last executing test programs:

19.926148751s ago: executing program 4 (id=2000):
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000050000106a05310300000000000109022400010000800009040002090300010009210000000122000509058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f00090582"], 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x7fff, 0x2)
ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000180))
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x34, &(0x7f0000000600)={0x40, 0x7, 0x24, "dffd4ed79d4be8c4707383b593e95a9d2eec8b0cc7e905d0e98bde8c4fa7b40e3417b6ee"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
setpriority(0x2, 0x0, 0x1)

17.455710882s ago: executing program 1 (id=2006):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20000}, 0xffffffffffffff6e)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl(r0, 0x8b2c, &(0x7f0000000040))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
mmap(&(0x7f000024e000/0x3000)=nil, 0x3000, 0x1000002, 0x11012, r4, 0x0)
syz_clone(0x84021100, 0x0, 0x1c, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[])
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r8=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r7, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r8, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r7, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r8})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x80010, 0xffffffffffffffff, 0x0)

15.610961539s ago: executing program 1 (id=2007):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)

15.584271934s ago: executing program 0 (id=2008):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'dummy0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a80)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0300000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1], 0x44}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x400, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lseek(0xffffffffffffffff, 0x1, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x18, 0x1404, 0x1, 0x70bd29, 0x1, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000088}, 0x24000018)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x9, 0xc, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000011c0)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000000)=@udp=r7}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r3, &(0x7f0000000100), 0x0}, 0x20)
r8 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r9 = openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x20401, 0x0)
ioctl$SNDCTL_MIDI_INFO(r9, 0xc074510c, 0x0)

15.152112769s ago: executing program 2 (id=2011):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x1, 0x152)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x10}, 'syz0\x00'})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
symlink(0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x26100, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0xb8, 0x24, 0x300, 0x70bd28, 0x25dfdbfc, {0x1f}, [@typed={0x8, 0xd3, 0x0, 0x0, @fd=r3}, @generic="1dd47e771a731001160591ac30935bcc375b90abb36b32d684e91b5b769dc79a9950e35c92c31ed888aaf8ebc2794a197caed9594adb237a60b92b6d0fa39b7ed6b1949848556be96d5b27c776cfeb0089f8795b85866aa2da1d71f4f2c85c072120a43291a7b7e0e9a9a6eb25e9c7de024d3e65c7b36dde986707ba22f013f57c80c42219ecd928097a8cf90bd07220a8f485d21cbb42b8e195"]}, 0xb8}}, 0x8820)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYRES16=r4, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="080026006c0900000800a00033f4ffff08002700000000000500190109000000080026008009000004006c00"], 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
shutdown(r6, 0x1)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)

14.517058768s ago: executing program 4 (id=2012):
r0 = socket(0x10, 0x80002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x12, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x5}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timerfd_create(0x7, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000080)=0x272)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9}, 0x94)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000200)=@ethtool_perm_addr={0x4b, 0x30, "4372070000000000476fb2940acfbe4c3f9725f0f2bf568d62c050880594c23d36147b586c9a7affa71b5e2237000000"}})

12.433650023s ago: executing program 4 (id=2014):
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)
syz_open_dev$dri(0x0, 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0)=0x2000000, &(0x7f0000000700)=r1}, 0x20)

11.51400246s ago: executing program 2 (id=2015):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x1, 0x152)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x10}, 'syz0\x00'})
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
symlink(0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x26100, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0xb8, 0x24, 0x300, 0x70bd28, 0x25dfdbfc, {0x1f}, [@typed={0x8, 0xd3, 0x0, 0x0, @fd=r4}, @generic="1dd47e771a731001160591ac30935bcc375b90abb36b32d684e91b5b769dc79a9950e35c92c31ed888aaf8ebc2794a197caed9594adb237a60b92b6d0fa39b7ed6b1949848556be96d5b27c776cfeb0089f8795b85866aa2da1d71f4f2c85c072120a43291a7b7e0e9a9a6eb25e9c7de024d3e65c7b36dde986707ba22f013f57c80c42219ecd928097a8cf90bd07220a8f485d21cbb42b8e1955457"]}, 0xb8}}, 0x8820)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r5, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r5, 0x1)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)

11.423081853s ago: executing program 4 (id=2016):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
connect$can_bcm(r4, &(0x7f00000000c0), 0x10)
r6 = gettid()
r7 = epoll_create(0x400)
r8 = eventfd(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000000))
kcmp$KCMP_EPOLL_TFD(r6, r6, 0x7, r8, &(0x7f0000000080)={r7, r8})

11.403361496s ago: executing program 1 (id=2017):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e8500000007"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x18)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118)
write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r5, 0x2}}, 0x18)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00'})
socket$inet6_tcp(0xa, 0x1, 0x0)

10.614538391s ago: executing program 3 (id=2018):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

10.452970188s ago: executing program 0 (id=2019):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000280)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x0, @private2}, {0xa, 0x0, 0x621, @rand_addr=' \x01\x00'}, 0xffffffffffffffff, 0x63}}, 0x48)
mount$tmpfs(0x0, 0x0, 0x0, 0x80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r6, &(0x7f00000000c0)=""/4096, 0x1000)
keyctl$read(0xb, r6, &(0x7f00000010c0)=""/4096, 0x1000)
sched_setscheduler(r3, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.789988372s ago: executing program 4 (id=2020):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
poll(&(0x7f0000000080), 0x0, 0xfbe)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000000c0)={0x2, @tick=0x8001, 0x7, {0x3, 0xbb}, 0x3d, 0x2, 0x9}) (fail_nth: 3)

8.286858044s ago: executing program 0 (id=2021):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001801000020786c3100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r6, 0x0, 0x7fffffffffffffff}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000027c0000000039a0040008000c0001800600060008"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000003, 0x4c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

6.862143012s ago: executing program 0 (id=2022):
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000050000106a05310300000000000109022400010000800009040002090300010009210000000122000509058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f00090582"], 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x7fff, 0x2)
ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000180))
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x34, &(0x7f0000000600)={0x40, 0x7, 0x24, "dffd4ed79d4be8c4707383b593e95a9d2eec8b0cc7e905d0e98bde8c4fa7b40e3417b6ee"}, 0x0, 0x0, 0x0, 0x0, 0x0})
setpriority(0x2, 0x0, 0x1)

