last executing test programs:

10m37.587310695s ago: executing program 1 (id=26):
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c100000000000224e0000", 0x58}], 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000f0f000000000700000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000003c000000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000040004800b00070066696c7465"], 0xc4}}, 0xc000)
io_setup(0x3, &(0x7f0000000600)=<r2=>0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x20, 0x7, 0x0, r3, 0x0, 0x0, 0x10000, 0x0, 0x96e6513e0814b0fc}])

10m37.087421253s ago: executing program 1 (id=29):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x34, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfd85}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x1100}, 0x4004800)

10m36.866244729s ago: executing program 1 (id=32):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x1277, &(0x7f0000000400)={0x0, {}, 0x0, {}, 0xc, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f4e1df82d00", [0x6, 0x9]})

10m36.667222429s ago: executing program 0 (id=33):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x15, 0x2)

10m36.591211397s ago: executing program 1 (id=35):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
move_mount(r2, 0x0, r1, 0x0, 0x46)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)={{0x12, 0x1, 0x0, 0x2, 0x2f, 0xb0, 0x40, 0x4d8, 0xfd08, 0x59b1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x8, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb1, 0x9, 0x2, 0xa, 0x5f, 0x92, 0x40, [], [{{0x9, 0x5, 0x8, 0xa, 0x3ff, 0xf7, 0x7, 0x9}}, {{0x9, 0x5, 0x30932787f67e0187, 0x2, 0x40, 0x2, 0x5}}]}}]}}]}}, 0x0)

10m35.095423014s ago: executing program 1 (id=40):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
dup2(r0, r0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x4a7c0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x2004c010}, 0x40080c0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040)=0x5)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000580)}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x7}})
ioctl$KVM_RUN(r3, 0xae80, 0xffff0f00)

10m35.028960876s ago: executing program 1 (id=41):
r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x800000000020001, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0x4, 0x1, 0x1, 0x0, 0x7})
readv(r0, &(0x7f0000003340)=[{&(0x7f0000002080)=""/163, 0xa3}, {&(0x7f0000002140)=""/4096, 0x1000}, {&(0x7f0000003140)=""/207, 0xcf}, {&(0x7f0000003240)=""/62, 0x3e}, {&(0x7f0000003280)=""/132, 0x84}], 0x5)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x4}, 0x20000, 0x1, {0x0}})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0xfb2e, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
r6 = fsopen(&(0x7f0000000100)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000140)='shortad', &(0x7f0000000180)='O', 0x1)
read$FUSE(r5, &(0x7f0000000040)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
write$cgroup_int(r3, &(0x7f0000000040)=0x3, 0x12)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x40000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='-'], 0x28)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000040))

10m34.435340754s ago: executing program 32 (id=41):
r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x800000000020001, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0x4, 0x1, 0x1, 0x0, 0x7})
readv(r0, &(0x7f0000003340)=[{&(0x7f0000002080)=""/163, 0xa3}, {&(0x7f0000002140)=""/4096, 0x1000}, {&(0x7f0000003140)=""/207, 0xcf}, {&(0x7f0000003240)=""/62, 0x3e}, {&(0x7f0000003280)=""/132, 0x84}], 0x5)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x4}, 0x20000, 0x1, {0x0}})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0xfb2e, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
r6 = fsopen(&(0x7f0000000100)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000140)='shortad', &(0x7f0000000180)='O', 0x1)
read$FUSE(r5, &(0x7f0000000040)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
write$cgroup_int(r3, &(0x7f0000000040)=0x3, 0x12)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x40000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='-'], 0x28)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000040))

10m33.362940362s ago: executing program 0 (id=47):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
r3 = socket$unix(0x1, 0x2, 0x0)
sendmmsg$unix(r3, &(0x7f0000002900)=[{{&(0x7f0000000200)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000100)="b763eb7e04aeadc69552ae8e44e6e9c7113fdd812463af54d6a96f8b172ff0b7a33528ae268f5121eb9477ee2028d3035c1f", 0x32}, {0x0}], 0x9, 0x0, 0x0, 0x10}}], 0x1, 0x40)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000500)={0x28, 0x6, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000013ff0000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000700000007000000bf91000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x60083, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
r7 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
getdents64(r7, 0xffffffffffffffff, 0x43)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000026c0)=ANY=[@ANYBLOB="120190d0723e950110010000bb00000000000000dd18910790cbf6196c6400c27b3077978ce2ccec0001010110750904000901030101030921ffff03"], &(0x7f0000002640)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x101, 0x2, 0x80, 0x3, 0x20, 0x9}, 0xc, &(0x7f0000000300)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x0, 0x7, 0x3}]}, 0x6, [{0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x414}}, {0xa9, &(0x7f0000002440)=@string={0xa9, 0x3, "6347a7bb1795eea6cd177f9be62a767185d2d9135e9d4c6341c64ce6d62a5a3c3b7a763d114c1371bc26ec5535c4cb77d558dfc15626c29b66567e153c0b346c466fedfbbf8e4d7dd12f11bb9ca5992dc3a009411e20a20406881411e997db55138f2666a014e8239052f93fb75630b5052b26632c28eb45b30d3a51c06aa35a4c9cadf3e72e62dd53f133bce857c009a54cca1636efa0eef709eeb2d96c837fcc018aecea6ef2"}}, {0x69, &(0x7f0000000380)=@string={0x69, 0x3, "ff5ef48811ea4210d6c91aff915d95ede828f262b8ffb560ccdbfd6d7cd0e0dcc915fa3301ad53ac6133d0a8c21799bc65ae49baae0a3793d858732c5163a20332361e28e2b9fe2ec680ba1681b8eca3abefcb3093cd2e88a59dc24a7ba38ff2ca83848e4921c3"}}, {0x8e, &(0x7f0000002500)=@string={0x8e, 0x3, "d755bc92f4b3c81443eab32ee1c6ec190ae701c25144ffd9f493beb96bef0d62a10cdf07a44d364e8d9377b65cf5a3e998b6b6cc4a924bea23a95a6bff6d3b131323dea0ff838f603f037e8a6681d0f6dbb0f79f28188793f948b8d58c30650a0e25cae860e02a341225ea8ea574e28534d864661047851d41bfc9444e933ebfb3d303fc899d85d7c56586a5"}}, {0x4, &(0x7f00000025c0)=@lang_id={0x4, 0x3, 0x100a}}, {0x4, &(0x7f0000002600)=@lang_id={0x4, 0x3, 0x80c}}]})
ioctl$IOMMU_IOAS_MAP(r5, 0x3b85, &(0x7f0000000440)={0x28, 0x5, r6, 0x0, &(0x7f0000000480)='L', 0x1, 0x400000001})
ioctl$IOMMU_IOAS_UNMAP(r5, 0x3b86, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000180)={0x48})

10m30.102945849s ago: executing program 0 (id=60):
syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315ce7e0102030109026100010000000009040001"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x94}, [@ldst={0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0xffffffffffffffff}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10b}, 0x94)

10m28.442310215s ago: executing program 0 (id=64):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
set_mempolicy(0x2, 0x0, 0xf5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000019100))
r3 = timerfd_create(0x0, 0x0)
readv(r3, &(0x7f0000000000)=[{0x0}], 0x1)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
r6 = syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1b, &(0x7f0000019280)=ANY=[@ANYBLOB="180000000600000000000000ff010000b7080000000000007b8af8ff00000000b7080000bc0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYRES32, @ANYRES64, @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000000000005000000009500000000000000"], &(0x7f0000000200)='GPL\x00'}, 0x94)
tkill(r6, 0x39)
set_mempolicy(0xc002, &(0x7f0000019080)=0x4, 0x10000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$igmp6(0xa, 0x3, 0x2)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x76}, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3, 0x2, 0x3, 0x500, 0xb7, 0xca0063})

10m25.219022935s ago: executing program 0 (id=75):
r0 = socket$netlink(0x10, 0x3, 0x5)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000020000100ecc2000000000000020020000000000100000000140003006c6f0000000000000000000000000000080002"], 0x38}, 0x1, 0x0, 0x0, 0x40008c4}, 0x8000)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0xa, 0x9d, 0x0, 0x100000001, 0x3, 0x6, 0x3ff, 0x25c, 0x40, 0xb, 0x5, 0x0, 0x38, 0x2, 0xfff7, 0x5, 0x4}, [{0x70000000, 0x5, 0x3800, 0x4, 0xd, 0x0, 0xff, 0xfffffffffffffffa}, {0x5, 0x3ff, 0x4, 0xcb4b, 0xff, 0xf8cfabd, 0xca2, 0x1}], "cafc95ce6dff44c155094e5893893d2249ea62b2e4cb822a89e1aeeaa862fc9537728fef1a3ac58c3a3c37cc381ebfd1290fd059eab2d8c92cc871fc5b7ae3070c89176cd2be816e601f48dcd655536179aa91e9179711e8f566ec", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x80b)

10m24.998996825s ago: executing program 0 (id=76):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) (async)
r1 = syz_open_dev$vbi(&(0x7f0000000380), 0x0, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90e, 0xffffbfff, '\x00', @p_u32=&(0x7f0000000040)}}) (async)
r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) (async)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) (async)
r4 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000020c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x11c, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f0000000100)=0x1, 0x0, 0x4) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x7f, &(0x7f00000001c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1}) (async)
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000f40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r9], 0x3c}}, 0x0) (async)
r11 = accept4(r7, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r11) (async)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000002800)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffff000, 0x101, &(0x7f0000000080)) (async)
getrusage(0xffffffffffffffff, &(0x7f0000000240)) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="1eb3bf65654114f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b0a06000000000000af6bec340dee49474360b24cb8", 0x0, 0x48)
r12 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r12)

10m9.966224508s ago: executing program 33 (id=76):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) (async)
r1 = syz_open_dev$vbi(&(0x7f0000000380), 0x0, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90e, 0xffffbfff, '\x00', @p_u32=&(0x7f0000000040)}}) (async)
r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) (async)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) (async)
r4 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000020c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x11c, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f0000000100)=0x1, 0x0, 0x4) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x7f, &(0x7f00000001c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1}) (async)
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000f40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r9], 0x3c}}, 0x0) (async)
r11 = accept4(r7, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r11) (async)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000002800)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffff000, 0x101, &(0x7f0000000080)) (async)
getrusage(0xffffffffffffffff, &(0x7f0000000240)) (async)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="1eb3bf65654114f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b0a06000000000000af6bec340dee49474360b24cb8", 0x0, 0x48)
r12 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r12)

27.138992927s ago: executing program 3 (id=3111):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1200020000000040792153000000000000a5e62a3d8c86fc5b010902240001000000000904000001030000000921000000012205000905810300000800006ee734a296289ecaa798b54d200ce2281938c4a6b511"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioperm(0x5, 0x0, 0x9)
syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000001300)={0x0, 0x22, 0x5, {[@global=@item_012={0x2, 0x1, 0x3, "8daf"}, @global=@item_012={0x1, 0x1, 0x2, ','}]}}, 0x0}, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000002, 0x13, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xc, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x6}]}}]}, 0x38}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r3, @ANYBLOB="0200000000008000800012000800010076746936"], 0xa0}}, 0x0)
syz_io_uring_setup(0x3322, &(0x7f0000000100)={0x0, 0xb4f9, 0x3000, 0x0, 0x3bd}, &(0x7f0000000000), &(0x7f00000001c0))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118)
syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12011003a43731403c41938123fb0102030109021200017f01ff020904ee010099f068070a5ba1b6d122c8f9dea9dee7240cc48c3de60f31c36c9f45c54b0618b797bfd69e4cdeee7564a1b2a0b2ac0000000000000000"], &(0x7f0000000040)={0x0, 0x0, 0x23, &(0x7f0000000140)=ANY=[@ANYBLOB="050f"]})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x4ae93000)
inotify_init1(0x80800)
r5 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380), &(0x7f0000000200))
io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x20004045)
open$dir(&(0x7f00000003c0)='./file0\x00', 0x40, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000840), 0x0, 0xfffffffffffffeef, 0x1)

23.991118147s ago: executing program 3 (id=3134):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x6, 0xf3, &(0x7f0000000540)=ANY=[@ANYBLOB="12011001020000402505a1a44000010203010902e10002011120050904000001020d000009240600014812987e052400df000d240f0101000000000003000580241a0104146e2413ee518feaf0692c135da9476dc0a5eef1567e69a81e949fcd31f4f7d3c3b4a03d43334ecee80f3f7f40ef9a41d4cc3b43f7aa3d305c6fc23775f803abf2a9fa26b1f5b65555ccd23da8bb42fee32af87080a01fb92dc3d08a95ee561798b7881364c756175786ab8d696ff507240a050702800c241b01040300"], 0x0)
ioctl$EVIOCRMFF(r3, 0x41015500, &(0x7f0000000500))
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000040)=ANY=[@ANYBLOB='\b'])
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
syz_open_dev$hiddev(&(0x7f0000000080), 0x3, 0x44000)
r5 = msgget$private(0x0, 0x184)
msgsnd(r5, &(0x7f0000002900)=ANY=[@ANYBLOB="03"], 0xfd1, 0x0)
msgctl$IPC_RMID(r5, 0x0)
unshare(0x20000400)
r6 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f00000002c0)={0x1b000000f})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r10, {0x0, 0xd}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x101, 0x0, 0x5}, "0f"}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
r11 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x690, 0x1000, 0xbb3a, 0x2, 0x0, 0x100, {0x0, 0x40002000}, {0x7, 0x2, 0x1}, {0x4000000, 0x7}, {0x0, 0x8, 0x40000}, 0x0, 0x3f0, 0x0, 0x7, 0x0, 0x0, 0x20, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2, 0x2})

22.503286249s ago: executing program 3 (id=3141):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0))
read$dsp(r0, &(0x7f00000007c0)=""/4096, 0x1000)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10) (async)
read$dsp(r0, &(0x7f0000001800)=""/190, 0xbe)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x10, &(0x7f0000000340)={0x0}}, 0x4c080) (async)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r2], 0x40}}, 0x0) (async)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0xfffffffa, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e21}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40080d4}, 0x0)

21.971310944s ago: executing program 3 (id=3146):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0x23, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff)
close(r3)
execveat$binfmt(0xffffffffffffff9c, r2, 0x0, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
r5 = openat$binfmt(0xffffffffffffff9c, r2, 0x2, 0x0)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r2, 0x0, 0x0, 0x1000)
execveat$binfmt(0xffffffffffffff9c, r2, &(0x7f00000000c0)={[&(0x7f0000000140)='\xd3\x05\xdb\"H\xd0\xb3e\xf5\x8f\x89\x1a\x92.\f\x88\\o\xa30\xf3\x00\x06x\xd0\xea3P\xc8\v\xc3\xd5mQ\xcf\xda\x9b^\xc1\x14\x9a\xed&}\xf4Y\xa8\x96u:\x008\xd6Y\x1b\xf3\xb7\'\x90|v\\\x8e4\x11\xf3\xd0\x1e\xe5\xdd\xf5Z\x1b\xe5\xd0mH\x9cSuLV\xcf\x8cG\xff\xe9U\xcb9\xef\x99\xa6\xcbQ1=\x93Q\xe0\xd4\xb1nJ\xcf\xff\x8fW\a,2\xd2\xcf9RA{\xd5\x9d\x99\x88g\xcd\x94\xc3O5}\x16D\x13\xd1g\xa5y\xcc\f,\xcbdd7t\xb2<\x9d\x97\xe6EW\xf9\x89\xaa\x8f\xc3\x9d\xe2Y\xc8']}, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000300)={0x84, @loopback, 0x4e22, 0x1, 'nq\x00', 0x0, 0x10000}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x483, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x1, 'wlc\x00', 0x20, 0x0, 0x1}, 0x2c)

21.935201578s ago: executing program 3 (id=3147):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xb723, 0x2, 0x0, 0xfffffffe, 0xfffffffd}}}}]}, 0x4c}}, 0x2400c000)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x78)

21.787421321s ago: executing program 3 (id=3149):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cf", 0x2, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0xffe, 0x100, 0x2000000000004b42, 0x6, 0x80, 0x0, 0x40046}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x2, 0x3, 0x10000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000", @ANYBLOB="0000000600000000000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="006dd709d527c85c0000000000000000000000100000000000000000418fd990af4a60e40e89994eef2b09064d72d9e9d4368c9ff6a180f8d14b4089bb80c5246a040f8ed2cc04922cf832d8cd1bc2c219731344e4c3537de0fecb649fac92311ceba7013eab176938b55a9b7d7ab97a446c08d9861e33fe2f24a6d37843d57af9a8b70d8e42b337cc549299bbb822816c7c4b4ac73bd7"], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
r6 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r5, 0x0)
madvise(&(0x7f0000358000/0x4000)=nil, 0x4000, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x74, &(0x7f0000000440)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e21, 0x5c, @private2, 0x7}, @in6={0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xff}, @in6={0xa, 0x4e21, 0x1, @local, 0x400}]}, &(0x7f0000000400)=0x10)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f7"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
socket$kcm(0x11, 0x5, 0x300)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000200))

10.823206298s ago: executing program 6 (id=3187):
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x7fff}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="0e", 0x1, 0x40000, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c)
sendmmsg$sock(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)='Z', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)="a6", 0x1}], 0x1}}], 0x2, 0x40080)
shutdown(r0, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
readv(r1, &(0x7f0000001340)=[{0x0}, {&(0x7f0000001200)=""/150, 0x96}], 0x2)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x0, "000080f100df000000a7d9de16c708db7200"})
syz_open_pts(r1, 0x42)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
preadv(r2, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000100)={0xffffffffffffffff, 0x9, {0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffb, 0x0, 0x5, 0xa, 0x1, "89727a980ed9e903bf5d50dd3dbb52e787ea985b5675e7f49a74d092cc6d5b376b984c76d3b87554a1cb98ac7e6f4bf054cbc4e8e25e8214ffe36777e5dea4bf", "6f8fe53c710045cdc2bcc6e114f4375200f89eca390192f6fe45dfbd861189c16820ef5cbea2b3725bf51e054b8a21c6ed125a072ebe2773e05d73cca0dbf166", "c5240210d61cb9a25eb4e0f24c8894b6ede874bb3326bee51026869bc0f06631", [0xffffffffffff0001, 0x2ba]}})

