last executing test programs:

18m21.104438726s ago: executing program 3 (id=1594):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0x40045017, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = accept4$unix(r2, 0x0, &(0x7f00000001c0), 0x0)
connect$unix(r3, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x89901)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
move_mount(r5, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x206)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae09, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0x1000, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents64(r8, &(0x7f0000002f40)=""/4090, 0xffa)
sendmsg$NFT_BATCH(r7, 0x0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0)
mlock2(&(0x7f0000a32000/0xe000)=nil, 0xe000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$RTC_WKALM_SET(r8, 0x4028700f, &(0x7f00000000c0)={0xfa, 0x1, {0x32, 0x2, 0xc, 0x8000008, 0xb, 0x3, 0x5, 0x6b}})

18m19.868105701s ago: executing program 3 (id=1596):
r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000200)={<r2=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
modify_ldt$write(0x1, &(0x7f0000000000)={0x80, 0x0, 0x400}, 0x10)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000004c0)={0x12, 0x10, 0xfa00, {0x0, r2, r3}}, 0x18)

18m19.631037768s ago: executing program 3 (id=1597):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
r1 = socket$inet6(0xa, 0x5, 0xffffffff)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x18)
r2 = fsopen(&(0x7f0000000200)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000980)='#\n$)-.\x02\xcc\xd7\xb2f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\n\x13:\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb|&#\xe9\xa3\'\x91>C\x1bV\x87\xeb\xfe\xda\x89\xb7}@\xab\x16\x9c{\x8c\x97\xcc\xe7\xa5\xf5\xeb2\x9a\xed%\xf2\x8f\x97\x18\xce\x92\xc9\xa8\x1c\x9d\\C\xfeI%\xae\x8fKHq\x89\x83\xbb\x9dC\xd6H\x80s\xd66y\xfao\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n=/o\xf3\x96\xaf\b1\x1b48\bu\x01\xab\x90Q\xe8r\xe7\r\'-06,\xff\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495\x12B\x06\xe5\x8f\x83Vb\xf1\xbc\xb9E\x1a\x9bH$\x1f^\x9dX\xd0\xca\xcc\xc9\x86\xaa\xd0\x9c\xc0\x82\xabE\xcc{\xcd\xd3\xdb\x97\x1e.y\xb0\x9f\x8f\xefv\x9c\xbd%\x84\xbf\"\xd9\xb4Vm\t.\x15\xf1)\xd6\xd8\x1cb\xc5\xd9=c\xb5<|+K*\x9f\x01u', 0xfeffffff00000000)
recvmmsg(r1, &(0x7f0000005600)=[{{0x0, 0x0, &(0x7f0000003800)=[{&(0x7f0000000680)=""/4096, 0x1000}, {0x0}], 0x2}, 0xfffffff6}], 0x1, 0x2, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x17, 0x78, 0x3, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x4, "dadf3f33eca795096ce04b85fb9795e19facc630b128c0641e2ef7255583ea34", "1f5a24a92ab34f6fd109cd1ce17bdf1d", {"47fe387fdb519e704be01891191958f1", "e2b5b9fa5c2f561c278dcd17aa2df6d9"}}}}}}}, 0x0)

18m19.40783952s ago: executing program 3 (id=1598):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x81)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
move_mount(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00', 0x46)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@map=r2, 0xf, 0x0, 0x4, &(0x7f0000000480)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000500)=[0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0], &(0x7f0000000580)=[0x0], <r5=>0x0}, 0x40)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r6, 0x10000000005, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000600)={@map=r6, r2, 0x37, 0x0, 0x0, @void, @value=r2, @void, @void, r5}, 0x20)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000080)={0x1, @vbi={0x0, 0x0, 0x0, 0x34343452}})
ioctl$FS_IOC_GETFLAGS(r0, 0x80046601, &(0x7f0000000080))
sendto$inet6(r0, 0x0, 0x0, 0x20000045, 0x0, 0x0)
r7 = openat$kvm(0xffffff9c, &(0x7f0000000440), 0x400580, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
epoll_pwait2(r3, &(0x7f0000000480), 0x1555558f, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1781, 0x898, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0xa0, 0x2, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x3, 0x7, {0x9, 0x21, 0x2, 0x6, 0x1, {0x22, 0x57d}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x7, 0x9}}}}}]}}]}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff)
r8 = syz_io_uring_setup(0x6db1, &(0x7f00000001c0)={0x0, 0x6de4, 0x4000, 0x80, 0x5c}, &(0x7f0000000240), &(0x7f0000000680))
r9 = syz_io_uring_setup(0x1239, &(0x7f00000002c0)={0x0, 0xc3aa, 0x10000, 0x2, 0x399}, &(0x7f0000000340), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r8, 0x21, &(0x7f00000006c0)={0x0, 0x2a6f, 0x1, 0x2, 0x240, 0x0, r9}, 0x1)

18m17.748675042s ago: executing program 3 (id=1601):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
rt_sigqueueinfo(0x0, 0x3c, 0x0)
r2 = openat$audio(0xffffff9c, &(0x7f0000000100), 0x101000, 0x0)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
clock_gettime(0x7, &(0x7f0000000180))
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init()
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
pwritev2(0xffffffffffffffff, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x0)

18m17.34546446s ago: executing program 3 (id=1604):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5668, &(0x7f0000000000)={0xf00001, 0x9, @value=0x7fffffff})

18m16.580529249s ago: executing program 32 (id=1604):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5668, &(0x7f0000000000)={0xf00001, 0x9, @value=0x7fffffff})

8.760052642s ago: executing program 1 (id=5933):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, 0x0, &(0x7f0000001600)=[0x0], 0x0, 0x0, 0x0, 0x1})
r3 = memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)
write$binfmt_elf32(r1, &(0x7f0000001e80)=ANY=[], 0x38)
splice(r0, 0x0, r3, 0x0, 0x200002, 0x0)

8.509799073s ago: executing program 1 (id=5935):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000002d40)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)="a6c1a400265c7e70825f9175e4616ce0d2fa44208abad888bd46759698112eb06a37834f4328082445cd6407686f650ab7169e6168ea1770046213df074b8bb4a0984beb24909fe815383598a977592e1c4af6a13c503b4093d124670d557b2d0968b751ac11bdd385b46615afb482af41e5", 0x72}], 0x1, 0x0, 0x0, 0x10}], 0x1, 0x4030004)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x70)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x14, 0x0, 0x10, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x10)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f00000002c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f00000001c0))
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0xc0, &(0x7f0000000300)=0x3, 0x0, 0x4)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xa0, 0x7, 0x8, 0x0, 0xe56, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3ff})
socket$nl_generic(0x10, 0x3, 0x10)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x8, 0x80, 0x0, '\x00', 0x5c8d})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

8.196795969s ago: executing program 2 (id=5939):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x2, 0x3, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_key={0x4, 0x8, 0x88, 0x0, "342d32dbc26b399773d1318c4995cd60c7"}]}, 0x70}, 0x1, 0x7}, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0xff, 0x6}, 0x8)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000280)={0x3})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x18}}, 0x20000000)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8.001495649s ago: executing program 2 (id=5940):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x300)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

7.736059119s ago: executing program 2 (id=5941):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="201118"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_pidfd_open(0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map, 0xffffffffffffffff, 0xb, 0x0, 0x0, @void, @value}, 0x20)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
munmap(&(0x7f0000001000/0x2000)=nil, 0x2000)
sendmsg$tipc(r2, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)
listen(r1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd00000010000100050808004149004006040800", 0x58}, {0x0}], 0x2)
setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="180000002d00090026bd7000000000000400000004001d"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x40084)
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x0, 0x0)
open_by_handle_at(r5, &(0x7f0000000680)=ANY=[@ANYBLOB="1000"], 0xaa50b2488a313897)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x3, 0x4, 0x4, 0x0, 0x1009, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_open_dev$mouse(&(0x7f0000000080), 0x1, 0x2000)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_connect(0x3, 0x2d, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

7.0826072s ago: executing program 1 (id=5943):
syz_usb_connect(0x0, 0x36, &(0x7f0000000780)=ANY=[@ANYBLOB="120100000b529708410e42416ed401020301090224000100000000090400020221f7680009050100000401ff070905021008"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
socket$inet(0xa, 0x801, 0x84)
unshare(0x24060400)
pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x80000000000, 0x1, 0x100000000000, 0x0, 0x0, 0x9}, &(0x7f0000000380)={0xff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0)

6.987003362s ago: executing program 4 (id=5945):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000001080)=0x8) (async, rerun: 32)
r3 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000002f40)=ANY=[@ANYBLOB="500000001000370400"/20], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpgrp(0x0)
r5 = syz_pidfd_open(r4, 0x0)
process_madvise(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0xe, 0x0) (async, rerun: 64)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f00000002c0)={0x0, 0x42303159, 0x0, @discrete={0xe, 0xba}}) (rerun: 64)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000480)="a2caeca6ab4cfc6458432d2cd6e066db0b974ab2d51fce3736d3e4a68aff397feba8983b4a8d4c62f67d5becb53869dc8dd9b8a1d738866895205b82b4475f294961a0570ddec94310739a703276011c31635de2915a189f9d24d72bc74046c78c8a26a8cde0ec428758fa95acb71a9d1181a65f6ae52f5b69fabc3453b5a20976c04e96bf2d2662be38807cc8dda8bac28cd613e5e990e10a0e47e3df3c1aff4b957aa3ceb26bcd353ee7d9a34ba18825d3b329200740c53900fbc8c2eba76d82eca669116c67784b8ac3cbd3d85bc4f8ba73bc", 0xd4}], 0x1)
r6 = socket$inet6(0xa, 0x805, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xea75280f71c9c209, &(0x7f0000000080)={0x2, 0x4e22, @dev}, 0x10) (async)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/udp6\x00') (async)
readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000001400)=""/76, 0x4c}, {&(0x7f0000001480)=""/85, 0x55}, {&(0x7f0000001280)=""/22, 0x16}], 0x3) (async)
getsockopt$bt_hci(r6, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2c, &(0x7f0000001100)={0x9b, {{0xa, 0x4e22, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0xaa}}, {{0xa, 0x4e21, 0x5, @loopback, 0x6}}}, 0x104) (async, rerun: 32)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0x4f, 0xffffffff}, 0x0) (rerun: 32)
ioctl$IOMMU_GET_HW_INFO(r7, 0x3b8a, &(0x7f00000013c0)={0x28, 0x0, 0x0, 0xe2, &(0x7f00000012c0)=""/226}) (async)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) (async)
clock_nanosleep(0xfffffff2, 0x225c17d03, &(0x7f0000000400), 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$FBIOBLANK(r8, 0x4611, 0x0) (async)
unshare(0x28040600)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x8001000000000000, 0x40, &(0x7f00000017c0)=@raw={'raw\x00', 0x8, 0x3, 0x21c, 0xd0, 0x11, 0x148, 0xd0, 0x0, 0x188, 0x2a8, 0x2a8, 0x188, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x5, 0x4, 0x1, 0x6, 0x1, 0x5], 0x5, 0x2}, {0x0, [0x2, 0x5, 0x5, 0x4, 0x3, 0x3], 0x3, 0x3}}}}, {{@ip={@multicast1, @empty, 0xff000000, 0x0, 'gretap0\x00', 'lo\x00', {0xff}, {0xff}, 0x6c, 0x1, 0x10}, 0x0, 0x94, 0xb8, 0x0, {}, [@common=@icmp={{0x24}, {0x0, "05e4"}}]}, @common=@inet=@TCPMSS={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x278)
r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f00000000c0), 0x127, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r9, r9, r9}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'poly1305-simd\x00'}})

6.195663687s ago: executing program 4 (id=5947):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
lsm_list_modules(&(0x7f0000002600), &(0x7f0000000000), 0x0)

5.969776477s ago: executing program 4 (id=5950):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)
write$binfmt_elf32(r1, &(0x7f0000001e80)=ANY=[], 0x38)
splice(r0, 0x0, r2, 0x0, 0x200002, 0x3800)

5.779501792s ago: executing program 4 (id=5952):
r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000001100)={0x84, &(0x7f0000000940)={0x20, 0x12, 0x3, "16dc44"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x90, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x1ff, 0x2}}}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0xea}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x6}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x7}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x1}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x101}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x6}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xffffffff, 0x10}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x13}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x6c}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7e}]}, 0x90}, 0x1, 0x0, 0x0, 0x20020000}, 0x40000)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000440)=ANY=[@ANYBLOB="4018a80000004f"], 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r0)

5.31291071s ago: executing program 1 (id=5956):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_CHILD_SUBREAPER(0x41555856, 0x1)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffff}, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000280)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0xe, 0x0, 0x9, 0x2}, 0x10}, 0x1, 0x7}, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x56a, 0xd3, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0xc9, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x7f, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x8, 0xe, 0x1}}]}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000180)=@IORING_OP_NOP={0x0, 0x71})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
r10 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x80, 0x10100}, &(0x7f0000000480), &(0x7f0000000040)=<r11=>0x0)
syz_io_uring_setup(0x3f21, &(0x7f0000000280)={0x0, 0x800002, 0x2, 0x2, 0x0, 0x0, r10}, &(0x7f0000000000)=<r12=>0x0, &(0x7f00000005c0))
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0)
syz_io_uring_submit(r12, r11, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r13}})
io_uring_enter(r10, 0x48e9, 0x0, 0x0, 0x0, 0x0)

4.831767092s ago: executing program 0 (id=5957):
fanotify_init(0x2, 0x101000) (async)
r0 = fanotify_init(0x2, 0x101000)
openat$mice(0xffffff9c, &(0x7f0000000040), 0x101000) (async)
r1 = openat$mice(0xffffff9c, &(0x7f0000000040), 0x101000)
close_range(r0, r1, 0x2)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r4, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) (async)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000190c0), 0x121381, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, "4bad89600716799a64be0304000000cddf00"}) (async)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, "4bad89600716799a64be0304000000cddf00"})
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
write(r6, &(0x7f0000000640)='u', 0x1) (async)
write(r6, &(0x7f0000000640)='u', 0x1)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r7) (async)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000000000)={0xc, {"a2e3ad214fc752f91b25060987f70e06d038e7ff7fc6e5539b325d078b089b3b08386e090890e0878f0e1ac6e7049b334d959b429a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31303b305d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c0428918246d9e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1ccab2689bee59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae23034202210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ecdf5e08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r9 = syz_open_pts(r6, 0x0)
dup(r9)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) (async)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
syz_io_uring_setup(0x38a0, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x100001, 0xbfdffff8}, &(0x7f00000000c0), &(0x7f0000000040))
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x24}}, 0x0) (async)
sendmsg$nl_route(r11, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x24}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r12=>0xffffffffffffffff})
connect$unix(r12, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r12, &(0x7f000057eff8)=@abs, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38010000050a010200000000000000000100000108000540000000000c00024000000000000000010900030073797a300000000008000540fffffffe0900010073797a30000000000c0002400000000000000004dc000c00af9c520dafec1d6de6457d00a228864a04a4cb7cfbb2c4aec79f3a5787279bca1cd5bc0d656aa73806d73e42258b8300f5394390fa7dc7eb12e9119c95efe25fa18b1d560dcad06437705839a74617e51e4ef02ac917cae4f3d3d5a036725e20de204527b87f52e7528a2bc94334c24be28ff90e389b31a9b2f4332edb00bb127615d2977bb3ce92ebfd6193ec00adf7d164be29d04c1136ce1531d9e941c9d04d2f4acd7c653ba0f169630587aad9d12110fa64648b04eabb10b8b115647d39b70cf8d2f1880833a93d8756466c708a6e5e6fae99ae707608000a4000000004140000001100010000000000000000000000000a"], 0x160}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="20000000130a03000000000000000000020000000900020073797a31000000000dae1d35a7a12df1e02f4fccfbed055fad64d272a9ad9b189afb98d694050ec358c422cbd891c67ba7644737816681b6941c078e56730881002477ec066f10d8ce363d0d920ddf2a4b6428a57db6b9230e5b778cf30700000000aa369ef220ca1ef8d736a250d409eb9bc2b8b2024460f78e52be133494e1fdd659a058f333db89f7a7ac31628c661f"], 0x20}}, 0x0)

4.585364416s ago: executing program 2 (id=5959):
socket$rxrpc(0x21, 0x2, 0xa)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, 0x0})
syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000006c0)=@filter={'filter\x00', 0x4, 0x4, 0x648, 0xffffffff, 0x0, 0x408, 0x408, 0xfeffffff, 0xffffffff, 0x580, 0x580, 0x580, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @ipv4={'\x00', '\xff\xff', @broadcast}, [], [], 'veth0_to_bond\x00', 'veth0_to_bridge\x00', {}, {}, 0x3a}, 0x2f2, 0x31c, 0x340, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00', {0x6}}}, @common=@dst={{0x48}, {0x2, 0x1, 0x1, [0x3, 0x0, 0xf, 0x8006, 0x3ffc, 0x8, 0x0, 0x6, 0x2, 0xe0, 0x1, 0x6, 0x1, 0x8, 0x6, 0xb4], 0x2}}]}, @REJECT={0x24}}, {{@ipv6={@remote, @remote, [], [0x0, 0xffffff00], 'rose0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa4, 0xc8}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0xf}}}, {{@uncond, 0x0, 0x154, 0x178, 0x0, {}, [@common=@ipv6header={{0x24}, {0x0, 0x1}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, [0x0, 0x0, 0x0, 0xff]}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x8}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6a4)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
fanotify_mark(0xffffffffffffffff, 0x1, 0x48001059, 0xffffffffffffffff, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000440)=[{0x9, 0x8, 0x6, 0x8, @tick=0x9, {0xff, 0x3}, {0x3, 0x3}, @note={0x5, 0x8, 0x80, 0x14}}], 0x1c)
r4 = socket$isdn(0x22, 0x2, 0x22)
close(r4)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
shutdown(r3, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
io_uring_setup(0x4274, &(0x7f0000000100)={0x0, 0x205982, 0x8, 0x1, 0x273})
io_uring_setup(0x696a, &(0x7f0000000280)={0x0, 0x5f99, 0x80, 0x5, 0x11})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[], 0x64}}, 0x0)
close_range(r5, r5, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)