6.860065215s ago: executing program 2 (id=2023):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
socket$xdp(0x2c, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0xc05c5340, &(0x7f0000000040))
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000010000000900010073797a30000000005c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000100800034000000007080007400000001408000440000000000800044000000000801000000c0a01020000000000000000010000000900020073797a3200000000541003805010008008100180041001003a5a4130ccd7c0610bc3920ad9bc574f21de2f4fbcaf6ac4127e516273a4f0274d0c5abe82ff12a4192f6f60751d259e77aa6d1e50de242922f8efcea7e8e68197336f0b923f28db52d96bbf0b8d560c2525f0bd1c1670dc74d93e16d3f8f4c1495abdc8433aef10d4a115fa8c6ab402335adc8bb83ed86682f9e9e769e131db5bcc1208a2f73b2ebbfdf90ebe4cad4d38f498a678477de4abcd9d17ced589849b1a28dffa154175117e7d14b34a0fe80d0db3fe8849f649333bddc70d303ac3442c7046a0c269c0693502e19ecc9e43ab4cfaa3c8e23c69aabf6216dbb17661730330cd6f96475de46e39d8f31fa044928ee02c0e98fd91e2c9170d9c91f5aaa60da74ee84dcecbabcf2af7fa183f80b7b147e8d0db2139c34b0144ea07bc6cc0ca7e5c56afb5df80c08f820ae72dcc0bf4d452933dd9a4457a722a9871566c30c593c0fa9e0a937f395c7d7eb058cdc4c3aba3f3bcb6b7d7c2e4b2a0a94e98f9c67a59b4d7b50da94af1c1da993864944ac5895e953ea2bdfa79b364842b4b34b042e9cd1c2df925f537e4502770903b9ee22d6ff25b07059e2c7fa00caf2602d424e6217b261eada1012df6fc3c5d2f7f05ecf8b2f7adaedfa0a8a6f2036103eee2203fedb784387abdc17d007085c3174b87b4c2a84481d99ab9800198afc79b0178a9dd345658be64e544f355de6332d5a000017f68a150ea744dc1e106779204771f74ce78d48c0e159408eb77369b677799e5f0b26fa8db07900c11b2598df1c34618fa373d4bcfefc69082a798de1c32a3afee550318420c300ef7aebd31e191bf1442336519b6498bcb603b16cba840b2cf5a9d37638b37e29369922805f4787bb31dc17a6accbe6ff7f87077291637081e9bc88bfbac6565cac08571ee094888703957d22c5befd08a22a2f5a1ce92c7f2454ff214c4dfcc36a807c4abaa756c97ceade1705d380df619d54bf39241fd91579af8ebb8d425eabe86b8ec484826e7c3cb4ec4da2c135bf437bcdf799b5e1853397d216227a2afdccb52d61fee7ff0f163427be758052d4fd0a45f417abf27c2e024f5d533bace77f0f88c12d0b6427791e61e649ebf5daaef142a918cc015bd02b3b2541b46cecb2fa4a6e1073a03a65ae8718a7ad42f4fbdfe5430baa58382a4f69f62aaa03df1f5aac8ac8cc8ea0dd3c43df1362bd153893d9d5eef2abca525fd7c2653da81750649be1a918e819b066c615b85502114204470edc4539cede10d7caeb7c52b64b93af6856ce6bdfd1c881a7eb74c9396cb7945409d8661157fd14457f46026f653678961c931d185c4894e92428f25046dcb6f4f9d31234fa570c622fde15c8f139cc54c4618b39e01e5eaad926e5e4f52d17d75a7de648980c6c8773eb03ea729e7fec947b78c11792eb506b24f133f186a34038ee1daf8f6016efb8865b55352a5c84662f5e6466f822522cb30f72ba770fe780a83adef257187c70b91c2bfaeddf64ad17a779af67c7173d11cb6548e47ef2e96cae2482733822b0b7b6cdf175800ccd997dad9da625b84a69df61c54278069ad8e4853af24aeb13ef80dd8ca1c41147d64f8357ab10b92ba5bc6f8aca2b036b3777f330aaf4769ec9261d36ead363334dd4ed42a2ddc6b754847d3fc975728281cd5130135ca27afc5434153fd5bd700b1c8947a98888de3bfc0620c1e10ca14988b6fbc28148674d6f8b82d72bfe7ca514fe4c90f3d8492f5dacc073cb2fd5564b47b2afd914f125c2fe3c041dac6fe1818bb5bad22b747c8d2e09ccab691903afddc038df394d3e9f81a03c414a97026af88d9665fa6087f7e8a9f45370a44f44d813e5b3afa48b6ee7de393b8479ef146793ee94bb3da6785f97b8e5791a9e9cdb11718df991681f881a66566ddad87bb458aa31ada3138ca3c8377997a8c015abafed0388e3e7415e615e139501fef05d939ce894d709ba2fcecf5aeced59321fae82c0626d88926f69d5284b870b71dd91b7c3ac13d1be11ed1c2def0d9b760f3cac98f870cb3393d7dc443e4f1122aa8d73e2601538119cd7ff15b4a01bd57ed91f7bedc686435c7abcb38a258953392db1d849ad795eb19fc9d60843b673e31f245bef549be599307fdc11fe31362d003457c489ca5f3fb5d0681774c5f2d978da00416186ebf2648262c7fc262c0c26552203524f8ee65e67313b1db937554f99f895d88640e912664917e22f7924f662808cc69a605404e61095f25027bc74006618a63190eaee17a579f4935fa47dfcd1e92e829c011ecda68f5bf887fb247f89fa33fe68c1ce24cbdfc707247ca3c23f204be36a0bc56135944d3ccde2b4bc09595de335a51dae2407f494c2d18775aa0d8438eddb53d8c801a8252ff450c9da7453da9fbf876d28fb888b3903b56254e362502cf8e65fe2df0723a65dacd86ef65f96059e4eac006d8aef9f2d19f9d8979372f5de1695c01ec19d7c93e412387702c386959c733d09461893b685ecfb1343d9191552b5f26e93bb9266305ce6c2b0edfe747f8b8dd812914f4a730162de8d6d9d0cc4459f040174ed17ceb7ad9940c1db01bd8a55ade032a783f6436241c53623116cdd962e7e3d672bd4cf7781b299889c682292707773dbed77462bea85336faab79970be7d94611fed4d361f17be044c4d50084d91b6e115919a79fa722be712b621a5602f0bdf38525761e3abaacb384500f5bf8351a461d15967470fc642cd6df3274ea6817fd453056f3b6593c10841aa46a2ea23e988ae82778d87e07e67e70104c1bb9e26e8f0b8eb38daa3ae9e46f9f4e4ce078149fa856d460019c5d46da988fdb6bd0f4dafea5c462025d25fa34ed1471a436b1e5ba7be5c48c0e563b1ca523aa4bc17c0632ed56bee776ce0f1a6e4317fc6662fea12ccfbfac27ad66395303de3e8002869feff2964c0ca07c977dfb48d64be0ac9a6f14b02af737adb839299545425b6a85222b6ddaacf638138ff845fa45a77602c83f14c11d94e7cc03a17467a5d54b777979d717125c43d1a516cd4999087751f50886ea6a462a37e9b25f6d91c20af9a304280c314f9790f49879fa830c59ae2e4387e1c0ed02e5596f80fbb1e186237621d78a0b130e5036d1bd1f635edd124ee8dbdf194dfc5f839a29b721f1e08287cab8be0b24c8cb2e0cbc8d00acabb3fe9272c34bf640f8c9e32219bea35f603eebb2935ced37291a17d82899e86b359e7d07f0e0126387b50897c3a47bbe8262c1226d8707cd0dab5dab5edcfcd22b80237bc1b605330d485fb55262402f859192c920060c97273f2cb1d83152a123286829c5a9ee0ad8986a15209f8922d021e041e89350fee089ce8b1e81abba39365668fe6b022197397834ff20a9ad446ef44df4a8648c9faa85ca885b4d0562a5614fb0e7dea19dc1e62e1c1a16f4f12a8915a49b861fcf91c7b58ae5d026401dbf578a3d471d71f2db7b506d40595026496c206b866f2c0d61e6beb98955e8e21f740d84b78ca55c1eab03316133b0744064bc23de23fce35cb598c87b0a87222fed762f3786e22230fc7a8086d121d1394d1e76cf474f53c1193c5fdcb8f6d4aee817c032cc699d047fef26de18c12855d64301642c08f1e4aad55c2e64e5fb3a3f2a530677dd5ac7178dcc6c0761df0dceb6aa9b74d35c953f2e6602e98659f193667d4de62fb71b9882cc0c5146e78b6b87eba422f8ec090e4bd184449eb5e66c503fce6da404341a4c9b87dda790f43edfcd7a00020000759a611f4ad9142ea175a10f9de0a288c44b8be2ecf4543cad5b5164761e980abd7afcc7b16306dab40cdb493f58f9270df7e55055496c8a990481765aac6938d5c1f7e342218f3b0a89b4525373cd81c88c930501ce61b936876ac88832bc2967450ca8b328b9fa2ace034d150caf42c9465ad374ad8c4a3c1ec6c7c77a7a9c2a8087d9340065591a0d0b79b5a0bed3bdcb1de5002f17ac39f42ace83033b5b24e24d04f167aa0434f091fec3afa21b9bccc73cb1ecb0b3f94b4e1bd2a5ea17541739771f06f351d01aadeb933eb67eaefed1c56327720c85f053b57601468f43316b3741efc4ef7c4b994e2bd80083cdb2c78f07a65fd853f4570ddc1802af92f7496eb35ecb0bb6f5e4008765ef91a3d8db91a4db6cde4fa8813836dc0c5460f59e2c05155c7e01574a5b3c0e88ad2b5d041f98d34447c3475dda29c82784468fa29f898ca0d4890407a20e94259d38f66aa528b116dd2fb3ee41f2fdf9980a24d99868a730b16a1e660b654a19eb46825b0099ddb1ce9fc655231da7d464ccaf178114916ce4d57a65e438ba55f6ec97c0e02a5b49d27985947ba5c302a592775473cee24e8cbabdabb773df21e65f554480b565a70ec058cfb4faa70c58b36447d1c4d31c9d2a2982d5fef4d5e691d59e0b99f03f406f47e9f43be600cfba0eda8abb38d65a234523201f1405c67f6a1084f969449b327db0c6571dbcab592ae12c7503e19f03a6faceea36df193d5e6351cf926c9ac1609059d3e3fa2ebf0adac417fdcdff44ccf56868edf8a5d72d01ef72eda0c805ecfb6c53291897f9fce148bd4eb9b0970316ca7e2efd41d1e11680471a81deb4567f2432eae69b389915b57e3de0b752d0c28b219586bde49506c58dbce3de0dbb82dc2afd55d665424a0d649fb865db7a0f947c16cfe25cb2ff6cca801c06e856f0c091a2f32bb8e47b0302ba96545c2ed8e7ee7345ca31257c5541309c8413248534ea3009892b6bfef7a86e60d2ddc4a6e5c1a9e9d69f0e37bc7e501e58bbf0f14a507990006618aed20cfe4a594e7bc19f95fababd9ad8f4dab9d3e40f4f4e14a6235b6f2aa8cd6e01eba46d798cc47b7476f93857772067921826b6daea52c2cc73d44d343177d66c0d00003db46e4c24978a62a92c91cf3deb890952f097826c69ae7d3bd7426443de37dc1c139f3b264554ade64ac08ce9ef1c260da5ef10f2e381dd8f381a4fc9df132537d49857078a217b8a73132bb991eb1b2f5fd409f9682eeae7b382c20bdaea3ae5355716bfebb3ab80336a61e2e0a8e77cad3854395da39b1571ff5289f96b55a50af0f8ff54b73f2b212289a3b41897c5084a6fcae5e70c50ef0abee4fd72e106a37a30ea7f041b4f0c876c98d45a3dff9833e7c38c960eb685b6904b4deb34f3d221d52a05a5707d9827f9d92e56d0c4dfe3f76662979f4c34ef4bc2bd085f9ecdfb0588864542ce80ed4d236793b32ed15b79761b8352ecbbbff22b6635c3e1046d27c1c149bbde09cf826f73960353849e62870a975a1db7061b8b76c1e42c9813b8a1806f75fca6e8c75eac23d20e99c466934301ff07102bed02ecd0bc2ab4a0bdfb29c39b1aee9b6b1f5b4baee79864f12aea844f3a944ed842b65eea60fc543c71e760d3c114b57135f87ab240d231c46ae8034aa47c15b31f309a597f7fc403d3675ae46cf7887f9aa37a4909fc8a152ae93b5278c536d808e094cfea96cad690606ba5f0e5f5d04ba1e050eec125565ae8d4da81925695d1388dc01979a8c763da5c786b6885235bcb6af11d49c3e166ccf8d02862132afb93c5aa2df2b7cae5daa762d172b1458df2598d73c3532ff0b890ce6e3a7ee4f692c76591f278403b200559f1fbf27c707c848d7fd2f5b7773a524a22f7b8a28f6ebdf052cf453ef881c555f4f5abe1d55f5ad1347aacbadcfdf0991eca14eab2021a9d5ed31539dd8d7c59772877be0528a3aba77c766c31d076f8cc91c41ec3e13f886356e48989b54d2d7ccc648cc3ccc0b1dbf77ec0a51f6408000340000000013c00028014000280080003400000000108000340000000012400028008000180fffffffc08000180ffffffff080003400000000308000340000000030900010073797a30"], 0x1124}}, 0x0)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, &(0x7f0000000200), 0x4001)
msgrcv(0x0, 0x0, 0x2000, 0x1, 0x5800)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000240)=ANY=[@ANYRESDEC, @ANYRES16=0x0, @ANYRES8=r1, @ANYRES32=r3, @ANYBLOB="0c019900010001002e0000000400178008000500060000000a0018000303030303030000"], 0x48}, 0x1, 0x0, 0x0, 0x4004010}, 0x40048a4)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r5, 0x40045402, &(0x7f0000000040)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r6, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000000c0)={0x4, 0x8})
readv(r5, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x1000}], 0x1)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="c00100001000010000000000fcdbdf25fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000001000000000000000000000000e122f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af00000000000000ce001400726d643332302d67656e657269630000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100400000800000081daccc839330b929f0ed195dc2ab78b6f1ebe53105f4d76e189be0e51e00b61a4b696aad30714bbf7d2b7a8502753f14e787b88d37a371b72074bf5f1242f9620147bf7d29cdd2466e13ea900d2efe58741fb07e2402acc37dc17422e40d504ac02d2c57684efca194902d662d1243a96c79943528fbe81e1b4455da9c50f0a00"], 0x1c0}}, 0x0)
r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r7, 0xa1044d03, &(0x7f0000000000))