9.99985737s ago: executing program 6 (id=3190):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="041d0501c8acad00"], 0x8)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x20, 0x4a, 0x1, 0x0, 0xfffffffc, {0xa, 0x0, 0x6e80}, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0xfffffffe}, @nested={0x4, 0x1}]}, 0x20}}, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
r2 = epoll_create(0xff9)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x2})
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000002000000", @ANYRES32, @ANYBLOB="00000000000000b8ea364d89bcebb511e96138e431e63f24028f773c373ffc078c3299c2203004d1d8b467702f3f6a074b4727b19d55a42befef3770073b8c18b949edbe", @ANYRES32, @ANYBLOB="0000000000f0ffff00000000000000f0ffffffff"])
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x501040, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7c010000190001000000000000000000fc020000000000000000000000000000000000000000000000000000000000000000000300000000020000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000c400050000000000000000000000000000000000000000003200000000000000ac14140c000000000000000000000000000000000000ff00000000000000000001000000fc0200000000000000000000000000000000000032"], 0x17c}}, 0x4880)
sendto$inet(r4, &(0x7f0000000140)="07b28f77e0e397edac7715f8a5be4b090d940c908bb2e0b8ec726e1dce143892d1ebe640b872b048cdf1dedb48402eeb84a816a175cd77ee62bc295324df6037653c49fb389c11e0f4ff252509af8bd5a32eb9a1b324b8268e6b0e32bc16586f815d384227adcc9ed3cd46c199c4c498ecda4ceeb501567edf4bfdba0a5e60673c9e19a7629c6bd4243e489347008fc4266cf5652cfd9f171e057882864ed054f41f6aa6f70e1517052048d43bdd08e58642077704309f5d36726bce895813811dd06bfdc82433f0013f5f47ff9fe4046bba5c794dce4cfbef2237d1ca815fcacb470597ba98", 0xe6, 0x20040004, &(0x7f0000000240)={0x2, 0x4e24, @broadcast}, 0x10)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYRES64, @ANYRES32=0x0, @ANYRES8], 0x0)

7.067624817s ago: executing program 2 (id=3198):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) (fail_nth: 2)

6.914965351s ago: executing program 6 (id=3199):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0xe, 0x0)
writev(r0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r2, 0x4068aea3, &(0x7f0000000180)={0xdb, 0x0, 0x100000000})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x11, 0x148, 0xd0, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x6, 0x9, 0x2, 0x5], 0x5}, {0xffffffffffffffff, [0x0, 0x0, 0x6, 0x1]}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x5, 0xffff, 0x6, 0x8, 0xf, 0x3, 0xe, 0xe]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278)
keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'poly1305-simd\x00'}})
preadv(0xffffffffffffffff, &(0x7f0000000400)=[{0x0}, {0x0}, {0x0}], 0x3, 0x1000, 0x3f2f0fde)

6.450127181s ago: executing program 34 (id=3149):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cf", 0x2, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0xffe, 0x100, 0x2000000000004b42, 0x6, 0x80, 0x0, 0x40046}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x2, 0x3, 0x10000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000", @ANYBLOB="0000000600000000000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="006dd709d527c85c0000000000000000000000100000000000000000418fd990af4a60e40e89994eef2b09064d72d9e9d4368c9ff6a180f8d14b4089bb80c5246a040f8ed2cc04922cf832d8cd1bc2c219731344e4c3537de0fecb649fac92311ceba7013eab176938b55a9b7d7ab97a446c08d9861e33fe2f24a6d37843d57af9a8b70d8e42b337cc549299bbb822816c7c4b4ac73bd7"], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
r6 = fsopen(&(0x7f0000000040)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r5, 0x0)
madvise(&(0x7f0000358000/0x4000)=nil, 0x4000, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x74, &(0x7f0000000440)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e21, 0x5c, @private2, 0x7}, @in6={0xa, 0x4e23, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xff}, @in6={0xa, 0x4e21, 0x1, @local, 0x400}]}, &(0x7f0000000400)=0x10)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f7"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
socket$kcm(0x11, 0x5, 0x300)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000200))

6.436920835s ago: executing program 2 (id=3201):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0xc0800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet_sctp(0x2, 0x5, 0x84)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000180)={0x3, 0x80, 0x4, {0x5, @sdr={0x34324142, 0xffff}}, 0xfffff426})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x5, 0x6, 0x0, 0x0, 0x4, 0xf, 0x9, 0x0, 0x4}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe9)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRESDEC=0x0], 0x38}}, 0x40)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r7)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0xfff2}, {0xffe6, 0xb}, {0xfff2, 0xfff2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x4000804)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'ip_vti0\x00', @remote})
socket$nl_generic(0x10, 0x3, 0x10)

4.842100178s ago: executing program 5 (id=3205):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xae, 0x3b, 0xb0, 0x10, 0xbfd, 0x102, 0x9afd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa1, 0x0, 0x1, 0x23, 0x53, 0x87, 0x0, [], [{{0x9, 0x5, 0x7, 0x2, 0x40, 0x4}}]}}]}}]}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r1 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x80042, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000001c0)="3c75c2015e8724b5a4c586f2ae924b277f0443ec773eab27570e28988217c9b0", 0x20)
ioctl$PTP_PEROUT_REQUEST2(r2, 0x40383d0c, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000000c0)={0x2e, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @ra={0x5, 0x2, 0x5}, @padn={0x1, 0xb, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}]}, 0x30)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)

4.500353635s ago: executing program 4 (id=3206):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000280)=ANY=[@ANYBLOB="c0000000190001000000000000000000fe880000000000000000000000000101ac1414aa000000000000000000000000000000004e2300000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000a900000000000000040000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffff000000000000f8ff0000000000000000000a000000000000000000000080400000000000000000080000001000000000000101000000000008001f0003"], 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000980)='./file0\x00')
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0)

4.131057778s ago: executing program 2 (id=3207):
r0 = socket$packet(0x11, 0x3, 0x300) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000740)={&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x1, 0x0, 0x2, {0xa, 0x4e20, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xb8a4}}}, 0x80, &(0x7f0000000ac0)=[{}, {&(0x7f0000000380)="f216d3bb94e5f85aef5b2de24bc7a3edfc623f8ef5b28dfb38ab124247e2e499cfd8a927faea9f0de46553b1fd62a9", 0x2f}, {&(0x7f00000003c0)="dd76965e7a41ba8e4f281acd92c1552f2c5c9fe395cfc176eff80be4615913ba89f6cd493986dc974bae41df1b7326f5737fbf45d4320443b7a520e4bd1f575d1ab9797699de76e0ba896818bf58132a5db27ca5831a6a313be4f44607d32c6827d4603f7ef92e385536c28b0e2dbd70b23cc9422fb68ac99b27cd4464bda00ac095433fb9af6f467a277d7e5bc0f3e34f5cdc6f6986d8bbb732bca246c30b77fab975f1a31776d2989a0ea0850c49d040baefb83ba630", 0xb7}, {&(0x7f0000000540)="351267be3a2dec02c6ca675744c0bc3cf02835e4452ac33d692ac130f7b8618005d3fd3d26e64102cbaa5f3e0d4da91979798fcafaa77e6670be038ca0ee9b51983c47f793e67c14af8ee82a85a4187b7910d2bbdede4c2471d5eb958a8f51543009e4ff1cd3b5a0f2b345c11f221a3ce542090e7ca9d73d67548e866f381b7613afa846cb5d9b0b12cfc1512c60c95c310502730d17b1afe4d8852e45711268b73d448216d2aa5dd431df75978d6087b3ebb15d62a5d1fb220db292d014debbe5de3879e2e1f54330b5fc2810d0009f2c0751eeda8e4e3cc6120d701870", 0xde}, {&(0x7f0000000640)="98a06e11d0ee045e800275a6fcf470dfc638ac5c5a34dd7aa8bc58ab36b6ecbf131a8f28a97ff20cc33be925d408996df49f1fb2664a6ed1221dbaaf2568e88d2b2d4007038e5ddd6d261c8c78737444d25cd8676694a2d39e777a56981d6928c8037036194483ddfec4205efaacbb31f9f6d6eb7d233038817f477c2ab4c9a793d7e2c435021b1f49bd7472484e61e8a839d716ef8f4a86eb0d341d4d046504892f0570bc37ccf0f44fc732827a6258f749771f748596f5b1dda5b78011c7bfda03712bea8d480d5e1a40", 0xcb}, {&(0x7f0000000780)="9943d56f0aadd272ca43ccac24ad04bc9eecd2991fe6b285b1da66e48867b729edd5e3c6bc5a5cb7edfdaa7b6f81f09eb31bce31137329e5bb050123d899728aeb4f7ba30e4ccf8d1e8dabdac01d7eb1092d043bd33eaba7dc469cf9aba7eedb2321b05920d114214c798347068e014a031ba5323b5dabdf908a27f3e8a0865da44b187dfd3dc66e6694cafb780792cabceaddafe6918aee233d95e2cc7c94ce27", 0xa1}, {&(0x7f0000000840)="24188a99765ef080ca115722114f6612c02ee3358cd8838ee818bb616bb17a0ce4f6222403d0f962451938ab59f95fde8af48deb78a18c5903e59797aab83a7f067740fcbb6f25cb687cf36fb4c1429d62bd59a779486217a7baf3e0d9d93b063f336f8135b5ac04b53367ce21250022b7a02e137d6ea81a54831633456fca891e33e81caa73042c7dbe72523cd7f703dd5efae25accf9ad97dc022f8388d7462a77ce6f3412523f79437f45922e2c3fb7222860a3d72855266bf937e6fe", 0xbe}, {&(0x7f0000000900)="8436871bb0b5ddd1c46a4cce40b225d145ea65cc12ac5725b04da797a28b0b4f740be6d625a48543eb6246e02df627b99cee0290975c255885aa0e12a96b26cdc3ecb5f0dd9d0e3037b2aba2", 0x4c}, {&(0x7f0000000a00)="2311dfb9f01ba43f73fc70748348a6fb6cce81a1ec030e594d4c212b403857e08cda6e3c661f47075ef255ca8d5e130c8c381b8dced61ce4f768bec5e81f73fda887e9dc8d31ad2114d38dc2fba55c814df4ea33d9701d8286dcbfbfd4d37e5718e8df7af0997425b8d905dd5d8004bfb2aa80405dbe84c9b6bd1373c5cbfebb69f4eef14511523b603bea4cd19d8faf5cd48d29251074", 0x97}], 0x9}, 0x20004080)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x5, 0x0, 0x2}, 0x0) (async)
bind$inet(0xffffffffffffffff, 0x0, 0x0) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2}, 0x38) (async)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400) (async)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty, 0xffffffff}, 0x1c) (async)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000002c0)=0x659f, 0x4)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @pix_mp={0x8, 0x9, 0x32315258, 0x9, 0x1, [{0x80000000, 0x140}, {0xbd8f}, {0x81}, {0x100, 0x4a3}, {0xe79, 0x7}, {0x8, 0x400}, {0x8, 0x70}, {0x8001, 0x4}], 0x4, 0x4, 0x4, 0x2, 0x7}}, 0xfffffffd})
write$binfmt_script(r3, &(0x7f00000000c0), 0x28)
recvmmsg(r3, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002000, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4048aec9, &(0x7f0000000080)={0x0, 0x0, @ioapic={0x4, 0x1, 0x5, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x6, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x8, 0x0, '\x00', 0x4}, {0xc, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0x2}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xab, 0xaf, 0xe, '\x00', 0x9}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0xff, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}}) (async)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) (async)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={<r8=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_DESTROY_ID(r7, &(0x7f0000000500)={0x5, 0x10, 0xfa00, {0x0, r8}}, 0x18) (async)
close(r6)

4.103934071s ago: executing program 4 (id=3208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, &(0x7f0000000300))
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'pim6reg0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000840)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x3}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz3\x00', 0x2, 0x0)

3.605544636s ago: executing program 6 (id=3209):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l-aesni\x00'}, 0x58)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000340)={'erspan0\x00', 0x0, 0x80, 0x20, 0x6, 0xffff, {{0x3a, 0x4, 0x0, 0x1b, 0xe8, 0x67, 0x0, 0xf6, 0x2f, 0x0, @loopback, @rand_addr=0x64010102, {[@lsrr={0x83, 0xf, 0xb9, [@multicast2, @private=0xa010100, @rand_addr=0x64010100]}, @cipso={0x86, 0x67, 0x1, [{0x1, 0xe, "2168f3c6d416bfbf684a0438"}, {0x7, 0x11, "4000339423e63aa1f82946b2655559"}, {0x0, 0x12, "7b60c4c415559ff2942e86afd5f74900"}, {0x0, 0x3, "fc"}, {0x5, 0x2}, {0x2, 0x12, "048814648444dd0c6daff4e6881d895d"}, {0x1, 0x12, "6befcf00956303d49f1ff857fb8360a0"}, {0x7, 0x7, "98ec25ce77"}]}, @timestamp_addr={0x44, 0x44, 0x9a, 0x1, 0x9, [{@loopback, 0x2}, {@private=0xa010100, 0x45}, {@remote, 0x3}, {@private=0xa010100, 0x8}, {@loopback, 0x1}, {@empty, 0x6}, {@loopback, 0x5}, {@loopback, 0xffff8000}]}, @lsrr={0x83, 0xb, 0xfd, [@local, @loopback]}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x6, [{@multicast2, 0x93e}]}]}}}}})
syz_usb_connect(0x6, 0x62, &(0x7f00000000c0)=ANY=[@ANYRES16=r1, @ANYRESHEX=r1, @ANYRES32=r2, @ANYRES64=r1], 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff63)
openat$kvm(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x20048040)
symlink(0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x14)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x6, 0x4, 0x8001, 0x4, 0xb49, 0xba6, 0x0, 0x4, 0x2}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x71)
fsopen(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')

3.279210051s ago: executing program 4 (id=3210):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000003c0001800c00028005000101000000002c00018014000300fe88000000000000000000000000000114000400fe8000000000000000000000000000bb3c0003800c00028005110100000000002c00018014000300fe8000000000000000000000000000bb14000400fe8000000000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc0200000000000000000000000000fe140004"], 0xc8}}, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x90100)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000100)={0xb91, 0x2, 'client0\x00', 0x80000001, "a78adb4981574f9b", "75d1c028a0cb8dd1ba8dd422899ff8a833f7c099d3ce64ad6c27fabd74dda768", 0xd4e, 0xe})

3.122650874s ago: executing program 4 (id=3211):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0xc0040, 0x0)
write$snapshot(r0, &(0x7f00000000c0)="95a73c7da67cf77ca6b2ae7be355e88f801abca3de5ed20cb14c1c07883dd94fab13a7071f3e89ab0eab17fbe8e00009b1cfd7a724398aac26321832ede8", 0x3e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="30003300c03c0200ffb17206317165"], 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)

2.736373059s ago: executing program 2 (id=3212):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$video4linux(&(0x7f00000060c0), 0x7, 0x0)
ioctl$VIDIOC_SUBDEV_S_EDID(r1, 0xc0285629, &(0x7f0000006140)={0x0, 0x0, 0x0, '\x00', 0x0})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f0000000140)=0x5, 0x4)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a310000000018000380140000800800034000f6ff0208"], 0x44}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
getsockopt$inet_mptcp_buf(r2, 0x11c, 0x3, &(0x7f0000000380)=""/248, &(0x7f0000000040)=0xf8)

2.298997668s ago: executing program 2 (id=3213):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x200, @local, 0x9c3}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), 0xffffffffffffffff)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000300)="67404e8347d0ae5472d0fa33f9d6c96aec1bec78093e59b679b6ae3c759d1d4e9eb210a5ff000bae3c2daab08ec274f3d291fcf181f5aeef80c524a49a0cdb8cb199bd207fc16136a23b9c8ff15c4b25b1ef458c1500d4b0f9051761aa6c22930ace06e2a838c1", 0x67, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty, 0x800}, 0x1c)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800)
close(0x3)
r4 = fanotify_init(0x200, 0x0)
r5 = memfd_create(&(0x7f00000003c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00My0:\xc3\xad&\xbe\xa4\xd8\x9b\x96@r\x8c\xdc\xc0/j\x8f\x01(p\xbf\x9f\x8c=Q\x06\xa2\x99\xb7\x03?\xebX\xa6\x9d\x8e\xee\x16\xb7Zg\x87\xa3\x93mrEn\xda\xb7\xa1I#\x9eT\xab;\x16\x86\xed[\f\xf2P\x06\x8cjL\x12_0$ \x97)\xaf\x9b3\x06A\xa6A\xca\xd7\xcd\x02R\x8d\xe7\xcd\xee\x96\xac\x16\x0f\x1a\xfc\xca\x15\xf6`V\xa7\xe2R\x9e\xe3\xb4:\xadr\xd1>>*\xac\xabHt\xe3\xbf', 0x5)
r6 = dup(r5)
r7 = open(&(0x7f00000000c0)='.\x00', 0x264083, 0x60)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x36)
fanotify_mark(r4, 0x200, 0x8000041, r6, 0x0)
r9 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r9, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000140)='scalable\x00', 0x9)
unshare(0x68040200)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000f80)={0x20, 0x0, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000004}, 0x2000c9c4)
sendmsg$NFNL_MSG_ACCT_DEL(r10, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000003070101e304000000f6476ade96db191508f669c01ff471c151000000000000000001000002"], 0x14}, 0x1, 0x0, 0x0, 0x22000094}, 0x4000840)

1.683024204s ago: executing program 5 (id=3214):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x88, &(0x7f0000000040)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004600000076000000bd98000000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.577096937s ago: executing program 5 (id=3215):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(0xffffffffffffffff)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0)
ioctl$TIOCMGET(r1, 0x5415, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006a80), 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1c}}, 0x0)
read(r2, &(0x7f0000000140)=""/87, 0x57)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)

1.091220674s ago: executing program 4 (id=3216):
r0 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
r1 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
read(r0, &(0x7f0000000000)=""/74, 0x4a)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r2 = eventfd(0x2641d82c)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x1, 0x4, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000d80)={0x1, 0x0, [{0xdddd0000, 0xbb, &(0x7f0000000580)=""/187}]})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000180)={0x0, 0x0, 0x1, 0x1, 0xfffffffb})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x39383ddd, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000080)={'ip_vti0\x00', 0x0, 0x20, 0x0, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x8, 0x14, 0x0, 0x4, 0x80, 0x0, 0x0, @multicast2}}}})
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000007000/0x3000)=nil, 0x3000})

639.129277ms ago: executing program 5 (id=3217):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000280)=ANY=[@ANYBLOB="c0000000190001000000000000000000fe880000000000000000000000000101ac1414aa000000000000000000000000000000004e2300000a00000000000000", @ANYRES32, @ANYBLOB="0000000000000000a900000000000000040000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffff000000000000f8ff0000000000000000000a000000000000000000000080400000000000000000080000001000000000000101000000000008001f0003"], 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000980)='./file0\x00')
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0)