4.343892578s ago: executing program 0 (id=5960):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
read(r0, 0x0, 0x0)
close(r0)
socket$unix(0x1, 0x5, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000042c0)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

4.125257807s ago: executing program 5 (id=5961):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x4c, r3, 0x1, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x28, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0x4, 0x9}, @value=@ver_80211n={0x0, 0x9, 0x3, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080) (fail_nth: 7)

4.109665916s ago: executing program 0 (id=5962):
fanotify_init(0x200, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x10000, 0x2, 0x802ce}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
r5 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f0000000240))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @local, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x47}}, @pad1, @padn={0x1, 0x1, [0x0]}]}]}}}}}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000140)={0x7, 0x5, 0x6})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f0000000400)={r8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000440)={0x5, 0x1, 'client1\x00', 0x1, "9616d2d67d273fdb", "7001209b8e78d0917bc032f6bdda4aa20126286d579cd342f8d0f048a64b457a", 0x3, 0xfffffff8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

3.920046777s ago: executing program 5 (id=5963):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@delchain={0x24, 0x65, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xffff, 0xfff3}, {0xf, 0x2}, {0xb, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) (fail_nth: 1)

3.919489159s ago: executing program 0 (id=5964):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x803}, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000003c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, 0x3, r1, 0x0, 0x48}])
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = io_uring_setup(0x3e41, &(0x7f00000001c0)={0x0, 0x0, 0x100, 0x0, 0xcb})
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/slabinfo\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000000)=[{&(0x7f0000001140)=""/4151, 0x1037}], 0x1, 0x8b3, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'veth1_macvtap\x00'})
socket(0x10, 0x3, 0x0)
openat$mice(0xffffff9c, &(0x7f0000000000), 0x101000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
open(0x0, 0x0, 0xc6)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000180)=@x86={0x5, 0x6, 0x1, 0x0, 0x1, 0x80, 0x9, 0x97, 0x4a, 0x10, 0x81, 0x0, 0x0, 0xb, 0x7, 0x6, 0x6, 0x8c, 0x1, '\x00', 0x7, 0x3})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r5, 0x6, &(0x7f0000000280)={0x9, 0x0, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0xffffffff, 0x40000, 0x0, 'queue0\x00'})
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$media(&(0x7f00000001c0), 0x9, 0x402)

3.575149014s ago: executing program 2 (id=5965):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x0, 0x1)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x400, 0x1, 0xfffffffc}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8080)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_procfs(0x0, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x37d17b5b06c9a551, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c000000020605000000000000000000000000000c000300686173683a69700005000400000000000900020073797a3100000000050001000600000069f0dc8057597eef71e3231160ab8f7474c5eb2a0b0b5762f9809daecc4d17a242fbaeaf463e381b391429df92953653f8899052ecd71f28a3981eaef2d546135d1144ddc90e61b8e8f0d7bd23750e7ce15dbbf98e76363ecafe40440183d01cf1cb2ffca2414a3bfed2f5e65b33ccb98b"], 0x3c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000030605000000000000000000050000000500010007000000787a28ade98349ea0a9f50ed8a20c84cd0b04f441d8df08752fab948ec3be6320d770d17a59e3f1bfaf597bba450b32f9dc5615ef8290e8b6f0f006297184b014fa14f94ede8ec17e5239ad2fe6df0736b0373309f0d926e79b137d6567543f93ed01a386599ddc473081d0ab1dc25d020ee50320d5838c2a2444664c179c831fdbee45a39a63c54177ffd4780658fd18269adf65a635a982123706874d41e2badbcb5995a53d798350f4196fe87b369f6630ebc9a9d3f903225dbdc1687aac8"], 0x1c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000080)
mknod$loop(&(0x7f0000000080)='./bus\x00', 0x2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r8, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x8)
sendto$inet(r8, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140f000002080300000000000000000001000005eadaebd7a1e7ad9af19e60f3570e50b4cb8b2b2e8290e23f40b22fa6cad2521cf59e2b135304ac0ffbb87046b3fa49b50cb28c18394b33dd6cd6d1713bfa68eb5ce6c12bc634ab7f6f851e3b960a8466a61cb5c362abd75d011a7ea1e0ef5e760ea9d047233976436c4a87acce53f6accc362c318df6213a953f3442bba8a0d36079c011312c6b17cd132ecf8178966dbdd99bc464bc8ad9724871d9e5ab63609bb024e9b419d4850198d01e5199663098cc7bd1c462ce2be6d821e8460c84181c7aac61015222b22f5120bda4083d7b1de4dc79ca82b6437d201df93391c43c17212c39cb58e345be2329eadbc16378ff43e781ab7624341300bf249c75d5336107be8d02f4cbda9de1516f0a103e16657dae7f412c866117526890732fc27f382a61e5b0a9e796f6ae01ae25861ea0944167c0a840a2e44d639bcc77e0d90cad1e1806242428ddd59cac4e2be103cf6064f2e7ce54a69e6e2ec8e7a3200422cac91f2ce617c47fdef7dcd0bdd1d0531d101d49f6db94b5e759c1a72e5b8cc50ec87db5c8f6766c89b0fe828a589849c0"], 0x14}, 0x1, 0x0, 0x0, 0x4000c}, 0x4000014)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c884}, 0x20000081)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)

3.419823665s ago: executing program 5 (id=5966):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
socket$inet(0xa, 0x801, 0x84)
unshare(0x24060400)
pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x80000000000, 0x1, 0x100000000000, 0x0, 0x0, 0x9}, &(0x7f0000000380)={0xff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0)

3.260009189s ago: executing program 4 (id=5967):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000100)='-\'\\\x00', &(0x7f00000001c0)='./file0\x00', 0xffffffffffffff9c)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000280)={0x7ff, 0x8})
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x65)
sigaltstack(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a3200000000"], 0x80}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r6)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x4000})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="016f080e63b3c76c50932c11c0cf3100018000000000140a00000000000000000000008490783fffffffac1414aa000000005a466569190f2a74bdd40000aa04fab4bb73604834b969ea4b8d00a166c7190700f7124a7f7a4e30a73c296b8569d84eb641eb06e07f889b3923b6e88392be8e7f21db67b234f4905d0a03384f5f0b009732f12553fb7968ff154c0a96790fed86579a49a8c66c1ea2", @ANYRES64=r7, @ANYRESDEC, @ANYRES16], 0xfd6c)
r8 = add_key$user(0x0, 0x0, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r9 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x1000000, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000080)=@chain={'key_or_keyring:', r8})
keyctl$KEYCTL_MOVE(0x1e, r8, 0xffffffffffffffff, r9, 0x0)

2.616258954s ago: executing program 5 (id=5968):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4890}, 0x20000081)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x80000)

2.033047192s ago: executing program 5 (id=5969):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c4000007b6f4613d4448046b3958f32970b70f5aee2aa51cf3fc91af0fdd5c50225ad57df29024fd8b8c2ce06066ba3d8946d087cf267a06e781f34d15d175304872c114a58f0404ff40d0422d509c8cc4eedc64796714b7678c50c5cdd5e51", @ANYRES16=r1, @ANYBLOB="010027bd700000000000120000001800018014000200766c616e3100"/38], 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002700851600000a00180000000012000000001c005a801800"], 0x4c}}, 0x4000804)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r2, 0xa00, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xffff8000, 0x41}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_BSSID={0xa, 0xf5, @random="a27e0ec7bca6"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x1c}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x8041)

1.843801569s ago: executing program 0 (id=5970):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
ptrace(0x4208, r1)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES64=r0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000440005000000000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000e40)='ns\x00')
getdents64(r5, &(0x7f0000000e80)=""/4096, 0x1000)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x3c000180)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f0200f80d20"], 0x7)
r6 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r7 = openat$audio(0xffffff9c, &(0x7f0000000140), 0xa0200, 0x0)
ioctl$SOUND_PCM_READ_RATE(r7, 0x80045002, &(0x7f0000000180))
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x1, @mcast2, 0x5}}, {{0xa, 0x0, 0x6, @private2, 0xfffffffe}}}, 0x104)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000006800010003001000fdff000c00020001000000150000000c000e8006000100d43f000006"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)

1.496940638s ago: executing program 5 (id=5971):
socket$rxrpc(0x21, 0x2, 0xa)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, 0x0})
syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
fanotify_mark(0xffffffffffffffff, 0x1, 0x48001059, 0xffffffffffffffff, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000440)=[{0x9, 0x8, 0x6, 0x8, @tick=0x9, {0xff, 0x3}, {0x3, 0x3}, @note={0x5, 0x8, 0x80, 0x14}}], 0x1c)
r3 = socket$isdn(0x22, 0x2, 0x22)
close(r3)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
shutdown(r2, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
io_uring_setup(0x4274, &(0x7f0000000100)={0x0, 0x205982, 0x8, 0x1, 0x273})
io_uring_setup(0x696a, &(0x7f0000000280)={0x0, 0x5f99, 0x80, 0x5, 0x11})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000206056fd3000000000000000000000014000780080011400000000005001500000000000500010006000000050005000200000005000400000000000900020073797a300000000016000300686173683a6e6574"], 0x64}}, 0x0)
close_range(r4, r4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x200, 0x0)

901.640878ms ago: executing program 1 (id=5972):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
read(r0, 0x0, 0x0)
close(r0)
socket$unix(0x1, 0x5, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000042c0)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

741.179959ms ago: executing program 1 (id=5973):
socket$rxrpc(0x21, 0x2, 0xa)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x0, 0x0})
syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
fanotify_mark(0xffffffffffffffff, 0x1, 0x48001059, 0xffffffffffffffff, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000000440)=[{0x9, 0x8, 0x6, 0x8, @tick=0x9, {0xff, 0x3}, {0x3, 0x3}, @note={0x5, 0x8, 0x80, 0x14}}], 0x1c)
r3 = socket$isdn(0x22, 0x2, 0x22)
close(r3)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
shutdown(r2, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
io_uring_setup(0x4274, &(0x7f0000000100)={0x0, 0x205982, 0x8, 0x1, 0x273})
io_uring_setup(0x696a, &(0x7f0000000280)={0x0, 0x5f99, 0x80, 0x5, 0x11})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000206056fd3000000000000000000000014000780080011400000000005001500000000000500010006000000050005000200000005000400000000000900020073797a300000000016000300686173683a6e6574"], 0x64}}, 0x0) (fail_nth: 2)
close_range(r4, r4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x200, 0x0)

563.098107ms ago: executing program 4 (id=5974):
r0 = socket$kcm(0x2, 0x0, 0x84)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x20, 0xcd, 0x0, 0x5, 0x0, 0x5, 0xfa11, 0xffffffff}, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
rt_tgsigqueueinfo(0x0, 0x0, 0x5, &(0x7f0000000400)={0x2, 0xffffffff, 0xfffffffa})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000780)={0x0, <r3=>0x0})
r4 = syz_clone3(&(0x7f0000000a40)={0x40004200, &(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880), {0x39}, &(0x7f00000006c0)=""/159, 0x9f, &(0x7f0000000980)=""/25, &(0x7f0000000a00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x5}, 0x58)
r5 = openat$cgroup_root(0xffffff9c, &(0x7f0000000b00)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000b40)={0x0, &(0x7f0000000080), &(0x7f00000002c0), &(0x7f0000000300), {0xc}, &(0x7f0000000580)=""/156, 0x9c, &(0x7f0000000400)=""/227, &(0x7f0000000ac0)=[0x0, 0x0, 0x0, r4, 0x0, 0x0, r3, r4], 0x8, {r5}}, 0x58)
syz_open_procfs(0x0, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
r7 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
write$sndseq(r7, 0x0, 0x0)
ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000200)={{0xd902, 0x9, 0x6}, 'syz1\x00', 0x27})
sendto$inet6(0xffffffffffffffff, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358a", 0x3e, 0xc001, 0x0, 0x0)
syz_usb_connect(0x6, 0x3b, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x44004010, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0x0, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

560.410149ms ago: executing program 0 (id=5975):
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x24, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x1, 0x0, 0x0, 'queue1\x00'})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000180))
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/tty/ldiscs\x00', 0x0, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc25c4110, &(0x7f0000000100)={0x0, [[0x1], [0x0, 0x2], [0x3]], '\x00', [{0x0, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x4}, {0x0, 0x6}, {}, {}, {}, {0xfffffffd}], '\x00', 0x6b4})
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @broadcast}, 0x10)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='g', 0x1}], 0x1}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000040)={<r6=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r6, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=5976):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000700000014000800000000000000000000000000000000000500140000000000000000"], 0x30}}, 0x0)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, 0x0, 0x4)
r2 = socket$inet6(0xa, 0x80001, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x21a, 0x40000032, r4, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000140)={{0x0, 0x0, 0x21, 0x1, 0x7fff}})
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0x10}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}}}, 0x104)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000004c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r6, 0x18000000000002a0, 0x204, 0xfffff000, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x6, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r10=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r8, 0xc02064b6, &(0x7f0000000300)={r10, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000180)={0x0, 0x0, r11, <r12=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r11, r12, 0x3, 0x240, 0xffffffff, 0x801, {0xac7c, 0x1, 0x3, 0xd2d4, 0xf4b, 0x1, 0x2, 0x5, 0x412f, 0xe154, 0x1000, 0x4, 0x4006, 0x7ff7, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
syz_open_dev$dri(&(0x7f0000000080), 0xfffffff9, 0x680280)
r13 = add_key$user(&(0x7f00000002c0), &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="85952b177328da2f8757c9343d6559eb7a", 0x11, 0xfffffffffffffffd)
r14 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r13, r14, r13}, &(0x7f00000000c0)=""/80, 0x50, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

kernel console output (not intermixed with test programs):