6.805687889s ago: executing program 4 (id=2024):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x1000000, {0x60, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1}}}, 0x24}}, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
dup2(r3, r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
sendmmsg$inet(r4, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000002c00)}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000540)="679512f062b8d965651edd4c06c901784e56aa174403ad4134742b71d211c6a85d8bc563c27f754fc2af5351f2f41e867c71c19837f2feba7862e511a47c446cd11c960f018962a53f6cf31a1123ff8092c9ff560701bfc579fa80f9149acafe2a225fed70d9173f0243a55be3c4028da556cf126da9c1b9b8f8e11356", 0x7d}, {&(0x7f0000002d80)="15", 0x12}, {&(0x7f0000000e80)='S', 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000003200)="8c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000380)="01", 0x1}, {&(0x7f00000012c0)="c89339f96fa636ba2f527aaa37159cc815448e015b23284d531bdd25a86c02e88b8f962021a37fd9614193094b27b21bf40bc7b43441ae5179a127ea80e91899e1f10a7045c4412bb7997ff8838923521fe0754832209cd546f4ed81500298511e080ec7059b1c32c07fd26f721c6611b8cb344a3fd8f7a889c50a42881e09d4d7ee7ee6c308a13ae6436c858933dc99f71924b68ae0faf95b0afcd3533bcc32840737f434728a12e99aea5c4ee6a603636560b8d9de530d395181e440c1a025ff8d6f33062f14ba2403a178e32ff2d4ec5d0d2c83233b01a41103ef38daeed650987abebe0e8ba7effc07bb5dbbc9a38a11f082f2c99937942f017c37a59572f5069ca709702ef133aa9730ebb5b72687f6175906dbc32289108cc93e5c84284bc701a0629e12eca8c15e763acd011323b758fdb82a63665c906b176042a6c601b5428722c8f6b795a4effc0d4c9a4b4963ae30e77afa0b473d27f4938b1f081765f30aee60de80b1154e3afc3593cad6a146f1c4e954a6b7535f7c4f1baf0e7280ae8957eb14aecb29cc42be434b6a73840fb4668ab11c7ad5f300d7561aa60619fc26a1bfe8fa4858b8b4282d0c9a86c8c2eed644303c1213114081f9cd2358f6609ed25113de321db6b3efbfea341c7318fdcf6776383d3329f080e2386a708679852ee2c28c2ab423163be97f818424b862486791ce5b8b25836a4f07079b65c7c3b2e797eee7f267e5cf37fb63bb89f6b15c332da46b2a313ff6cd958152701a73601c7d02b74622ba7ff9c2fccb1826a3238b95163edcf5dbb381c666fcd8f0ce22eb182135bd8a32c627e20354f2253edb77efadbb48d512ca030763df825c1dd71d34295dc2e75e0a3054354ca6674e2d16ae319c8f3bf7a7fe1e1e596cc2679444c2b5e84a5caaa40136a41a3a35e2ca053d8e4ff2134c2bd7dc2c5c7ef55579a7b569b5face778afba93a877b622f473d942fef36d909b7c17e2ba3948fc889f377f0bce583835ce70b86ee8c419f77c9fa9da33d5f3fd2f994c2229b59db0670a15d7ba9b8b3245c7c2f83953c046528db1d9626877752071b0389bb18edd4d3797b6846e8746911526b6cfb1da1a206f5d13f69d7a8a76f5dfaf02abdfde171ed51a80ca2146fe8a181df5f9c9e969c1e2113bb355a956dd0139446d7e5b1ae338513459753977c245177ed5ae398bb23ad503739c2d75b99d70af19a2faf0a6922585378c0c881298f5af7dc63f99b40be3aea8c25bb8f599ffc4d47caec400357f2fa0675c5a81141d6b1697a92f7ab1e465361bdec4bc837595cc257aac0bcd3333eef2199c622268f0aafdccf73b3fda6ddef6102aa03c1a07a85509025be45443e71d63e4a8b54cde98554b1dd9a2f431b62d29f0cf67e069c15988b8b78c6c66f7f1d831e6307473250bf66b88c1c326faa8f093f03824980bbddc34e2324754fdaafa45ea1a1cc4baaef3104108c8e7987696d3634aa61cd9af0f2b5e427eff51cc66792a37a6e09278c6457a92a84d2fd23f7a753120758e5ca80582848d537d2704315ee55374ca8204c427c8f1138c901a29f83c0b63fb00dca30a90aa0b81d09fad2bf556100a3f762dcafd44d89936f8d5e037bff746a3d7f769ef8045ca50b1f7e8b24b723f06b5582564133e8d6b9f78c0e0d19c6808b65aa19e0dbd18527e5cf4f1c2a7e9b9dcf996d781b0851b925a02a02a9ec2887fa049d10bf8e3cf99157df4f6708c9b3673e565ad47f3518d45c69e4c18f511a9973938279a0c607d4d5b010b83b7edf9dc91ac7b9dabcabf45f4abf863c87c9671b22421600e6358ab3798afeabb0021b587e125b4f599271228944365b1333e3a9f5cc7211fde35179bc2237a26d11b9ed5387644e34efbffb54c615c7e52efc06b425d43d85227f73d7d7a7435c4bf35c76be6e5daf24785f197710503a7cf3c6bde5d5f9ac3312f50af0bcd4e05313bf02e8737761c47957cdb07f1efe8468502e58e1ef9d02582fdfe2db9c1300d99d97b2b339b73a78ef91206a8f08a21988076987ca3b6e361bdd86fb74a9184789586a1815935d837fa7590ec4ae4aa838bcc5cc94c9193b4f3084f9854f21223bc2d8fb4cb4f888ebf6dc9daed2b5f36a964955daf5fac1e69e40952b09e3124491d9d6db5eb2529c0d0a6d7a9329a05a9d4d05a9fb55711786daca3519573d1a19c9200561e9e08d74190583fc4127d99ec251cc2597ddfc77562ebcb0c4107ed839e8d4e39cf048f7c3bf4d3af99d32b419f7e46cb70d23039bf965874be68923e7947fcc8f6182f620576221209a1781eb0e490d53831a01e5c3bb406b8004534c5f5c631a6a46a06bbd56c4d309f8e7f1de903dc9561cd23cb9a7ab63db127ab22adf1294aaab41e73bc067935901e66de985aafb506744c96d12af55e5961718a250ccde0db9dc94c5ab817448f193f922361f8d3043d4095ab1bb1126580c094f5f0356773fca30f963c2cf97c033c634a057d376140faeff8e19273749acc9322c94ec87d0f4b70615b76f8e2b256daa5c034382a1b93889081862c20dd2b956566321f69b192fc7f2bc135bdb2bd9575cfff340bfdddc21ce37647f7e34724286e5faf447e039e67fd64938a40151d9aedbb772a059b0ff3d2dd8c2b7f96df3b48f611758e28ad8812fee6708cc39e77bb55743db0df4cc08653c78182adc3a67db7e760d5f3741d6ee241576d0c55d5c40b5932769d80e2a687ec05c7f4c3f137ffdc5abe3e7039fd5a86990374ff0b00192088182e82b970c5bf0cfc054ca99aa225a69df5519a78fa31ca37ced124e84ded418aa9868a5ff95334ada067084fa98e5fdf353285836246154b0eef9ec625c855721a6cd0c649b6d2f72e600ebdbcfc207347a3d083033b03fb233946e9aca086456ef2bb02efff8e7953d833eb986c22afac7fd3753c19a7fd39e4d1f709e70272013b41614df4f1db326250b5588de369c7a8bf3842acf15c78a4d3881a6e092877665ef63e88dc97dd72d38612d5380abc72b9266cd325f05fe16ef0a01799e33adbff1d86d0980d2ed3f496495e5b7f41278c9498d1616db7ba860ffb87aee648df3f19bffa2edafb89940f930fd8beb2825492305b074757730accb8d20c847dd4d8beabc318c78cccfbc406314fea2da4b4cb8a67371bbce9dd7ec2d3c5b4ea21059130fa76fefdb4a7669ee25748468ef2d78088d1b3bb997ae4d51b5b739acfbd3bb1236db07dbcd0c810c07c73e5c6735a0be9d539d5c6caae62b3707d1a18cec5e16cac8575484604ca884e4f91c9bad2476f18be0b873a2cbe9c997335479b8487919a78922fd5175e8dd3b571a7677e6ac9f82e4e7c67cdfcb9ceee59b08a51bbc737bdff9b6e2250877d44a8d8c1d5ef113b2372833307be3cf0db834d043f529db04185b557910009d92cdfaa07c0533483459294a3e3da555c29416e1af2ec90b4b891e028e5af3ff5b274a0dc93ad4a3a33f886675f86bd1573bea665221e6bda9e2682bc00de3e603531f5e7d7a52c5fec65f478414833e22f36fe2b18930be9e4ef6367955623a9b938f79ff7e288678344c378b2bfd168e4c929357ab39640d677bcc17ac12fd999f3d4cd17b25a26e2bf78bcf9f898e89af6af47390908d5ea767f516cd4194165cea481c8f7ab946b66aa3083f21c02e7d61c19a4358c1cc92503c6e3bb1e7bdeb5badafdda9cec995830f5fadfb3fffe12426db1253db1268e4d3a24ca1d3d06822a439d8ccfb26af736751ac2d6dcec3763eba1c56d8a9f0bb66edb73e0dc9d5b56b23058fa9afa3667ac6188027bda68211b45b5451fb5a7e359fc61cdcf13d1f0965d9fddfd3d5d75684353a8687d18c3970b1c89e217b6cc1c7a34cec7c1e667dcd205346c2a8f85835c186811ab1121136ea83d297eb05a9ac1afa3b33346b392c3e9f479a19f7563531d0519f29868015ff20163530ce8d31bb298801b772dbb65d5caeda85982798a5ccdb4576ecc9378dadb21b3bfbb4cc33b3883164fbb6ac1a0401492c453fe2430a9de3b96d445b2c36e9a82200e00df7649544966c8f39a2d173fd8529ff8ac0f068216ae62f68c21485d6a5638f916cb5c27e5b4859c799b0a6786fd48fbacd83a9a472f50e024fa394537b33d3b4f9301266ea5e2462310ee2b862635d32d780d6411e4e6eb49d1e3732d1a0b8f0aef5bb7fd71cf9f861fad635e321fa146a630ac18d45c425214d79becc8cb97b8cac0ed0155daa9861c57ad549ae9d3cab7259a4b1eeaa72f7fb575f1dfd7268365e194e15518e176a32b82cc13544e75170bccf49161b67f649ebd1b81c85b128312b78e93750bbe9a2c456be9743859c8d80c4ec1dc4fd9d1a059042b058347b8bd02e65d469448953ac787b827fc95071d67ba047ac40ddd8a2503f62bf94457ea53073336cc284b2af1ef5598b0c0a0df3e2d729c43a7307dedb785240ab9cbe89075fb6b7ab8e6482b1ce31332e1bfa3f72e850bcea57260e4ee064ea5cfb629a058fba119e7d09ea4abd1f3b13d5ba5f8fc8abf967baf2da74099fd298e3bf3dc19ccbfe4c5e6be8cdb5e10066eceef59da3fef70c4b3d0d3f1ab7c347b63e3373e3327f9df11c73283234de66a9fa7bd2465318c6ef3a6f6a90b09c547bb93c2e5a1d12af02a0abfbc697c38ae95e1cbfd12706e96bbb2e12aaf6d40b032d61f9ee527bf464d51cc1a80ea0baebaeb8fd0523a7028387c43fc27f5fe6d2880a9f2b69eae550e3dcad889ae61abbfca58140760b53c85cea987e242f9ac38ba50ae7da73", 