552.337645ms ago: executing program 2 (id=3218):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0xe, 0x0)
writev(r0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r2, 0x4068aea3, &(0x7f0000000180)={0xdb, 0x0, 0x100000000})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x11, 0x148, 0xd0, 0x0, 0x180, 0x2a8, 0x2a8, 0x180, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x6, 0x9, 0x2, 0x5], 0x5}, {0xffffffffffffffff, [0x0, 0x0, 0x6, 0x1]}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x5, 0xffff, 0x6, 0x8, 0xf, 0x3, 0xe, 0xe]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278)
keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'poly1305-simd\x00'}})
preadv(0xffffffffffffffff, &(0x7f0000000400)=[{0x0}, {0x0}, {0x0}], 0x3, 0x1000, 0x3f2f0fde)

439.292909ms ago: executing program 5 (id=3219):
socket(0x18, 0x5, 0x8001)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
writev(r2, &(0x7f0000000680)=[{&(0x7f0000000600)="12508f1a8ef0e214553f5b8cb41a70320a3b74f28bb116da080dcec817a1dfdee133f2b5189b41542f3604580b62bddc522aea44ffb40af4", 0x38}], 0x1)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
close(r2)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xfffffffffffffff7, 0x24001)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x50a000, 0x0)
splice(r3, 0x0, r4, 0x0, 0x100000000000007, 0x9)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x6, &(0x7f0000000000)=0x9, 0x4)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1)
socket$inet6(0xa, 0x1, 0x6)
sendmsg$FOU_CMD_GET(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="e6082dbd7000fedbdf2503000000060001005e2100000500030008400000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000001)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000240)=0x2)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53605f70000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc7f00000000000000814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c194f2ffffa1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f7d5959120dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823f215af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15453e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3c23e80613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r8 = socket(0x10, 0x803, 0x0)
sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/101, 0x65}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000040)=""/87, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f0000000000)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x400000000000272, 0x2040000, &(0x7f0000003700)={0x77359400})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

211.117535ms ago: executing program 6 (id=3220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r3, &(0x7f0000000000)="e6", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
shutdown(r3, 0x1)
recvfrom(r3, 0x0, 0xfffffffffffffd1e, 0x40000002, 0x0, 0x19)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643de60a5b84b9109a0431b031765f22cef5d8e0e4083adb30542a97b2a3fc07f60f58ed9da7850cae505c19cde1dca56690d7bbc1fbb75cdddfb9f7c532fb1f00c374", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
setxattr$system_posix_acl(&(0x7f0000000140)='./file0/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x2)
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x7800)
sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40}, 0x0)
recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x60}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004818}, 0x4)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fff0000}]})
r6 = getpid()
ioprio_set$pid(0x1, r6, 0x0)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
clock_gettime(0x1, &(0x7f00000000c0))

152.898006ms ago: executing program 4 (id=3221):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7553, 0x6a3e, 0x48, &(0x7f00000000c0)={[0xfffffffffffffff9]}, 0x8)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="020100000a00000000000000fcdf25030006003c10000002004e23640101000000000000000000030005003200000002004e23ac1414aa000000000000110002001300030000002abd70000735000000"], 0x50}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'syztnl0\x00', 0x0, 0x4, 0x6, 0x2, 0x4, 0x31, @mcast2, @mcast1, 0x7, 0x10, 0xe03, 0x1}})
sendmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000200)={'\x00', 0x401, 0x8, 0x1, 0x6, 0x5, <r6=>0x0})
fcntl$lock(r2, 0x24, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x2, r6})
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r7, 0x0, 0x4000840)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000000)={0x2000})
r8 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0)
r9 = io_uring_setup(0xc8e, &(0x7f0000000380)={0x0, 0x0, 0x80, 0xfffffffc, 0x361})
r10 = io_uring_setup(0x26a9, &(0x7f00000002c0)={0x0, 0x1cb5, 0x2, 0x3, 0x7a, 0x0, r9})
io_uring_register$IORING_REGISTER_BUFFERS2(r10, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2)
io_uring_enter(r10, 0x16ad, 0xe76b, 0x1d, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000001340)={{0x2, 0x0, 0x4}, 0x3, 0x0, 0xfa, r6, 0x0, 0x0, 'syz0\x00', 0x0})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

30.724271ms ago: executing program 5 (id=3222):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f00000000c0), &(0x7f0000000200)=0x4)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x72d42dca44adb00f)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r3, &(0x7f00000001c0)=ANY=[], 0xa)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs/binder1\x00', 0x1802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r5 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000001680)={0x0, 0x1})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r6, 0x7b0, &(0x7f00000001c0)={@any, 0xfffffffe})
r7 = add_key$user(0x0, &(0x7f00000005c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r7}, 0x0, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0xfffffffffffffffc)
r8 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r8, 0x0, 0x0)
r9 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x100000b, 0x12, r9, 0x82000000)
syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00')
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000180)=[@increfs_done], 0x0, 0x0, 0x0})

0s ago: executing program 6 (id=3223):
r0 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f00000074c0)={0x0, 0x0, &(0x7f0000007480)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a14000000000a0182"], 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x10)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x2000c890}, 0x4800)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x9, 0x8}, 0x8)

kernel console output (not intermixed with test programs):