lt+0xb0/0x130
[ 1543.784252][T25323]  should_fail_ex+0x414/0x560
[ 1543.784288][T25323]  _copy_from_user+0x2d/0xb0
[ 1543.784314][T25323]  kstrtouint_from_user+0xc4/0x170
[ 1543.784350][T25323]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1543.784406][T25323]  proc_fail_nth_write+0x88/0x240
[ 1543.784436][T25323]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1543.784471][T25323]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1543.784500][T25323]  vfs_write+0x27e/0xa90
[ 1543.784547][T25323]  ? __pfx_vfs_write+0x10/0x10
[ 1543.784584][T25323]  ? __fget_files+0x2a/0x420
[ 1543.784614][T25323]  ? __fget_files+0x3a0/0x420
[ 1543.784637][T25323]  ? __fget_files+0x2a/0x420
[ 1543.784673][T25323]  ksys_write+0x145/0x250
[ 1543.784697][T25323]  ? __pfx_ksys_write+0x10/0x10
[ 1543.784719][T25323]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1543.784774][T25323]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1543.784810][T25323]  __do_fast_syscall_32+0xb6/0x2b0
[ 1543.784833][T25323]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1543.784877][T25323]  do_fast_syscall_32+0x34/0x80
[ 1543.784900][T25323]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1543.784927][T25323] RIP: 0023:0xf706e539
[ 1543.784947][T25323] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1543.784967][T25323] RSP: 002b:00000000f505e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1543.784990][T25323] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f505e620
[ 1543.785005][T25323] RDX: 0000000000000001 RSI: 00000000f73d2ff4 RDI: 0000000000000000
[ 1543.785018][T25323] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1543.785030][T25323] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1543.785043][T25323] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1543.785074][T25323]  </TASK>
[ 1544.396990][T25236] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1544.651213][T25236] veth0_vlan: entered promiscuous mode
[ 1544.721882][T25236] veth1_vlan: entered promiscuous mode
[ 1544.839787][T25236] veth0_macvtap: entered promiscuous mode
[ 1544.876976][T25236] veth1_macvtap: entered promiscuous mode
[ 1545.031338][T25236] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1545.067760][T25236] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1545.129053][T25236] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.153779][T25236] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.191576][T25236] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.219508][T25236] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1545.429688][T25317] netlink: 'syz.5.5654': attribute type 4 has an invalid length.
[ 1545.784058][T18509] Bluetooth: hci2: command tx timeout
[ 1546.032654][ T1008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1546.063738][T23015] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[ 1546.074096][ T1008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1546.261105][T23015] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[ 1546.323582][T23015] usb 6-1: config 0 has no interface number 0
[ 1546.388080][T23015] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1546.407666][T23015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1546.422651][T23015] usb 6-1: Product: syz
[ 1546.428729][T23015] usb 6-1: Manufacturer: syz
[ 1546.434542][T23015] usb 6-1: SerialNumber: syz
[ 1546.447035][T23015] usb 6-1: config 0 descriptor??
[ 1546.531330][ T1008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1546.582429][ T1008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1546.829846][   T30] kauditd_printk_skb: 174 callbacks suppressed
[ 1546.829901][   T30] audit: type=1326 audit(1749800285.033:8438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1546.937467][   T30] audit: type=1326 audit(1749800285.123:8439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000
[ 1546.973811][T23015] usb 6-1: Firmware version (0.0) predates our first public release.
[ 1546.982016][T23015] usb 6-1: Please update to version 0.2 or newer
[ 1547.083815][   T30] audit: type=1326 audit(1749800285.123:8440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1547.167014][   T30] audit: type=1326 audit(1749800285.143:8441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000
[ 1547.208417][   T30] audit: type=1326 audit(1749800285.143:8442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000
[ 1547.253896][   T30] audit: type=1326 audit(1749800285.143:8443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1547.284025][   T30] audit: type=1326 audit(1749800285.143:8444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1547.314137][   T30] audit: type=1326 audit(1749800285.143:8445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1547.338611][   T30] audit: type=1326 audit(1749800285.143:8446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1547.366017][T25360] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1547.379929][   T30] audit: type=1326 audit(1749800285.143:8447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25353 comm="syz.1.5665" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf706e558 code=0x7ffc0000
[ 1547.413530][T23030] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1547.462791][T23015] usb 6-1: USB disconnect, device number 23
[ 1547.583994][T23030] usb 5-1: Using ep0 maxpacket: 16
[ 1547.624360][T23030] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1547.656848][T23030] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1547.683538][T23030] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1547.723238][T23030] usb 5-1: config 0 descriptor??
[ 1548.051641][T25371] pimreg: entered allmulticast mode
[ 1548.256507][T23030] elan 0003:04F3:0755.0049: unknown main item tag 0x0
[ 1548.282519][T23030] elan 0003:04F3:0755.0049: unknown main item tag 0x0
[ 1548.303203][T23030] elan 0003:04F3:0755.0049: unknown main item tag 0x0
[ 1548.317703][T23030] elan 0003:04F3:0755.0049: unknown main item tag 0x0
[ 1548.326192][T23030] elan 0003:04F3:0755.0049: unknown main item tag 0x0
[ 1548.348666][T23030] elan 0003:04F3:0755.0049: hidraw0: USB HID v0.06 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0
[ 1548.755278][T25383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5671'.
[ 1548.904414][T23015] usb 5-1: USB disconnect, device number 124
[ 1549.716193][T25401] netlink: 'syz.4.5676': attribute type 10 has an invalid length.
[ 1549.750838][T25401] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1549.758758][T25401] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1549.848045][T25404] netlink: 'syz.4.5676': attribute type 10 has an invalid length.
[ 1549.946002][T25401] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1549.953221][T25401] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1549.960870][T25401] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1549.968084][T25401] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1550.137373][T25401] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1550.173877][T25404] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1550.724315][T25408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1550.731736][T25408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1551.381173][T25408] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1551.477887][T25408] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1551.793609][T25408] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1551.811945][T25408] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1551.837022][T25408] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1551.856868][T25408] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1552.000083][   T30] kauditd_printk_skb: 170 callbacks suppressed
[ 1552.000119][   T30] audit: type=1326 audit(1749800290.203:8618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.077268][   T30] audit: type=1326 audit(1749800290.243:8619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f01558 code=0x7ffc0000
[ 1552.261458][   T30] audit: type=1326 audit(1749800290.243:8620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.432747][T25427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5683'.
[ 1552.433852][   T30] audit: type=1326 audit(1749800290.353:8621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.563572][   T30] audit: type=1326 audit(1749800290.353:8622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f01558 code=0x7ffc0000
[ 1552.686031][   T30] audit: type=1326 audit(1749800290.353:8623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.750047][   T30] audit: type=1326 audit(1749800290.353:8624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.774633][ T5925] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1552.824833][   T30] audit: type=1326 audit(1749800290.363:8625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f01558 code=0x7ffc0000
[ 1552.915755][   T30] audit: type=1326 audit(1749800290.363:8626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25407 comm="syz.4.5678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1552.953697][ T5925] usb 6-1: Using ep0 maxpacket: 8
[ 1552.979351][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1553.009729][ T5925] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1553.033758][   T30] audit: type=1326 audit(1749800290.633:8627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25425 comm="syz.1.5683" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1553.043846][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1553.121362][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e
[ 1553.143598][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1553.168259][ T5925] usb 6-1: Product: syz
[ 1553.190538][ T5925] usb 6-1: Manufacturer: syz
[ 1553.195660][ T5925] usb 6-1: SerialNumber: syz
[ 1553.219205][ T5925] usb 6-1: config 0 descriptor??
[ 1553.245226][ T5925] usbtest 6-1:0.0: couldn't get endpoints, -22
[ 1553.272166][ T5925] usbtest 6-1:0.0: probe with driver usbtest failed with error -22
[ 1553.438823][ T5925] usb 6-1: USB disconnect, device number 24
[ 1553.470145][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[ 1553.480492][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[ 1553.491152][T25437] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5687'.
[ 1553.502283][T25437] netlink: 'syz.1.5687': attribute type 4 has an invalid length.
[ 1553.795503][T25448] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.5690'.
[ 1554.153808][ T5925] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[ 1554.239665][T25464] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5697'.
[ 1554.325801][ T5925] usb 5-1: Using ep0 maxpacket: 8
[ 1554.337242][ T5925] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[ 1554.347442][ T5925] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1554.358529][ T5925] usb 5-1: config 0 has no interface number 0
[ 1554.375657][ T5925] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1554.388760][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1554.400980][ T5925] usb 5-1: Product: syz
[ 1554.406325][ T5925] usb 5-1: Manufacturer: syz
[ 1554.411291][ T5925] usb 5-1: SerialNumber: syz
[ 1554.420043][ T5925] usb 5-1: config 0 descriptor??
[ 1554.802465][ T5925] usb 5-1: Found UVC 0.04 device syz (046d:08c3)
[ 1554.812163][ T5925] usb 5-1: No valid video chain found.
[ 1554.826458][ T5925] usb 5-1: USB disconnect, device number 125
[ 1554.953549][ T5905] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1555.107957][ T5905] usb 6-1: Using ep0 maxpacket: 8
[ 1555.121971][ T5905] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1555.163143][ T5905] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1555.181917][ T5905] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1555.192389][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.205500][ T5905] usb 6-1: Product: syz
[ 1555.209736][ T5905] usb 6-1: Manufacturer: syz
[ 1555.218070][ T5905] usb 6-1: SerialNumber: syz
[ 1555.227942][ T5905] usb 6-1: config 0 descriptor??
[ 1555.247386][ T5905] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found
[ 1555.398434][T23015] usb 2-1: new full-speed USB device number 120 using dummy_hcd
[ 1555.462838][ T5905] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1555.490114][ T5905] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 1555.492978][T25478] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5702'.
[ 1555.573582][T23015] usb 2-1: device descriptor read/64, error -71
[ 1555.823565][T23015] usb 2-1: new full-speed USB device number 121 using dummy_hcd
[ 1555.964280][T23015] usb 2-1: device descriptor read/64, error -71
[ 1556.083131][T23015] usb usb2-port1: attempt power cycle
[ 1556.216992][T25499] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5711'.
[ 1556.433702][T23015] usb 2-1: new full-speed USB device number 122 using dummy_hcd
[ 1556.474412][T23015] usb 2-1: device descriptor read/8, error -71
[ 1556.723827][T23015] usb 2-1: new full-speed USB device number 123 using dummy_hcd
[ 1556.759498][T23015] usb 2-1: device descriptor read/8, error -71
[ 1556.873889][T23015] usb usb2-port1: unable to enumerate USB device
[ 1557.736557][ T5905] usb 6-1: USB disconnect, device number 25
[ 1557.858295][T25509] FAULT_INJECTION: forcing a failure.
[ 1557.858295][T25509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1557.875314][T25509] CPU: 1 UID: 0 PID: 25509 Comm: syz.5.5714 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1557.875349][T25509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1557.875363][T25509] Call Trace:
[ 1557.875373][T25509]  <TASK>
[ 1557.875384][T25509]  dump_stack_lvl+0x189/0x250
[ 1557.875429][T25509]  ? __pfx____ratelimit+0x10/0x10
[ 1557.875464][T25509]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1557.875497][T25509]  ? __pfx__printk+0x10/0x10
[ 1557.875535][T25509]  should_fail_ex+0x414/0x560
[ 1557.875571][T25509]  _copy_to_user+0x31/0xb0
[ 1557.875599][T25509]  simple_read_from_buffer+0xe1/0x170
[ 1557.875629][T25509]  proc_fail_nth_read+0x1df/0x250
[ 1557.875662][T25509]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1557.875691][T25509]  ? rw_verify_area+0x258/0x650
[ 1557.875725][T25509]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1557.875754][T25509]  vfs_read+0x200/0x980
[ 1557.875794][T25509]  ? __pfx___mutex_lock+0x10/0x10
[ 1557.875817][T25509]  ? __pfx_vfs_read+0x10/0x10
[ 1557.875852][T25509]  ? __fget_files+0x2a/0x420
[ 1557.875888][T25509]  ? __fget_files+0x3a0/0x420
[ 1557.875911][T25509]  ? __fget_files+0x2a/0x420
[ 1557.875946][T25509]  ksys_read+0x145/0x250
[ 1557.875969][T25509]  ? __pfx_ksys_read+0x10/0x10
[ 1557.876005][T25509]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1557.876047][T25509]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1557.876082][T25509]  __do_fast_syscall_32+0xb6/0x2b0
[ 1557.876106][T25509]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1557.876142][T25509]  do_fast_syscall_32+0x34/0x80
[ 1557.876164][T25509]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1557.876190][T25509] RIP: 0023:0xf7f03539
[ 1557.876210][T25509] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1557.876230][T25509] RSP: 002b:00000000f5026590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1557.876254][T25509] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5026620
[ 1557.876267][T25509] RDX: 000000000000000f RSI: 00000000f7392ff4 RDI: 0000000000000000
[ 1557.876280][T25509] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1557.876291][T25509] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1557.876304][T25509] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1557.876336][T25509]  </TASK>
[ 1558.261054][T25513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5716'.
[ 1558.270787][T25513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5716'.
[ 1558.291710][T25513] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5716'.
[ 1558.452919][   T30] kauditd_printk_skb: 338 callbacks suppressed
[ 1558.452944][   T30] audit: type=1326 audit(1749800296.653:8966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.491043][   T30] audit: type=1326 audit(1749800296.653:8967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.514990][   T30] audit: type=1326 audit(1749800296.663:8968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.539798][   T30] audit: type=1326 audit(1749800296.663:8969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.562862][   T30] audit: type=1326 audit(1749800296.663:8970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.585901][   T30] audit: type=1326 audit(1749800296.663:8971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.595140][ T5905] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[ 1558.618815][   T30] audit: type=1326 audit(1749800296.663:8972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.5.5719" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.663779][   T30] audit: type=1326 audit(1749800296.863:8973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25521 comm="syz.5.5720" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f03558 code=0x7ffc0000
[ 1558.706073][   T30] audit: type=1326 audit(1749800296.893:8974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25521 comm="syz.5.5720" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f03558 code=0x7ffc0000
[ 1558.739283][   T30] audit: type=1326 audit(1749800296.893:8975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25521 comm="syz.5.5720" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1558.838454][ T5905] usb 5-1: Using ep0 maxpacket: 32
[ 1558.874420][ T5905] usb 5-1: config 135 has an invalid interface number: 181 but max is 0
[ 1558.903524][ T5905] usb 5-1: config 135 has no interface number 0
[ 1558.909921][ T5905] usb 5-1: config 135 interface 181 altsetting 1 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 1558.941511][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1558.969835][T25524] netlink: 'syz.0.5722': attribute type 1 has an invalid length.
[ 1558.981297][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1559.003085][ T5905] usb 5-1: config 135 interface 181 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[ 1559.015032][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1559.027885][ T5905] usb 5-1: config 135 interface 181 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1559.048275][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1559.083838][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1559.105718][T25530] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1559.124966][T25530] bond6: (slave bond7): making interface the new active one
[ 1559.132750][ T5905] usb 5-1: config 135 interface 181 altsetting 1 endpoint 0xD has invalid maxpacket 1024, setting to 64
[ 1559.146589][T25530] bond6: (slave bond7): Enslaving as an active interface with an up link
[ 1559.156162][ T5905] usb 5-1: config 135 interface 181 altsetting 1 has a duplicate endpoint with address 0xA, skipping
[ 1559.173490][ T5905] usb 5-1: config 135 interface 181 has no altsetting 0
[ 1559.186294][T25524] bond6: (slave gretap1): Enslaving as a backup interface with an up link
[ 1559.214400][ T5905] usb 5-1: New USB device found, idVendor=0499, idProduct=101a, bcdDevice=43.86
[ 1559.223902][ T5925] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1559.234216][T25534] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1559.244824][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1559.252895][ T5905] usb 5-1: Product: 尥ꫲꉟ�篯鲰녿⬽䋌�࿋顩ꙴﲚ�秙≮杻赪䜶湎퇎钛⫋�⚯绉�쫯⫅猔
[ 1559.298896][ T5905] usb 5-1: Manufacturer: ὒ瞻䛜皑높醿⯳澭�戫뀂�伋㩛湮ݪ씧ꭽ罇䕹綤伋쥠�ꤰ�ꑈ乊䉚컷渓꺖�董撑톺�瞇赶递�渂䷆譊翅渤῎Գ矦췧쵛黆皻晠Β識䒈�⎢疺驰缩ᵆ洊ᒚ�凤褽鶠닓觼䅖螔糲�姬䧺깣�愢셳馀깟DZ
[ 1559.328189][ T5905] usb 5-1: SerialNumber: 셤�Ằ躇㬖�἗䴙㽊월꓄�⮿왯��﹭๮㦎㗬䷅ⱡ여岣⛦��ἃ᫲㩶╷鋵
[ 1559.443506][ T5925] usb 6-1: Using ep0 maxpacket: 8
[ 1559.470673][ T5925] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1559.513609][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1559.556971][ T5925] usb 6-1: config 0 descriptor??
[ 1559.649192][ T5905] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1559.765658][ T5905] snd-usb-audio 5-1:135.181: probe with driver snd-usb-audio failed with error -2
[ 1559.845221][ T5925] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1559.886405][ T5905] usb 5-1: USB disconnect, device number 126