0xfffffe95}, {&(0x7f0000000a00)=',', 0x1}, {&(0x7f00000022c0)='Z', 0x1}, {&(0x7f00000005c0)="f5364e548c550000000000000000000000009c20aa8f88f2a2e98330e3799522896ebfddd4848b9deeecae27e7d77317facda9ee98b10c68444b7c094658bed24fd6766444ba58941c4d2a2cea03546fa8d215c3547d076a9543f841b2add236c19bdcf172a69ab70a7df1ad7ebc55e947f2c7a7a356fd68dbce155d2e22d72a5a65dbc16f7103ee6d06748b2ddf2799d94bfbcf1140285facb31bce2fba7fe3617478337692b1236f", 0x11}, {&(0x7f0000003240)="d4570847b1937948b7111dd96d83d8a455529f100357457d4f0f5c91105a3c58131bf10de83dc9ee9d239e5e89e59edb35abbf64c1a92109f8eb01bf689b90055bd51506423f4e456274a778c228aeb5d65e191f1bbb21f0f6dd25edc276f1264580344fed0ee32709a73a160c7578465757b87291dcefc84e58ae39e56fb10d42fd5a34aa4fca42ff53e3c9467d8dc1278a34d406df142092ed6661092ce85816f8e6a119860c3314d0e13f5d50a266f738b71fd531396d768c35bc45c042ee7d69b0b7b90da2aab111667ef006593c99c27c67bc3812dbc9f1994b4830ed54ed1f0bdf4966c1d20bddeb83972b15a86ed5fdef279ce58447059a2ba491d21120dc7e0a1d8cc5eff2deedec41057e178eb95ff00fed1e7095decea9cfd52c0a7438dbfc135c796bfa2bb290ab03f35ea2f2d72b8b0503f4972d6d7c60bf5a80981c4f9826007fdcaad959e1c90cace1664480e98069a86f1c059d112e9da27fa71716f530c2a5bf2296d09e5fcc726a8e5287499f563089bdcb6bf3779298dc9b6f739190f434983651f5f29857cbf62faac8c20bc7ac69334fe99e70c29a1294d0ee89dd6c9cd57845e64b289f84220b6e1fe9e81381cf688fa945a68eed3ebc0e8c1efa403b5a4cde68a24a863c17c9f8ad6d24a09e60d83fcf2beb51e6faac173ac98bb2269d7523f8654417ffe70ab87b477045715ad6aa3db39d3f32760fe25bdc0f3e083232ea6a55da3986cbdbd654ed71a4780f7dc3edb628e14287963c3b5f7f177a35071d7f1169351863516fc96f8cce8781439de06c9f76d6e303518493676b3b135900b89eeac40d994936e3a5a6bbc2f2cf6a2a8ed0ad2f81386f8c327cf9b15f8039df0a950641f7d14728194d7640f4cf7e28e1f89b2485857f5f70866844cead5b29f5d9166dce885bd4343bb1fd2c8437105e8e295c27cb44b10a01590c0fdddbc8abc71f777171adef0a45fe5c92b39e32a9c119c6c9a340be0df8cb3b8b77a2a6b5ba1ed4449674811dfae90889b3fb174e11fb947e15232d57bdeee29db4bc0816a878120e84e0ec40a99fd2b88bdb8502922d7015dff05a94ce7c79852bb7ea9a043fa629afc702300d49ac7fbe67a7b0161d2703348b8d0efb144f2920e341debd821ddc4a12a3f89891f24427a169c741568a06825d4f12d64da0935f2f217798b41f44b90140ac2f4cf08219f42b5d30bdd52e76c74100326babb4d1bc576c944fc5bd3a985f9b209a6a473e4fe3afe0c110b630ac443b75c6e13b20810fd3e5ecf9c6785dabeb758a5ddcfb1ad889b5349606ead8f3fa34ba8ea706de19da6b3a0bc36c4c2e3173a9c929157aedf649699f1f8887a31fccebbd7f28843c91753483541b2b895e642855f856e3951e4853fb70b4090512112e813edaa8edb0a5ddf2c329dde5381e6a5716ec9d5a79d9438ba6de736ac9ad45754bfe7227ada116507c84ffd942a84f4ce115d4fd9029f17e62383ce5fc7048a3f85d2709f2375334f1fce2f8b1af99742869f00f2d2fa37ccaf385dc2eaabe2f67671f06addf403d94bffda4bf5747a8773e9ce3beb7ca2b2e2714dd50eb387e226d834a0696b689b004cbb5b3a5aa7a2878be737f4dd7d65bf976f8deb39ad07265be604ce4f9246225f91cd10afd4725d800eeae4abcd0fd17fdf11257b19db7dcb4b9c34dc3cee03dce7d9ab6f7ac5e12316ce9879abb4432f87faa2b25094963f48582fc8a617067b1a0f0960ddf8cfd5065352d9aba09d37b9b10c7a8f702547fd86f34b62183cc883e41c40f5b0676eb077bda0204bd08dae7e7922b7934f2b449229950b4fc54cd7dafc709d828e9301be8c767e0f3bc420cd10ee3dac383bb8ab8aefe3515d6b959dfe578d256f375751beecbd24a152939b59f913728e47207b8a642b100aadfc685cd7d77ba43ec2298db4f551d851991723cd1cdd42f2837e7fd5df3dbf52945ea9a97b73d8915336023beb9bd3c91d9b1c7f5d49b0cba9c30016bb3216e9d6e9070a5dff813ce85a2a36fffa6bf750cf21eaa91a754f9788663690189fe58a9205e4733b6ac0711e98123f145a87eceb00561ac7d1a699d00384c57f6dc92939f45956d489946a365440d40911dabed15b67748000e0d244b21276032667f66119a2485f31d2c098da4cbbd0c5bbf8373fb53b662e48fc572b6e6c5700a360c5b905b548eaee0aa928b38703c84f7ed4a9a858801ad26c2911d4bbbfc1f46a070fa64db31a619dad30ba96eea1edccc6b0e67b7acffe1261af8e08ffb27fb625820f7a823c63febe0fb32e8907415a973cb42c8752d6a9ac3af2bcbd91d5e5c3ac288b2e2a92cb860d97cbf2b17da25b5333d90156493076ab457afb59f3443894a3c1d3d8b1ce7cbd47d36a7a64bcb194ea00d46181a7b65e3e104bea46434643ac722d04437b72f518e98289edba99559dd6aa03af60da7a00ad4f6105d31745b808a243c8ee9ebd70fa8516cd471473a1608d206fa93885e696f668a397cf713fe9c2001fdbb6e07f124782f5891bdc238db61a7d7f0575072abfadad9593a6ba8b1c89351784d0c722af86989e137809aa5b7833462a71ceca8d7ee24e883577a128652125bef2bd7558f77bb566719f2672fb07f890f892d2d3a725d1d907a696d2d97065c001cfd9e97d60fe2f584992b9bd80f618531af2f3d5df2c5717da36bb2a64853612b8f1f881c2a306b1e9c4c369e33e5675e0f9195e570ba0b2e0594838ad9aef53686a2c4dfd9eae21a826501af92d48e0d857ee0876cd09996c65b50333ab256b439fe89d836d77135079c51f87b1fb58c446a8d52e3c6432c111af4b66d57306659c81088ea0ef96a2f1b97dfd8beeb578b3016eedb65e2ec190e1ba08c9c37f85e102fdc972c9ba2a4a6f11a79831ed8087a22d1d978f005f6ee8869b8c1717a42b75378a98a5f9b1725cc323151b1996468068afd2827ccede23ffe279aa7b45d7dc683db3a9efb9f7b2093765d7c178c09bc0edeccf18c9ee5845cba0c2dda463989faf6d018e330cb52bc5d7913e6e26ea8cde26b7251d828da7b83a1ecbda1ecb3344b3c60f606a419d868da70ade78c3ecebd9b2bcff9cef2507907f011cdf9b072b1dcc872e5b29365b0f4a7d6c581c9bf42320ad9c3a52b419b73d0c0f616f2f630df9bdb5f3b88bbcdfe618180131be8357099f9e8ea457eb1dcf9324c7081687899fa81bc267e87bdd80b88150f6745cb735936876ca6b3c7a492698d32d762baf5b482fa5f26351cf18018fc1cb49411fb6663c474ea29d2a9d4ad703119fe7a6ed2ce6f97287e7660617c4e38c7b1aa1ee5df253c625a1b1d29c042b6d5dbfb44633dd4c0e93992aff81024c408ff00d24d9c98c07c1d4fe5656e3b053914a09b8f2968008c5c4c115d9f8640136254303cc095f95fa335aa858510dad731af19eb0df690ab0edd2bbed96679dad71ccf94da088cf62b34580548027703f92525b41d36297e71d988901e3e086c0d8f425732e0134a9ac2b111a5745c57d9a138b6a4055e7e3ba220a47fef3474e5bba15d3f4711e1d00f2e29f1a1082f4518a08e36451e887963193b08c3e255f22383c7001540b05836b30e912adaef4130ae8edb9c891c398855b218e76eb94332538b7add4b9261e873a6b91785f5ea6c82306dff166d654987361917fe83fcc5be9be3e8644d96d5a7c7bb445fc1b2c0a48814fabc1b3a190674b5f159a5b041dd317c4cf06076d6c9a7572054a09f2b9b74f14289daf5a16dbe6de85ed6128c91a18518f069451dbe8b9f57dab9bcecb4cc53e6612b90f5e644eaed1765d45ad6e6d9f0358fd3a885df1c572cfdb511bbca345628206d89b16f9251be85e1c617b15302bb86397e0763d757c70362dea82688fe32d0a714d598f3131c2a3a4414898fccdfd901dc8fde466ca269bf211b9863e360ea4aab7fdc107ddfd7ede043708804386e0180542a0802745407ceecf6adb2a9a5614cde89d413f49a32733b875281c8cab7ac5815a92fda65ea23ce2feab66606605f49f526cc336d2a5a067c185845941e4142ba82899966fc95bf40570967ec0a6fe130dccbaca48d251adb0f81a170e3dfac6f02e7c8bb5fa6f5602bdc73267c6756e1a374d5e8b19a92ff39662db3ac9f761b2e9e015c51815e5f111d416ee0a67f3adad81f8c64dad193f19048bb46ad1fa786a0c3f36119bd14bb9ad96f2182a19504e15f2cfd885e5862f4d2467053ee1faa978bd2267d56401a548f17d34adba7e9186a2a58931a69bb815dd50552995aa8ceeb4eda5330227f2078eeb72c9b6845c04679868eb5f6a0f0da8c1ea2b0c7de8781d9fc129561a7b283aa488a117269116f81e44a261ed6c0fc4467125d83fd306bce3c6a29df8db000036cd851d805dda3bf218c800d77fc9837158f883b962efc7886cbe93cc137e0bff8387c4b7d64df8b89805dbf5698babf22be7d735bb7baedd43bb3f577989ddaf83892c55771a10beeb2326f3e766fd40eef0d0ff82969bf5534cbffff4fd493fc34d58f322d22fe21101c4248756ad844876d3a7f3999d14c0962e68eaeac83d44d22d498e04673343f4a3a60abfa4f45ea2af9b65982ff5899fd509beccfc8e7dd125c08096e9e5fb71edc590abdd53592d67afec4d227170c5f6e4f1daceecaec968448c033c0a9b0390a12b5af4b973c0cb7c072bdfc8b4158ea4cc9114816cf1242199d0d62a013c4e9646338bd284fede8c93114d2608c71ae1d0891a3583daa51971a5ba51251f3b9ac6d8a02e0fcb69744a74762e13c24e3f1d8e6e3e2956b99b97506e959ca3c7141faa5e2404c62854ef2b9e75a75760a71003e1b0c004752864f51ed600fc306773f635587504e3cf432d68c2fbce21c26a47dcf3358e434dc2b97941a5bb0e35744e4f3d53fee5719cc931f93e150744baf61754726b84a052bde27f666e472672f1f8f6381bd25bc619ba51a", 0xdc1}, {&(0x7f0000002380)='L', 0x1}], 0x7}}], 0x4, 0x0)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