630][T15828] RBP: 00007fa177da6090 R08: 0000000000000000 R09: 0000000000000000
[  648.600640][T15828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  648.600650][T15828] R13: 00007fa1771c6038 R14: 00007fa1771c5fa0 R15: 00007fa1772efa28
[  648.600677][T15828]  </TASK>
[  648.794748][    C0] vkms_vblank_simulate: vblank timer overrun
[  649.007989][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  649.022902][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  649.036577][ T5912] usb 5-1: config 0 has an invalid interface number: 63 but max is 0
[  649.053775][ T5912] usb 5-1: config 0 has no interface number 0
[  649.066874][ T5912] usb 5-1: config 0 interface 63 has no altsetting 0
[  649.090428][ T5912] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0113, bcdDevice=d5.e8
[  649.092635][T15835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2914'.
[  649.100343][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.147651][ T5912] usb 5-1: Product: syz
[  649.159161][ T5912] usb 5-1: Manufacturer: syz
[  649.163909][ T5912] usb 5-1: SerialNumber: syz
[  649.189825][T14071] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  649.199244][ T5912] usb 5-1: config 0 descriptor??
[  649.354731][   T30] audit: type=1326 audit(1756619823.769:16764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  649.359019][T15842] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2917'.
[  649.377277][    C0] vkms_vblank_simulate: vblank timer overrun
[  649.378395][ T5184] Bluetooth: hci0: command 0x0405 tx timeout
[  649.387622][   T30] audit: type=1326 audit(1756619823.769:16765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  649.426666][   T30] audit: type=1326 audit(1756619823.769:16766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bcf790b07 code=0x7ffc0000
[  649.453267][ T5184] Bluetooth: hci2: command 0x0c1a tx timeout
[  649.457330][T15824] netlink: 140 bytes leftover after parsing attributes in process `syz.4.2909'.
[  649.459409][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout
[  649.459473][ T5867] Bluetooth: hci1: command 0x0405 tx timeout
[  649.459871][   T30] audit: type=1326 audit(1756619823.769:16767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f4bcf790a7c code=0x7ffc0000
[  649.516734][T15824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.517986][T14071] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  649.546895][T15824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.556676][T14071] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.613241][ T5912] kvaser_usb 5-1:0.63: error -ENODEV: Cannot get usb endpoint(s)
[  649.637940][T14071] usb 6-1: config 0 descriptor??
[  649.643162][   T30] audit: type=1326 audit(1756619823.769:16768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f4bcf7909b4 code=0x7ffc0000
[  649.667668][   T30] audit: type=1326 audit(1756619823.769:16769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f4bcf7909b4 code=0x7ffc0000
[  649.669802][T14071] cp210x 6-1:0.0: cp210x converter detected
[  649.703681][   T30] audit: type=1326 audit(1756619823.769:16770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4bcf78d84a code=0x7ffc0000
[  649.718252][ T5912] usb 5-1: USB disconnect, device number 106
[  649.746882][   T30] audit: type=1326 audit(1756619823.769:16771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  649.765769][T15847] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  649.772446][   T30] audit: type=1326 audit(1756619823.769:16772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  649.812053][   T30] audit: type=1326 audit(1756619823.769:16773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15841 comm="syz.2.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  650.047902][   T24] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  650.105542][T14071] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  650.126456][T14071] usb 6-1: cp210x converter now attached to ttyUSB0
[  650.154441][ T5964] cdc_ncm 4-1:1.0: bind() failure
[  650.188096][ T5964] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71
[  650.200104][   T24] usb 3-1: Using ep0 maxpacket: 32
[  650.211008][ T5964] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  650.213972][   T24] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  650.229113][ T5964] usbtest 4-1:1.1: probe with driver usbtest failed with error -71
[  650.256463][   T24] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  650.267180][ T5964] usb 4-1: USB disconnect, device number 89
[  650.284629][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  650.299262][   T24] usb 3-1: config 1 has no interface number 0
[  650.305565][   T24] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  650.320537][   T24] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 10229, setting to 1024
[  650.339501][   T24] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  650.484016][   T24] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  650.493611][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.505021][T15847] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  650.550451][   T24] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  650.575215][T15855] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2919'.
[  650.584615][T15855] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  650.665614][T15856] netlink: 'syz.4.2920': attribute type 27 has an invalid length.
[  650.723940][T15847] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  650.746558][   T24] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  650.837155][T15856] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.845085][T15856] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.019586][T14071] usb 7-1: USB disconnect, device number 93
[  651.126919][   T24] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  651.344500][T15856] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.357989][   T24] usb 5-1: Using ep0 maxpacket: 16
[  651.367205][   T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  651.380989][   T24] usb 5-1: config 0 has no interface number 0
[  651.394005][   T24] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  651.404799][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.413198][   T24] usb 5-1: Product: syz
[  651.446642][   T24] usb 5-1: Manufacturer: syz
[  651.451717][T13281] vhci_hcd: vhci_device speed not set
[  651.465938][   T24] usb 5-1: SerialNumber: syz
[  651.491756][   T24] usb 5-1: config 0 descriptor??
[  651.497637][T15856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  651.506854][   T24] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  651.527848][ T5869] Bluetooth: hci2: command 0x0c1a tx timeout
[  651.528218][ T5184] Bluetooth: hci4: command 0x0c1a tx timeout
[  651.667836][ T5933] usb 7-1: new low-speed USB device number 94 using dummy_hcd
[  651.770623][T14071] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  651.808392][ T5933] usb 7-1: device descriptor read/64, error -71
[  651.874008][T14071] usb 6-1: USB disconnect, device number 73
[  651.922280][T15856] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  651.946228][T14071] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  652.022941][T14071] cp210x 6-1:0.0: device disconnected
[  652.048001][ T5933] usb 7-1: new low-speed USB device number 95 using dummy_hcd
[  652.160063][T15857] 8021q: adding VLAN 0 to HW filter on device bond0
[  652.175580][T15857] 8021q: adding VLAN 0 to HW filter on device team0
[  652.189752][T15857] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  652.215742][T12444] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  652.224873][ T5933] usb 7-1: device descriptor read/64, error -71
[  652.233284][T12444] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  652.246712][T15872] fuse: Bad value for 'fd'
[  652.260027][ T5912] usb 3-1: USB disconnect, device number 95
[  652.267495][ T5912] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  652.333491][T12444] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  652.516514][ T5933] usb usb7-port1: attempt power cycle
[  652.536114][T12444] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  652.648844][   T24] gspca_spca1528: reg_w err -110
[  652.670841][   T24] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  652.869574][ T5933] usb 7-1: new low-speed USB device number 96 using dummy_hcd
[  652.898886][ T5933] usb 7-1: device descriptor read/8, error -71
[  652.909415][T15874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2925'.
[  653.348414][ T5933] usb 7-1: new low-speed USB device number 97 using dummy_hcd
[  653.379013][ T5933] usb 7-1: device descriptor read/8, error -71
[  653.488191][ T5933] usb usb7-port1: unable to enumerate USB device
[  653.527680][ T5933] usb 5-1: USB disconnect, device number 107
[  653.612392][ T5184] Bluetooth: hci4: command 0x0c1a tx timeout
[  653.612415][ T5869] Bluetooth: hci2: command 0x0c1a tx timeout
[  654.012133][T15880] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  654.018889][T15893] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  654.018889][T15893] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  654.044872][    C0] vkms_vblank_simulate: vblank timer overrun
[  654.051357][T15880] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  654.057533][T15880] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  654.066448][T15880] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  654.086679][T15880] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  654.109786][T15893] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2929'.
[  654.364217][T15901] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  654.364217][T15901] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  654.390250][    C0] vkms_vblank_simulate: vblank timer overrun
[  654.477816][ T5933] usb 5-1: new full-speed USB device number 108 using dummy_hcd
[  654.536761][T15901] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2930'.
[  654.852904][T15904] FAULT_INJECTION: forcing a failure.
[  654.852904][T15904] name failslab, interval 1, probability 0, space 0, times 0
[  654.941457][T15904] CPU: 1 UID: 0 PID: 15904 Comm: syz.3.2932 Not tainted syzkaller #0 PREEMPT(full) 
[  654.941481][T15904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  654.941490][T15904] Call Trace:
[  654.941497][T15904]  <TASK>
[  654.941506][T15904]  dump_stack_lvl+0x189/0x250
[  654.941529][T15904]  ? __pfx____ratelimit+0x10/0x10
[  654.941552][T15904]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.941571][T15904]  ? __pfx__printk+0x10/0x10
[  654.941602][T15904]  ? __pfx___might_resched+0x10/0x10
[  654.941623][T15904]  should_fail_ex+0x414/0x560
[  654.941647][T15904]  should_failslab+0xa8/0x100
[  654.941670][T15904]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  654.941694][T15904]  ? __alloc_skb+0x112/0x2d0
[  654.941715][T15904]  __alloc_skb+0x112/0x2d0
[  654.941736][T15904]  netlink_sendmsg+0x5c6/0xb30
[  654.941763][T15904]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.941782][T15904]  ? aa_sock_msg_perm+0xf1/0x1d0
[  654.941800][T15904]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  654.941818][T15904]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.941835][T15904]  __sock_sendmsg+0x219/0x270
[  654.941871][T15904]  ____sys_sendmsg+0x505/0x830
[  654.941897][T15904]  ? __pfx_____sys_sendmsg+0x10/0x10
[  654.941925][T15904]  ? import_iovec+0x74/0xa0
[  654.941953][T15904]  ___sys_sendmsg+0x21f/0x2a0
[  654.941975][T15904]  ? __pfx____sys_sendmsg+0x10/0x10
[  654.942029][T15904]  ? __fget_files+0x2a/0x420
[  654.942051][T15904]  ? __fget_files+0x3a0/0x420
[  654.942083][T15904]  __x64_sys_sendmsg+0x19b/0x260
[  654.942104][T15904]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  654.942175][T15904]  ? __pfx_ksys_write+0x10/0x10
[  654.942197][T15904]  ? rcu_is_watching+0x15/0xb0
[  654.942218][T15904]  ? do_syscall_64+0xbe/0x3b0
[  654.942237][T15904]  do_syscall_64+0xfa/0x3b0
[  654.942251][T15904]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.942271][T15904]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.942298][T15904]  ? clear_bhb_loop+0x60/0xb0
[  654.942320][T15904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.942338][T15904] RIP: 0033:0x7f49aeb8ebe9
[  654.942355][T15904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.942370][T15904] RSP: 002b:00007f49af9bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  654.942387][T15904] RAX: ffffffffffffffda RBX: 00007f49aedc5fa0 RCX: 00007f49aeb8ebe9
[  654.942400][T15904] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003
[  654.942411][T15904] RBP: 00007f49af9bf090 R08: 0000000000000000 R09: 0000000000000000
[  654.942421][T15904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  654.942431][T15904] R13: 00007f49aedc6038 R14: 00007f49aedc5fa0 R15: 00007f49aeeefa28
[  654.942456][T15904]  </TASK>
[  654.942906][ T5933] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  655.157801][    C0] vkms_vblank_simulate: vblank timer overrun
[  655.498417][ T5869] Bluetooth: hci3: command 0x0406 tx timeout
[  655.533835][ T5933] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  655.563627][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.625782][T15912] fuse: Unknown parameter 'group_id00000000000000000000'
[  655.650966][ T5933] usb 5-1: Product: syz
[  655.655148][ T5933] usb 5-1: Manufacturer: syz
[  655.668850][ T5933] usb 5-1: SerialNumber: syz
[  656.088039][ T5869] Bluetooth: hci2: command 0x0c1a tx timeout
[  656.094107][ T5184] Bluetooth: hci4: command 0x0c1a tx timeout
[  656.100467][ T5184] Bluetooth: hci1: command 0x0405 tx timeout
[  656.106603][ T5867] Bluetooth: hci0: command 0x0405 tx timeout
[  656.141754][T15920] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2937'.
[  656.154687][T15920] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2937'.
[  656.188149][T15920] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2937'.
[  656.217059][T15920] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2937'.
[  656.612076][T15929] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2941'.
[  656.810758][T15936] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2944'.
[  656.917886][ T5964] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  656.935880][T15943] ipvlan0: entered promiscuous mode
[  656.941416][T15943] ipvlan0: entered allmulticast mode
[  656.946812][T15943] veth0_vlan: entered allmulticast mode
[  657.078088][ T5964] usb 6-1: device descriptor read/64, error -71
[  657.197012][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  657.197030][   T30] audit: type=1326 audit(1756619831.609:16795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.225956][    C0] vkms_vblank_simulate: vblank timer overrun
[  657.232416][   T30] audit: type=1326 audit(1756619831.609:16796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.255055][   T30] audit: type=1326 audit(1756619831.619:16797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.277543][    C0] vkms_vblank_simulate: vblank timer overrun
[  657.285300][   T30] audit: type=1326 audit(1756619831.619:16798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.309687][   T30] audit: type=1326 audit(1756619831.619:16799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.333844][   T30] audit: type=1326 audit(1756619831.619:16800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.357183][   T30] audit: type=1326 audit(1756619831.619:16801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcf78ebe9 code=0x7ffc0000
[  657.358095][ T5964] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  657.381050][   T30] audit: type=1326 audit(1756619831.619:16802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4bcf78d550 code=0x7ffc0000
[  657.411155][   T30] audit: type=1326 audit(1756619831.619:16803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4bcf78e7eb code=0x7ffc0000
[  657.433885][   T30] audit: type=1326 audit(1756619831.619:16804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.2.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4bcf78e7eb code=0x7ffc0000
[  657.467837][   T24] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  657.517842][ T5964] usb 6-1: device descriptor read/64, error -71
[  657.597995][   T24] usb 3-1: device descriptor read/64, error -71
[  657.628070][ T5964] usb usb6-port1: attempt power cycle
[  657.838052][   T24] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  657.890688][T15958] FAULT_INJECTION: forcing a failure.
[  657.890688][T15958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.908263][T15958] CPU: 1 UID: 0 PID: 15958 Comm: syz.6.2951 Not tainted syzkaller #0 PREEMPT(full) 
[  657.908289][T15958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  657.908300][T15958] Call Trace:
[  657.908308][T15958]  <TASK>
[  657.908316][T15958]  dump_stack_lvl+0x189/0x250
[  657.908341][T15958]  ? __pfx____ratelimit+0x10/0x10
[  657.908365][T15958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.908385][T15958]  ? __pfx__printk+0x10/0x10
[  657.908408][T15958]  ? __might_fault+0xb0/0x130
[  657.908441][T15958]  should_fail_ex+0x414/0x560
[  657.908467][T15958]  _copy_from_iter+0x1de/0x1790
[  657.908492][T15958]  ? rcu_is_watching+0x15/0xb0
[  657.908512][T15958]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  657.908535][T15958]  ? __pfx__copy_from_iter+0x10/0x10
[  657.908555][T15958]  ? __build_skb_around+0x257/0x3e0
[  657.908576][T15958]  ? netlink_sendmsg+0x642/0xb30
[  657.908591][T15958]  ? skb_put+0x11b/0x210
[  657.908611][T15958]  netlink_sendmsg+0x6b2/0xb30
[  657.908637][T15958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  657.908657][T15958]  ? aa_sock_msg_perm+0xf1/0x1d0
[  657.908676][T15958]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  657.908694][T15958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  657.908712][T15958]  __sock_sendmsg+0x219/0x270
[  657.908736][T15958]  ____sys_sendmsg+0x505/0x830
[  657.908761][T15958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  657.908789][T15958]  ? import_iovec+0x74/0xa0
[  657.908812][T15958]  ___sys_sendmsg+0x21f/0x2a0
[  657.908833][T15958]  ? __pfx____sys_sendmsg+0x10/0x10
[  657.908894][T15958]  ? __fget_files+0x2a/0x420
[  657.908916][T15958]  ? __fget_files+0x3a0/0x420
[  657.908949][T15958]  __x64_sys_sendmsg+0x19b/0x260
[  657.908971][T15958]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  657.908999][T15958]  ? __pfx_ksys_write+0x10/0x10
[  657.909017][T15958]  ? rcu_is_watching+0x15/0xb0
[  657.909039][T15958]  ? do_syscall_64+0xbe/0x3b0
[  657.909059][T15958]  do_syscall_64+0xfa/0x3b0
[  657.909074][T15958]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.909095][T15958]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.909113][T15958]  ? clear_bhb_loop+0x60/0xb0
[  657.909133][T15958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.909150][T15958] RIP: 0033:0x7fabf978ebe9
[  657.909167][T15958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.909182][T15958] RSP: 002b:00007fabfa55c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  657.909201][T15958] RAX: ffffffffffffffda RBX: 00007fabf99c5fa0 RCX: 00007fabf978ebe9
[  657.909214][T15958] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  657.909225][T15958] RBP: 00007fabfa55c090 R08: 0000000000000000 R09: 0000000000000000
[  657.909236][T15958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.909246][T15958] R13: 00007fabf99c6038 R14: 00007fabf99c5fa0 R15: 00007fabf9aefa28
[  657.909275][T15958]  </TASK>
[  658.258267][   T24] usb 3-1: device descriptor read/64, error -71
[  658.264980][T13281] usb 5-1: USB disconnect, device number 108
[  658.368079][   T24] usb usb3-port1: attempt power cycle
[  658.417211][T15965] FAULT_INJECTION: forcing a failure.
[  658.417211][T15965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.438964][T15965] CPU: 1 UID: 0 PID: 15965 Comm: syz.4.2954 Not tainted syzkaller #0 PREEMPT(full) 
[  658.438987][T15965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  658.438998][T15965] Call Trace:
[  658.439006][T15965]  <TASK>
[  658.439015][T15965]  dump_stack_lvl+0x189/0x250
[  658.439037][T15965]  ? __pfx____ratelimit+0x10/0x10
[  658.439059][T15965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  658.439077][T15965]  ? __pfx__printk+0x10/0x10
[  658.439098][T15965]  ? __might_fault+0xb0/0x130
[  658.439128][T15965]  should_fail_ex+0x414/0x560
[  658.439153][T15965]  _copy_from_iter+0x1de/0x1790
[  658.439176][T15965]  ? rcu_is_watching+0x15/0xb0
[  658.439195][T15965]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  658.439217][T15965]  ? __pfx__copy_from_iter+0x10/0x10
[  658.439235][T15965]  ? __build_skb_around+0x257/0x3e0
[  658.439254][T15965]  ? netlink_sendmsg+0x642/0xb30
[  658.439269][T15965]  ? skb_put+0x11b/0x210
[  658.439289][T15965]  netlink_sendmsg+0x6b2/0xb30
[  658.439316][T15965]  ? __pfx_netlink_sendmsg+0x10/0x10
[  658.439334][T15965]  ? aa_sock_msg_perm+0xf1/0x1d0
[  658.439352][T15965]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  658.439369][T15965]  ? __pfx_netlink_sendmsg+0x10/0x10
[  658.439386][T15965]  __sock_sendmsg+0x219/0x270
[  658.439408][T15965]  ____sys_sendmsg+0x505/0x830
[  658.439431][T15965]  ? __pfx_____sys_sendmsg+0x10/0x10
[  658.439453][T15965]  ? import_iovec+0x74/0xa0
[  658.439474][T15965]  ___sys_sendmsg+0x21f/0x2a0
[  658.439495][T15965]  ? __pfx____sys_sendmsg+0x10/0x10
[  658.439547][T15965]  ? __fget_files+0x2a/0x420
[  658.439566][T15965]  ? __fget_files+0x3a0/0x420
[  658.439596][T15965]  __x64_sys_sendmsg+0x19b/0x260
[  658.439615][T15965]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  658.439642][T15965]  ? __pfx_ksys_write+0x10/0x10
[  658.439660][T15965]  ? rcu_is_watching+0x15/0xb0
[  658.439680][T15965]  ? do_syscall_64+0xbe/0x3b0
[  658.439700][T15965]  do_syscall_64+0xfa/0x3b0
[  658.439712][T15965]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.439733][T15965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.439747][T15965]  ? clear_bhb_loop+0x60/0xb0
[  658.439766][T15965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.439780][T15965] RIP: 0033:0x7ff91d98ebe9
[  658.439794][T15965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.439807][T15965] RSP: 002b:00007ff91e737038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  658.439826][T15965] RAX: ffffffffffffffda RBX: 00007ff91dbc5fa0 RCX: 00007ff91d98ebe9
[  658.439839][T15965] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  658.439859][T15965] RBP: 00007ff91e737090 R08: 0000000000000000 R09: 0000000000000000
[  658.439870][T15965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.439880][T15965] R13: 00007ff91dbc6038 R14: 00007ff91dbc5fa0 R15: 00007ff91dcefa28
[  658.439907][T15965]  </TASK>
[  658.788045][ T5964] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  658.831894][ T5964] usb 6-1: device descriptor read/8, error -71
[  658.838101][   T24] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  658.863407][   T24] usb 3-1: device descriptor read/8, error -71
[  659.039579][T15975] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  659.085731][T15972] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2957'.
[  659.107883][ T5964] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  659.127983][   T24] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  659.149912][   T24] usb 3-1: device descriptor read/8, error -71