[ 1560.009238][T21028] udevd[21028]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:135.181/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1560.545296][T24057] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1560.581311][T24057] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1560.624756][T24057] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1560.633323][T24057] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1560.673101][T24057] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1561.087211][T25526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1561.104777][T25526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1561.140508][ T5925] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1561.169661][ T5925] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1561.194458][ T5925] asix 6-1:0.0: probe with driver asix failed with error -71
[ 1561.226924][ T5925] usb 6-1: USB disconnect, device number 26
[ 1562.196480][T25568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5734'.
[ 1562.433804][T25571] netlink: 208 bytes leftover after parsing attributes in process `syz.4.5734'.
[ 1562.832002][T24057] Bluetooth: hci4: command tx timeout
[ 1564.227066][T25583] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5737'.
[ 1564.244698][T23030] hid-generic 0000:0000:0000.004A: unknown main item tag 0x0
[ 1564.265971][T25583] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5737'.
[ 1564.286063][T23030] hid-generic 0000:0000:0000.004A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1564.464231][T23015] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[ 1564.646338][T23015] usb 6-1: config 0 has no interfaces?
[ 1564.655324][T23015] usb 6-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=87.c0
[ 1564.680008][T23015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1564.700887][T23015] usb 6-1: Product: syz
[ 1564.716745][T23015] usb 6-1: Manufacturer: syz
[ 1564.735373][T23015] usb 6-1: SerialNumber: syz
[ 1564.757224][T23015] usb 6-1: config 0 descriptor??
[ 1564.831160][T25553] chnl_net:caif_netlink_parms(): no params data found
[ 1564.905361][T24057] Bluetooth: hci4: command tx timeout
[ 1565.043579][T25596] fuse: Unknown parameter 'roosmode'
[ 1565.129657][ T5905] usb 6-1: USB disconnect, device number 27
[ 1565.736624][T25605] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5745'.
[ 1565.884214][ T5905] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[ 1566.095646][ T5905] usb 5-1: Using ep0 maxpacket: 8
[ 1566.120547][ T5905] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1566.131910][ T5905] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1566.142515][ T5905] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1566.157561][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1566.166259][ T5905] usb 5-1: Product: syz
[ 1566.170760][ T5905] usb 5-1: Manufacturer: syz
[ 1566.176036][ T5905] usb 5-1: SerialNumber: syz
[ 1566.188644][ T5905] usb 5-1: config 0 descriptor??
[ 1566.207435][ T5905] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found
[ 1566.239959][   T30] kauditd_printk_skb: 140 callbacks suppressed
[ 1566.239983][   T30] audit: type=1326 audit(1749800304.443:9116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.287423][   T30] audit: type=1326 audit(1749800304.443:9117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.359783][   T30] audit: type=1326 audit(1749800304.473:9118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=220 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.389151][   T30] audit: type=1326 audit(1749800304.493:9119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.427465][ T5905] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1566.457583][   T30] audit: type=1326 audit(1749800304.493:9120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.459116][ T5905] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 1566.480254][   T30] audit: type=1326 audit(1749800304.493:9121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.480318][   T30] audit: type=1326 audit(1749800304.493:9122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.480366][   T30] audit: type=1326 audit(1749800304.493:9123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.585470][   T30] audit: type=1326 audit(1749800304.493:9124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.585966][   T49] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1566.622386][   T30] audit: type=1326 audit(1749800304.493:9125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25608 comm="syz.5.5747" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1566.654695][   T49] mac80211_hwsim hwsim21 wlan1: left promiscuous mode
[ 1566.666117][   T49] bond0 (unregistering): Released all slaves
[ 1566.869354][   T49] bond1 (unregistering): Released all slaves
[ 1566.888025][T25553] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1566.895640][T25553] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1566.903135][T25553] bridge_slave_0: entered allmulticast mode
[ 1566.912727][T25553] bridge_slave_0: entered promiscuous mode
[ 1566.922715][T25553] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1566.930131][T25553] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1566.937646][T25553] bridge_slave_1: entered allmulticast mode
[ 1566.947749][T25553] bridge_slave_1: entered promiscuous mode
[ 1566.994095][T24057] Bluetooth: hci4: command tx timeout
[ 1567.118910][   T49] tipc: Left network mode
[ 1567.127212][T25553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1567.157220][T25553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1567.240313][T23030] usb 5-1: USB disconnect, device number 127
[ 1567.554055][T25553] team0: Port device team_slave_0 added
[ 1567.664254][T25553] team0: Port device team_slave_1 added
[ 1568.071577][T25553] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1568.093415][T25553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1568.132983][T25637] FAULT_INJECTION: forcing a failure.
[ 1568.132983][T25637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1568.151317][T25553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1568.162013][T25637] CPU: 1 UID: 0 PID: 25637 Comm: syz.0.5753 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1568.162036][T25637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1568.162046][T25637] Call Trace:
[ 1568.162055][T25637]  <TASK>
[ 1568.162066][T25637]  dump_stack_lvl+0x189/0x250
[ 1568.162100][T25637]  ? __pfx____ratelimit+0x10/0x10
[ 1568.162127][T25637]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1568.162151][T25637]  ? __pfx__printk+0x10/0x10
[ 1568.162171][T25637]  ? __pfx_migrate_enable+0x10/0x10
[ 1568.162193][T25637]  should_fail_ex+0x414/0x560
[ 1568.162220][T25637]  _copy_to_user+0x31/0xb0
[ 1568.162239][T25637]  generic_map_lookup_batch+0x8e8/0xcc0
[ 1568.162269][T25637]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[ 1568.162286][T25637]  ? __fget_files+0x2a/0x420
[ 1568.162308][T25637]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[ 1568.162326][T25637]  bpf_map_do_batch+0x25e/0x5f0
[ 1568.162349][T25637]  ? security_bpf+0x7e/0x300
[ 1568.162371][T25637]  __sys_bpf+0x70c/0x860
[ 1568.162393][T25637]  ? __pfx___sys_bpf+0x10/0x10
[ 1568.162422][T25637]  ? ksys_write+0x22a/0x250
[ 1568.162445][T25637]  __ia32_sys_bpf+0x7c/0x90
[ 1568.162464][T25637]  __do_fast_syscall_32+0xb6/0x2b0
[ 1568.162480][T25637]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1568.162508][T25637]  do_fast_syscall_32+0x34/0x80
[ 1568.162523][T25637]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1568.162543][T25637] RIP: 0023:0xf7fa5539
[ 1568.162572][T25637] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1568.162587][T25637] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[ 1568.162604][T25637] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000800003c0
[ 1568.162616][T25637] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[ 1568.162625][T25637] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1568.162635][T25637] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1568.162644][T25637] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1568.162664][T25637]  </TASK>
[ 1568.648411][T25553] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1568.667472][T25553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1568.707872][T25648] netlink: 'syz.5.5756': attribute type 1 has an invalid length.
[ 1568.760442][T25654] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5756'.
[ 1568.799918][T25553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1568.805832][T25653] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5754'.
[ 1569.063807][T18509] Bluetooth: hci4: command tx timeout
[ 1569.521896][T25654] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1569.590230][T25655] bond1: entered promiscuous mode
[ 1569.688120][   T49] batman_adv: batadv0: Removing interface: dummy0
[ 1569.823525][T23030] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[ 1570.001899][T23030] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[ 1570.020895][T23030] usb 5-1: config 0 has no interface number 0
[ 1570.046599][T23030] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1570.073876][T23030] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1570.081940][T23030] usb 5-1: Product: syz
[ 1570.133593][T23030] usb 5-1: Manufacturer: syz
[ 1570.138309][T23030] usb 5-1: SerialNumber: syz
[ 1570.148998][T23030] usb 5-1: config 0 descriptor??
[ 1570.591779][T23030] usb 5-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68)
[ 1570.904002][T23030] usb 5-1: Read permanent extended address 00:00:00:00:00:00:00:4f from device
[ 1570.908937][T18509] Bluetooth: hci3: command 0x0406 tx timeout
[ 1570.936470][T23030] usb 5-1: atusb_probe: initialization failed, error = -524
[ 1571.045987][T23030] atusb 5-1:0.128: probe with driver atusb failed with error -524
[ 1571.293682][ T5905] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1571.443955][ T5905] usb 6-1: Using ep0 maxpacket: 8
[ 1571.489263][ T5905] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1571.528606][ T5905] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1571.540375][ T5905] usb 6-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1571.550284][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1571.558950][ T5905] usb 6-1: Product: syz
[ 1571.564813][ T5905] usb 6-1: Manufacturer: syz
[ 1571.569909][ T5905] usb 6-1: SerialNumber: syz
[ 1571.587390][ T5905] usb 6-1: config 0 descriptor??
[ 1571.599176][ T5905] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 found
[ 1571.732130][T25689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5767'.
[ 1571.822495][ T5905] snd_usb_toneport 6-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1571.833193][ T5905] snd_usb_toneport 6-1:0.0: probe with driver snd_usb_toneport failed with error -22
[ 1572.239979][ T5905] usb 5-1: USB disconnect, device number 2
[ 1572.311053][T25553] hsr_slave_0: entered promiscuous mode
[ 1572.318247][T25553] hsr_slave_1: entered promiscuous mode
[ 1572.331598][T25553] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1572.349376][T25553] Cannot create hsr debugfs directory
[ 1572.625882][T23030] usb 6-1: USB disconnect, device number 28
[ 1572.751305][T25695] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5769'.
[ 1572.810017][T25697] FAULT_INJECTION: forcing a failure.
[ 1572.810017][T25697] name failslab, interval 1, probability 0, space 0, times 0
[ 1572.815747][T25695] macvtap1: entered promiscuous mode
[ 1572.844348][T25697] CPU: 1 UID: 0 PID: 25697 Comm: syz.5.5769 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1572.844384][T25697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1572.844399][T25697] Call Trace:
[ 1572.844410][T25697]  <TASK>
[ 1572.844421][T25697]  dump_stack_lvl+0x189/0x250
[ 1572.844466][T25697]  ? __pfx____ratelimit+0x10/0x10
[ 1572.844503][T25697]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1572.844550][T25697]  ? __pfx__printk+0x10/0x10
[ 1572.844581][T25697]  ? __pfx___might_resched+0x10/0x10
[ 1572.844616][T25697]  ? fs_reclaim_acquire+0x7d/0x100
[ 1572.844664][T25697]  should_fail_ex+0x414/0x560
[ 1572.844702][T25697]  should_failslab+0xa8/0x100
[ 1572.844729][T25697]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1572.844751][T25697]  ? rtnl_newlink+0xed/0x1c70
[ 1572.844781][T25697]  rtnl_newlink+0xed/0x1c70
[ 1572.844812][T25697]  ? __lock_acquire+0xab9/0xd20
[ 1572.844843][T25697]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1572.844874][T25697]  ? __lock_acquire+0xab9/0xd20
[ 1572.844913][T25697]  ? __lock_acquire+0xab9/0xd20
[ 1572.844960][T25697]  ? is_bpf_text_address+0x26/0x2b0
[ 1572.845000][T25697]  ? is_bpf_text_address+0x292/0x2b0
[ 1572.845033][T25697]  ? is_bpf_text_address+0x26/0x2b0
[ 1572.845068][T25697]  ? kernel_text_address+0xa5/0xe0
[ 1572.845111][T25697]  ? __lock_acquire+0xab9/0xd20
[ 1572.845168][T25697]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1572.845191][T25697]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1572.845220][T25697]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1572.845243][T25697]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1572.845285][T25697]  netlink_rcv_skb+0x208/0x470
[ 1572.845315][T25697]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1572.845341][T25697]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1572.845381][T25697]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1572.845407][T25697]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1572.845439][T25697]  netlink_unicast+0x75b/0x8d0
[ 1572.845476][T25697]  netlink_sendmsg+0x805/0xb30
[ 1572.845513][T25697]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1572.845549][T25697]  ? __import_iovec+0x5d4/0x7f0
[ 1572.845571][T25697]  ? aa_sock_msg_perm+0x94/0x160
[ 1572.845603][T25697]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1572.845633][T25697]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1572.845661][T25697]  __sock_sendmsg+0x219/0x270
[ 1572.845699][T25697]  ____sys_sendmsg+0x505/0x830
[ 1572.845734][T25697]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1572.845790][T25697]  ___sys_sendmsg+0x21f/0x2a0
[ 1572.845819][T25697]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1572.845878][T25697]  ? __fget_files+0x2a/0x420
[ 1572.845900][T25697]  ? __fget_files+0x3a0/0x420
[ 1572.845933][T25697]  __sys_sendmsg+0x164/0x220
[ 1572.845962][T25697]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1572.846002][T25697]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1572.846037][T25697]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1572.846070][T25697]  __do_fast_syscall_32+0xb6/0x2b0
[ 1572.846092][T25697]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1572.846128][T25697]  do_fast_syscall_32+0x34/0x80
[ 1572.846149][T25697]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1572.846177][T25697] RIP: 0023:0xf7f03539
[ 1572.846197][T25697] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1572.846217][T25697] RSP: 002b:00000000f500555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1572.846240][T25697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1572.846255][T25697] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1572.846267][T25697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1572.846279][T25697] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1572.846292][T25697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1572.846322][T25697]  </TASK>
[ 1572.867773][T25695] erspan0: entered promiscuous mode
[ 1573.141800][T25707] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5771'.
[ 1573.149198][T25695] macvtap1: entered allmulticast mode
[ 1573.276656][T25695] erspan0: entered allmulticast mode
[ 1573.511843][T25714] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5773'.
[ 1573.729703][T25721] netlink: 3 bytes leftover after parsing attributes in process `syz.5.5775'.
[ 1573.739864][T25721] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5775'.
[ 1573.906444][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1573.906465][   T30] audit: type=1326 audit(1749800312.113:9144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.5.5776" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1573.955008][    T9] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1574.014033][    T9] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 1574.023964][   T30] audit: type=1326 audit(1749800312.143:9145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.5.5776" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1574.099855][    T9] usb 3-1: USB disconnect, device number 109
[ 1574.127484][   T30] audit: type=1326 audit(1749800312.143:9146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.5.5776" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1574.180916][   T30] audit: type=1326 audit(1749800312.143:9147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.5.5776" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1574.207941][   T30] audit: type=1326 audit(1749800312.143:9148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25724 comm="syz.5.5776" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1574.413745][    T9] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1574.564646][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1574.606313][    T9] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[ 1574.627872][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1574.675976][    T9] usb 3-1: config 0 has no interface number 0
[ 1574.700949][    T9] usb 3-1: config 0 interface 105 has no altsetting 0
[ 1574.723736][T23015] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1574.746988][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1574.769830][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1574.808426][    T9] usb 3-1: Product: syz
[ 1574.819505][T25553] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1574.834954][    T9] usb 3-1: Manufacturer: syz
[ 1574.860476][    T9] usb 3-1: SerialNumber: syz
[ 1574.874939][T25553] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1574.905235][T23015] usb 5-1: Using ep0 maxpacket: 8
[ 1574.920595][    T9] usb 3-1: config 0 descriptor??
[ 1574.939856][    T9] usb 3-1: Found UVC 0.00 device syz (046d:08f3)
[ 1574.953871][    T9] usb 3-1: No valid video chain found.
[ 1574.961126][T23015] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1574.974704][T23015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1575.005507][T25553] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1575.018150][T23015] usb 5-1: config 0 descriptor??
[ 1575.078070][T25553] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1575.160639][T25742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5782'.
[ 1575.187729][T25742] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[ 1575.236484][T25742] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1575.278115][T23015] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1575.537487][T25553] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1575.636301][T25553] 8021q: adding VLAN 0 to HW filter on device team0
[ 1575.676228][T14668] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1575.683592][T14668] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1575.757683][T14668] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1575.764977][T14668] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1576.344274][T25553] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1576.508893][T25738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1576.575472][T25738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1576.604220][T23015] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1576.618319][T25553] veth0_vlan: entered promiscuous mode
[ 1576.660132][T23015] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1576.706704][T25553] veth1_vlan: entered promiscuous mode
[ 1576.738113][T23015] asix 5-1:0.0: probe with driver asix failed with error -71
[ 1576.786224][T23030] usb 3-1: USB disconnect, device number 110
[ 1576.832288][T25553] veth0_macvtap: entered promiscuous mode
[ 1576.864617][T25553] veth1_macvtap: entered promiscuous mode
[ 1576.934897][T23015] usb 5-1: USB disconnect, device number 3
[ 1577.000440][T25553] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1577.062108][T25769] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5785'.