6.140574453s ago: executing program 1 (id=2025):
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='ns\x00')
lseek(r1, 0x1, 0x1)
getdents(r1, 0x0, 0x4a)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff31151da7c57628327841e9134f4b"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaa", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r2 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYRES8=r0], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r3, 0x5425, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000003c0)={0x4, 0xd7}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r4, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r9=>0x0})
syz_emit_ethernet(0x9e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500680600fe8000000000000000000000000000bbfe8080000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a000000090780000051a000000000000000000000000000000000000000000000000080a00000000000000001312d082e275205e556149a021cc13c33d8903030003030004020402131227406263e43d5959a166a23bd1116edc0000"], 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x4d, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}, @TCA_RATE={0x6, 0x5, {0xb, 0x6}}, @TCA_RATE={0x6, 0x5, {0x4, 0x79}}]}, 0x50}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1200, 0x0)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r11, 0xc008aec1, &(0x7f0000000740)={0xa, 0x0, [{0x2, 0x5, 0x1, 0x4, 0xfffffff8, 0x3ff, 0x4}, {0x6, 0x9, 0x6, 0xe, 0x2, 0xe, 0x9}, {0x40000000, 0x0, 0x6, 0x0, 0x200, 0xfd, 0xfffffffa}, {0x7, 0x4, 0x1, 0x200, 0x96, 0xe, 0x63455cca}, {0x80000008, 0x2, 0x2, 0x9, 0x2, 0xd84, 0x5}, {0xd, 0x80000000, 0x3, 0xa38a, 0x5d, 0x7007, 0x7}, {0x80000019, 0xf, 0x4, 0xfff, 0xc, 0x8, 0x7}, {0x80000000, 0x8, 0x1, 0x982, 0x6, 0x5, 0x9}, {0x80000019, 0x1ff, 0x0, 0x1, 0x7fff, 0x3, 0x2}, {0x7, 0x7, 0x2, 0x181, 0x40, 0x1, 0x8}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