[  659.150339][ T5964] usb 6-1: device descriptor read/8, error -71
[  659.201501][T15975] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2956'.
[  659.252575][T15977] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.2956' resets device
[  659.262063][   T24] usb usb3-port1: unable to enumerate USB device
[  659.411562][ T5964] usb usb6-port1: unable to enumerate USB device
[  659.631077][T15984] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2958'.
[  659.958229][ T5964] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[  660.131405][ T5964] usb 6-1: Using ep0 maxpacket: 32
[  660.147038][ T5964] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  660.160291][ T5964] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  660.171735][ T5964] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  660.182427][ T5964] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  660.193214][ T5964] usb 6-1: config 1 has no interface number 0
[  660.199831][ T5964] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[  660.236471][ T5964] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  660.255958][ T5964] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.330895][ T5964] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  660.468966][ T5933] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  660.498698][ T5964] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[  660.517416][ T5964] snd_usb_pod 6-1:1.1: invalid control EP
[  660.528819][ T5964] snd_usb_pod 6-1:1.1: cannot start listening: -22
[  660.535584][ T5964] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  660.551986][ T5964] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[  660.629577][ T5933] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  660.639132][ T5933] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  660.655394][ T5933] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  660.658110][ T5912] usb 7-1: new full-speed USB device number 98 using dummy_hcd
[  660.682117][ T5933] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  660.713494][ T5964] usb 6-1: USB disconnect, device number 78
[  660.746137][ T5933] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  660.791219][ T5933] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  660.800597][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  660.814090][ T5933] usb 4-1: Product: syz
[  660.821302][ T5933] usb 4-1: Manufacturer: syz
[  660.856166][T16006] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  660.864321][T13281] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  660.893010][ T5912] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  660.908760][ T5933] cdc_wdm 4-1:1.0: skipping garbage
[  660.917943][ T5912] usb 7-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 26
[  660.999619][ T5933] cdc_wdm 4-1:1.0: skipping garbage
[  661.009487][ T5933] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  661.015577][ T5912] usb 7-1: config 1 interface 0 has no altsetting 0
[  661.022333][ T5933] cdc_wdm 4-1:1.0: Unknown control protocol
[  661.031927][ T5912] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  661.051410][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.067983][T13281] usb 3-1: Using ep0 maxpacket: 8
[  661.067989][ T5912] usb 7-1: Product: syz
[  661.071877][T13281] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.118838][T13281] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  661.123350][ T5912] usb 7-1: Manufacturer: syz
[  661.128866][T13281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.156837][T13281] usb 3-1: config 0 descriptor??
[  661.164578][ T5912] usb 7-1: SerialNumber: syz
[  661.187567][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -75
[  661.432531][ T5933] usb 4-1: USB disconnect, device number 90
[  661.560428][T16011] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2969'.
[  661.722569][T16010] could not allocate digest TFM handle poly1305-simd
[  661.867864][T13281] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  661.887787][   T24] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[  662.039802][   T24] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  662.050803][   T24] usb 6-1: config 220 has an invalid descriptor of length 99, skipping remainder of the config
[  662.062106][T13281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  662.078160][T13281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  662.088434][   T24] usb 6-1: config 220 has no interface number 2
[  662.150344][T16022] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2972'.
[  662.161246][   T24] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  662.182876][T13281] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  662.211373][T13281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.232258][   T24] usb 6-1: config 220 interface 0 has no altsetting 0
[  662.259431][   T24] usb 6-1: config 220 interface 76 has no altsetting 0
[  662.281582][T13281] usb 5-1: config 0 descriptor??
[  662.299828][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  662.299840][   T30] audit: type=1326 audit(1756619836.719:16834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.337942][   T24] usb 6-1: config 220 interface 1 has no altsetting 0
[  662.367577][   T30] audit: type=1326 audit(1756619836.779:16835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.368761][   T24] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  662.399502][   T30] audit: type=1326 audit(1756619836.779:16836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.401250][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.431122][   T24] usb 6-1: Product: syz
[  662.437090][   T30] audit: type=1326 audit(1756619836.779:16837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.445541][   T24] usb 6-1: Manufacturer: syz
[  662.464583][   T24] usb 6-1: SerialNumber: syz
[  662.471190][   T30] audit: type=1326 audit(1756619836.779:16838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.494676][   T30] audit: type=1326 audit(1756619836.779:16839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.520867][   T30] audit: type=1326 audit(1756619836.839:16840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.544761][   T30] audit: type=1326 audit(1756619836.839:16841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  662.570573][   T30] audit: type=1326 audit(1756619836.849:16842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f49aeb8d550 code=0x7ffc0000
[  662.594023][   T30] audit: type=1326 audit(1756619836.849:16843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16023 comm="syz.3.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49aeb8e7eb code=0x7ffc0000
[  662.668040][ T5933] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  662.690228][   T24] usb 6-1: selecting invalid altsetting 0
[  662.705039][   T24] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  662.711654][   T24] usb 6-1: No valid video chain found.
[  662.723915][   T24] usb 6-1: selecting invalid altsetting 0
[  662.729948][   T24] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[  662.744502][   T24] usb 6-1: USB disconnect, device number 79
[  662.772004][T13281] usbhid 5-1:0.0: can't add hid device: -71
[  662.787187][T13281] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  662.799003][ T5933] usb 4-1: device descriptor read/64, error -71
[  662.799927][T13281] usb 5-1: USB disconnect, device number 109
[  663.047822][ T5933] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  663.178256][ T5933] usb 4-1: device descriptor read/64, error -71
[  663.288390][ T5933] usb usb4-port1: attempt power cycle
[  663.346587][T16030] fuse: Bad value for 'fd'
[  663.724750][ T5912] usb 3-1: USB disconnect, device number 100
[  663.863939][ T5964] usb 7-1: USB disconnect, device number 98
[  663.935552][T16036] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2978'.
[  663.957848][ T5933] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  663.981626][ T5933] usb 4-1: device descriptor read/8, error -71
[  664.010002][T12438] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  664.039390][T16039] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2976'.
[  664.045240][T12438] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  664.234130][T12438] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  664.294180][T12438] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  664.303092][ T5933] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  664.338536][ T5933] usb 4-1: device descriptor read/8, error -71
[  664.450725][ T5933] usb usb4-port1: unable to enumerate USB device
[  664.450754][T16049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2981'.
[  664.500080][T16051] FAULT_INJECTION: forcing a failure.
[  664.500080][T16051] name failslab, interval 1, probability 0, space 0, times 0
[  664.542331][T16051] CPU: 0 UID: 0 PID: 16051 Comm: syz.5.2982 Not tainted syzkaller #0 PREEMPT(full) 
[  664.542356][T16051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  664.542367][T16051] Call Trace:
[  664.542375][T16051]  <TASK>
[  664.542383][T16051]  dump_stack_lvl+0x189/0x250
[  664.542408][T16051]  ? __pfx____ratelimit+0x10/0x10
[  664.542430][T16051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  664.542448][T16051]  ? __pfx__printk+0x10/0x10
[  664.542474][T16051]  ? __pfx___might_resched+0x10/0x10
[  664.542496][T16051]  should_fail_ex+0x414/0x560
[  664.542520][T16051]  should_failslab+0xa8/0x100
[  664.542544][T16051]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  664.542567][T16051]  ? __alloc_skb+0x112/0x2d0
[  664.542588][T16051]  __alloc_skb+0x112/0x2d0
[  664.542608][T16051]  netlink_sendmsg+0x5c6/0xb30
[  664.542634][T16051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  664.542655][T16051]  ? aa_sock_msg_perm+0xf1/0x1d0
[  664.542674][T16051]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  664.542691][T16051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  664.542709][T16051]  __sock_sendmsg+0x219/0x270
[  664.542734][T16051]  ____sys_sendmsg+0x505/0x830
[  664.542759][T16051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  664.542786][T16051]  ? import_iovec+0x74/0xa0
[  664.542810][T16051]  ___sys_sendmsg+0x21f/0x2a0
[  664.542831][T16051]  ? __pfx____sys_sendmsg+0x10/0x10
[  664.542884][T16051]  ? __fget_files+0x2a/0x420
[  664.542906][T16051]  ? __fget_files+0x3a0/0x420
[  664.542937][T16051]  __x64_sys_sendmsg+0x19b/0x260
[  664.542959][T16051]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  664.542988][T16051]  ? __pfx_ksys_write+0x10/0x10
[  664.543006][T16051]  ? rcu_is_watching+0x15/0xb0
[  664.543028][T16051]  ? do_syscall_64+0xbe/0x3b0
[  664.543048][T16051]  do_syscall_64+0xfa/0x3b0
[  664.543063][T16051]  ? lockdep_hardirqs_on+0x9c/0x150
[  664.543085][T16051]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.543101][T16051]  ? clear_bhb_loop+0x60/0xb0
[  664.543121][T16051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.543137][T16051] RIP: 0033:0x7fa176f8ebe9
[  664.543155][T16051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.543177][T16051] RSP: 002b:00007fa177da6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  664.543196][T16051] RAX: ffffffffffffffda RBX: 00007fa1771c5fa0 RCX: 00007fa176f8ebe9
[  664.543210][T16051] RDX: 0000000020000000 RSI: 0000200000000000 RDI: 0000000000000004
[  664.543222][T16051] RBP: 00007fa177da6090 R08: 0000000000000000 R09: 0000000000000000
[  664.543233][T16051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.543243][T16051] R13: 00007fa1771c6038 R14: 00007fa1771c5fa0 R15: 00007fa1772efa28
[  664.543272][T16051]  </TASK>
[  664.920106][ T5912] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  665.019211][T16060] fuse: Bad value for 'fd'
[  665.084081][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  665.095037][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  665.104830][ T5912] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  665.113977][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.127370][ T5912] usb 5-1: config 0 descriptor??
[  665.137924][ T5964] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[  665.152133][T16063] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2984'.
[  665.161397][T16063] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2984'.
[  665.307796][ T5964] usb 6-1: Using ep0 maxpacket: 8
[  665.327179][ T5964] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  665.343506][ T5964] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  665.359711][ T5964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.596908][ T5912] hid (null): bogus close delimiter
[  665.613257][ T5912] steelseries 0003:1038:12B6.001D: bogus close delimiter
[  665.636205][ T5964] usb 6-1: Product: syz
[  665.660557][ T5964] usb 6-1: Manufacturer: syz
[  665.667423][ T5912] steelseries 0003:1038:12B6.001D: item 0 1 2 10 parsing failed
[  665.675729][ T5964] usb 6-1: SerialNumber: syz
[  665.699323][ T5964] usb 6-1: config 0 descriptor??
[  665.707595][ T5912] steelseries 0003:1038:12B6.001D: probe with driver steelseries failed with error -22
[  665.739496][ T5964] streamzap 6-1:0.0: streamzap_probe: endpoint doesn't match input device 0204
[  665.778308][ T5912] usb 5-1: USB disconnect, device number 110
[  665.934418][ T5964] usb 6-1: USB disconnect, device number 80
[  667.045541][T16082] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  667.045541][T16082] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  667.230422][T16082] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2991'.
[  667.879406][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  667.879419][   T30] audit: type=1326 audit(1756619842.289:16874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  667.940470][   T30] audit: type=1326 audit(1756619842.289:16875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.027289][   T30] audit: type=1326 audit(1756619842.289:16876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.070418][T16099] netlink: 'syz.4.2998': attribute type 27 has an invalid length.
[  668.101535][   T30] audit: type=1326 audit(1756619842.289:16877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.117925][T13281] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  668.134034][   T30] audit: type=1326 audit(1756619842.289:16878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.162549][T16103] netlink: 'syz.2.2999': attribute type 27 has an invalid length.
[  668.187026][   T30] audit: type=1326 audit(1756619842.289:16879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.237427][   T30] audit: type=1326 audit(1756619842.289:16880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.271588][   T30] audit: type=1326 audit(1756619842.289:16881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49aeb8ebe9 code=0x7ffc0000
[  668.331103][T13281] usb 4-1: device descriptor read/64, error -71
[  668.331115][   T30] audit: type=1326 audit(1756619842.289:16882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f49aeb8d550 code=0x7ffc0000
[  668.331154][   T30] audit: type=1326 audit(1756619842.289:16883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16091 comm="syz.3.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f49aeb8e7eb code=0x7ffc0000
[  668.386649][T15917] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  668.406770][T15917] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  668.416058][T15917] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  668.427440][T15917] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  668.437547][T15917] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  668.508956][ T5964] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  668.568012][T13281] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  668.601959][T16102] 8021q: adding VLAN 0 to HW filter on device bond0
[  668.626887][T16102] 8021q: adding VLAN 0 to HW filter on device team0
[  668.657000][T16102] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  668.687988][ T5964] usb 5-1: Using ep0 maxpacket: 16
[  668.696008][ T5964] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  668.708169][T13281] usb 4-1: device descriptor read/64, error -71
[  668.726388][ T5964] usb 5-1: config 0 has no interface number 0
[  668.740566][ T5964] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  668.755388][T16103] 8021q: adding VLAN 0 to HW filter on device bond0
[  668.769193][ T5964] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.783771][T16103] 8021q: adding VLAN 0 to HW filter on device team0
[  668.789868][ T5964] usb 5-1: Product: syz
[  668.795241][T16103] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  668.799734][T16110] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3000'.
[  668.811247][T14071] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  668.821355][ T5964] usb 5-1: Manufacturer: syz
[  668.833149][ T5964] usb 5-1: SerialNumber: syz
[  668.838438][T12444] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  668.848645][T13281] usb usb4-port1: attempt power cycle
[  668.855322][T12444] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  668.869822][ T5964] usb 5-1: config 0 descriptor??
[  668.892258][ T5964] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  668.905129][T12444] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  668.960801][T12444] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  669.008092][T14071] usb 3-1: Using ep0 maxpacket: 16
[  669.021457][T14071] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  669.046274][T14071] usb 3-1: config 0 has no interface number 0
[  669.059956][T14071] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  669.082163][T14071] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.106127][T14071] usb 3-1: Product: syz
[  669.110997][T14071] usb 3-1: Manufacturer: syz
[  669.115610][T14071] usb 3-1: SerialNumber: syz
[  669.130667][T14071] usb 3-1: config 0 descriptor??
[  669.149808][T14071] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  669.198641][T13281] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  669.227911][T15601] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[  669.239275][T13281] usb 4-1: device descriptor read/8, error -71
[  669.290869][ T4911] bridge_slave_1: left allmulticast mode
[  669.296632][ T4911] bridge_slave_1: left promiscuous mode
[  669.303160][ T4911] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.314173][ T4911] bridge_slave_0: left allmulticast mode
[  669.322080][ T4911] bridge_slave_0: left promiscuous mode
[  669.335029][ T4911] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.388192][T15601] usb 7-1: Using ep0 maxpacket: 32
[  669.426620][T15601] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  669.443301][T15601] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.468208][T15601] usb 7-1: config 0 descriptor??
[  669.478083][T13281] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  669.521154][T13281] usb 4-1: device descriptor read/8, error -71
[  669.629831][T13281] usb usb4-port1: unable to enumerate USB device
[  670.018942][ T5964] gspca_spca1528: reg_w err -110
[  670.048126][ T5964] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  670.173429][T15601] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  670.193160][T15601] usb 7-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  670.213114][T15601] usb 7-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  670.353382][ T4911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  670.358837][T14071] gspca_spca1528: reg_w err -110
[  670.376310][ T4911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  670.386468][ T4911] bond0 (unregistering): Released all slaves
[  670.392688][T14071] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  670.495012][T15917] Bluetooth: hci3: command tx timeout
[  670.584077][ T4911] bond1 (unregistering): Released all slaves
[  670.603492][T16112] netlink: 'syz.6.3001': attribute type 29 has an invalid length.
[  670.624110][T16108] chnl_net:caif_netlink_parms(): no params data found
[  670.704638][ T4911] tipc: Disabling bearer <eth:caif0>
[  670.725976][ T4911] tipc: Disabling bearer <udp:syz2>
[  670.739769][ T4911] tipc: Left network mode
[  670.992203][T14071] usb 5-1: USB disconnect, device number 111
[  671.066470][T16108] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.098659][ T5933] usb 3-1: USB disconnect, device number 101
[  671.128025][T16108] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.157290][T16108] bridge_slave_0: entered allmulticast mode
[  671.184410][T16108] bridge_slave_0: entered promiscuous mode
[  671.220802][T16108] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.238031][T16108] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.266000][T16108] bridge_slave_1: entered allmulticast mode
[  671.298508][T16108] bridge_slave_1: entered promiscuous mode
[  671.564258][ T4911] hsr_slave_0: left promiscuous mode
[  671.580404][ T4911] hsr_slave_1: left promiscuous mode
[  672.222543][T16161] FAULT_INJECTION: forcing a failure.
[  672.222543][T16161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  672.238451][T16161] CPU: 1 UID: 0 PID: 16161 Comm: syz.6.3006 Not tainted syzkaller #0 PREEMPT(full) 
[  672.238473][T16161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  672.238484][T16161] Call Trace:
[  672.238491][T16161]  <TASK>
[  672.238499][T16161]  dump_stack_lvl+0x189/0x250
[  672.238522][T16161]  ? __pfx____ratelimit+0x10/0x10
[  672.238545][T16161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.238565][T16161]  ? __pfx__printk+0x10/0x10
[  672.238585][T16161]  ? __might_fault+0xb0/0x130
[  672.238616][T16161]  should_fail_ex+0x414/0x560
[  672.238642][T16161]  _copy_from_iter+0x1de/0x1790
[  672.238664][T16161]  ? rcu_is_watching+0x15/0xb0
[  672.238681][T16161]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  672.238704][T16161]  ? __pfx__copy_from_iter+0x10/0x10
[  672.238722][T16161]  ? __build_skb_around+0x257/0x3e0
[  672.238741][T16161]  ? netlink_sendmsg+0x642/0xb30
[  672.238754][T16161]  ? skb_put+0x11b/0x210
[  672.238773][T16161]  netlink_sendmsg+0x6b2/0xb30
[  672.238798][T16161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.238816][T16161]  ? aa_sock_msg_perm+0xf1/0x1d0
[  672.238835][T16161]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  672.238852][T16161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  672.238869][T16161]  __sock_sendmsg+0x219/0x270
[  672.238894][T16161]  ____sys_sendmsg+0x505/0x830
[  672.238919][T16161]  ? __pfx_____sys_sendmsg+0x10/0x10
[  672.238946][T16161]  ? import_iovec+0x74/0xa0
[  672.238969][T16161]  ___sys_sendmsg+0x21f/0x2a0
[  672.238990][T16161]  ? __pfx____sys_sendmsg+0x10/0x10
[  672.239045][T16161]  ? __fget_files+0x2a/0x420
[  672.239067][T16161]  ? __fget_files+0x3a0/0x420
[  672.239099][T16161]  __x64_sys_sendmsg+0x19b/0x260
[  672.239121][T16161]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  672.239150][T16161]  ? __pfx_ksys_write+0x10/0x10
[  672.239177][T16161]  ? rcu_is_watching+0x15/0xb0
[  672.239200][T16161]  ? do_syscall_64+0xbe/0x3b0
[  672.239221][T16161]  do_syscall_64+0xfa/0x3b0
[  672.239236][T16161]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.239258][T16161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.239276][T16161]  ? clear_bhb_loop+0x60/0xb0