[ 1577.079541][T25553] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1577.106728][   T30] audit: type=1326 audit(1749800315.293:9149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25771 comm="syz.0.5786" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5539 code=0x7ffc0000
[ 1577.112712][T25553] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1577.149597][T25553] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1577.162003][T25553] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1577.176972][T25553] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1577.225029][   T30] audit: type=1326 audit(1749800315.293:9150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25771 comm="syz.0.5786" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5539 code=0x7ffc0000
[ 1577.324028][   T30] audit: type=1326 audit(1749800315.313:9151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25771 comm="syz.0.5786" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7fa5539 code=0x7ffc0000
[ 1577.453001][   T30] audit: type=1326 audit(1749800315.313:9152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25771 comm="syz.0.5786" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5539 code=0x7ffc0000
[ 1577.596189][   T30] audit: type=1326 audit(1749800315.343:9153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25771 comm="syz.0.5786" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5539 code=0x7ffc0000
[ 1577.909412][T13491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1577.968603][T13491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1578.151823][T13491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1578.189753][T13491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1578.459466][T25803] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5794'.
[ 1578.535282][T25803] ip_vti0: entered promiscuous mode
[ 1578.547751][T25806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5794'.
[ 1578.578490][T25803] ip_vti0: entered allmulticast mode
[ 1578.935787][T25824] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5797'.
[ 1578.951507][T25824] bond0: invalid ARP target 0.0.0.0 specified for addition
[ 1578.959922][T25824] bond0: option arp_ip_target: invalid value (0)
[ 1578.964212][ T5925] usb 2-1: new full-speed USB device number 124 using dummy_hcd
[ 1579.177318][ T5925] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1579.224328][ T5925] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1579.277635][ T5925] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1579.313690][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1579.338774][ T5925] usb 2-1: Product: syz
[ 1579.363689][ T5925] usb 2-1: Manufacturer: syz
[ 1579.368642][ T5925] usb 2-1: SerialNumber: syz
[ 1579.634587][ T5925] usb 2-1: 0:2 : does not exist
[ 1579.677336][ T5925] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1579.813848][ T5925] usb 2-1: USB disconnect, device number 124
[ 1579.923608][T21028] udevd[21028]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1580.047426][T25846] bridge0: entered promiscuous mode
[ 1580.058034][T25846] bridge0: entered allmulticast mode
[ 1580.105458][T25846] team0: Port device bridge0 added
[ 1580.323670][ T5925] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1580.370083][T25861] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5809'.
[ 1580.411012][T25861] bond0: invalid ARP target 0.0.0.0 specified for addition
[ 1580.436761][T25861] bond0: option arp_ip_target: invalid value (0)
[ 1580.484402][ T5925] usb 5-1: device descriptor read/64, error -71
[ 1580.623697][T23018] usb 2-1: new full-speed USB device number 125 using dummy_hcd
[ 1580.744623][ T5925] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1580.795568][T23018] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[ 1580.824020][T23018] usb 2-1: config 0 has no interface number 0
[ 1580.862401][T23018] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1580.898929][T23018] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1580.907963][ T5925] usb 5-1: device descriptor read/64, error -71
[ 1580.932196][T23018] usb 2-1: Product: syz
[ 1580.940740][T25874] netlink: 'syz.0.5813': attribute type 15 has an invalid length.
[ 1580.959690][T23018] usb 2-1: Manufacturer: syz
[ 1580.984820][T23018] usb 2-1: SerialNumber: syz
[ 1581.034702][T23018] usb 2-1: config 0 descriptor??
[ 1581.045211][ T5925] usb usb5-port1: attempt power cycle
[ 1581.267032][T25888] netlink: 236 bytes leftover after parsing attributes in process `syz.2.5817'.
[ 1581.403490][ T5925] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1581.470691][T23018] usb 2-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68)
[ 1581.493892][ T5925] usb 5-1: device descriptor read/8, error -71
[ 1581.597391][T25896] fuse: Unknown parameter '0x0000000000000004'
[ 1581.684942][T23018] usb 2-1: Read permanent extended address 00:00:00:00:00:00:00:4f from device
[ 1581.711193][T23018] usb 2-1: atusb_probe: initialization failed, error = -524
[ 1581.722480][T23018] atusb 2-1:0.128: probe with driver atusb failed with error -524
[ 1581.765265][ T5925] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1581.794393][ T5925] usb 5-1: device descriptor read/8, error -71
[ 1581.920962][ T5926] usb 2-1: USB disconnect, device number 125
[ 1581.928454][ T5925] usb usb5-port1: unable to enumerate USB device
[ 1582.283126][T25902] erspan0: left allmulticast mode
[ 1582.304524][T25902] erspan0: left promiscuous mode
[ 1582.330052][   T30] audit: type=1326 audit(1749800320.533:9154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.374203][   T30] audit: type=1326 audit(1749800320.583:9155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=220 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.396877][   T30] audit: type=1326 audit(1749800320.603:9156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.437851][   T30] audit: type=1326 audit(1749800320.603:9157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.524713][   T30] audit: type=1326 audit(1749800320.613:9158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.588049][   T30] audit: type=1326 audit(1749800320.613:9159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.641412][   T30] audit: type=1326 audit(1749800320.613:9160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.719132][   T30] audit: type=1326 audit(1749800320.623:9161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.793213][   T30] audit: type=1326 audit(1749800320.623:9162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1582.839472][   T30] audit: type=1326 audit(1749800320.623:9163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25901 comm="syz.5.5820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1583.342517][T25936] FAULT_INJECTION: forcing a failure.
[ 1583.342517][T25936] name failslab, interval 1, probability 0, space 0, times 0
[ 1583.404450][T25936] CPU: 0 UID: 0 PID: 25936 Comm: syz.1.5832 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1583.404487][T25936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1583.404501][T25936] Call Trace:
[ 1583.404512][T25936]  <TASK>
[ 1583.404523][T25936]  dump_stack_lvl+0x189/0x250
[ 1583.404567][T25936]  ? __pfx____ratelimit+0x10/0x10
[ 1583.404613][T25936]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1583.404644][T25936]  ? __pfx__printk+0x10/0x10
[ 1583.404671][T25936]  ? __pfx___might_resched+0x10/0x10
[ 1583.404708][T25936]  should_fail_ex+0x414/0x560
[ 1583.404742][T25936]  should_failslab+0xa8/0x100
[ 1583.404767][T25936]  __kmalloc_noprof+0xcb/0x4f0
[ 1583.404787][T25936]  ? security_sk_alloc+0x52/0x390
[ 1583.404811][T25936]  security_sk_alloc+0x52/0x390
[ 1583.404833][T25936]  sk_prot_alloc+0x101/0x220
[ 1583.404864][T25936]  sk_alloc+0x3a/0x370
[ 1583.404893][T25936]  inet6_create+0x7fd/0x12a0
[ 1583.404918][T25936]  ? inet6_create+0x71/0x12a0
[ 1583.404963][T25936]  __sock_create+0x4b3/0x9f0
[ 1583.404997][T25936]  mptcp_subflow_create_socket+0xfd/0xb40
[ 1583.405026][T25936]  ? snprintf+0xda/0x120
[ 1583.405058][T25936]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1583.405085][T25936]  ? aa_label_sk_perm+0x413/0x560
[ 1583.405119][T25936]  __mptcp_nmpc_sk+0x148/0x750
[ 1583.405149][T25936]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1583.405179][T25936]  ? look_up_lock_class+0x74/0x170
[ 1583.405219][T25936]  mptcp_connect+0x70/0xc10
[ 1583.405246][T25936]  __inet_stream_connect+0x295/0xf10
[ 1583.405282][T25936]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1583.405330][T25936]  ? __pfx___inet_stream_connect+0x10/0x10
[ 1583.405354][T25936]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1583.405386][T25936]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1583.405430][T25936]  inet_stream_connect+0x66/0xa0
[ 1583.405456][T25936]  __sys_connect+0x313/0x440
[ 1583.405482][T25936]  ? __fget_files+0x3a0/0x420
[ 1583.405508][T25936]  ? __pfx___sys_connect+0x10/0x10
[ 1583.405555][T25936]  __ia32_sys_connect+0x7a/0x90
[ 1583.405648][T25936]  __do_fast_syscall_32+0xb6/0x2b0
[ 1583.405680][T25936]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1583.405721][T25936]  do_fast_syscall_32+0x34/0x80
[ 1583.405744][T25936]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1583.405775][T25936] RIP: 0023:0xf7fc1539
[ 1583.405796][T25936] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1583.405818][T25936] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[ 1583.405845][T25936] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1583.405862][T25936] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[ 1583.405876][T25936] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1583.405891][T25936] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1583.405905][T25936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1583.405938][T25936]  </TASK>
[ 1583.433544][ T5926] usb 6-1: new low-speed USB device number 29 using dummy_hcd
[ 1584.346588][ T5926] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[ 1584.379276][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1584.386937][T25945] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.396707][T25945] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1584.791363][T25958] fuse: Unknown parameter '0x0000000000000004'
[ 1585.027932][T25945] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1585.067695][T25945] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1585.464410][T25945] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1585.478989][T25945] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1585.489306][T25945] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1585.501036][T25945] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1585.714369][    T9] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[ 1585.915205][    T9] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[ 1585.951461][    T9] usb 5-1: config 0 has no interface number 0
[ 1585.967053][    T9] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1585.993708][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1586.022709][    T9] usb 5-1: Product: syz
[ 1586.032851][    T9] usb 5-1: Manufacturer: syz
[ 1586.053219][    T9] usb 5-1: SerialNumber: syz
[ 1586.074884][    T9] usb 5-1: config 0 descriptor??
[ 1586.270997][ T5926] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1586.296695][ T5926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1586.327548][ T5926] usb 6-1: config 0 descriptor??
[ 1586.356162][ T5926] usb 6-1: can't set config #0, error -71
[ 1586.392428][ T5926] usb 6-1: USB disconnect, device number 29
[ 1586.427718][T25980] fuse: Bad value for 'fd'
[ 1586.498929][    T9] usb 5-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68)
[ 1586.711127][    T9] usb 5-1: Read permanent extended address 00:00:00:00:00:00:00:4f from device
[ 1586.743903][    T9] usb 5-1: atusb_probe: initialization failed, error = -524
[ 1586.772307][    T9] atusb 5-1:0.128: probe with driver atusb failed with error -524
[ 1586.949001][T23030] usb 5-1: USB disconnect, device number 8
[ 1587.115475][T23015] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1587.294365][T25992] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.5847'.
[ 1587.304965][T23015] usb 3-1: Using ep0 maxpacket: 16
[ 1587.328939][T23015] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1587.348615][T23015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1587.373268][T23015] usb 3-1: Product: syz
[ 1587.386102][T23015] usb 3-1: Manufacturer: syz
[ 1587.390858][T23015] usb 3-1: SerialNumber: syz
[ 1587.402216][T23015] usb 3-1: config 0 descriptor??
[ 1587.430757][T23015] visor 3-1:0.0: Sony Clie 3.5 converter detected
[ 1587.460460][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 1587.460480][   T30] audit: type=1326 audit(1749800325.663:9179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.506316][   T30] audit: type=1326 audit(1749800325.663:9180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.627829][   T30] audit: type=1326 audit(1749800325.693:9181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=220 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.691471][   T30] audit: type=1326 audit(1749800325.693:9182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.742989][   T30] audit: type=1326 audit(1749800325.693:9183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.772401][   T30] audit: type=1326 audit(1749800325.693:9184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.804758][   T30] audit: type=1326 audit(1749800325.693:9185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.833746][   T30] audit: type=1326 audit(1749800325.693:9186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.862233][T23015] usb 3-1: Sony Clie 3.5 converter now attached to ttyUSB0
[ 1587.887647][   T30] audit: type=1326 audit(1749800325.693:9187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1587.918687][T26004] pim6reg: entered allmulticast mode
[ 1587.930540][T26004] pim6reg: left allmulticast mode
[ 1587.936556][   T30] audit: type=1326 audit(1749800325.693:9188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25994 comm="syz.5.5848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1588.417703][T26018] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5857'.
[ 1588.583649][T24057] Bluetooth: hci4: command tx timeout
[ 1588.683542][ T5926] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1588.863579][ T5926] usb 2-1: Using ep0 maxpacket: 8
[ 1588.871325][ T5926] usb 2-1: config 0 has an invalid interface number: 239 but max is 0
[ 1588.880295][ T5926] usb 2-1: config 0 has an invalid descriptor of length 179, skipping remainder of the config
[ 1588.891160][ T5926] usb 2-1: config 0 has no interface number 0
[ 1588.897634][ T5926] usb 2-1: too many endpoints for config 0 interface 239 altsetting 53: 164, using maximum allowed: 30
[ 1588.909294][ T5926] usb 2-1: config 0 interface 239 altsetting 53 has 0 endpoint descriptors, different from the interface descriptor's value: 164
[ 1588.923211][ T5926] usb 2-1: config 0 interface 239 has no altsetting 0
[ 1588.933601][ T5926] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[ 1588.942778][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1588.951037][ T5926] usb 2-1: Product: syz
[ 1588.955461][ T5926] usb 2-1: Manufacturer: syz
[ 1588.960159][ T5926] usb 2-1: SerialNumber: syz
[ 1588.972324][ T5926] usb 2-1: config 0 descriptor??
[ 1588.993578][ T5925] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[ 1589.166370][ T5925] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[ 1589.175456][ T5925] usb 5-1: config 0 has no interface number 0
[ 1589.190560][ T5925] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1589.202247][ T5926] ath6kl: Failed to submit usb control message: -71
[ 1589.210822][ T5926] ath6kl: unable to send the bmi data to the device: -71
[ 1589.218061][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.226934][ T5926] ath6kl: Unable to send get target info: -71
[ 1589.233183][ T5925] usb 5-1: Product: syz
[ 1589.239105][ T5925] usb 5-1: Manufacturer: syz
[ 1589.244647][ T5926] ath6kl: Failed to init ath6kl core: -71
[ 1589.265856][ T5925] usb 5-1: SerialNumber: syz
[ 1589.271218][ T5926] ath6kl_usb 2-1:0.239: probe with driver ath6kl_usb failed with error -71
[ 1589.283038][ T5925] usb 5-1: config 0 descriptor??
[ 1589.297670][ T5926] usb 2-1: USB disconnect, device number 126
[ 1589.713006][ T5925] usb 5-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68)
[ 1589.938307][T23015] usb 3-1: USB disconnect, device number 111
[ 1589.975111][T23015] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0
[ 1589.994689][ T5925] usb 5-1: Read permanent extended address 00:00:00:00:00:00:00:4f from device
[ 1590.021952][T23015] visor 3-1:0.0: device disconnected
[ 1590.091550][T26042] netlink: 'syz.2.5864': attribute type 1 has an invalid length.
[ 1590.149433][ T5925] usb 5-1: atusb_probe: initialization failed, error = -524
[ 1590.182424][ T5925] atusb 5-1:0.128: probe with driver atusb failed with error -524
[ 1590.276510][ T5925] usb 5-1: USB disconnect, device number 9
[ 1592.179475][T26055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5870'.
[ 1592.213615][ T5926] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1592.241697][T26044] FAULT_INJECTION: forcing a failure.
[ 1592.241697][T26044] name failslab, interval 1, probability 0, space 0, times 0
[ 1592.295981][T26056] loop2: detected capacity change from 0 to 7
[ 1592.311110][T26044] CPU: 0 UID: 0 PID: 26044 Comm: syz.1.5865 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1592.311147][T26044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1592.311161][T26044] Call Trace:
[ 1592.311170][T26044]  <TASK>
[ 1592.311181][T26044]  dump_stack_lvl+0x189/0x250
[ 1592.311224][T26044]  ? __pfx____ratelimit+0x10/0x10
[ 1592.311258][T26044]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1592.311290][T26044]  ? __pfx__printk+0x10/0x10
[ 1592.311329][T26044]  should_fail_ex+0x414/0x560
[ 1592.311365][T26044]  should_failslab+0xa8/0x100
[ 1592.311392][T26044]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1592.311415][T26044]  ? __alloc_skb+0x112/0x2d0
[ 1592.311448][T26044]  __alloc_skb+0x112/0x2d0
[ 1592.311473][T26044]  ? __neigh_notify+0x29/0x310
[ 1592.311501][T26044]  __neigh_notify+0x15c/0x310
[ 1592.311530][T26044]  __neigh_update+0x1e5a/0x25a0
[ 1592.311575][T26044]  neigh_add+0x971/0xce0
[ 1592.311611][T26044]  ? __pfx_neigh_add+0x10/0x10
[ 1592.311662][T26044]  ? __pfx_neigh_add+0x10/0x10
[ 1592.311688][T26044]  rtnetlink_rcv_msg+0x77c/0xb70
[ 1592.311715][T26044]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1592.311738][T26044]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1592.311779][T26044]  netlink_rcv_skb+0x208/0x470
[ 1592.311809][T26044]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1592.311833][T26044]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1592.311883][T26044]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1592.311908][T26044]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1592.311939][T26044]  netlink_unicast+0x75b/0x8d0
[ 1592.311976][T26044]  netlink_sendmsg+0x805/0xb30
[ 1592.312014][T26044]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1592.312043][T26044]  ? __import_iovec+0x5d4/0x7f0
[ 1592.312066][T26044]  ? aa_sock_msg_perm+0x94/0x160
[ 1592.312097][T26044]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1592.312127][T26044]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1592.312155][T26044]  __sock_sendmsg+0x219/0x270
[ 1592.312195][T26044]  ____sys_sendmsg+0x505/0x830
[ 1592.312231][T26044]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1592.312278][T26044]  ___sys_sendmsg+0x21f/0x2a0
[ 1592.312325][T26044]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1592.312395][T26044]  ? __fget_files+0x2a/0x420
[ 1592.312420][T26044]  ? __fget_files+0x3a0/0x420
[ 1592.312454][T26044]  __sys_sendmsg+0x164/0x220
[ 1592.312485][T26044]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1592.312531][T26044]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1592.312570][T26044]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1592.312606][T26044]  __do_fast_syscall_32+0xb6/0x2b0
[ 1592.312630][T26044]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1592.312667][T26044]  do_fast_syscall_32+0x34/0x80
[ 1592.312687][T26044]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1592.312714][T26044] RIP: 0023:0xf7fc1539