5.851120552s ago: executing program 2 (id=2026):
r0 = memfd_create(&(0x7f00000001c0)='/duv/udmabuf\x00', 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYRES16=0x0, @ANYRES64=0x0], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8001)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_DQEVENT(r3, 0x80885659, 0x0)
r4 = memfd_create(&(0x7f0000000300)='-B\xd5NI\xc5j\x9a\b\x00\x00\x00\b\x84\xa2{\x00\v\x18\x004\xa6Ey\xdb\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xc83\x12\xd7\xdb\x93\xcc]x\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x81\x01\xe5\x98\r\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
r5 = dup(r4)
r6 = fanotify_init(0x2, 0x0)
fanotify_mark(r6, 0x1, 0x40000033, r5, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'ipvlan0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="04a0070000000000140012800b0001006970766c616e000004000280080005000a7dbaf1aadb0d6609e93eb16266a287cfdbe9a252763baf701b91c7080ed8b1dc789684b0f66bfbe43e9ed65084e2eb1b1ee181286a7eafb0388e10c58f911a1609dcfba4ef60f4efefabf915fbbd438d129cfcb27d2b1ae3c17b8fec516b1521c35296dbe059e20bb14edaeaa0cbd2b757b27b4e41bc009fc38994b56c7880f55f3c6ea9ac2badd974d311378b0aabea0839", @ANYRES32=r8, @ANYBLOB], 0x3c}}, 0x0)
syz_open_dev$usbfs(0x0, 0x3, 0x353f01)
r9 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x0, 0xf)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000000080)={r10, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4010000000000ffd, 0x0, 0x0, 0xb, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed16831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}})
ioctl$LOOP_CLR_FD(r9, 0x4c01)
mknodat$null(r5, &(0x7f0000000180)='./file0\x00', 0x2, 0x103)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000008b000000000000000600000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000500008500000086000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000003f40000850000000e000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x3, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x23}, 0x94)

