597.966386][ T5899] usb 6-1: USB disconnect, device number 20
[  598.139713][   T24] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  598.315320][   T24] usb 7-1: config 0 has an invalid descriptor of length 212, skipping remainder of the config
[  598.326245][   T24] usb 7-1: config 0 has no interfaces?
[  598.342458][   T24] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  598.360182][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.461765][   T24] usb 7-1: Product: syz
[  598.467362][   T24] usb 7-1: Manufacturer: syz
[  598.475250][   T24] usb 7-1: SerialNumber: syz
[  598.490856][   T24] usb 7-1: config 0 descriptor??
[  598.632228][T12890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.745792][T12890] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.833207][T12890] netlink: 'syz.4.2072': attribute type 12 has an invalid length.
[  598.903996][T12892] FAULT_INJECTION: forcing a failure.
[  598.903996][T12892] name failslab, interval 1, probability 0, space 0, times 0
[  598.921708][T12892] CPU: 0 UID: 0 PID: 12892 Comm: syz.5.2073 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  598.921741][T12892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  598.921754][T12892] Call Trace:
[  598.921763][T12892]  <TASK>
[  598.921771][T12892]  dump_stack_lvl+0x241/0x360
[  598.921810][T12892]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.921841][T12892]  ? __pfx__printk+0x10/0x10
[  598.921872][T12892]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  598.921901][T12892]  ? __pfx___might_resched+0x10/0x10
[  598.921929][T12892]  should_fail_ex+0x424/0x570
[  598.921970][T12892]  should_failslab+0xac/0x100
[  598.922002][T12892]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  598.922032][T12892]  ? __alloc_skb+0x1c2/0x480
[  598.922068][T12892]  __alloc_skb+0x1c2/0x480
[  598.922103][T12892]  ? __pfx___alloc_skb+0x10/0x10
[  598.922138][T12892]  ? linkmodes_reply_size+0x13b/0x1d0
[  598.922172][T12892]  ethnl_default_notify+0x4f0/0x9f0
[  598.922208][T12892]  ? __pfx_ethnl_default_notify+0x10/0x10
[  598.922247][T12892]  ? trace_kmalloc+0x1f/0xd0
[  598.922283][T12892]  ? __kmalloc_node_track_caller_noprof+0x2b2/0x4d0
[  598.922319][T12892]  ? mutex_is_locked+0x17/0x50
[  598.922350][T12892]  ethnl_default_set_doit+0x678/0xb10
[  598.922390][T12892]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  598.922425][T12892]  ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290
[  598.922456][T12892]  genl_rcv_msg+0xb38/0xf00
[  598.922498][T12892]  ? __pfx_genl_rcv_msg+0x10/0x10
[  598.922528][T12892]  ? __dev_queue_xmit+0x1780/0x3f60
[  598.922549][T12892]  ? kasan_save_track+0x3f/0x80
[  598.922572][T12892]  ? __kasan_slab_alloc+0x66/0x80
[  598.922604][T12892]  ? __do_fast_syscall_32+0xb4/0x110
[  598.922647][T12892]  ? __lock_acquire+0xad5/0xd80
[  598.922672][T12892]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  598.922718][T12892]  netlink_rcv_skb+0x208/0x480
[  598.922746][T12892]  ? __pfx_genl_rcv_msg+0x10/0x10
[  598.922780][T12892]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  598.922831][T12892]  ? netlink_deliver_tap+0x2e/0x1b0
[  598.922866][T12892]  genl_rcv+0x28/0x40
[  598.922895][T12892]  netlink_unicast+0x7f8/0x9a0
[  598.922929][T12892]  ? __pfx_netlink_unicast+0x10/0x10
[  598.922956][T12892]  ? skb_put+0x114/0x1f0
[  598.922992][T12892]  netlink_sendmsg+0x8c3/0xcd0
[  598.923034][T12892]  ? __pfx_netlink_sendmsg+0x10/0x10
[  598.923065][T12892]  ? __import_iovec+0x585/0x830
[  598.923093][T12892]  ? aa_sock_msg_perm+0x91/0x160
[  598.923128][T12892]  ? __pfx_netlink_sendmsg+0x10/0x10
[  598.923153][T12892]  __sock_sendmsg+0x221/0x270
[  598.923183][T12892]  ____sys_sendmsg+0x523/0x860
[  598.923214][T12892]  ? __pfx_____sys_sendmsg+0x10/0x10
[  598.923255][T12892]  __sys_sendmsg+0x271/0x360
[  598.923288][T12892]  ? __pfx___sys_sendmsg+0x10/0x10
[  598.923367][T12892]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  598.923389][T12892]  ? lockdep_hardirqs_on+0x9d/0x150
[  598.923413][T12892]  __do_fast_syscall_32+0xb4/0x110
[  598.923435][T12892]  ? exc_page_fault+0x5f8/0x920
[  598.923473][T12892]  do_fast_syscall_32+0x34/0x80
[  598.923497][T12892]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  598.923523][T12892] RIP: 0023:0xf746d579
[  598.923543][T12892] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  598.923561][T12892] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  598.923583][T12892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  598.923598][T12892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  598.923611][T12892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  598.923623][T12892] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  598.923636][T12892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  598.923668][T12892]  </TASK>
[  599.370866][T12896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.380513][T12896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.392861][T12896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.402091][T12896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.412137][T12896] xt_TPROXY: Can be used only with -p tcp or -p udp
[  599.421551][T12896] netlink: 'syz.3.2074': attribute type 10 has an invalid length.