[ 1592.312734][T26044] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1592.312754][T26044] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1592.312779][T26044] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000300
[ 1592.312795][T26044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1592.312808][T26044] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1592.312821][T26044] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1592.312834][T26044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1592.312881][T26044]  </TASK>
[ 1592.334262][T26056]  loop2:
[ 1592.654711][T26056] loop2: partition table partially beyond EOD, truncated
[ 1592.673986][ T5926] usb 5-1: Using ep0 maxpacket: 32
[ 1592.692119][ T5926] usb 5-1: config 0 has an invalid interface number: 195 but max is 0
[ 1592.703079][ T5926] usb 5-1: config 0 has no interface number 0
[ 1592.831239][ T5926] usb 5-1: config 0 interface 195 has no altsetting 0
[ 1592.860475][ T5926] usb 5-1: New USB device found, idVendor=1b80, idProduct=e309, bcdDevice=5c.6b
[ 1593.134073][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1593.142255][ T5926] usb 5-1: Product: syz
[ 1593.203594][ T5926] usb 5-1: Manufacturer: syz
[ 1593.208315][ T5926] usb 5-1: SerialNumber: syz
[ 1593.255063][ T5926] usb 5-1: config 0 descriptor??
[ 1593.296851][ T5926] em28xx 5-1:0.195: New device syz syz @ 480 Mbps (1b80:e309, interface 195, class 195)
[ 1593.363907][ T5926] em28xx 5-1:0.195: Video interface 195 found: bulk
[ 1593.524174][ T5926] em28xx 5-1:0.195: unknown em28xx chip ID (0)
[ 1593.589216][ T5926] em28xx 5-1:0.195: reading from i2c device at 0xa0 failed (error=-5)
[ 1593.608034][ T5926] em28xx 5-1:0.195: board has no eeprom
[ 1593.713661][ T5926] em28xx 5-1:0.195: Identified as Easy Cap Capture DC-60 (card=64)
[ 1593.722342][ T5926] em28xx 5-1:0.195: analog set to bulk mode.
[ 1593.750031][ T5925] em28xx 5-1:0.195: Registering V4L2 extension
[ 1593.804450][ T5926] usb 5-1: USB disconnect, device number 10
[ 1593.835353][ T5926] em28xx 5-1:0.195: Disconnecting em28xx
[ 1593.921758][ T5925] em28xx 5-1:0.195: Config register raw data: 0xffffffed
[ 1593.960809][ T5925] em28xx 5-1:0.195: AC97 chip type couldn't be determined
[ 1593.969108][ T5925] em28xx 5-1:0.195: No AC97 audio processor
[ 1593.987793][ T5925] usb 5-1: Decoder not found
[ 1593.992991][ T5925] em28xx 5-1:0.195: failed to create media graph
[ 1594.001382][ T5925] em28xx 5-1:0.195: V4L2 device video103 deregistered
[ 1594.008641][T26072] netlink: 'syz.0.5877': attribute type 1 has an invalid length.
[ 1594.030046][ T5925] em28xx 5-1:0.195: Remote control support is not available for this card.
[ 1594.050278][ T5926] em28xx 5-1:0.195: Closing input extension
[ 1594.061812][ T5926] em28xx 5-1:0.195: Freeing device
[ 1594.174883][T23030] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 1594.354401][T23030] usb 3-1: Using ep0 maxpacket: 8
[ 1594.372700][T23030] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1594.390481][T23030] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1594.399018][T23030] usb 3-1: Product: syz
[ 1594.403245][T23030] usb 3-1: Manufacturer: syz
[ 1594.413441][T23030] usb 3-1: SerialNumber: syz
[ 1594.420548][T26084] binder: 26083:26084 ioctl 6611 0 returned -22
[ 1594.442273][T23030] usb 3-1: config 0 descriptor??
[ 1594.503650][ T5926] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[ 1594.673265][T23030] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1594.730482][ T5926] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1594.750637][ T5926] usb 5-1: config 0 has no interface number 0
[ 1594.772023][ T5926] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1594.788103][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1594.838349][ T5926] usb 5-1: config 0 descriptor??
[ 1594.865623][ T5926] usb 5-1: selecting invalid altsetting 1
[ 1594.887947][ T5926] dvb_ttusb_budget: ttusb_init_controller: error
[ 1594.903594][ T5926] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1595.042703][ T5926] DVB: Unable to find symbol cx22700_attach()
[ 1595.106288][T26070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1595.139252][T26070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1595.146103][ T5926] DVB: Unable to find symbol tda10046_attach()
[ 1595.204882][ T5926] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1595.264314][ T5926] usb 5-1: USB disconnect, device number 11
[ 1595.333781][ T5925] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1595.503499][ T5925] usb 2-1: Using ep0 maxpacket: 8
[ 1595.514002][ T5925] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1595.527481][ T5925] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1595.543560][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.562029][ T5925] usb 2-1: Product: syz
[ 1595.572169][ T5925] usb 2-1: Manufacturer: syz
[ 1595.577029][ T5925] usb 2-1: SerialNumber: syz
[ 1595.596081][ T5925] usb 2-1: config 0 descriptor??
[ 1595.618302][ T5925] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found
[ 1595.745770][T18509] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1595.760778][T18509] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1595.772416][T18509] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1595.784910][T18509] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1595.797296][T18509] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1595.806777][T23030] gspca_sunplus: reg_w_riv err -71
[ 1595.812142][T23030] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[ 1595.815947][ T5925] snd_usb_toneport 2-1:0.0: set_interface failed
[ 1595.851783][T23030] usb 3-1: USB disconnect, device number 112
[ 1595.862830][ T5925] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1595.916465][ T5925] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1595.992200][ T5925] usb 2-1: USB disconnect, device number 127
[ 1596.390548][T26094] chnl_net:caif_netlink_parms(): no params data found
[ 1596.906400][T26094] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1596.946250][T26094] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1596.975987][T26094] bridge_slave_0: entered allmulticast mode
[ 1596.994404][T26094] bridge_slave_0: entered promiscuous mode
[ 1597.025350][T26094] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1597.061881][T26094] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1597.084009][T26094] bridge_slave_1: entered allmulticast mode
[ 1597.116293][T26094] bridge_slave_1: entered promiscuous mode
[ 1597.224082][T26119] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5891'.
[ 1597.293535][ T5925] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 1597.454940][T26094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1597.517339][T26119] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5891'.
[ 1597.545531][T26094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1597.573997][ T5925] usb 3-1: Using ep0 maxpacket: 8
[ 1597.591684][ T5925] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1597.662916][ T5925] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1597.765469][ T5925] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1597.823731][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1597.840541][ T5925] usb 3-1: Product: syz
[ 1597.890615][T26094] team0: Port device team_slave_0 added
[ 1597.911345][ T5925] usb 3-1: Manufacturer: syz
[ 1597.943587][T18509] Bluetooth: hci1: command tx timeout
[ 1597.953781][ T5925] usb 3-1: SerialNumber: syz
[ 1597.959424][T26094] team0: Port device team_slave_1 added
[ 1597.999791][ T5925] usb 3-1: config 0 descriptor??
[ 1598.129373][ T5925] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[ 1598.784921][T26129] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5893'.
[ 1598.803259][T26129] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5893'.
[ 1598.839913][T26129] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5893'.
[ 1598.859624][T26129] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5893'.
[ 1599.110391][ T5925] snd_usb_toneport 3-1:0.0: set_interface failed
[ 1599.228049][ T5925] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1599.423671][ T5925] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1599.514603][ T5925] usb 3-1: USB disconnect, device number 113
[ 1599.639638][T26094] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1599.767240][T26094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1599.830538][T26094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1599.872007][T26094] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1599.879208][ T5926] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1599.897371][T26094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1599.969200][T26094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1600.038553][T18509] Bluetooth: hci1: command tx timeout
[ 1600.055176][T26134] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5895'.
[ 1600.064707][ T5926] usb 5-1: Using ep0 maxpacket: 16
[ 1600.080017][ T5926] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1600.096429][ T5926] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[ 1600.112139][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1600.120679][ T5926] usb 5-1: Product: syz
[ 1600.125184][ T5926] usb 5-1: Manufacturer: syz
[ 1600.129846][ T5926] usb 5-1: SerialNumber: syz
[ 1600.156777][ T5926] usb 5-1: config 0 descriptor??
[ 1600.309798][ T5926] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1600.450281][T26135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5894'.
[ 1600.470979][T26135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5894'.
[ 1600.956240][T26094] hsr_slave_0: entered promiscuous mode
[ 1601.015118][T26094] hsr_slave_1: entered promiscuous mode
[ 1601.021814][T26094] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1601.100218][T26094] Cannot create hsr debugfs directory
[ 1601.385423][T13491] usb 5-1: Failed to submit usb control message: -110
[ 1601.402294][T13491] usb 5-1: unable to send the bmi data to the device: -110
[ 1601.429390][T13491] usb 5-1: unable to get target info from device
[ 1601.515574][T13491] usb 5-1: could not get target info (-110)
[ 1601.533062][T13491] usb 5-1: could not probe fw (-110)
[ 1602.037599][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1602.037623][   T30] audit: type=1326 audit(1749800340.243:9190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26158 comm="syz.2.5900" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1602.075901][T26094] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1602.088686][   T30] audit: type=1326 audit(1749800340.243:9191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26158 comm="syz.2.5900" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1602.123728][T18509] Bluetooth: hci1: command tx timeout
[ 1602.139832][   T30] audit: type=1326 audit(1749800340.293:9192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26158 comm="syz.2.5900" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1602.163825][   T30] audit: type=1326 audit(1749800340.293:9193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26158 comm="syz.2.5900" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1602.186360][   T30] audit: type=1326 audit(1749800340.293:9194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26158 comm="syz.2.5900" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1602.467908][T26094] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1602.873266][T26094] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1602.886870][T23018] usb 5-1: USB disconnect, device number 12
[ 1603.033570][ T5926] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 1603.086462][T26094] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1603.141316][T26178] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1603.173985][T26176] netlink: 'syz.4.5905': attribute type 12 has an invalid length.
[ 1603.199721][T26176] netlink: 'syz.4.5905': attribute type 29 has an invalid length.
[ 1603.217127][T26176] netlink: 148 bytes leftover after parsing attributes in process `syz.4.5905'.
[ 1603.224529][ T5926] usb 3-1: Using ep0 maxpacket: 8
[ 1603.275091][ T5926] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1603.325547][ T5926] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1603.366651][ T5926] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1603.397545][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1603.405737][ T5926] usb 3-1: Product: syz
[ 1603.410258][ T5926] usb 3-1: Manufacturer: syz
[ 1603.416934][ T5926] usb 3-1: SerialNumber: syz
[ 1603.426571][ T5926] usb 3-1: config 0 descriptor??
[ 1603.456047][ T5926] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[ 1603.533941][T26170] batadv_slave_1: entered promiscuous mode
[ 1603.541654][T26171] ptrace attach of "./syz-executor exec"[24060] was attempted by "./syz-executor exec"[26171]
[ 1603.665729][T26094] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1603.705041][T26094] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1603.730188][T26094] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1603.780179][T26094] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1603.843737][T23030] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1604.029432][T23030] usb 2-1: Using ep0 maxpacket: 8
[ 1604.053346][T23030] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1604.064682][T23030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1604.077960][T23030] usb 2-1: Product: syz
[ 1604.093578][T23030] usb 2-1: Manufacturer: syz
[ 1604.098682][T23030] usb 2-1: SerialNumber: syz
[ 1604.115753][T23030] usb 2-1: config 0 descriptor??
[ 1604.161675][T26094] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1604.193750][T18509] Bluetooth: hci1: command tx timeout
[ 1604.227382][T26094] 8021q: adding VLAN 0 to HW filter on device team0
[ 1604.242650][T13491] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1604.249934][T13491] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1604.275868][ T5926] snd_usb_toneport 3-1:0.0: set_interface failed
[ 1604.282545][ T5926] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1604.310842][ T5926] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1604.349175][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1604.356456][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1604.380145][ T5926] usb 3-1: USB disconnect, device number 114
[ 1604.394130][T23030] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1604.474058][   T30] audit: type=1326 audit(1749800342.653:9195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26200 comm="syz.2.5911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1604.563739][   T30] audit: type=1326 audit(1749800342.653:9196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26200 comm="syz.2.5911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1604.653729][   T30] audit: type=1326 audit(1749800342.663:9197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26200 comm="syz.2.5911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1604.743025][   T30] audit: type=1326 audit(1749800342.663:9198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26200 comm="syz.2.5911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1604.750915][T26183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1604.799341][T26094] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1604.809607][   T30] audit: type=1326 audit(1749800342.663:9199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26200 comm="syz.2.5911" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000
[ 1604.848205][T26207] loop6: detected capacity change from 0 to 7
[ 1604.876486][T26207] Dev loop6: unable to read RDB block 7
[ 1604.892678][T26207]  loop6: unable to read partition table
[ 1604.905074][T26207] loop6: partition table beyond EOD, truncated
[ 1604.911902][T26183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1604.949241][T26207] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1605.044674][T23030] gspca_sunplus: reg_w_riv err -110
[ 1605.050031][T23030] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[ 1605.399601][T26212] fuse: Bad value for 'fd'
[ 1605.426552][T26094] veth0_vlan: entered promiscuous mode
[ 1605.507234][T26094] veth1_vlan: entered promiscuous mode
[ 1605.601996][T26094] veth0_macvtap: entered promiscuous mode
[ 1605.685811][ T5926] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1605.706736][T26094] veth1_macvtap: entered promiscuous mode
[ 1605.791497][T26094] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1605.849593][T26094] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1605.907173][T26094] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.925929][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1605.953545][T26094] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.962388][T26094] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.963431][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1606.002552][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1606.013782][T26094] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1606.035200][ T5926] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1606.053474][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1606.111661][ T5926] usb 3-1: config 0 descriptor??
[ 1606.329288][T14668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1606.363123][T14668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1606.408287][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1606.425902][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1606.488928][T26222] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma?
[ 1606.550067][T26225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5917'.
[ 1606.572791][T26225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5917'.
[ 1606.637961][ T5925] usb 2-1: USB disconnect, device number 2
[ 1606.762111][ T5926] usbhid 3-1:0.0: can't add hid device: -71
[ 1606.768533][T23018] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[ 1606.785265][ T5926] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1606.818025][ T5926] usb 3-1: USB disconnect, device number 115
[ 1606.947819][T23018] usb 6-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1606.959346][T23018] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1606.969745][T23018] usb 6-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[ 1606.980754][T23018] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1606.989449][T23018] usb 6-1: Product: syz
[ 1606.994384][T23018] usb 6-1: Manufacturer: syz
[ 1606.999097][T23018] usb 6-1: SerialNumber: syz
[ 1607.173680][ T5925] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1607.245523][T23018] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input183
[ 1607.284289][T23018] usb 6-1: USB disconnect, device number 30
[ 1607.296678][ T5190] pxrc 6-1:1.0: pxrc_open - usb_submit_urb failed, error: -19
[ 1607.364465][ T5925] usb 2-1: Using ep0 maxpacket: 8
[ 1607.378861][ T5925] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1607.414005][ T5925] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1607.437686][ T5925] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1607.455526][   T30] audit: type=1326 audit(1749800345.653:9200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26235 comm="syz.4.5923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1607.466756][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1607.501256][   T30] audit: type=1326 audit(1749800345.653:9201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26235 comm="syz.4.5923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1607.530291][   T30] audit: type=1326 audit(1749800345.693:9202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26235 comm="syz.4.5923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1607.550062][ T5925] usb 2-1: Product: syz
[ 1607.563540][ T5925] usb 2-1: Manufacturer: syz
[ 1607.572316][ T5925] usb 2-1: SerialNumber: syz
[ 1607.608286][ T5925] usb 2-1: config 0 descriptor??
[ 1607.619722][ T5925] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found
[ 1607.625371][   T30] audit: type=1326 audit(1749800345.693:9203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26235 comm="syz.4.5923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1607.661097][   T30] audit: type=1326 audit(1749800345.693:9204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26235 comm="syz.4.5923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01539 code=0x7ffc0000