5.611047436s ago: executing program 1 (id=2027):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @short={0x2, 0xffff, 0xaaa1}}, 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200400, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
kexec_load(0x11, 0x1, &(0x7f0000000180)=[{0x0, 0x140, 0x40000000, 0x41000000}], 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, 0x0, 0x0)
r7 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r6}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x8140, 0x0)

5.414992236s ago: executing program 3 (id=2028):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x80, &(0x7f0000000080)={[{@quota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]})
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"6e5f236b8c70f03fa12ac19b650094cb", 0x0, <r3=>0x0, {0x1, 0x7}, {0x8, 0x5}, 0x0, [0x7fff, 0x0, 0x7, 0x414d, 0x3, 0x6, 0x7, 0x1b, 0x5, 0x5, 0x7fffffff, 0x5, 0xda2, 0xf4, 0x7, 0x4]})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f00000004c0)={0x0, 0x0, {0x0, @struct}, {}, {0x0, @struct, <r4=>0x0}})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000008c0)={{}, r3, 0x2, @inherit={0x68, 0x0}, @devid=r4})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000a00)={r4, 0x4, 0x9})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0xd0f, 0x0, 0x2, {0x60, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xa, 0xa}, {0x6}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x7ff}]}, 0x2c}}, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x1c, 0x0, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac14", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r7, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24)
sendmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r7, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x44, r8, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x4}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x27}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0xca}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0xfffffffd}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x7}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0xee}]}, 0x44}, 0x1, 0x0, 0x0, 0x44}, 0x800)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x20, 0x10, 0xc362e63b3f31ba5f, 0x8000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x1c4fb}}, 0x20}}, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, 0x0)

4.636347488s ago: executing program 0 (id=2029):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)

4.544122591s ago: executing program 3 (id=2030):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
connect$can_bcm(r4, &(0x7f00000000c0), 0x10)
r6 = gettid()
r7 = epoll_create(0x400)
r8 = eventfd(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000000))
kcmp$KCMP_EPOLL_TFD(r6, r6, 0x7, r8, &(0x7f0000000080)={r7, r8})

3.441137696s ago: executing program 3 (id=2031):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = add_key(0x0, &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$setperm(0x5, r3, 0x10000)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000080)='y', 0x1}], 0x1)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x34d3542e, 0xfffffffe, 0x80000})
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r6 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})

3.01583936s ago: executing program 2 (id=2032):
socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x28)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
shutdown(r0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdirat(0xffffffffffffffff, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./bus\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82403)

2.298926253s ago: executing program 3 (id=2033):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)=ANY=[@ANYBLOB], 0x90}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x18, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x52, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
fsopen(&(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0)
recvmmsg(r1, 0x0, 0x0, 0x101, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x94)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000034c0)={0x2020}, 0xcac)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000001400)={'vlan0\x00', 0x0})
r3 = socket(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write(r3, &(0x7f0000000040)="effd00001000ff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

635.316665ms ago: executing program 0 (id=2034):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)

354.660479ms ago: executing program 2 (id=2035):
socket$inet6(0xa, 0x3, 0x4)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000140)={0x8, 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioperm(0x7, 0x81, 0x2)
mremap(&(0x7f0000041000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000042000/0x4000)=nil)
r2 = socket$kcm(0x29, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080), 0x0)
write$cgroup_pressure(r2, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9)
shutdown(r3, 0x1)

6.785339ms ago: executing program 1 (id=2036):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='htcp\x00', 0x5)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x1000, @loopback, 0x1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, 0x0, 0x0, 0x0)
recvmsg(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)}, 0x40002001)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @local, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0xd647}}, @pad1]}]}}}}}, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f00000001c0)=0x2, 0x4)
connect$inet6(r1, &(0x7f0000002940)={0xa, 0x0, 0x16, @empty, 0x1}, 0x1c)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x2e69a, 0x0, "00120dd608f500001e20000080c90a008000"})
sendmmsg$inet6(r1, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x48800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000180)={0x1f, 0x6, 0x4}, 0xffffffffffffffb3)

0s ago: executing program 3 (id=2037):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000100000000000000000000000030005000000000002004e21ac1e000100000000"], 0x80}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4)

kernel console output (not intermixed with test programs):