[  672.239297][T16161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.239314][T16161] RIP: 0033:0x7fabf978ebe9
[  672.239331][T16161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.239346][T16161] RSP: 002b:00007fabfa55c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  672.239365][T16161] RAX: ffffffffffffffda RBX: 00007fabf99c5fa0 RCX: 00007fabf978ebe9
[  672.239378][T16161] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003
[  672.239390][T16161] RBP: 00007fabfa55c090 R08: 0000000000000000 R09: 0000000000000000
[  672.239402][T16161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  672.239412][T16161] R13: 00007fabf99c6038 R14: 00007fabf99c5fa0 R15: 00007fabf9aefa28
[  672.239439][T16161]  </TASK>
[  672.567999][T15917] Bluetooth: hci3: command tx timeout
[  672.835238][T16169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3009'.
[  672.947028][ T4911] team0 (unregistering): Port device team_slave_1 removed
[  672.982316][ T4911] team0 (unregistering): Port device team_slave_0 removed
[  673.028821][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  673.028838][   T30] audit: type=1326 audit(1756619847.439:16915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.059165][   T30] audit: type=1326 audit(1756619847.459:16916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.083426][   T30] audit: type=1326 audit(1756619847.459:16917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.106061][   T30] audit: type=1326 audit(1756619847.459:16918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.128964][   T30] audit: type=1326 audit(1756619847.459:16919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.165221][   T30] audit: type=1326 audit(1756619847.459:16920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.193730][   T30] audit: type=1326 audit(1756619847.459:16921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  673.222855][   T30] audit: type=1326 audit(1756619847.459:16922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff91d98d550 code=0x7ffc0000
[  673.245730][   T30] audit: type=1326 audit(1756619847.469:16923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff91d98e7eb code=0x7ffc0000
[  673.268483][   T30] audit: type=1326 audit(1756619847.469:16924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16172 comm="syz.4.3011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff91d98e7eb code=0x7ffc0000
[  673.287793][T14071] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  673.427929][T14071] usb 5-1: device descriptor read/64, error -71
[  673.642197][T16108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  673.668535][T16162] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3005'.
[  673.671692][T14071] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  673.738697][T16108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  673.849376][T14071] usb 5-1: device descriptor read/64, error -71
[  673.924501][T16108] team0: Port device team_slave_0 added
[  673.942483][T16108] team0: Port device team_slave_1 added
[  673.974426][T14071] usb usb5-port1: attempt power cycle
[  674.204379][T16108] batman_adv: batadv0: Adding interface: batadv_slave_0
[  674.268510][T16108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  674.340834][T16198] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3013'.
[  674.350125][T16108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  674.374324][T16188] hsr0: entered promiscuous mode
[  674.382466][T16194] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  674.402470][T16198] hsr_slave_0: left promiscuous mode
[  674.412736][T16198] hsr_slave_1: left promiscuous mode
[  674.438902][T14071] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  674.459345][T14071] usb 5-1: device descriptor read/8, error -71
[  674.563824][T16198] hsr0 (unregistering): left promiscuous mode
[  674.697891][T15917] Bluetooth: hci3: command tx timeout
[  674.717937][T14071] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  674.975025][T16204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3016'.
[  674.986215][T16204] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  674.994812][T16204] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  675.038032][T14071] usb 5-1: device descriptor read/8, error -71
[  675.046695][T16189] tipc: Disabling bearer <eth:syzkaller0>
[  675.070173][T16108] batman_adv: batadv0: Adding interface: batadv_slave_1
[  675.155622][T14071] usb usb5-port1: unable to enumerate USB device
[  675.155943][T16108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.354961][T16108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  675.556555][T16211] FAULT_INJECTION: forcing a failure.
[  675.556555][T16211] name failslab, interval 1, probability 0, space 0, times 0
[  675.588029][T16108] hsr_slave_0: entered promiscuous mode
[  675.601195][T16211] CPU: 0 UID: 0 PID: 16211 Comm: syz.2.3017 Not tainted syzkaller #0 PREEMPT(full) 
[  675.601218][T16211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  675.601228][T16211] Call Trace:
[  675.601236][T16211]  <TASK>
[  675.601244][T16211]  dump_stack_lvl+0x189/0x250
[  675.601270][T16211]  ? __pfx____ratelimit+0x10/0x10
[  675.601294][T16211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.601314][T16211]  ? __pfx__printk+0x10/0x10
[  675.601343][T16211]  ? __pfx___might_resched+0x10/0x10
[  675.601359][T16211]  ? fs_reclaim_acquire+0x7d/0x100
[  675.601387][T16211]  should_fail_ex+0x414/0x560
[  675.601419][T16211]  should_failslab+0xa8/0x100
[  675.601444][T16211]  __kmalloc_cache_noprof+0x70/0x3d0
[  675.601465][T16211]  ? __inet_diag_dump_start+0x9d/0xa10
[  675.601489][T16211]  __inet_diag_dump_start+0x9d/0xa10
[  675.601506][T16211]  ? netlink_lookup+0x30/0x200
[  675.601526][T16211]  ? netlink_lookup+0x30/0x200
[  675.601553][T16211]  __netlink_dump_start+0x469/0x7e0
[  675.601584][T16211]  inet_diag_rcv_msg_compat+0x1ea/0x3b0
[  675.601606][T16211]  ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10
[  675.601634][T16211]  ? __pfx_inet_diag_dump_start_compat+0x10/0x10
[  675.601651][T16211]  ? __pfx_inet_diag_dump_compat+0x10/0x10
[  675.601667][T16211]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  675.601692][T16211]  ? sock_diag_rcv_msg+0x188/0x600
[  675.601720][T16211]  sock_diag_rcv_msg+0x4c9/0x600
[  675.601748][T16211]  netlink_rcv_skb+0x205/0x470
[  675.601771][T16211]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  675.601795][T16211]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  675.601839][T16211]  ? netlink_deliver_tap+0x2e/0x1b0
[  675.601871][T16211]  netlink_unicast+0x82c/0x9e0
[  675.601902][T16211]  ? __pfx_netlink_unicast+0x10/0x10
[  675.601926][T16211]  ? netlink_sendmsg+0x642/0xb30
[  675.601941][T16211]  ? skb_put+0x11b/0x210
[  675.601963][T16211]  netlink_sendmsg+0x805/0xb30
[  675.601990][T16211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.602011][T16211]  ? aa_sock_msg_perm+0xf1/0x1d0
[  675.602031][T16211]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  675.602049][T16211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.602065][T16211]  __sock_sendmsg+0x219/0x270
[  675.602090][T16211]  ____sys_sendmsg+0x505/0x830
[  675.602116][T16211]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.602141][T16211]  ? import_iovec+0x74/0xa0
[  675.602165][T16211]  ___sys_sendmsg+0x21f/0x2a0
[  675.602187][T16211]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.602244][T16211]  ? __fget_files+0x2a/0x420
[  675.602266][T16211]  ? __fget_files+0x3a0/0x420
[  675.602299][T16211]  __x64_sys_sendmsg+0x19b/0x260
[  675.602320][T16211]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  675.602349][T16211]  ? __pfx_ksys_write+0x10/0x10
[  675.602367][T16211]  ? rcu_is_watching+0x15/0xb0
[  675.602390][T16211]  ? do_syscall_64+0xbe/0x3b0
[  675.602412][T16211]  do_syscall_64+0xfa/0x3b0
[  675.602427][T16211]  ? lockdep_hardirqs_on+0x9c/0x150
[  675.602450][T16211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.602467][T16211]  ? clear_bhb_loop+0x60/0xb0
[  675.602489][T16211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.602506][T16211] RIP: 0033:0x7f4bcf78ebe9
[  675.602523][T16211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.602537][T16211] RSP: 002b:00007f4bd0589038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  675.602557][T16211] RAX: ffffffffffffffda RBX: 00007f4bcf9c5fa0 RCX: 00007f4bcf78ebe9
[  675.602571][T16211] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  675.602582][T16211] RBP: 00007f4bd0589090 R08: 0000000000000000 R09: 0000000000000000
[  675.602593][T16211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.602604][T16211] R13: 00007f4bcf9c6038 R14: 00007f4bcf9c5fa0 R15: 00007f4bcfaefa28
[  675.602635][T16211]  </TASK>
[  675.973160][T16108] hsr_slave_1: entered promiscuous mode
[  676.079103][ T4911] IPVS: stop unused estimator thread 0...
[  676.727810][T15917] Bluetooth: hci3: command tx timeout
[  676.968178][    T9] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  677.148119][    T9] usb 5-1: Using ep0 maxpacket: 8
[  677.155173][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  677.164571][    T9] usb 5-1: config 3 has an invalid interface number: 182 but max is 0
[  677.191666][    T9] usb 5-1: config 3 has no interface number 0
[  677.212928][    T9] usb 5-1: config 3 interface 182 altsetting 8 endpoint 0xF has invalid wMaxPacketSize 0
[  677.387789][    T9] usb 5-1: config 3 interface 182 altsetting 8 endpoint 0xA has an invalid bInterval 129, changing to 11
[  677.442153][T16234] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3022'.
[  677.472391][    T9] usb 5-1: config 3 interface 182 altsetting 8 endpoint 0x3 has an invalid bInterval 92, changing to 10
[  677.588085][    T9] usb 5-1: config 3 interface 182 has no altsetting 0
[  677.608594][T16108] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  677.646831][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=90.57
[  677.656199][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.701806][T16108] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  677.717340][    T9] usb 5-1: Product: syz
[  677.738285][    T9] usb 5-1: Manufacturer: syz
[  677.746254][    T9] usb 5-1: SerialNumber: syz
[  677.759576][T16108] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  677.812243][T16237] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3023'.
[  677.877853][T16108] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  678.007929][    T9] usbtest 5-1:3.182: couldn't get endpoints, -71
[  678.034338][    T9] usbtest 5-1:3.182: probe with driver usbtest failed with error -71
[  678.113966][    T9] usb 5-1: USB disconnect, device number 116
[  678.237009][T16108] 8021q: adding VLAN 0 to HW filter on device bond0
[  678.296850][T16108] 8021q: adding VLAN 0 to HW filter on device team0
[  678.336484][T12444] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.343666][T12444] bridge0: port 1(bridge_slave_0) entered forwarding state
[  678.378178][T12442] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.385391][T12442] bridge0: port 2(bridge_slave_1) entered forwarding state
[  678.407927][T14071] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  678.557102][T16108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  678.560968][T14071] usb 4-1: config 0 has an invalid interface number: 232 but max is 0
[  678.630705][T14071] usb 4-1: config 0 has no interface number 0
[  678.657216][T14071] usb 4-1: config 0 interface 232 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  678.691736][T14071] usb 4-1: config 0 interface 232 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  678.734372][T14071] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=67.3e
[  678.744049][T14071] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.757790][T14071] usb 4-1: Product: syz
[  678.777531][T14071] usb 4-1: Manufacturer: syz
[  678.792312][T16108] 8021q: adding VLAN 0 to HW filter on device batadv0
[  678.816738][T14071] usb 4-1: SerialNumber: syz
[  678.861510][T14071] usb 4-1: config 0 descriptor??
[  678.936009][T16108] veth0_vlan: entered promiscuous mode
[  678.957389][T16269] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3028'.
[  678.963095][T16108] veth1_vlan: entered promiscuous mode
[  679.182250][T16108] veth0_macvtap: entered promiscuous mode
[  679.217090][T16108] veth1_macvtap: entered promiscuous mode
[  679.488485][T16108] batman_adv: batadv0: Interface activated: batadv_slave_0
[  679.501838][T16108] batman_adv: batadv0: Interface activated: batadv_slave_1
[  679.523546][T12442] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  679.563087][T12442] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  679.588617][T12442] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  679.683107][T12442] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  679.716320][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  679.716337][   T30] audit: type=1326 audit(1756619854.129:16954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  679.771866][T14071] port100 4-1:0.232: NFC: Could not find bulk-in or bulk-out endpoint
[  679.788886][   T30] audit: type=1326 audit(1756619854.159:16955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  679.876737][T14071] usb 4-1: USB disconnect, device number 99
[  679.884191][   T30] audit: type=1326 audit(1756619854.169:16956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  679.998998][ T5912] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  680.055210][   T30] audit: type=1326 audit(1756619854.169:16957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  680.095783][T12444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  680.140335][T12444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.147626][   T30] audit: type=1326 audit(1756619854.169:16958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  680.173434][ T5912] usb 5-1: device descriptor read/64, error -71
[  680.246751][   T30] audit: type=1326 audit(1756619854.169:16959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff91d98ebe9 code=0x7ffc0000
[  680.283925][T12438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  680.308710][   T30] audit: type=1326 audit(1756619854.169:16960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff91d98d550 code=0x7ffc0000
[  680.331312][T12438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.425412][   T30] audit: type=1326 audit(1756619854.169:16961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff91d98e7eb code=0x7ffc0000
[  680.448665][ T5912] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  680.510349][   T30] audit: type=1326 audit(1756619854.169:16962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff91d98e7eb code=0x7ffc0000
[  680.543089][   T30] audit: type=1326 audit(1756619854.189:16963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16273 comm="syz.4.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff91d98e7eb code=0x7ffc0000
[  680.598107][ T5912] usb 5-1: device descriptor read/64, error -71
[  680.674441][T16294] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3034'.
[  680.708671][ T5912] usb usb5-port1: attempt power cycle
[  680.938267][T16302] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3038'.
[  681.057950][ T5912] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  681.113581][ T5912] usb 5-1: device descriptor read/8, error -71
[  681.358001][ T5912] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  681.413203][ T5912] usb 5-1: device descriptor read/8, error -71
[  681.539497][ T5912] usb usb5-port1: unable to enumerate USB device
[  681.554817][T16316] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3036'.
[  681.594704][T16316] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3036'.
[  681.874919][T16330] FAULT_INJECTION: forcing a failure.
[  681.874919][T16330] name failslab, interval 1, probability 0, space 0, times 0
[  681.957863][T16330] CPU: 0 UID: 0 PID: 16330 Comm: syz.5.3045 Not tainted syzkaller #0 PREEMPT(full) 
[  681.957887][T16330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  681.957898][T16330] Call Trace:
[  681.957905][T16330]  <TASK>
[  681.957913][T16330]  dump_stack_lvl+0x189/0x250
[  681.957938][T16330]  ? __pfx____ratelimit+0x10/0x10
[  681.957962][T16330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  681.957982][T16330]  ? __pfx__printk+0x10/0x10
[  681.958011][T16330]  ? __pfx___might_resched+0x10/0x10
[  681.958027][T16330]  ? fs_reclaim_acquire+0x7d/0x100
[  681.958055][T16330]  should_fail_ex+0x414/0x560
[  681.958083][T16330]  should_failslab+0xa8/0x100
[  681.958107][T16330]  __kmalloc_cache_noprof+0x70/0x3d0
[  681.958129][T16330]  ? hash_ip_create+0x6d5/0x1410
[  681.958161][T16330]  hash_ip_create+0x6d5/0x1410
[  681.958177][T16330]  ? __lock_acquire+0xab9/0xd20
[  681.958215][T16330]  ? __pfx_hash_ip_create+0x10/0x10
[  681.958235][T16330]  ? __nla_parse+0x40/0x60
[  681.958258][T16330]  ? __pfx_hash_ip_create+0x10/0x10
[  681.958277][T16330]  ip_set_create+0xa94/0x1940
[  681.958298][T16330]  ? ip_set_create+0x4a2/0x1940
[  681.958330][T16330]  ? __pfx_ip_set_create+0x10/0x10
[  681.958386][T16330]  nfnetlink_rcv_msg+0xb4a/0x1130
[  681.958410][T16330]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  681.958450][T16330]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  681.958469][T16330]  ? kasan_save_free_info+0x46/0x50
[  681.958537][T16330]  netlink_rcv_skb+0x205/0x470
[  681.958563][T16330]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  681.958587][T16330]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  681.958622][T16330]  ? bpf_lsm_capable+0x9/0x20
[  681.958643][T16330]  ? security_capable+0x7e/0x2e0
[  681.958671][T16330]  nfnetlink_rcv+0x26a/0x2520
[  681.958694][T16330]  ? __dev_queue_xmit+0x1d79/0x3b50
[  681.958720][T16330]  ? __dev_queue_xmit+0x27b/0x3b50
[  681.958740][T16330]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  681.958754][T16330]  ? __pfx___dev_queue_xmit+0x10/0x10
[  681.958772][T16330]  ? ref_tracker_free+0x63a/0x7d0
[  681.958787][T16330]  ? __asan_memcpy+0x40/0x70
[  681.958797][T16330]  ? __pfx_ref_tracker_free+0x10/0x10
[  681.958819][T16330]  ? skb_clone+0x246/0x3a0
[  681.958833][T16330]  ? __netlink_deliver_tap+0x807/0x850
[  681.958848][T16330]  ? netlink_deliver_tap+0x2e/0x1b0
[  681.958866][T16330]  ? netlink_deliver_tap+0x2e/0x1b0
[  681.958885][T16330]  netlink_unicast+0x82c/0x9e0
[  681.958903][T16330]  ? __pfx_netlink_unicast+0x10/0x10
[  681.958917][T16330]  ? netlink_sendmsg+0x642/0xb30
[  681.958925][T16330]  ? skb_put+0x11b/0x210
[  681.958936][T16330]  netlink_sendmsg+0x805/0xb30
[  681.958950][T16330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.958961][T16330]  ? aa_sock_msg_perm+0xf1/0x1d0
[  681.958972][T16330]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  681.958982][T16330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.958991][T16330]  __sock_sendmsg+0x219/0x270
[  681.959007][T16330]  ____sys_sendmsg+0x505/0x830
[  681.959022][T16330]  ? __pfx_____sys_sendmsg+0x10/0x10
[  681.959037][T16330]  ? import_iovec+0x74/0xa0
[  681.959050][T16330]  ___sys_sendmsg+0x21f/0x2a0
[  681.959063][T16330]  ? __pfx____sys_sendmsg+0x10/0x10
[  681.959091][T16330]  ? __fget_files+0x2a/0x420
[  681.959106][T16330]  ? __fget_files+0x3a0/0x420
[  681.959126][T16330]  __x64_sys_sendmsg+0x19b/0x260
[  681.959144][T16330]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  681.959161][T16330]  ? __pfx_ksys_write+0x10/0x10
[  681.959173][T16330]  ? rcu_is_watching+0x15/0xb0
[  681.959186][T16330]  ? do_syscall_64+0xbe/0x3b0
[  681.959197][T16330]  do_syscall_64+0xfa/0x3b0
[  681.959205][T16330]  ? lockdep_hardirqs_on+0x9c/0x150
[  681.959219][T16330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.959229][T16330]  ? clear_bhb_loop+0x60/0xb0
[  681.959242][T16330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.959251][T16330] RIP: 0033:0x7f200638ebe9
[  681.959262][T16330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  681.959270][T16330] RSP: 002b:00007f20045ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  681.959282][T16330] RAX: ffffffffffffffda RBX: 00007f20065c5fa0 RCX: 00007f200638ebe9
[  681.959289][T16330] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  681.959296][T16330] RBP: 00007f20045ee090 R08: 0000000000000000 R09: 0000000000000000
[  681.959302][T16330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  681.959307][T16330] R13: 00007f20065c6038 R14: 00007f20065c5fa0 R15: 00007f20066efa28
[  681.959323][T16330]  </TASK>
[  682.984459][T16347] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3049'.
[  683.440990][T16351] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  683.449737][T16351] syzkaller0: entered promiscuous mode
[  683.455247][T16351] syzkaller0: entered allmulticast mode
[  683.494602][T16351] tipc: Resetting bearer <eth:syzkaller0>
[  683.535733][T16350] tipc: Resetting bearer <eth:syzkaller0>
[  683.659112][T16350] tipc: Disabling bearer <eth:syzkaller0>
[  683.932010][T16363] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3053'.
[  683.950262][T16365] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.3054' resets device
[  683.980998][T16363] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3053'.
[  684.347592][T16378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3057'.
[  684.369041][ T6291] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  684.388413][    T9] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  684.586080][T16389] FAULT_INJECTION: forcing a failure.
[  684.586080][T16389] name failslab, interval 1, probability 0, space 0, times 0
[  684.602902][ T6291] usb 4-1: Using ep0 maxpacket: 8
[  684.609935][T16389] CPU: 1 UID: 0 PID: 16389 Comm: syz.2.3062 Not tainted syzkaller #0 PREEMPT(full) 
[  684.609960][T16389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  684.609971][T16389] Call Trace:
[  684.609983][T16389]  <TASK>
[  684.609991][T16389]  dump_stack_lvl+0x189/0x250
[  684.610015][T16389]  ? __pfx____ratelimit+0x10/0x10
[  684.610039][T16389]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.610059][T16389]  ? __pfx__printk+0x10/0x10
[  684.610088][T16389]  ? __pfx___might_resched+0x10/0x10
[  684.610104][T16389]  ? fs_reclaim_acquire+0x7d/0x100
[  684.610132][T16389]  should_fail_ex+0x414/0x560
[  684.610159][T16389]  should_failslab+0xa8/0x100
[  684.610183][T16389]  __kmalloc_noprof+0xcb/0x4f0
[  684.610210][T16389]  ? fib_create_info+0x1728/0x3210
[  684.610239][T16389]  fib_create_info+0x1728/0x3210
[  684.610266][T16389]  ? rcu_is_watching+0x15/0xb0
[  684.610288][T16389]  ? __mutex_lock+0x335/0x1350
[  684.610317][T16389]  fib_table_insert+0xc6/0x1b50
[  684.610339][T16389]  ? __pfx___mutex_lock+0x10/0x10
[  684.610353][T16389]  ? rtm_to_fib_config+0x107f/0x13c0
[  684.610395][T16389]  inet_rtm_newroute+0x12b/0x210
[  684.610415][T16389]  ? __lock_acquire+0xab9/0xd20
[  684.610440][T16389]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  684.610483][T16389]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  684.610504][T16389]  rtnetlink_rcv_msg+0x7cc/0xb70
[  684.610533][T16389]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  684.610555][T16389]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  684.610575][T16389]  ? ref_tracker_free+0x63a/0x7d0
[  684.610598][T16389]  ? __asan_memcpy+0x40/0x70
[  684.610617][T16389]  ? __pfx_ref_tracker_free+0x10/0x10
[  684.610651][T16389]  netlink_rcv_skb+0x205/0x470