[ 1608.044548][T26246] ALSA: mixer_oss: invalid OSS volume '1280'
[ 1608.065256][T26246] ALSA: mixer_oss: invalid OSS volume 'Pss:'
[ 1608.083153][T26246] ALSA: mixer_oss: invalid OSS volume 'Pss_Dirty:'
[ 1608.091988][T26246] ALSA: mixer_oss: invalid OSS volume 'Shared_Clean:'
[ 1608.104183][T26246] ALSA: mixer_oss: invalid OSS volume 'Shared_Dirty:'
[ 1608.111431][T26246] ALSA: mixer_oss: invalid OSS volume 'Private_Clean:'
[ 1608.128043][T26246] ALSA: mixer_oss: invalid OSS volume 'Private_Dirty:'
[ 1608.250634][T26258] FAULT_INJECTION: forcing a failure.
[ 1608.250634][T26258] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.282957][T26258] CPU: 1 UID: 0 PID: 26258 Comm: syz.5.5931 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1608.282993][T26258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1608.283006][T26258] Call Trace:
[ 1608.283017][T26258]  <TASK>
[ 1608.283031][T26258]  dump_stack_lvl+0x189/0x250
[ 1608.283076][T26258]  ? __pfx____ratelimit+0x10/0x10
[ 1608.283111][T26258]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1608.283145][T26258]  ? __pfx__printk+0x10/0x10
[ 1608.283171][T26258]  ? __might_fault+0xb0/0x130
[ 1608.283203][T26258]  should_fail_ex+0x414/0x560
[ 1608.283240][T26258]  _copy_to_iter+0x575/0x16f0
[ 1608.283287][T26258]  ? __pfx__copy_to_iter+0x10/0x10
[ 1608.283318][T26258]  ? __skb_try_recv_from_queue+0x2b2/0x730
[ 1608.283356][T26258]  ? __skb_try_recv_datagram+0x3da/0x4e0
[ 1608.283402][T26258]  __skb_datagram_iter+0xf8/0x990
[ 1608.283433][T26258]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1608.283473][T26258]  skb_copy_datagram_iter+0xc5/0x230
[ 1608.283508][T26258]  netlink_recvmsg+0x2ab/0xa30
[ 1608.283545][T26258]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1608.283570][T26258]  ? trace_kmalloc+0x1f/0xd0
[ 1608.283588][T26258]  ? __kmalloc_noprof+0x29b/0x4f0
[ 1608.283611][T26258]  ? aa_sock_msg_perm+0x94/0x160
[ 1608.283642][T26258]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1608.283669][T26258]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1608.283703][T26258]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1608.283730][T26258]  sock_recvmsg+0x229/0x270
[ 1608.283757][T26258]  ____sys_recvmsg+0x1c9/0x460
[ 1608.283798][T26258]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1608.283824][T26258]  ? get_compat_msghdr+0x37e/0x4a0
[ 1608.283867][T26258]  ? ktime_get_ts64+0xa2/0x3d0
[ 1608.283901][T26258]  ___sys_recvmsg+0x1b5/0x510
[ 1608.283938][T26258]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1608.283995][T26258]  ? __fget_files+0x3a0/0x420
[ 1608.284032][T26258]  do_recvmmsg+0x36a/0x770
[ 1608.284072][T26258]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1608.284115][T26258]  ? _copy_from_user+0x94/0xb0
[ 1608.284156][T26258]  __sys_recvmmsg+0x127/0x280
[ 1608.284189][T26258]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1608.284216][T26258]  ? ksys_write+0x22a/0x250
[ 1608.284246][T26258]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1608.284283][T26258]  __do_fast_syscall_32+0xb6/0x2b0
[ 1608.284306][T26258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1608.284344][T26258]  do_fast_syscall_32+0x34/0x80
[ 1608.284373][T26258]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1608.284400][T26258] RIP: 0023:0xf7f03539
[ 1608.284422][T26258] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1608.284442][T26258] RSP: 002b:00000000f502655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1608.284465][T26258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[ 1608.284480][T26258] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000080003700
[ 1608.284494][T26258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1608.284507][T26258] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1608.284519][T26258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1608.284550][T26258]  </TASK>
[ 1608.637909][ T5925] snd_usb_toneport 2-1:0.0: set_interface failed
[ 1608.644654][ T5925] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1608.652654][ T5925] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1608.667486][ T5925] usb 2-1: USB disconnect, device number 3
[ 1608.828245][   T30] audit: type=1326 audit(1749800347.033:9205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26268 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1608.905014][   T30] audit: type=1326 audit(1749800347.033:9206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26268 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1608.932911][   T30] audit: type=1326 audit(1749800347.063:9207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26268 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=40000003 syscall=461 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1608.956075][   T30] audit: type=1326 audit(1749800347.063:9208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26268 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1608.979787][   T30] audit: type=1326 audit(1749800347.063:9209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26268 comm="syz.5.5934" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03539 code=0x7ffc0000
[ 1609.293768][ T5925] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1609.461566][ T5925] usb 6-1: Using ep0 maxpacket: 8
[ 1609.471697][ T5925] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1609.480149][T26285] netlink: 'syz.2.5940': attribute type 10 has an invalid length.
[ 1609.486172][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1609.489948][T26285] wlan1: mtu greater than device maximum
[ 1609.506361][T26285] bond0: (slave wlan1): Error -22 calling dev_set_mtu
[ 1609.507125][ T5925] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1609.534167][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1609.547486][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1609.561469][ T5925] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1609.571516][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1609.583673][ T5925] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1609.596055][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1609.607903][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1609.644673][ T5925] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1609.660056][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1609.690241][ T5925] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1609.705094][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1609.718052][ T5925] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1609.734861][ T5925] usb 6-1: string descriptor 0 read error: -22
[ 1609.745458][ T5925] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1609.773499][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1609.813796][ T5925] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1609.955804][T23017] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1609.980773][T26289] FAULT_INJECTION: forcing a failure.
[ 1609.980773][T26289] name failslab, interval 1, probability 0, space 0, times 0
[ 1609.994156][T26289] CPU: 1 UID: 0 PID: 26289 Comm: syz.0.5942 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1609.994187][T26289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1609.994210][T26289] Call Trace:
[ 1609.994218][T26289]  <TASK>
[ 1609.994228][T26289]  dump_stack_lvl+0x189/0x250
[ 1609.994273][T26289]  ? __pfx____ratelimit+0x10/0x10
[ 1609.994310][T26289]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1609.994343][T26289]  ? __pfx__printk+0x10/0x10
[ 1609.994372][T26289]  ? __pfx___might_resched+0x10/0x10
[ 1609.994406][T26289]  ? fs_reclaim_acquire+0x7d/0x100
[ 1609.994438][T26289]  should_fail_ex+0x414/0x560
[ 1609.994473][T26289]  should_failslab+0xa8/0x100
[ 1609.994498][T26289]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1609.994521][T26289]  ? __alloc_skb+0x112/0x2d0
[ 1609.994554][T26289]  __alloc_skb+0x112/0x2d0
[ 1609.994584][T26289]  netlink_ack+0x146/0xa50
[ 1609.994609][T26289]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1609.994638][T26289]  ? ref_tracker_free+0x63a/0x7d0
[ 1609.994669][T26289]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1609.994703][T26289]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1609.994734][T26289]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1609.994776][T26289]  netlink_rcv_skb+0x28c/0x470
[ 1609.994803][T26289]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1609.994837][T26289]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1609.994883][T26289]  ? down_read+0x1ad/0x2e0
[ 1609.994909][T26289]  genl_rcv+0x28/0x40
[ 1609.994939][T26289]  netlink_unicast+0x75b/0x8d0
[ 1609.994976][T26289]  netlink_sendmsg+0x805/0xb30
[ 1609.995014][T26289]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1609.995043][T26289]  ? __import_iovec+0x5d4/0x7f0
[ 1609.995064][T26289]  ? aa_sock_msg_perm+0x94/0x160
[ 1609.995096][T26289]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1609.995125][T26289]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1609.995153][T26289]  __sock_sendmsg+0x219/0x270
[ 1609.995221][T26289]  ____sys_sendmsg+0x505/0x830
[ 1609.995258][T26289]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1609.995306][T26289]  ___sys_sendmsg+0x21f/0x2a0
[ 1609.995337][T26289]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1609.995407][T26289]  ? __fget_files+0x2a/0x420
[ 1609.995432][T26289]  ? __fget_files+0x3a0/0x420
[ 1609.995468][T26289]  __sys_sendmsg+0x164/0x220
[ 1609.995499][T26289]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1609.995544][T26289]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1609.995580][T26289]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1609.995615][T26289]  __do_fast_syscall_32+0xb6/0x2b0
[ 1609.995639][T26289]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1609.995676][T26289]  do_fast_syscall_32+0x34/0x80
[ 1609.995698][T26289]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1609.995725][T26289] RIP: 0023:0xf7fd1539
[ 1609.995745][T26289] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1609.995766][T26289] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1609.995790][T26289] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180
[ 1609.995806][T26289] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1609.995820][T26289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1609.995832][T26289] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1609.995846][T26289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1609.995879][T26289]  </TASK>
[ 1610.344158][T23017] usb 3-1: Using ep0 maxpacket: 32
[ 1610.351552][T23017] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1610.381648][T23017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1610.406956][T23017] usb 3-1: config 0 descriptor??
[ 1610.431417][ T5925] usb 6-1: USB disconnect, device number 31
[ 1610.702869][T23017] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1610.733477][T23018] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1610.743486][T23017] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1610.768482][T23017] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1610.811663][T23017] usb 3-1: media controller created
[ 1610.866902][T23017] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1610.883826][T23018] usb 2-1: Using ep0 maxpacket: 8
[ 1610.907249][T26301] FAULT_INJECTION: forcing a failure.
[ 1610.907249][T26301] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1610.907881][T23018] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1610.951873][T23018] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1610.959047][T26301] CPU: 0 UID: 0 PID: 26301 Comm: syz.0.5946 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1610.959080][T26301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1610.959095][T26301] Call Trace:
[ 1610.959114][T26301]  <TASK>
[ 1610.959125][T26301]  dump_stack_lvl+0x189/0x250
[ 1610.959171][T26301]  ? __pfx____ratelimit+0x10/0x10
[ 1610.959208][T26301]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1610.959244][T26301]  ? __pfx__printk+0x10/0x10
[ 1610.959269][T26301]  ? __might_fault+0xb0/0x130
[ 1610.959305][T26301]  should_fail_ex+0x414/0x560
[ 1610.959343][T26301]  _copy_from_user+0x2d/0xb0
[ 1610.959369][T26301]  kstrtouint_from_user+0xc4/0x170
[ 1610.959406][T26301]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1610.959458][T26301]  proc_fail_nth_write+0x88/0x240
[ 1610.959488][T26301]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1610.959521][T26301]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1610.959551][T26301]  vfs_write+0x27e/0xa90
[ 1610.959598][T26301]  ? __pfx_vfs_write+0x10/0x10
[ 1610.959635][T26301]  ? __fget_files+0x2a/0x420
[ 1610.959667][T26301]  ? __fget_files+0x3a0/0x420
[ 1610.959690][T26301]  ? __fget_files+0x2a/0x420
[ 1610.959725][T26301]  ksys_write+0x145/0x250
[ 1610.959749][T26301]  ? __pfx_ksys_write+0x10/0x10
[ 1610.959772][T26301]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1610.959810][T26301]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1610.959847][T26301]  __do_fast_syscall_32+0xb6/0x2b0
[ 1610.959871][T26301]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1610.959909][T26301]  do_fast_syscall_32+0x34/0x80
[ 1610.959932][T26301]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1610.959961][T26301] RIP: 0023:0xf7fd1539
[ 1610.959981][T26301] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1610.960002][T26301] RSP: 002b:00000000f50f6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1610.960026][T26301] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620
[ 1610.960042][T26301] RDX: 0000000000000001 RSI: 00000000f7462ff4 RDI: 0000000000000000
[ 1610.960056][T26301] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1610.960069][T26301] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1610.960083][T26301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1610.960122][T26301]  </TASK>
[ 1610.975199][T23018] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[ 1611.154915][T23018] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1611.217328][T23018] usb 2-1: Product: syz
[ 1611.221554][T23018] usb 2-1: Manufacturer: syz
[ 1611.226497][T23018] usb 2-1: SerialNumber: syz
[ 1611.235464][T23018] usb 2-1: config 0 descriptor??
[ 1611.263219][T23018] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found
[ 1611.501614][T26308] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5949'.
[ 1611.615929][T26308] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5949'.
[ 1611.943714][ T5926] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[ 1611.979928][T23018] snd_usb_toneport 2-1:0.0: set_interface failed
[ 1611.999036][T23018] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1612.018805][T23018] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1612.020474][T26323] FAULT_INJECTION: forcing a failure.
[ 1612.020474][T26323] name failslab, interval 1, probability 0, space 0, times 0
[ 1612.044994][T26323] CPU: 0 UID: 0 PID: 26323 Comm: syz.0.5955 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1612.045027][T26323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1612.045042][T26323] Call Trace:
[ 1612.045052][T26323]  <TASK>
[ 1612.045061][T26323]  dump_stack_lvl+0x189/0x250
[ 1612.045107][T26323]  ? __pfx____ratelimit+0x10/0x10
[ 1612.045143][T26323]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1612.045176][T26323]  ? __pfx__printk+0x10/0x10
[ 1612.045202][T26323]  ? __pfx___might_resched+0x10/0x10
[ 1612.045237][T26323]  ? fs_reclaim_acquire+0x7d/0x100
[ 1612.045270][T26323]  should_fail_ex+0x414/0x560
[ 1612.045306][T26323]  should_failslab+0xa8/0x100
[ 1612.045330][T26323]  __kmalloc_noprof+0xcb/0x4f0
[ 1612.045351][T26323]  ? tomoyo_encode+0x28b/0x550
[ 1612.045387][T26323]  tomoyo_encode+0x28b/0x550
[ 1612.045424][T26323]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1612.045466][T26323]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1612.045492][T26323]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1612.045522][T26323]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1612.045594][T26323]  ? d_alloc_parallel+0x2e0/0x14e0
[ 1612.045625][T26323]  ? __pfx_current_check_access_path+0x10/0x10
[ 1612.045734][T26323]  tomoyo_path_mknod+0x142/0x190
[ 1612.045780][T26323]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[ 1612.045825][T26323]  security_path_mknod+0x17e/0x3a0
[ 1612.045864][T26323]  path_openat+0xd56/0x3830
[ 1612.045894][T26323]  ? arch_stack_walk+0xfc/0x150
[ 1612.045985][T26323]  ? __pfx_path_openat+0x10/0x10
[ 1612.046014][T26323]  ? do_fast_syscall_32+0x34/0x80
[ 1612.046058][T26323]  do_filp_open+0x1fa/0x410
[ 1612.046086][T26323]  ? __lock_acquire+0xab9/0xd20
[ 1612.046120][T26323]  ? __pfx_do_filp_open+0x10/0x10
[ 1612.046175][T26323]  ? _raw_spin_unlock+0x28/0x50
[ 1612.046205][T26323]  ? alloc_fd+0x64c/0x6c0
[ 1612.046240][T26323]  do_sys_openat2+0x121/0x1c0
[ 1612.046272][T26323]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1612.046302][T26323]  ? ksys_write+0x22a/0x250
[ 1612.046330][T26323]  __ia32_compat_sys_openat+0x131/0x160
[ 1612.046367][T26323]  __do_fast_syscall_32+0xb6/0x2b0
[ 1612.046388][T26323]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1612.046420][T26323]  do_fast_syscall_32+0x34/0x80
[ 1612.046440][T26323]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1612.046465][T26323] RIP: 0023:0xf7fd1539
[ 1612.046502][T26323] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1612.046520][T26323] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000127
[ 1612.046542][T26323] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[ 1612.046556][T26323] RDX: 00000000000026e1 RSI: 0000000000000000 RDI: 0000000000000000
[ 1612.046568][T26323] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1612.046581][T26323] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1612.046594][T26323] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1612.046626][T26323]  </TASK>
[ 1612.046657][T26323] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1612.093226][T23018] usb 2-1: USB disconnect, device number 4
[ 1612.102947][T26324] netlink: 'syz.0.5955': attribute type 10 has an invalid length.
[ 1612.146854][ T5926] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[ 1612.151725][T23017] stb0899_attach: Driver disabled by Kconfig
[ 1612.203974][ T5926] usb 5-1: config 0 has no interface number 0
[ 1612.207599][T23017] az6027: no front-end attached
[ 1612.207599][T23017] 
[ 1612.247667][ T5926] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1612.254596][T23017] az6027: usb out operation failed. (-71)
[ 1612.267470][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.281916][T23017] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1612.322061][ T5926] usb 5-1: Product: syz
[ 1612.338542][T23017] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input184
[ 1612.360415][ T5926] usb 5-1: Manufacturer: syz
[ 1612.451149][ T5926] usb 5-1: SerialNumber: syz
[ 1612.468915][T26324] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1612.471129][T23017] dvb-usb: schedule remote query interval to 400 msecs.
[ 1612.480457][ T5926] usb 5-1: config 0 descriptor??
[ 1612.503092][T23017] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1612.559110][T23017] usb 3-1: USB disconnect, device number 116
[ 1612.713713][T23018] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1612.724838][T23017] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1612.893610][T23018] usb 2-1: Using ep0 maxpacket: 32
[ 1612.901857][T23018] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 1612.915232][ T5926] usb 5-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68)
[ 1612.933434][T23018] usb 2-1: config 0 has no interface number 0
[ 1612.949881][T23018] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1612.968579][T23018] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1612.974102][T26334] input: syz1 as /devices/virtual/input/input185
[ 1612.980114][T23018] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.992697][T23018] usb 2-1: Product: syz
[ 1612.997531][T23018] usb 2-1: Manufacturer: syz
[ 1613.002229][T23018] usb 2-1: SerialNumber: syz
[ 1613.040836][T23018] usb 2-1: config 0 descriptor??
[ 1613.069851][T23018] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1613.082550][T18509] Bluetooth: hci3: ACL packet for unknown connection handle 1