[  599.435098][T12896] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  599.831740][ T5897] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  600.066186][ T5897] usb 6-1: Using ep0 maxpacket: 8
[  600.083065][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 159, changing to 11
[  600.097652][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33536, setting to 1024
[  600.153029][ T5897] usb 6-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  600.193622][ T5897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.218293][ T5897] usb 6-1: config 0 descriptor??
[  600.497137][T12911] FAULT_INJECTION: forcing a failure.
[  600.497137][T12911] name failslab, interval 1, probability 0, space 0, times 0
[  600.585239][T12911] CPU: 1 UID: 0 PID: 12911 Comm: syz.0.2079 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  600.585274][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  600.585288][T12911] Call Trace:
[  600.585298][T12911]  <TASK>
[  600.585309][T12911]  dump_stack_lvl+0x241/0x360
[  600.585348][T12911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.585380][T12911]  ? __pfx__printk+0x10/0x10
[  600.585415][T12911]  ? __pfx___might_resched+0x10/0x10
[  600.585454][T12911]  should_fail_ex+0x424/0x570
[  600.585494][T12911]  should_failslab+0xac/0x100
[  600.585526][T12911]  __kmalloc_cache_noprof+0x73/0x370
[  600.585557][T12911]  ? landlock_init_hierarchy_log+0xa0/0x640
[  600.585589][T12911]  landlock_init_hierarchy_log+0xa0/0x640
[  600.585615][T12911]  ? __kmalloc_cache_noprof+0x236/0x370
[  600.585652][T12911]  landlock_merge_ruleset+0x66e/0x900
[  600.585684][T12911]  __se_sys_landlock_restrict_self+0x2ce/0x7d0
[  600.585723][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  600.585749][T12911]  __do_fast_syscall_32+0xb4/0x110
[  600.585773][T12911]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  600.585797][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  600.585821][T12911]  do_fast_syscall_32+0x34/0x80
[  600.585845][T12911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  600.585871][T12911] RIP: 0023:0xf7f22579
[  600.585890][T12911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  600.585909][T12911] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 00000000000001be
[  600.585933][T12911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  600.585948][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  600.585960][T12911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  600.585973][T12911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  600.585986][T12911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  600.586023][T12911]  </TASK>
[  600.798950][T12911] ------------[ cut here ]------------
[  600.805170][T12911] WARNING: CPU: 0 PID: 12911 at security/landlock/domain.h:133 free_ruleset+0x1f3/0x250
[  600.815846][T12911] Modules linked in:
[  600.820558][T12911] CPU: 0 UID: 0 PID: 12911 Comm: syz.0.2079 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  600.833126][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  600.843840][T12911] RIP: 0010:free_ruleset+0x1f3/0x250
[  600.849251][T12911] Code: 89 ff e8 10 54 6c fd 49 8b 1f 4c 89 ff e8 f5 b1 60 fd 48 85 db 74 36 e8 8b 2f 02 fd 49 89 df e9 34 ff ff ff e8 7e 2f 02 fd 90 <0f> 0b 90 eb c2 e8 73 2f 02 fd eb 1c bf 01 00 00 00 89 ee e8 a5 33
[  600.869938][T12911] RSP: 0018:ffffc9000aee7da8 EFLAGS: 00010293
[  600.877287][T12911] RAX: ffffffff84c12722 RBX: 0000000000000000 RCX: ffff8880306eda00
[  600.886483][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  600.894630][T12911] RBP: 1ffff11005f30ac4 R08: ffffffff84c232bf R09: 1ffff11005f30ac1
[  600.903059][T12911] R10: dffffc0000000000 R11: ffffed1005f30ac2 R12: ffff88802f985620
[  600.911133][T12911] R13: dffffc0000000000 R14: ffff888034141100 R15: ffff88802f985600
[  600.919152][T12911] FS:  0000000000000000(0000) GS:ffff888124f99000(0063) knlGS:00000000f5046b40
[  600.928362][T12911] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  600.935675][T12911] CR2: 000000008013e018 CR3: 000000006df84000 CR4: 00000000003526f0
[  600.944864][T12911] Call Trace:
[  600.948220][T12911]  <TASK>
[  600.951882][T12911]  landlock_merge_ruleset+0x6d8/0x900
[  600.957449][T12911]  __se_sys_landlock_restrict_self+0x2ce/0x7d0