[  684.610676][T16389]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  684.610700][T16389]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  684.610735][T16389]  ? netlink_deliver_tap+0x2e/0x1b0
[  684.610767][T16389]  netlink_unicast+0x82c/0x9e0
[  684.610798][T16389]  ? __pfx_netlink_unicast+0x10/0x10
[  684.610822][T16389]  ? netlink_sendmsg+0x642/0xb30
[  684.610836][T16389]  ? skb_put+0x11b/0x210
[  684.610857][T16389]  netlink_sendmsg+0x805/0xb30
[  684.610885][T16389]  ? __pfx_netlink_sendmsg+0x10/0x10
[  684.610906][T16389]  ? aa_sock_msg_perm+0xf1/0x1d0
[  684.610925][T16389]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  684.610943][T16389]  ? __pfx_netlink_sendmsg+0x10/0x10
[  684.610960][T16389]  __sock_sendmsg+0x219/0x270
[  684.610986][T16389]  ____sys_sendmsg+0x505/0x830
[  684.611011][T16389]  ? __pfx_____sys_sendmsg+0x10/0x10
[  684.611039][T16389]  ? import_iovec+0x74/0xa0
[  684.611061][T16389]  ___sys_sendmsg+0x21f/0x2a0
[  684.611081][T16389]  ? __pfx____sys_sendmsg+0x10/0x10
[  684.611137][T16389]  ? __fget_files+0x2a/0x420
[  684.611159][T16389]  ? __fget_files+0x3a0/0x420
[  684.611192][T16389]  __x64_sys_sendmsg+0x19b/0x260
[  684.611222][T16389]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  684.611249][T16389]  ? __pfx_ksys_write+0x10/0x10
[  684.611266][T16389]  ? rcu_is_watching+0x15/0xb0
[  684.611289][T16389]  ? do_syscall_64+0xbe/0x3b0
[  684.611314][T16389]  do_syscall_64+0xfa/0x3b0
[  684.611329][T16389]  ? lockdep_hardirqs_on+0x9c/0x150
[  684.611351][T16389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.611368][T16389]  ? clear_bhb_loop+0x60/0xb0
[  684.611394][T16389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.611411][T16389] RIP: 0033:0x7f4bcf78ebe9
[  684.611429][T16389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.611443][T16389] RSP: 002b:00007f4bd0589038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  684.611463][T16389] RAX: ffffffffffffffda RBX: 00007f4bcf9c5fa0 RCX: 00007f4bcf78ebe9
[  684.611476][T16389] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003
[  684.611487][T16389] RBP: 00007f4bd0589090 R08: 0000000000000000 R09: 0000000000000000
[  684.611499][T16389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.611509][T16389] R13: 00007f4bcf9c6038 R14: 00007f4bcf9c5fa0 R15: 00007f4bcfaefa28
[  684.611539][T16389]  </TASK>
[  685.001904][    C1] vkms_vblank_simulate: vblank timer overrun
[  685.008405][ T5964] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[  685.009160][ T6291] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  685.016680][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  685.016696][   T30] audit: type=1326 audit(1756619859.429:17006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.016880][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 1792, setting to 64
[  685.016908][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  685.016945][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  685.016972][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.018703][   T30] audit: type=1326 audit(1756619859.429:17007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.028395][ T6291] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  685.034547][   T30] audit: type=1326 audit(1756619859.449:17008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.074324][    T9] usb 5-1: config 0 descriptor??
[  685.079355][ T6291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.165115][   T30] audit: type=1326 audit(1756619859.579:17009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.188971][ T6291] usb 4-1: config 0 descriptor??
[  685.217974][ T5964] usb 6-1: device descriptor read/64, error -71
[  685.419958][T16391] netlink: 'syz.6.3061': attribute type 27 has an invalid length.
[  685.430352][   T30] audit: type=1326 audit(1756619859.839:17010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.497955][   T30] audit: type=1326 audit(1756619859.839:17011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.534622][   T30] audit: type=1326 audit(1756619859.909:17012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.558007][ T5964] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[  685.637261][   T30] audit: type=1326 audit(1756619859.979:17013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.700851][T16391] ipvlan0: left promiscuous mode
[  685.705809][T16391] ipvlan0: left allmulticast mode
[  685.727922][T16391] veth0_vlan: left allmulticast mode
[  685.734323][   T30] audit: type=1326 audit(1756619859.989:17014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.738264][ T5964] usb 6-1: device descriptor read/64, error -71
[  685.772365][    T9] hdpvr 5-1:0.0: Could not find bulk-in endpoint
[  685.866338][    T9] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[  685.886584][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  685.896126][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  685.931287][T16398] 8021q: adding VLAN 0 to HW filter on device bond0
[  685.935230][   T30] audit: type=1326 audit(1756619859.989:17015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16377 comm="syz.5.3058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f200638e7eb code=0x7ffc0000
[  685.975428][    T9] usb 5-1: USB disconnect, device number 121
[  685.995055][T16407] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3063'.
[  686.007137][T16407] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  686.029928][ T5964] usb usb6-port1: attempt power cycle
[  686.046494][T16371] could not allocate digest TFM handle poly1305-simd
[  686.056610][T16398] 8021q: adding VLAN 0 to HW filter on device team0
[  686.143489][T16398] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  686.435355][ T5964] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[  686.470762][ T5964] usb 6-1: device descriptor read/8, error -71
[  686.750484][ T5964] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  686.800565][ T5964] usb 6-1: device descriptor read/8, error -71
[  686.951115][T16414] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  686.951115][T16414] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  686.978749][ T5964] usb usb6-port1: unable to enumerate USB device
[  687.028739][T16414] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3064'.
[  687.361327][ T5964] usb 4-1: USB disconnect, device number 100
[  687.436670][T16420] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3067'.
[  687.445710][T16420] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3067'.
[  687.505633][T16422] netlink: 'syz.3.3066': attribute type 10 has an invalid length.
[  688.208252][T16435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3072'.
[  688.485141][T16434] kvm: pic: non byte read
[  688.491432][T16434] kvm: pic: level sensitive irq not supported
[  688.492244][T16434] kvm: pic: non byte read
[  688.505175][T16434] kvm: pic: level sensitive irq not supported
[  688.506275][T16434] kvm: pic: non byte read
[  688.613759][T16434] kvm: pic: level sensitive irq not supported
[  688.623113][T16434] kvm: pic: non byte read
[  688.720646][T16434] kvm: pic: level sensitive irq not supported
[  688.720709][T16434] kvm: pic: non byte read
[  688.779075][T16434] kvm: pic: level sensitive irq not supported
[  688.779140][T16434] kvm: pic: non byte read
[  688.790771][T16434] kvm: pic: level sensitive irq not supported
[  688.790830][T16434] kvm: pic: non byte read
[  688.802560][T16434] kvm: pic: level sensitive irq not supported
[  688.802622][T16434] kvm: pic: non byte read
[  688.814298][T16434] kvm: pic: level sensitive irq not supported
[  688.814358][T16434] kvm: pic: non byte read
[  688.917814][    T9] usb 4-1: new full-speed USB device number 101 using dummy_hcd
[  689.123110][    T9] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  689.146896][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.186278][    T9] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  689.225608][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.235835][    T9] usb 4-1: Product: syz
[  689.246154][    T9] usb 4-1: Manufacturer: syz
[  689.259599][    T9] usb 4-1: SerialNumber: syz
[  689.276090][    T9] usb 4-1: config 0 descriptor??
[  689.289722][    T9] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  689.509338][T16462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3083'.
[  689.626131][T16465] netlink: 144 bytes leftover after parsing attributes in process `syz.6.3084'.
[  689.778398][T16434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.789410][T16434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.855280][T16472] netlink: 'syz.4.3088': attribute type 27 has an invalid length.
[  690.079572][    T9] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  690.090137][    T9] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  690.148589][ T5964] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  690.178137][T16475] 8021q: adding VLAN 0 to HW filter on device bond0
[  690.191911][T16482] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3091'.
[  690.202891][T16475] 8021q: adding VLAN 0 to HW filter on device team0
[  690.226050][T16475] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  690.287809][ T6291] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  690.298299][ T5964] usb 3-1: device descriptor read/64, error -71
[  690.439988][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  690.440004][   T30] audit: type=1326 audit(1756619864.859:17032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16483 comm="syz.6.3092" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fabf978ebe9 code=0x0
[  690.468593][ T6291] usb 5-1: Using ep0 maxpacket: 16
[  690.496454][ T6291] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  690.515428][ T6291] usb 5-1: config 0 has no interface number 0
[  690.532527][ T6291] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  690.541789][ T6291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.551665][ T5964] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  690.552166][ T6291] usb 5-1: Product: syz
[  690.568115][ T6291] usb 5-1: Manufacturer: syz
[  690.575137][ T6291] usb 5-1: SerialNumber: syz
[  690.598375][ T6291] usb 5-1: config 0 descriptor??
[  690.619245][ T6291] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  690.698485][ T5964] usb 3-1: device descriptor read/64, error -71
[  690.849040][ T5964] usb usb3-port1: attempt power cycle
[  691.314248][ T5964] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  691.379146][ T5964] usb 3-1: device descriptor read/8, error -71
[  691.596492][   T24] usb 4-1: USB disconnect, device number 101
[  691.638599][ T5964] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  691.668769][    T9] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  691.688622][ T5964] usb 3-1: device descriptor read/8, error -71
[  691.798119][ T5964] usb usb3-port1: unable to enumerate USB device
[  691.831285][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  691.859586][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  691.896747][    T9] usb 6-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  691.898173][ T6291] gspca_spca1528: reg_w err -110
[  691.967864][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.967903][ T6291] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  692.034100][    T9] usb 6-1: config 0 descriptor??
[  692.160798][T16502] netlink: 3 bytes leftover after parsing attributes in process `syz.6.3096'.
[  692.195330][T16502] batadv3: entered promiscuous mode
[  692.200928][T16502] batadv3: entered allmulticast mode
[  692.467606][T16506] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3097'.
[  692.478699][    T9] hid (null): bogus close delimiter
[  692.487503][    T9] steelseries 0003:1038:12B6.001E: bogus close delimiter
[  692.497244][    T9] steelseries 0003:1038:12B6.001E: item 0 1 2 10 parsing failed
[  692.506129][    T9] steelseries 0003:1038:12B6.001E: probe with driver steelseries failed with error -22
[  692.599899][T16510] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3099'.
[  692.616360][T16510] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3099'.
[  692.633020][T16510] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3099'.
[  692.644875][T16510] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3099'.
[  692.682414][    T9] usb 6-1: USB disconnect, device number 85
[  692.767862][ T5964] usb 5-1: USB disconnect, device number 122
[  692.977183][T16517] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3102'.
[  693.074140][T16518] kvm: pic: non byte read
[  693.080590][T16518] kvm: pic: level sensitive irq not supported
[  693.084922][T16518] kvm: pic: level sensitive irq not supported
[  693.368161][ T6291] usb 5-1: new full-speed USB device number 123 using dummy_hcd
[  693.550464][ T6291] usb 5-1: config index 0 descriptor too short (expected 69, got 36)
[  693.588633][ T6291] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.686305][ T6291] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  693.695814][   T24] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  693.716082][ T6291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.767972][ T6291] usb 5-1: Product: syz
[  693.780785][ T6291] usb 5-1: Manufacturer: syz
[  693.795682][ T6291] usb 5-1: SerialNumber: syz
[  693.817220][ T6291] usb 5-1: config 0 descriptor??
[  693.843883][ T6291] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  693.863258][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  693.910512][   T24] usb 6-1: config 3 has an invalid interface number: 128 but max is 0
[  693.923332][   T24] usb 6-1: config 3 has no interface number 0
[  693.942346][   T24] usb 6-1: config 3 interface 128 has no altsetting 0
[  693.967173][   T24] usb 6-1: New USB device found, idVendor=2184, idProduct=0036, bcdDevice=b5.28
[  693.990328][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.004154][   T24] usb 6-1: Product: syz
[  694.009735][   T24] usb 6-1: SerialNumber: syz
[  694.269077][T14071] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  694.292967][   T24] cdc_acm 6-1:3.128: Zero length descriptor references
[  694.303183][T16518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.311952][   T24] cdc_acm 6-1:3.128: probe with driver cdc_acm failed with error -22
[  694.359435][T16518] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.398179][   T24] usb 6-1: USB disconnect, device number 86
[  694.417925][T14071] usb 4-1: device descriptor read/64, error -71
[  694.571825][ T6291] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  694.587926][ T6291] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  694.667894][T14071] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  694.798087][T14071] usb 4-1: device descriptor read/64, error -71
[  694.903233][T16555] __nla_validate_parse: 6 callbacks suppressed
[  694.903251][T16555] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3115'.
[  694.937576][T14071] usb usb4-port1: attempt power cycle
[  695.185383][T16565] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3118'.
[  695.304841][T14071] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  695.316570][T16567] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3119'.
[  695.340036][T14071] usb 4-1: device descriptor read/8, error -71
[  695.689069][T14071] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  695.708603][T14071] usb 4-1: device descriptor read/8, error -71
[  695.838367][T14071] usb usb4-port1: unable to enumerate USB device
[  695.955614][T16576] binder: 16574:16576 ioctl c0306201 200000001a80 returned -14
[  696.833155][ T5964] usb 5-1: USB disconnect, device number 123
[  696.950255][T16597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3131'.
[  697.034609][T16601] input: syz0 as /devices/virtual/input/input63
[  697.066560][T16601] input: syz0 as /devices/virtual/input/input64
[  697.463958][T16612] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  697.463958][T16612] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  697.490565][T14071] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[  697.515822][T16612] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3137'.
[  697.691472][T14071] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  697.757822][T14071] usb 5-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00
[  697.776050][T14071] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.795162][T14071] usb 5-1: config 0 descriptor??
[  698.461096][T14071] usbhid 5-1:0.0: can't add hid device: -71
[  698.468247][T14071] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  698.483652][T14071] usb 5-1: USB disconnect, device number 124
[  698.790251][T16628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3142'.
[  698.852392][T16625] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3141'.
[  699.238105][   T24] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  699.387949][   T24] usb 3-1: Using ep0 maxpacket: 32
[  699.398237][   T24] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  699.406797][   T24] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  699.416970][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  699.426208][   T24] usb 3-1: config 1 has no interface number 0
[  699.433137][   T24] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  699.445252][   T24] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  699.483243][   T24] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  699.633832][   T24] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  699.644343][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.745231][   T24] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  700.040472][   T24] snd_usb_pod 3-1:1.1: cannot start listening: -90
[  700.137217][   T24] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  700.183850][   T24] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -90
[  700.334514][   T24] usb 3-1: USB disconnect, device number 106
[  700.636398][T16661] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3153'.
[  701.236476][ T5964] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[  701.515161][ T5964] usb 6-1: Using ep0 maxpacket: 16
[  701.600455][ T5964] usb 6-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  701.609848][ T5964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.627815][ T5964] usb 6-1: Product: syz
[  701.641468][ T5964] usb 6-1: Manufacturer: syz
[  701.646930][ T5964] usb 6-1: SerialNumber: syz
[  701.672232][ T5964] usb 6-1: config 0 descriptor??
[  701.882818][ T5964] speedtch 6-1:0.0: speedtch_bind: wrong device class 68
[  701.956094][ T5964] speedtch 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[  701.994001][T16673] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3157'.
[  702.385158][ T5964] usb 6-1: USB disconnect, device number 87
[  702.704820][T16685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3160'.
[  702.791400][T16688] netlink: 260 bytes leftover after parsing attributes in process `syz.4.3162'.
[  703.048201][T16698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3161'.
[  703.058044][T16698] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  704.005515][T16708] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.3166' resets device
[  704.388624][T16718] fuse: Unknown parameter 'D21�QI��M&���O�E9��7}�-�HG��l�.'@������ڭ���E�9���?�C�<i�$��a[	q�z��|��H���Q��\P}&
U���s^�Ɇ�;G�1��ꫪ
[  704.388624][T16718] ��q?2�3u:�wԇ���d�]�G�����o��|B�fb<i?��ĩL�H֏�1��FQͤE�ѴU+`b��E��ڜwh�;�0��X���@�'
[  704.496361][T16718] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3169'.
[  705.420606][T16723] picdev_read: 8 callbacks suppressed
[  705.420629][T16723] kvm: pic: non byte read
[  705.431080][T16723] pic_ioport_write: 6 callbacks suppressed
[  705.431099][T16723] kvm: pic: level sensitive irq not supported
[  705.442033][T16723] kvm: pic: non byte read
[  705.453003][T16723] kvm: pic: level sensitive irq not supported
[  705.453064][T16723] kvm: pic: non byte read
[  705.464021][T16723] kvm: pic: level sensitive irq not supported
[  705.464081][T16723] kvm: pic: non byte read
[  705.475384][T16723] kvm: pic: level sensitive irq not supported
[  705.475443][T16723] kvm: pic: non byte read
[  705.486534][T16723] kvm: pic: level sensitive irq not supported
[  705.486594][T16723] kvm: pic: non byte read
[  705.497501][T16723] kvm: pic: level sensitive irq not supported
[  705.497560][T16723] kvm: pic: non byte read
[  705.508654][T16723] kvm: pic: level sensitive irq not supported
[  705.508790][T16723] kvm: pic: non byte read
[  705.520457][T16723] kvm: pic: level sensitive irq not supported
[  705.520541][T16723] kvm: pic: non byte read
[  705.622127][ T5964] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  705.787799][ T5964] usb 3-1: Using ep0 maxpacket: 16
[  705.794506][ T5964] usb 3-1: config 0 has an invalid interface number: 40 but max is 0
[  705.817824][ T5964] usb 3-1: config 0 has no interface number 0
[  705.857819][   T24] usb 6-1: new full-speed USB device number 88 using dummy_hcd
[  705.884269][ T5964] usb 3-1: New USB device found, idVendor=22b8, idProduct=689d, bcdDevice=20.6b
[  705.894137][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.902219][ T5964] usb 3-1: Product: syz
[  705.913308][ T5964] usb 3-1: Manufacturer: syz
[  705.925319][ T5964] usb 3-1: SerialNumber: syz
[  705.944803][ T5964] usb 3-1: config 0 descriptor??
[  706.012160][   T24] usb 6-1: config index 0 descriptor too short (expected 69, got 36)
[  706.023949][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  706.112209][   T24] usb 6-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  706.124769][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.137673][   T24] usb 6-1: Product: syz
[  706.142023][   T24] usb 6-1: Manufacturer: syz
[  706.153592][   T24] usb 6-1: SerialNumber: syz
[  706.176967][   T24] usb 6-1: config 0 descriptor??
[  706.177044][ T5964] qmi_wwan 3-1:0.40: More than one union descriptor, skipping ...
[  706.205335][ T5964] qmi_wwan 3-1:0.40: probe with driver qmi_wwan failed with error -22
[  706.217532][   T24] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  706.249155][ T5964] usb 3-1: USB disconnect, device number 107
[  706.633248][T16723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  706.643301][T16723] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  706.938672][   T24] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110
[  706.946459][   T24] gspca_pac7302 6-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  707.247806][ T5964] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  707.398203][ T5964] usb 3-1: Using ep0 maxpacket: 8
[  707.412057][ T5964] usb 3-1: config 0 interface 0 has no altsetting 0
[  707.434093][ T5964] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  707.448308][ T5964] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.458397][ T5964] usb 3-1: Product: syz
[  707.462687][ T5964] usb 3-1: Manufacturer: syz
[  707.467383][ T5964] usb 3-1: SerialNumber: syz
[  707.478771][ T5964] usb 3-1: config 0 descriptor??
[  707.490627][ T5964] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[  708.299507][   T24] usb 6-1: USB disconnect, device number 88