[ 1613.123431][T23018] em28xx 2-1:0.132: Video interface 132 found:
[ 1613.136117][ T5926] usb 5-1: Read permanent extended address 00:00:00:00:00:00:00:4f from device
[ 1613.147208][T26335] delete_channel: no stack
[ 1613.156571][ T5926] usb 5-1: atusb_probe: initialization failed, error = -524
[ 1613.171354][ T5926] atusb 5-1:0.128: probe with driver atusb failed with error -524
[ 1613.380085][T23017] usb 5-1: USB disconnect, device number 13
[ 1613.511591][T26347] FAULT_INJECTION: forcing a failure.
[ 1613.511591][T26347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1613.528654][T26347] CPU: 0 UID: 0 PID: 26347 Comm: syz.5.5963 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1613.528691][T26347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1613.528707][T26347] Call Trace:
[ 1613.528717][T26347]  <TASK>
[ 1613.528728][T26347]  dump_stack_lvl+0x189/0x250
[ 1613.528776][T26347]  ? __pfx____ratelimit+0x10/0x10
[ 1613.528813][T26347]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1613.528848][T26347]  ? __pfx__printk+0x10/0x10
[ 1613.528873][T26347]  ? __might_fault+0xb0/0x130
[ 1613.528909][T26347]  should_fail_ex+0x414/0x560
[ 1613.528946][T26347]  _copy_from_user+0x2d/0xb0
[ 1613.528972][T26347]  get_compat_msghdr+0xad/0x4a0
[ 1613.529011][T26347]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1613.529056][T26347]  ___sys_sendmsg+0x193/0x2a0
[ 1613.529090][T26347]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1613.529156][T26347]  ? __fget_files+0x2a/0x420
[ 1613.529182][T26347]  ? __fget_files+0x3a0/0x420
[ 1613.529215][T26347]  __sys_sendmsg+0x164/0x220
[ 1613.529244][T26347]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1613.529286][T26347]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1613.529323][T26347]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1613.529356][T26347]  __do_fast_syscall_32+0xb6/0x2b0
[ 1613.529377][T26347]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1613.529411][T26347]  do_fast_syscall_32+0x34/0x80
[ 1613.529430][T26347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1613.529453][T26347] RIP: 0023:0xf7f03539
[ 1613.529472][T26347] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1613.529490][T26347] RSP: 002b:00000000f502655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1613.529514][T26347] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800004c0
[ 1613.529527][T26347] RDX: 0000000020004804 RSI: 0000000000000000 RDI: 0000000000000000
[ 1613.529539][T26347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1613.529550][T26347] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1613.529563][T26347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1613.529591][T26347]  </TASK>
[ 1613.559242][T26348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1613.562019][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1613.757926][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1613.812811][T26348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1613.864047][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1614.346906][T23018] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 1614.475973][T23018] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1614.493548][T23018] em28xx 2-1:0.132: board has no eeprom
[ 1614.564023][T23018] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1614.601732][T23018] em28xx 2-1:0.132: analog set to bulk mode.
[ 1614.649377][T23019] em28xx 2-1:0.132: Registering V4L2 extension
[ 1614.907697][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[ 1614.919175][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[ 1614.935863][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1615.044740][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 1615.095514][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[ 1615.137879][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[ 1615.798713][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[ 1615.840181][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[ 1615.853833][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[ 1615.881544][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[ 1616.023875][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[ 1616.038924][T26382] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5970'.
[ 1616.048651][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[ 1616.094939][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[ 1616.129703][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[ 1616.167903][T23019] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[ 1616.222042][T23019] em28xx 2-1:0.132: Config register raw data: 0xfffffffb
[ 1616.269528][T23017] usb 2-1: USB disconnect, device number 5
[ 1616.277362][T23017] em28xx 2-1:0.132: Disconnecting em28xx
[ 1616.332323][T26382] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5970'.
[ 1616.636572][T23019] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 1616.777779][T23019] em28xx 2-1:0.132: No AC97 audio processor
[ 1616.870236][T26393] delete_channel: no stack
[ 1616.895141][T26393] FAULT_INJECTION: forcing a failure.
[ 1616.895141][T26393] name failslab, interval 1, probability 0, space 0, times 0
[ 1616.953546][T26393] CPU: 0 UID: 0 PID: 26393 Comm: syz.1.5973 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1616.953573][T26393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1616.953584][T26393] Call Trace:
[ 1616.953591][T26393]  <TASK>
[ 1616.953599][T26393]  dump_stack_lvl+0x189/0x250
[ 1616.953633][T26393]  ? __pfx____ratelimit+0x10/0x10
[ 1616.953661][T26393]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1616.953685][T26393]  ? __pfx__printk+0x10/0x10
[ 1616.953708][T26393]  ? __pfx___might_resched+0x10/0x10
[ 1616.953738][T26393]  should_fail_ex+0x414/0x560
[ 1616.953765][T26393]  should_failslab+0xa8/0x100
[ 1616.953785][T26393]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1616.953801][T26393]  ? __alloc_skb+0x112/0x2d0
[ 1616.953825][T26393]  __alloc_skb+0x112/0x2d0
[ 1616.953846][T26393]  netlink_sendmsg+0x5c6/0xb30
[ 1616.953873][T26393]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1616.953894][T26393]  ? __import_iovec+0x5d4/0x7f0
[ 1616.953908][T26393]  ? aa_sock_msg_perm+0x94/0x160
[ 1616.953931][T26393]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1616.953951][T26393]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1616.953975][T26393]  __sock_sendmsg+0x219/0x270
[ 1616.954003][T26393]  ____sys_sendmsg+0x505/0x830
[ 1616.954028][T26393]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1616.954060][T26393]  ___sys_sendmsg+0x21f/0x2a0
[ 1616.954082][T26393]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1616.954128][T26393]  ? __fget_files+0x2a/0x420
[ 1616.954146][T26393]  ? __fget_files+0x3a0/0x420
[ 1616.954170][T26393]  __sys_sendmsg+0x164/0x220
[ 1616.954192][T26393]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1616.954221][T26393]  ? __secure_computing+0xe2/0x2a0
[ 1616.954254][T26393]  __do_fast_syscall_32+0xb6/0x2b0
[ 1616.954270][T26393]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1616.954299][T26393]  do_fast_syscall_32+0x34/0x80
[ 1616.954314][T26393]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1616.954335][T26393] RIP: 0023:0xf7fc1539
[ 1616.954368][T26393] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1616.954382][T26393] RSP: 002b:00000000f50c555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1616.954399][T26393] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000040
[ 1616.954410][T26393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1616.954418][T26393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1616.954427][T26393] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1616.954436][T26393] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1616.954457][T26393]  </TASK>
[ 1617.217021][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1617.231315][T23019] usb 2-1: Decoder not found
[ 1617.296590][T26394] delete_channel: no stack
[ 1617.442840][T23019] em28xx 2-1:0.132: failed to create media graph
[ 1617.469572][T23019] em28xx 2-1:0.132: V4L2 device video103 deregistered
[ 1617.485379][T26405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5976'.
[ 1617.511471][T26396] ==================================================================
[ 1617.519660][T26396] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430
[ 1617.527161][T26396] Read of size 8 at addr ffff888067660738 by task v4l_id/26396
[ 1617.534747][T26396] 
[ 1617.537182][T26396] CPU: 1 UID: 0 PID: 26396 Comm: v4l_id Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1617.537212][T26396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1617.537227][T26396] Call Trace:
[ 1617.537237][T26396]  <TASK>
[ 1617.537247][T26396]  dump_stack_lvl+0x189/0x250
[ 1617.537289][T26396]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1617.537314][T26396]  ? rcu_is_watching+0x15/0xb0
[ 1617.537349][T26396]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1617.537382][T26396]  ? rcu_is_watching+0x15/0xb0
[ 1617.537414][T26396]  ? lock_release+0x4b/0x3e0
[ 1617.537447][T26396]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1617.537468][T26396]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1617.537491][T26396]  print_report+0xd2/0x2b0
[ 1617.537519][T26396]  ? v4l2_fh_open+0xc7/0x430
[ 1617.537547][T26396]  kasan_report+0x118/0x150
[ 1617.537571][T26396]  ? v4l2_fh_open+0xc7/0x430
[ 1617.537594][T26396]  v4l2_fh_open+0xc7/0x430
[ 1617.537614][T26396]  ? __pfx___mutex_lock+0x10/0x10
[ 1617.537638][T26396]  em28xx_v4l2_open+0x157/0x9a0
[ 1617.537760][T26396]  v4l2_open+0x20c/0x360
[ 1617.537808][T26396]  chrdev_open+0x4c9/0x5e0
[ 1617.537835][T26396]  ? __pfx_chrdev_open+0x10/0x10
[ 1617.537862][T26396]  ? __pfx_chrdev_open+0x10/0x10
[ 1617.537884][T26396]  do_dentry_open+0xdf0/0x1970
[ 1617.537920][T26396]  vfs_open+0x3b/0x340
[ 1617.537945][T26396]  ? path_openat+0x2ecd/0x3830
[ 1617.537977][T26396]  path_openat+0x2ee5/0x3830
[ 1617.538008][T26396]  ? arch_stack_walk+0xfc/0x150
[ 1617.538048][T26396]  ? __pfx_path_openat+0x10/0x10
[ 1617.538078][T26396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1617.538112][T26396]  do_filp_open+0x1fa/0x410
[ 1617.538167][T26396]  ? __lock_acquire+0xab9/0xd20
[ 1617.538198][T26396]  ? __pfx_do_filp_open+0x10/0x10
[ 1617.538239][T26396]  ? _raw_spin_unlock+0x28/0x50
[ 1617.538268][T26396]  ? alloc_fd+0x64c/0x6c0
[ 1617.538297][T26396]  do_sys_openat2+0x121/0x1c0
[ 1617.538327][T26396]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1617.538355][T26396]  ? exc_page_fault+0x76/0xf0
[ 1617.538390][T26396]  ? do_user_addr_fault+0xc8a/0x1390
[ 1617.538421][T26396]  __x64_sys_openat+0x138/0x170
[ 1617.538452][T26396]  do_syscall_64+0xfa/0x3b0
[ 1617.538472][T26396]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1617.538505][T26396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1617.538533][T26396]  ? clear_bhb_loop+0x60/0xb0
[ 1617.538558][T26396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1617.538580][T26396] RIP: 0033:0x7f56dcbc8407
[ 1617.538609][T26396] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1617.538629][T26396] RSP: 002b:00007ffd20e01330 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1617.538654][T26396] RAX: ffffffffffffffda RBX: 00007f56dc59b880 RCX: 00007f56dcbc8407
[ 1617.538670][T26396] RDX: 0000000000000000 RSI: 00007ffd20e02f1a RDI: ffffffffffffff9c
[ 1617.538686][T26396] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1617.538698][T26396] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1617.538711][T26396] R13: 00007ffd20e01580 R14: 00007f56dce21000 R15: 000055a987d694d8
[ 1617.538735][T26396]  </TASK>
[ 1617.538742][T26396] 
[ 1617.844726][T26396] Allocated by task 23019:
[ 1617.849168][T26396]  kasan_save_track+0x3e/0x80
[ 1617.853911][T26396]  __kasan_kmalloc+0x93/0xb0
[ 1617.858525][T26396]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1617.863920][T26396]  em28xx_v4l2_init+0x10b/0x2e70
[ 1617.868878][T26396]  em28xx_init_extension+0x120/0x1c0
[ 1617.874196][T26396]  process_scheduled_works+0xae1/0x17b0
[ 1617.879871][T26396]  worker_thread+0x8a0/0xda0
[ 1617.884573][T26396]  kthread+0x70e/0x8a0
[ 1617.888674][T26396]  ret_from_fork+0x3fc/0x770
[ 1617.893300][T26396]  ret_from_fork_asm+0x1a/0x30
[ 1617.898114][T26396] 
[ 1617.900451][T26396] Freed by task 23019:
[ 1617.904535][T26396]  kasan_save_track+0x3e/0x80
[ 1617.909239][T26396]  kasan_save_free_info+0x46/0x50
[ 1617.914301][T26396]  __kasan_slab_free+0x62/0x70
[ 1617.919077][T26396]  kfree+0x18e/0x440
[ 1617.922992][T26396]  em28xx_v4l2_init+0x1683/0x2e70
[ 1617.928041][T26396]  em28xx_init_extension+0x120/0x1c0
[ 1617.933352][T26396]  process_scheduled_works+0xae1/0x17b0
[ 1617.938930][T26396]  worker_thread+0x8a0/0xda0
[ 1617.943550][T26396]  kthread+0x70e/0x8a0
[ 1617.947646][T26396]  ret_from_fork+0x3fc/0x770
[ 1617.952260][T26396]  ret_from_fork_asm+0x1a/0x30
[ 1617.957038][T26396] 
[ 1617.959416][T26396] The buggy address belongs to the object at ffff888067660000
[ 1617.959416][T26396]  which belongs to the cache kmalloc-8k of size 8192
[ 1617.973522][T26396] The buggy address is located 1848 bytes inside of
[ 1617.973522][T26396]  freed 8192-byte region [ffff888067660000, ffff888067662000)
[ 1617.987526][T26396] 
[ 1617.989872][T26396] The buggy address belongs to the physical page:
[ 1617.996312][T26396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67660
[ 1618.005168][T26396] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1618.013685][T26396] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1618.021285][T26396] page_type: f5(slab)
[ 1618.025313][T26396] raw: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[ 1618.033930][T26396] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1618.042555][T26396] head: 00fff00000000040 ffff88801a442280 dead000000000100 dead000000000122
[ 1618.051254][T26396] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1618.059951][T26396] head: 00fff00000000003 ffffea00019d9801 00000000ffffffff 00000000ffffffff
[ 1618.068637][T26396] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1618.077318][T26396] page dumped because: kasan: bad access detected
[ 1618.083751][T26396] page_owner tracks the page as allocated
[ 1618.089478][T26396] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 25065, tgid 25064 (syz.1.5602), ts 1532152425940, free_ts 1531766297712
[ 1618.111218][T26396]  post_alloc_hook+0x240/0x2a0
[ 1618.116010][T26396]  get_page_from_freelist+0x21e4/0x22c0
[ 1618.121574][T26396]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1618.127402][T26396]  alloc_pages_mpol+0x232/0x4a0
[ 1618.132273][T26396]  allocate_slab+0x8a/0x3b0
[ 1618.136861][T26396]  ___slab_alloc+0xbfc/0x1480
[ 1618.141550][T26396]  __kmalloc_cache_noprof+0x296/0x3d0
[ 1618.146936][T26396]  audit_log_d_path+0xb5/0x190
[ 1618.151715][T26396]  audit_log_d_path_exe+0x42/0x70
[ 1618.156759][T26396]  audit_log_task+0x2b3/0x3c0
[ 1618.161456][T26396]  audit_seccomp+0x86/0x190
[ 1618.165977][T26396]  __seccomp_filter+0x9aa/0x1a40
[ 1618.170935][T26396]  syscall_trace_enter+0xaa/0x160
[ 1618.175981][T26396]  do_int80_emulation+0x101/0x390
[ 1618.181278][T26396]  asm_int80_emulation+0x1a/0x20
[ 1618.186232][T26396] page last free pid 5822 tgid 5822 stack trace:
[ 1618.192563][T26396]  __free_frozen_pages+0xc71/0xe70
[ 1618.197688][T26396]  __folio_put+0x21b/0x2c0
[ 1618.202181][T26396]  skb_release_data+0x49a/0x7c0
[ 1618.207050][T26396]  __kfree_skb+0x55/0x70
[ 1618.211318][T26396]  tcp_ack+0x2013/0x62b0
[ 1618.215666][T26396]  tcp_rcv_established+0xea0/0x1de0
[ 1618.220881][T26396]  tcp_v4_do_rcv+0xa23/0xce0
[ 1618.225488][T26396]  __release_sock+0x21c/0x350
[ 1618.230187][T26396]  release_sock+0x5f/0x1f0
[ 1618.234709][T26396]  tcp_recvmsg+0x220/0x810
[ 1618.239135][T26396]  inet_recvmsg+0x147/0x250
[ 1618.243649][T26396]  sock_recvmsg+0x1a8/0x270
[ 1618.248162][T26396]  sock_read_iter+0x231/0x2f0
[ 1618.252861][T26396]  vfs_read+0x4cd/0x980
[ 1618.257043][T26396]  ksys_read+0x145/0x250
[ 1618.261306][T26396]  __do_fast_syscall_32+0xb6/0x2b0
[ 1618.266441][T26396] 
[ 1618.268780][T26396] Memory state around the buggy address:
[ 1618.274489][T26396]  ffff888067660600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1618.282559][T26396]  ffff888067660680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1618.290631][T26396] >ffff888067660700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1618.298783][T26396]                                         ^
[ 1618.304685][T26396]  ffff888067660780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1618.312766][T26396]  ffff888067660800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1618.320837][T26396] ==================================================================
[ 1618.340564][T23019] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 1618.363934][T23017] em28xx 2-1:0.132: Closing input extension
[ 1618.570987][T26396] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1618.578273][T26396] CPU: 1 UID: 0 PID: 26396 Comm: v4l_id Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[ 1618.590002][T26396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1618.600064][T26396] Call Trace:
[ 1618.603359][T26396]  <TASK>
[ 1618.606314][T26396]  dump_stack_lvl+0x99/0x250
[ 1618.610935][T26396]  ? __asan_memcpy+0x40/0x70
[ 1618.615543][T26396]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1618.620756][T26396]  ? __pfx__printk+0x10/0x10
[ 1618.625359][T26396]  panic+0x2db/0x790
[ 1618.629373][T26396]  ? __pfx_panic+0x10/0x10
[ 1618.633919][T26396]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1618.639853][T26396]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1618.646206][T26396]  ? print_memory_metadata+0x314/0x400
[ 1618.651715][T26396]  ? v4l2_fh_open+0xc7/0x430
[ 1618.656357][T26396]  check_panic_on_warn+0x89/0xb0
[ 1618.661388][T26396]  ? v4l2_fh_open+0xc7/0x430
[ 1618.666004][T26396]  end_report+0x78/0x160
[ 1618.670264][T26396]  kasan_report+0x129/0x150
[ 1618.674782][T26396]  ? v4l2_fh_open+0xc7/0x430
[ 1618.679384][T26396]  v4l2_fh_open+0xc7/0x430
[ 1618.683904][T26396]  ? __pfx___mutex_lock+0x10/0x10
[ 1618.688945][T26396]  em28xx_v4l2_open+0x157/0x9a0
[ 1618.693824][T26396]  v4l2_open+0x20c/0x360
[ 1618.698079][T26396]  chrdev_open+0x4c9/0x5e0
[ 1618.702507][T26396]  ? __pfx_chrdev_open+0x10/0x10
[ 1618.707457][T26396]  ? __pfx_chrdev_open+0x10/0x10
[ 1618.712400][T26396]  do_dentry_open+0xdf0/0x1970
[ 1618.717209][T26396]  vfs_open+0x3b/0x340
[ 1618.721287][T26396]  ? path_openat+0x2ecd/0x3830
[ 1618.726069][T26396]  path_openat+0x2ee5/0x3830
[ 1618.731110][T26396]  ? arch_stack_walk+0xfc/0x150
[ 1618.735982][T26396]  ? __pfx_path_openat+0x10/0x10
[ 1618.740933][T26396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.747024][T26396]  do_filp_open+0x1fa/0x410
[ 1618.751630][T26396]  ? __lock_acquire+0xab9/0xd20
[ 1618.756497][T26396]  ? __pfx_do_filp_open+0x10/0x10
[ 1618.761544][T26396]  ? _raw_spin_unlock+0x28/0x50
[ 1618.766409][T26396]  ? alloc_fd+0x64c/0x6c0
[ 1618.770751][T26396]  do_sys_openat2+0x121/0x1c0
[ 1618.775459][T26396]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1618.780674][T26396]  ? exc_page_fault+0x76/0xf0
[ 1618.785383][T26396]  ? do_user_addr_fault+0xc8a/0x1390
[ 1618.790800][T26396]  __x64_sys_openat+0x138/0x170
[ 1618.795664][T26396]  do_syscall_64+0xfa/0x3b0
[ 1618.800171][T26396]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1618.805391][T26396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.811472][T26396]  ? clear_bhb_loop+0x60/0xb0
[ 1618.816162][T26396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.822073][T26396] RIP: 0033:0x7f56dcbc8407
[ 1618.826497][T26396] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1618.846118][T26396] RSP: 002b:00007ffd20e01330 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1618.854548][T26396] RAX: ffffffffffffffda RBX: 00007f56dc59b880 RCX: 00007f56dcbc8407
[ 1618.862531][T26396] RDX: 0000000000000000 RSI: 00007ffd20e02f1a RDI: ffffffffffffff9c
[ 1618.870513][T26396] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1618.878493][T26396] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1618.886474][T26396] R13: 00007ffd20e01580 R14: 00007f56dce21000 R15: 000055a987d694d8
[ 1618.894462][T26396]  </TASK>
[ 1618.898043][T26396] Kernel Offset: disabled
[ 1618.902400][T26396] Rebooting in 86400 seconds..