[  600.964318][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  600.970230][T12911]  __do_fast_syscall_32+0xb4/0x110
[  600.976286][T12911]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  600.983771][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  600.989045][T12911]  do_fast_syscall_32+0x34/0x80
[  600.994761][T12911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  601.001853][T12911] RIP: 0023:0xf7f22579
[  601.005989][T12911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  601.026454][T12911] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 00000000000001be
[  601.035661][T12911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  601.044409][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  601.053159][T12911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  601.061931][T12911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  601.070624][T12911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  601.080060][T12911]  </TASK>
[  601.083905][T12911] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  601.091254][T12911] CPU: 0 UID: 0 PID: 12911 Comm: syz.0.2079 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) 
[  601.103040][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  601.113143][T12911] Call Trace:
[  601.116549][T12911]  <TASK>
[  601.119511][T12911]  dump_stack_lvl+0x241/0x360
[  601.124255][T12911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.129515][T12911]  ? __pfx__printk+0x10/0x10
[  601.134485][T12911]  ? vscnprintf+0x5d/0x90
[  601.138861][T12911]  panic+0x349/0x880
[  601.142895][T12911]  ? __warn+0x174/0x4d0
[  601.147141][T12911]  ? __pfx_panic+0x10/0x10
[  601.151626][T12911]  __warn+0x344/0x4d0
[  601.155720][T12911]  ? free_ruleset+0x1f3/0x250
[  601.160452][T12911]  report_bug+0x2b3/0x500
[  601.164913][T12911]  ? free_ruleset+0x1f3/0x250
[  601.169661][T12911]  ? free_ruleset+0x1f3/0x250
[  601.174574][T12911]  ? free_ruleset+0x1f5/0x250
[  601.179309][T12911]  handle_bug+0x89/0x170
[  601.183696][T12911]  exc_invalid_op+0x1a/0x50
[  601.188340][T12911]  asm_exc_invalid_op+0x1a/0x20
[  601.193247][T12911] RIP: 0010:free_ruleset+0x1f3/0x250
[  601.198593][T12911] Code: 89 ff e8 10 54 6c fd 49 8b 1f 4c 89 ff e8 f5 b1 60 fd 48 85 db 74 36 e8 8b 2f 02 fd 49 89 df e9 34 ff ff ff e8 7e 2f 02 fd 90 <0f> 0b 90 eb c2 e8 73 2f 02 fd eb 1c bf 01 00 00 00 89 ee e8 a5 33
[  601.218237][T12911] RSP: 0018:ffffc9000aee7da8 EFLAGS: 00010293
[  601.224527][T12911] RAX: ffffffff84c12722 RBX: 0000000000000000 RCX: ffff8880306eda00
[  601.232533][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  601.240529][T12911] RBP: 1ffff11005f30ac4 R08: ffffffff84c232bf R09: 1ffff11005f30ac1
[  601.248524][T12911] R10: dffffc0000000000 R11: ffffed1005f30ac2 R12: ffff88802f985620
[  601.256511][T12911] R13: dffffc0000000000 R14: ffff888034141100 R15: ffff88802f985600
[  601.264516][T12911]  ? landlock_log_drop_domain+0x4f/0x1b0
[  601.270264][T12911]  ? free_ruleset+0x1f2/0x250
[  601.274966][T12911]  ? free_ruleset+0x1f2/0x250
[  601.279665][T12911]  landlock_merge_ruleset+0x6d8/0x900
[  601.285061][T12911]  __se_sys_landlock_restrict_self+0x2ce/0x7d0
[  601.291240][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  601.296496][T12911]  __do_fast_syscall_32+0xb4/0x110
[  601.301720][T12911]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  601.307892][T12911]  ? lockdep_hardirqs_on+0x9d/0x150
[  601.313125][T12911]  do_fast_syscall_32+0x34/0x80
[  601.318125][T12911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  601.324486][T12911] RIP: 0023:0xf7f22579
[  601.328661][T12911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  601.348375][T12911] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 00000000000001be
[  601.356813][T12911] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  601.364799][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  601.372779][T12911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  601.380931][T12911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  601.388928][T12911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  601.397112][T12911]  </TASK>
[  601.400304][T12911] Kernel Offset: disabled
[  601.404665][T12911] Rebooting in 86400 seconds..