[  709.128043][   T24] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[  709.290061][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  709.301070][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  709.314079][   T24] usb 5-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  709.323506][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.334395][   T24] usb 5-1: config 0 descriptor??
[  709.477814][ T5933] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  709.607807][ T5933] usb 6-1: device descriptor read/64, error -71
[  709.754978][   T24] megaworld 0003:07B5:0312.001F: ignoring exceeding usage max
[  709.783247][   T24] megaworld 0003:07B5:0312.001F: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.4-1/input0
[  709.796298][   T24] megaworld 0003:07B5:0312.001F: no inputs found
[  709.844356][ T5964] snd_usb_toneport 3-1:0.0: set_interface failed
[  709.868072][ T5933] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  709.877488][ T5964] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[  709.893384][T16760] netlink: 'syz.2.3185': attribute type 10 has an invalid length.
[  709.902252][T16760] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3185'.
[  709.905952][ T5964] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  709.919912][T16760] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.3185' sets config #0
[  709.937043][ T5964] usb 3-1: USB disconnect, device number 108
[  710.047884][ T5933] usb 6-1: device descriptor read/64, error -71
[  710.158229][ T5933] usb usb6-port1: attempt power cycle
[  710.497812][ T5933] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  710.529388][ T5933] usb 6-1: device descriptor read/8, error -71
[  710.574422][T16769] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3188'.
[  710.589245][T16769] batadv1: entered promiscuous mode
[  710.594634][T16769] batadv1: entered allmulticast mode
[  710.778183][ T5933] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  710.798779][ T5933] usb 6-1: device descriptor read/8, error -71
[  710.812171][T16773] netlink: 'syz.2.3189': attribute type 27 has an invalid length.
[  710.908141][ T5933] usb usb6-port1: unable to enumerate USB device
[  710.941764][T16773] 8021q: adding VLAN 0 to HW filter on device bond0
[  710.950061][T16773] 8021q: adding VLAN 0 to HW filter on device team0
[  710.967414][T16773] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  711.197901][ T5933] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  711.358475][ T5933] usb 3-1: Using ep0 maxpacket: 16
[  711.365824][ T5933] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  711.374226][ T5933] usb 3-1: config 0 has no interface number 0
[  711.382737][ T5933] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  711.391991][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.400692][ T5933] usb 3-1: Product: syz
[  711.404869][ T5933] usb 3-1: Manufacturer: syz
[  711.409533][ T5933] usb 3-1: SerialNumber: syz
[  711.417045][ T5933] usb 3-1: config 0 descriptor??
[  711.427376][ T5933] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  711.766636][   T24] usb 5-1: USB disconnect, device number 125
[  712.158328][   T24] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[  712.167054][T16784] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3194'.
[  712.328033][   T24] usb 5-1: Using ep0 maxpacket: 16
[  712.335285][   T24] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  712.360340][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.375555][   T24] usb 5-1: config 0 has no interface number 0
[  712.389840][   T24] usb 5-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b
[  712.405615][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.437679][   T24] usb 5-1: config 0 descriptor??
[  712.548242][ T5933] gspca_spca1528: reg_w err -110
[  712.567929][ T5933] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  712.610561][ T6291] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  712.652493][   T24] usb 5-1: string descriptor 0 read error: -71
[  712.662376][T16777] delete_channel: no stack
[  712.675304][   T24] usb 5-1: Found UVC 0.00 device <unnamed> (0bd3:0555)
[  712.689118][   T24] usb 5-1: No valid video chain found.
[  712.697961][   T24] usb 5-1: USB disconnect, device number 126
[  712.767922][ T6291] usb 6-1: Using ep0 maxpacket: 8
[  712.784767][ T6291] usb 6-1: config 0 interface 0 has no altsetting 0
[  712.808143][ T6291] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  712.821371][ T6291] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.829896][ T6291] usb 6-1: Product: syz
[  712.834279][ T6291] usb 6-1: Manufacturer: syz
[  712.839340][ T6291] usb 6-1: SerialNumber: syz
[  712.850297][ T6291] usb 6-1: config 0 descriptor??
[  712.860531][ T6291] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found
[  714.010919][ T5933] usb 3-1: USB disconnect, device number 109
[  714.145839][T16799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3198'.
[  714.188220][T16799] FAULT_INJECTION: forcing a failure.
[  714.188220][T16799] name failslab, interval 1, probability 0, space 0, times 0
[  714.212466][T16799] CPU: 0 UID: 0 PID: 16799 Comm: syz.2.3198 Not tainted syzkaller #0 PREEMPT(full) 
[  714.212484][T16799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  714.212493][T16799] Call Trace:
[  714.212502][T16799]  <TASK>
[  714.212511][T16799]  dump_stack_lvl+0x189/0x250
[  714.212537][T16799]  ? __pfx____ratelimit+0x10/0x10
[  714.212562][T16799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  714.212579][T16799]  ? __pfx__printk+0x10/0x10
[  714.212596][T16799]  ? __pfx___might_resched+0x10/0x10
[  714.212608][T16799]  should_fail_ex+0x414/0x560
[  714.212624][T16799]  should_failslab+0xa8/0x100
[  714.212643][T16799]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  714.212667][T16799]  ? __alloc_skb+0x112/0x2d0
[  714.212688][T16799]  __alloc_skb+0x112/0x2d0
[  714.212709][T16799]  netlink_sendmsg+0x5c6/0xb30
[  714.212731][T16799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  714.212742][T16799]  ? aa_sock_msg_perm+0xf1/0x1d0
[  714.212753][T16799]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  714.212764][T16799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  714.212773][T16799]  __sock_sendmsg+0x219/0x270
[  714.212791][T16799]  ____sys_sendmsg+0x505/0x830
[  714.212815][T16799]  ? __pfx_____sys_sendmsg+0x10/0x10
[  714.212843][T16799]  ? import_iovec+0x74/0xa0
[  714.212866][T16799]  ___sys_sendmsg+0x21f/0x2a0
[  714.212883][T16799]  ? __pfx____sys_sendmsg+0x10/0x10
[  714.212938][T16799]  ? __fget_files+0x2a/0x420
[  714.212959][T16799]  ? __fget_files+0x3a0/0x420
[  714.212989][T16799]  __x64_sys_sendmsg+0x19b/0x260
[  714.213009][T16799]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  714.213036][T16799]  ? __pfx_ksys_write+0x10/0x10
[  714.213054][T16799]  ? rcu_is_watching+0x15/0xb0
[  714.213075][T16799]  ? do_syscall_64+0xbe/0x3b0
[  714.213095][T16799]  do_syscall_64+0xfa/0x3b0
[  714.213109][T16799]  ? lockdep_hardirqs_on+0x9c/0x150
[  714.213130][T16799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  714.213147][T16799]  ? clear_bhb_loop+0x60/0xb0
[  714.213167][T16799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  714.213183][T16799] RIP: 0033:0x7f4bcf78ebe9
[  714.213200][T16799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  714.213214][T16799] RSP: 002b:00007f4bd0589038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  714.213231][T16799] RAX: ffffffffffffffda RBX: 00007f4bcf9c5fa0 RCX: 00007f4bcf78ebe9
[  714.213244][T16799] RDX: 0000000004000800 RSI: 0000200000000000 RDI: 0000000000000003
[  714.213255][T16799] RBP: 00007f4bd0589090 R08: 0000000000000000 R09: 0000000000000000
[  714.213266][T16799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  714.213274][T16799] R13: 00007f4bcf9c6038 R14: 00007f4bcf9c5fa0 R15: 00007f4bcfaefa28
[  714.213301][T16799]  </TASK>
[  714.807327][T16802] could not allocate digest TFM handle poly1305-simd
[  715.286414][ T6291] snd_usb_toneport 6-1:0.0: set_interface failed
[  715.335292][T16813] syzkaller0: entered promiscuous mode
[  715.341080][T16813] syzkaller0: entered allmulticast mode
[  715.446258][ T6291] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected
[  715.460388][T16818] tipc: Started in network mode
[  715.477652][T16818] tipc: Node identity 5ad449c584ed, cluster identity 4711
[  715.486729][ T6291] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -71
[  715.512015][T16818] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  715.521530][ T6291] usb 6-1: USB disconnect, device number 93
[  715.550187][T16813] ip_vti0: mtu less than device minimum
[  715.741678][T16821] syzkaller0: entered promiscuous mode
[  715.747203][T16821] syzkaller0: entered allmulticast mode
[  716.052552][T16823] tipc: Resetting bearer <eth:syzkaller0>
[  716.082034][T16817] tipc: Resetting bearer <eth:syzkaller0>
[  716.148682][T16817] tipc: Disabling bearer <eth:syzkaller0>
[  716.318578][T15918] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  716.337974][T15918] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  716.346922][T15918] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  716.358327][T15918] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  716.366689][T15918] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  716.607815][ T5964] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[  716.767835][ T5964] usb 6-1: Using ep0 maxpacket: 16
[  716.774607][T16834] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3206'.
[  716.775059][ T5964] usb 6-1: config 0 has an invalid interface number: 161 but max is 0
[  716.817354][ T5964] usb 6-1: config 0 has no interface number 0
[  716.842041][ T5964] usb 6-1: config 0 interface 161 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64
[  716.891623][ T5964] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0102, bcdDevice=9a.fd
[  716.905284][ T5964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.931868][ T5964] usb 6-1: Product: syz
[  716.947318][ T5964] usb 6-1: Manufacturer: syz
[  716.957469][T16830] chnl_net:caif_netlink_parms(): no params data found
[  716.972915][ T5964] usb 6-1: SerialNumber: syz
[  717.004648][ T5964] usb 6-1: config 0 descriptor??
[  717.018783][T16828] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  717.036562][ T5964] kvaser_usb 6-1:0.161: error -ENODEV: Cannot get usb endpoint(s)
[  717.382608][T16830] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.416407][T16830] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.448157][T16830] bridge_slave_0: entered allmulticast mode
[  717.475442][T16830] bridge_slave_0: entered promiscuous mode
[  717.582300][T16830] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.623903][T16830] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.665271][T16830] bridge_slave_1: entered allmulticast mode
[  717.723369][T16830] bridge_slave_1: entered promiscuous mode
[  717.862652][T16857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3210'.
[  718.132895][T16830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  718.208609][T16830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  718.410791][T15917] Bluetooth: hci5: command tx timeout
[  718.454314][T16830] team0: Port device team_slave_0 added
[  718.753611][T16830] team0: Port device team_slave_1 added
[  718.874330][T16859] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  718.888264][T16859] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  718.918275][T16859] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  718.933399][T16830] batman_adv: batadv0: Adding interface: batadv_slave_0
[  718.952814][T16859] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  718.961526][T16830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  719.000998][T16859] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  719.048374][T16859] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  719.048523][T16830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  719.145127][T16830] batman_adv: batadv0: Adding interface: batadv_slave_1
[  719.175710][T16830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  719.205060][T16859] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  719.211416][T16830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  719.324980][T16859] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  719.337497][T16859] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  719.374458][ T5933] usb 6-1: USB disconnect, device number 94
[  719.518034][T16859] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  720.182289][T16830] hsr_slave_0: entered promiscuous mode
[  720.195793][T16830] hsr_slave_1: entered promiscuous mode
[  720.244637][T16830] debugfs: 'hsr0' already exists in 'hsr'
[  720.258454][T15917] Bluetooth: hci0: command 0x0405 tx timeout
[  720.267123][T16830] Cannot create hsr debugfs directory
[  720.567366][T16886] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3217'.
[  720.656906][T16830] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  720.694775][T16830] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  720.763047][T16830] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  720.791090][T16830] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  720.903468][T16889] could not allocate digest TFM handle poly1305-simd
[  720.970015][T15917] Bluetooth: hci2: command 0x0c1a tx timeout
[  720.976678][T15917] Bluetooth: hci4: command 0x0c1a tx timeout
[  720.982782][T15917] Bluetooth: hci1: command 0x0405 tx timeout
[  721.000819][T16902] fuse: Bad value for 'group_id'
[  721.037155][T16902] fuse: Bad value for 'group_id'
[  721.039040][T16830] 8021q: adding VLAN 0 to HW filter on device bond0
[  721.058829][T15917] Bluetooth: hci3: command 0x0c1a tx timeout
[  721.072065][T16830] 8021q: adding VLAN 0 to HW filter on device team0
[  721.124744][T12438] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.132070][T12438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  721.161342][T12438] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.168544][T12438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  721.388962][T15917] Bluetooth: hci5: command 0x040f tx timeout
[  721.452048][T16830] 8021q: adding VLAN 0 to HW filter on device batadv0
[  721.535180][T16913] binder: 16906:16913 ioctl c0306201 200000000100 returned -14
[  721.565860][T16830] veth0_vlan: entered promiscuous mode
[  721.686506][T16830] veth1_vlan: entered promiscuous mode
[  721.754621][T16914] page: refcount:515 mapcount:0 mapping:ffff888144ed6fb0 index:0x0 pfn:0x53600
[  721.764618][T16914] head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0
[  721.773117][T16914] aops:hugetlbfs_aops ino:f0f9 dentry name(?):"anon_hugepage"
[  721.780574][T16914] flags: 0xfff000000000c1(locked|waiters|head|node=0|zone=1|lastcpupid=0x7ff)
[  721.789401][T16914] page_type: f4(hugetlb)
[  721.793621][T16914] raw: 00fff000000000c1 ffffc9000b2dfe10 ffffc9000b2dfe10 ffff888144ed6fb0
[  721.802272][T16914] raw: 0000000000000000 0000000000000000 00000203f4000000 0000000000000000
[  721.810840][T16914] head: 00fff000000000c1 ffffc9000b2dfe10 ffffc9000b2dfe10 ffff888144ed6fb0
[  721.819543][T16914] head: 0000000000000000 0000000000000000 00000203f4000000 0000000000000000
[  721.828466][T16914] head: 00fff00000000009 ffffea00014d8001 0000000000000000 0000000000000000
[  721.837155][T16914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000200
[  721.845804][T16914] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio))
[  721.853244][T16914] page_owner tracks the page as allocated
[  721.859806][T16914] page last allocated via order 9, migratetype Movable, gfp_mask 0x146cca(GFP_HIGHUSER_MOVABLE|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16318, tgid 16317 (syz.2.3041), ts 681634420554, free_ts 681627424006
[  721.880586][T16914]  post_alloc_hook+0x240/0x2a0
[  721.885363][T16914]  get_page_from_freelist+0x21e4/0x22c0
[  721.890896][T16914]  __alloc_frozen_pages_noprof+0x181/0x370
[  721.896687][T16914]  alloc_buddy_hugetlb_folio+0xdf/0x1c0
[  721.902237][T16914]  only_alloc_fresh_hugetlb_folio+0x8c/0x280
[  721.908204][T16914]  alloc_surplus_hugetlb_folio+0x103/0x430
[  721.914003][T16914]  alloc_hugetlb_folio+0xb1a/0x16a0
[  721.919193][T16914]  hugetlb_fault+0x1dc2/0x2970
[  721.923944][T16914]  handle_mm_fault+0x740/0x8e0
[  721.928706][T16914]  __get_user_pages+0x1699/0x2ce0
[  721.933725][T16914]  populate_vma_page_range+0x29f/0x3a0
[  721.939172][T16914]  __mm_populate+0x24c/0x380
[  721.943758][T16914]  vm_mmap_pgoff+0x387/0x4d0
[  721.948366][T16914]  ksys_mmap_pgoff+0x587/0x760
[  721.953605][T16914]  do_syscall_64+0xfa/0x3b0
[  721.958269][T16914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.964147][T16914] page last free pid 16318 tgid 16317 stack trace:
[  721.970683][T16914]  __free_frozen_pages+0xbc4/0xd30
[  721.975791][T16914]  __folio_put+0x21b/0x2c0
[  721.980189][T16914]  update_and_free_hugetlb_folio+0x169/0x280
[  721.986151][T16914]  free_huge_folio+0xd72/0x1100
[  721.990984][T16914]  folios_put_refs+0x410/0x640
[  721.995725][T16914]  free_pages_and_swap_cache+0x4be/0x520
[  722.001343][T16914]  tlb_flush_mmu+0x3a0/0x680
[  722.005922][T16914]  tlb_finish_mmu+0xc3/0x1d0
[  722.010496][T16914]  vms_clear_ptes+0x42c/0x540
[  722.015160][T16914]  mmap_region+0x972/0x20c0
[  722.019732][T16914]  do_mmap+0xc45/0x10d0
[  722.023871][T16914]  vm_mmap_pgoff+0x2a6/0x4d0
[  722.028451][T16914]  ksys_mmap_pgoff+0x587/0x760
[  722.033196][T16914]  do_syscall_64+0xfa/0x3b0
[  722.037697][T16914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.043655][T16914] ------------[ cut here ]------------
[  722.049094][T16914] kernel BUG at mm/filemap.c:154!
[  722.054128][T16914] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  722.060349][T16914] CPU: 1 UID: 0 PID: 16914 Comm: syz.4.3221 Not tainted syzkaller #0 PREEMPT(full) 
[  722.069723][T16914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  722.079770][T16914] RIP: 0010:filemap_unaccount_folio+0x715/0x790
[  722.086013][T16914] Code: a4 c9 ff 48 89 df 48 c7 c6 60 3b 94 8b e8 73 f4 31 ff 90 0f 0b e8 eb a3 c9 ff 48 89 df 48 c7 c6 40 3a 94 8b e8 5c f4 31 ff 90 <0f> 0b e8 d4 a3 c9 ff 48 89 df 48 c7 c6 60 3b 94 8b e8 45 f4 31 ff
[  722.105608][T16914] RSP: 0018:ffffc9000b33ee20 EFLAGS: 00010046
[  722.111665][T16914] RAX: f183944b6205fc00 RBX: ffffea00014d8000 RCX: f183944b6205fc00
[  722.119620][T16914] RDX: 0000000000000005 RSI: ffffffff8dba7642 RDI: ffff888036358000
[  722.127595][T16914] RBP: 0000000000000001 R08: ffff8880b8724253 R09: 1ffff110170e484a
[  722.135553][T16914] R10: dffffc0000000000 R11: ffffed10170e484b R12: 0000000000000040
[  722.144031][T16914] R13: 1ffffd400029b000 R14: 1ffffd400029b001 R15: ffffea00014d8008
[  722.152012][T16914] FS:  00007ff91b7b26c0(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000
[  722.160922][T16914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.167519][T16914] CR2: 0000200000126b70 CR3: 00000000478d4000 CR4: 00000000003526f0
[  722.175496][T16914] Call Trace:
[  722.178764][T16914]  <TASK>
[  722.181697][T16914]  __filemap_remove_folio+0xc3/0x500
[  722.187064][T16914]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  722.192424][T16914]  ? __pfx___filemap_remove_folio+0x10/0x10
[  722.198304][T16914]  ? _raw_spin_lock_irq+0xae/0xf0
[  722.203309][T16914]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  722.208837][T16914]  filemap_remove_folio+0xe6/0x1f0
[  722.213953][T16914]  remove_inode_hugepages+0x594/0x1100
[  722.219409][T16914]  ? __pfx_remove_inode_hugepages+0x10/0x10
[  722.225299][T16914]  ? preempt_schedule_thunk+0x16/0x30
[  722.230660][T16914]  ? up_write+0x1f2/0x420
[  722.234975][T16914]  hugetlbfs_fallocate+0xbc7/0x1100
[  722.240175][T16914]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  722.245878][T16914]  ? irqentry_exit+0x74/0x90
[  722.250474][T16914]  ? __pfx_hugetlbfs_fallocate+0x10/0x10
[  722.256097][T16914]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  722.261972][T16914]  vfs_fallocate+0x666/0x7e0
[  722.266548][T16914]  ? __pfx_vfs_fallocate+0x10/0x10
[  722.271646][T16914]  madvise_vma_behavior+0x3254/0x3af0
[  722.277031][T16914]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  722.282778][T16914]  ? rcu_is_watching+0x15/0xb0
[  722.287618][T16914]  ? trace_irq_disable+0x37/0x110
[  722.292647][T16914]  ? preempt_schedule_irq+0xde/0x150
[  722.297925][T16914]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  722.303662][T16914]  ? irqentry_exit+0x74/0x90
[  722.308257][T16914]  ? lockdep_hardirqs_on+0x9c/0x150
[  722.313450][T16914]  ? mas_prev_slot+0xb31/0xbb0
[  722.318212][T16914]  ? find_vma_prev+0xfc/0x170
[  722.322891][T16914]  ? __pfx_find_vma_prev+0x10/0x10
[  722.327991][T16914]  madvise_walk_vmas+0x51c/0xa30
[  722.332932][T16914]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  722.338385][T16914]  ? blk_start_plug+0x6f/0x1b0
[  722.343156][T16914]  madvise_do_behavior+0x38e/0x550
[  722.348268][T16914]  ? __pfx_madvise_do_behavior+0x10/0x10
[  722.353879][T16914]  ? down_read+0x1ad/0x2e0
[  722.358286][T16914]  do_madvise+0x1bc/0x270
[  722.362601][T16914]  ? __pfx_do_madvise+0x10/0x10
[  722.367437][T16914]  __x64_sys_madvise+0xa7/0xc0
[  722.372194][T16914]  do_syscall_64+0xfa/0x3b0
[  722.376691][T16914]  ? lockdep_hardirqs_on+0x9c/0x150
[  722.381885][T16914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.387934][T16914]  ? clear_bhb_loop+0x60/0xb0
[  722.392605][T16914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.398565][T16914] RIP: 0033:0x7ff91d98ebe9
[  722.402958][T16914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.422544][T16914] RSP: 002b:00007ff91b7b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  722.431201][T16914] RAX: ffffffffffffffda RBX: 00007ff91dbc6270 RCX: 00007ff91d98ebe9
[  722.439153][T16914] RDX: 0000000000000009 RSI: 0000000000600002 RDI: 0000200000000000
[  722.447117][T16914] RBP: 00007ff91da11e19 R08: 0000000000000000 R09: 0000000000000000
[  722.455082][T16914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  722.463119][T16914] R13: 00007ff91dbc6308 R14: 00007ff91dbc6270 R15: 00007ff91dcefa28
[  722.471164][T16914]  </TASK>
[  722.474169][T16914] Modules linked in:
[  722.478046][T16914] ---[ end trace 0000000000000000 ]---
[  722.483476][T16914] RIP: 0010:filemap_unaccount_folio+0x715/0x790
[  722.489783][T16914] Code: a4 c9 ff 48 89 df 48 c7 c6 60 3b 94 8b e8 73 f4 31 ff 90 0f 0b e8 eb a3 c9 ff 48 89 df 48 c7 c6 40 3a 94 8b e8 5c f4 31 ff 90 <0f> 0b e8 d4 a3 c9 ff 48 89 df 48 c7 c6 60 3b 94 8b e8 45 f4 31 ff
[  722.509385][T16914] RSP: 0018:ffffc9000b33ee20 EFLAGS: 00010046
[  722.515433][T16914] RAX: f183944b6205fc00 RBX: ffffea00014d8000 RCX: f183944b6205fc00
[  722.523384][T16914] RDX: 0000000000000005 RSI: ffffffff8dba7642 RDI: ffff888036358000
[  722.531345][T16914] RBP: 0000000000000001 R08: ffff8880b8724253 R09: 1ffff110170e484a
[  722.539380][T16914] R10: dffffc0000000000 R11: ffffed10170e484b R12: 0000000000000040
[  722.547357][T16914] R13: 1ffffd400029b000 R14: 1ffffd400029b001 R15: ffffea00014d8008
[  722.555307][T16914] FS:  00007ff91b7b26c0(0000) GS:ffff888125d18000(0000) knlGS:0000000000000000
[  722.564218][T16914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.570777][T16914] CR2: 0000200000126b70 CR3: 00000000478d4000 CR4: 00000000003526f0
[  722.578731][T16914] Kernel panic - not syncing: Fatal exception
[  722.585049][T16914] Kernel Offset: disabled
[  722.589356][T16914] Rebooting in 86400 seconds..