id maxpacket 32
[  495.407416][ T5843] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  495.426251][ T5843] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  495.446405][ T5843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.692883][   T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  495.822860][   T10] usb 2-1: device descriptor read/64, error -71
[  495.846240][ T5843] usb 4-1: usb_control_msg returned -32
[  495.861529][ T5843] usbtmc 4-1:16.0: can't read capabilities
[  496.153447][   T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  496.384545][   T10] usb 2-1: device descriptor read/64, error -71
[  496.497923][   T10] usb usb2-port1: attempt power cycle
[  497.976006][   T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  498.252967][   T10] usb 2-1: device not accepting address 33, error -71
[  499.684492][T10138] netlink: 'syz.2.1258': attribute type 1 has an invalid length.
[  499.950714][T10141] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1258'.
[  500.486561][T10139] 8021q: adding VLAN 0 to HW filter on device bond2
[  500.508104][T10139] bond1: (slave bond2): making interface the new active one
[  500.518539][T10139] bond1: (slave bond2): Enslaving as an active interface with an up link
[  500.540823][T10141] bond1: entered promiscuous mode
[  500.577339][T10141] bond2: entered promiscuous mode
[  500.618005][T10141] bond1: entered allmulticast mode
[  500.650008][T10141] bond2: entered allmulticast mode
[  500.924955][T10141] 8021q: adding VLAN 0 to HW filter on device bond1
[  501.413559][T10115] usbtmc 4-1:16.0: usb_control_msg returned -110
[  501.851229][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.863047][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  502.004937][   T10] usb 4-1: USB disconnect, device number 34
[  502.200627][T10155] fuse: Bad value for 'fd'
[  506.658926][T10196] netlink: 'syz.0.1274': attribute type 1 has an invalid length.
[  506.782877][ T2072] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  507.686883][ T2072] usb 4-1: Using ep0 maxpacket: 8
[  507.809647][ T2072] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  507.830038][ T2072] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  507.842795][ T2072] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  507.855797][ T2072] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  507.896245][ T2072] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  508.012511][T10196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1274'.
[  508.122952][ T2072] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  508.133371][ T2072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.715558][ T2072] usb 4-1: usb_control_msg returned -32
[  508.717637][T10201] 8021q: adding VLAN 0 to HW filter on device bond2
[  508.742607][T10201] bond1: (slave bond2): making interface the new active one
[  508.745949][ T2072] usbtmc 4-1:16.0: can't read capabilities
[  508.756361][T10201] bond1: (slave bond2): Enslaving as an active interface with an up link
[  508.831158][T10196] bond1: entered promiscuous mode
[  508.837174][T10196] bond2: entered promiscuous mode
[  508.842389][T10196] bond1: entered allmulticast mode
[  508.857794][T10196] bond2: entered allmulticast mode
[  508.864843][T10196] 8021q: adding VLAN 0 to HW filter on device bond1
[  509.109370][T10219] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1278'.
[  509.153301][   T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  509.310296][   T10] usb 3-1: device descriptor read/64, error -71
[  510.482135][   T10] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  510.518755][ T5926] usb 4-1: USB disconnect, device number 35
[  510.737705][T10232] netlink: 'syz.4.1281': attribute type 1 has an invalid length.
[  510.770321][   T10] usb 3-1: device descriptor read/64, error -71
[  511.124109][   T10] usb usb3-port1: attempt power cycle
[  511.225684][   T30] audit: type=1800 audit(1755076160.919:17): pid=10240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1283" name="/" dev="9p" ino=2 res=0 errno=0
[  511.263153][ T6026] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  511.413492][ T6026] usb 5-1: device descriptor read/64, error -71
[  511.845118][ T6026] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  512.643131][ T6026] usb 5-1: device descriptor read/64, error -71
[  512.753237][ T6026] usb usb5-port1: attempt power cycle
[  513.156753][T10262] trusted_key: encrypted_key: key user:syz not found
[  515.363848][ T6026] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  515.549505][ T6026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  515.561111][ T6026] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  515.577604][ T6026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  515.596197][ T6026] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  515.608968][ T6026] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.621489][ T6026] usb 5-1: Product: syz
[  515.627210][ T6026] usb 5-1: Manufacturer: syz
[  515.632157][ T6026] usb 5-1: SerialNumber: syz
[  515.655804][ T6026] usb 5-1: config 0 descriptor??
[  515.663434][T10269] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  515.671094][T10269] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  515.724379][ T6026] usb 5-1: ucan: probing device on interface #0
[  516.516055][ T6026] usb 5-1: ucan: could not read protocol version, ret=0
[  516.565176][ T6026] usb 5-1: ucan: probe failed; try to update the device firmware
[  516.967690][T10281] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1291'.
[  517.123410][   T24] kworker/1:0 (24) used greatest stack depth: 15416 bytes left
[  517.775645][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1293'.
[  518.066621][   T30] audit: type=1400 audit(1755076167.479:18): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10289 comm="syz.1.1293" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  518.772901][ T5955] usb 5-1: USB disconnect, device number 31
[  521.263030][ T5955] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  521.442966][ T5955] usb 5-1: Using ep0 maxpacket: 8
[  521.465196][ T5955] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  521.486455][ T5955] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  521.644268][ T5955] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  521.654528][ T5955] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  521.668405][ T5955] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  521.671746][T10321] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  521.744062][ T5955] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  522.272592][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.403050][ T5955] usb 5-1: can't set config #16, error -71
[  522.423912][ T5955] usb 5-1: USB disconnect, device number 32
[  522.773959][T10333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1305'.
[  522.817061][   T30] audit: type=1400 audit(1755076172.499:19): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10327 comm="syz.4.1305" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  522.836932][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.664892][T10336] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  523.783089][ T5843] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  524.322197][ T5843] usb 2-1: config 0 has no interfaces?
[  524.457842][ T5843] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  524.512944][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.521314][ T5843] usb 2-1: Product: syz
[  524.627426][ T5843] usb 2-1: Manufacturer: syz
[  524.638917][ T5843] usb 2-1: SerialNumber: syz
[  524.678956][ T5843] usb 2-1: config 0 descriptor??
[  524.804955][T10347] fuse: Bad value for 'fd'
[  524.867144][   T30] audit: type=1800 audit(1755076174.559:20): pid=10347 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1310" name="/" dev="9p" ino=2 res=0 errno=0
[  525.256816][T10357] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  525.882949][T10238] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  526.135161][ T5955] usb 2-1: USB disconnect, device number 35
[  526.233057][T10238] usb 5-1: Using ep0 maxpacket: 8
[  526.345282][T10238] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  526.683825][T10238] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  526.743194][T10238] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  526.994089][T10238] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  527.035614][T10238] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  527.081530][T10238] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  527.120828][T10238] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.384288][T10238] usb 5-1: usb_control_msg returned -32
[  527.527838][T10238] usbtmc 5-1:16.0: can't read capabilities
[  528.650481][T10386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1320'.
[  529.084279][ T5955] usb 5-1: USB disconnect, device number 33
[  531.755666][T10407] fuse: Unknown parameter '0xffffffffffffffff'
[  532.215289][ T5955] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  532.541124][ T5955] usb 2-1: config 0 has no interfaces?
[  532.574318][ T5955] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  532.592848][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.609979][ T5955] usb 2-1: Product: syz
[  532.620846][ T5955] usb 2-1: Manufacturer: syz
[  532.634825][ T5955] usb 2-1: SerialNumber: syz
[  532.771879][ T5955] usb 2-1: config 0 descriptor??
[  535.171150][T10440] netlink: 'syz.3.1334': attribute type 1 has an invalid length.
[  535.203162][T10238] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  537.006276][ T5955] usb 2-1: USB disconnect, device number 36
[  537.023333][T10439] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1334'.
[  537.161764][T10238] usb 3-1: device descriptor read/64, error -71
[  537.425705][T10238] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  537.452996][T10442] 8021q: adding VLAN 0 to HW filter on device bond2
[  537.474768][T10442] bond1: (slave bond2): making interface the new active one
[  537.704066][T10442] bond1: (slave bond2): Enslaving as an active interface with an up link
[  537.740671][T10439] bond1: entered promiscuous mode
[  537.745981][T10439] bond2: entered promiscuous mode
[  537.751557][T10439] bond1: entered allmulticast mode
[  537.757000][T10439] bond2: entered allmulticast mode
[  537.763481][T10439] 8021q: adding VLAN 0 to HW filter on device bond1
[  537.898549][T10457] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1337'.
[  540.510943][T10238] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  540.663054][T10238] usb 5-1: device descriptor read/64, error -71
[  540.957912][T10238] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  541.193185][T10238] usb 5-1: device descriptor read/64, error -71
[  541.250605][T10486] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  541.603846][T10238] usb usb5-port1: attempt power cycle
[  542.182849][T10238] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  542.280829][T10238] usb 5-1: device descriptor read/8, error -71
[  542.522992][T10238] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  542.555756][T10238] usb 5-1: device descriptor read/8, error -71
[  542.692871][T10238] usb usb5-port1: unable to enumerate USB device
[  542.745344][T10499] netlink: 'syz.3.1347': attribute type 1 has an invalid length.
[  543.024165][T10499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1347'.
[  543.503063][T10504] netlink: 'syz.0.1348': attribute type 1 has an invalid length.
[  543.608599][T10506] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1348'.
[  543.796054][T10501] 8021q: adding VLAN 0 to HW filter on device bond4
[  544.605805][T10501] bond3: (slave bond4): making interface the new active one
[  544.653002][T10501] bond3: (slave bond4): Enslaving as an active interface with an up link
[  544.686120][T10499] bond3: entered promiscuous mode
[  544.731811][T10499] bond4: entered promiscuous mode
[  544.761773][T10499] bond3: entered allmulticast mode
[  544.791046][T10499] bond4: entered allmulticast mode
[  544.846594][T10499] 8021q: adding VLAN 0 to HW filter on device bond3
[  544.999186][T10504] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  545.000079][T10505] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  546.652808][T10238] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  547.015205][T10238] usb 3-1: device descriptor read/64, error -71
[  547.616135][T10535] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  547.652849][T10238] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  548.192831][T10238] usb 3-1: device descriptor read/64, error -71
[  548.305163][T10238] usb usb3-port1: attempt power cycle
[  549.223165][ T6026] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[  550.199629][ T6026] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  550.210118][ T6026] usb 4-1: config 0 has no interfaces?
[  550.222671][ T6026] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  550.235012][T10550] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  550.247777][ T6026] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.766773][ T6026] usb 4-1: config 0 descriptor??
[  550.942419][T10557] netlink: 'syz.1.1362': attribute type 1 has an invalid length.
[  551.063843][T10238] usb 4-1: USB disconnect, device number 36
[  551.195966][T10562] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1362'.
[  551.547641][T10560] 8021q: adding VLAN 0 to HW filter on device bond2
[  551.566675][T10560] bond1: (slave bond2): making interface the new active one
[  551.577262][T10560] bond1: (slave bond2): Enslaving as an active interface with an up link
[  551.589073][T10562] bond1: entered promiscuous mode
[  551.630928][T10562] bond2: entered promiscuous mode
[  551.828009][T10562] bond1: entered allmulticast mode
[  551.844475][T10562] bond2: entered allmulticast mode
[  551.891396][T10562] 8021q: adding VLAN 0 to HW filter on device bond1
[  552.038165][T10577] fuse: Unknown parameter '0xffffffffffffffff'
[  553.733103][T10238] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  553.886674][T10238] usb 2-1: device descriptor read/64, error -71
[  554.753133][T10238] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  555.192855][T10238] usb 2-1: device descriptor read/64, error -71
[  555.323613][T10238] usb usb2-port1: attempt power cycle
[  555.782835][T10238] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  555.829724][T10238] usb 2-1: device descriptor read/8, error -71
[  556.237287][T10618] netlink: 'syz.1.1379': attribute type 1 has an invalid length.
[  557.008117][T10620] 8021q: adding VLAN 0 to HW filter on device bond4
[  557.078120][T10620] bond3: (slave bond4): making interface the new active one
[  557.094393][T10620] bond3: (slave bond4): Enslaving as an active interface with an up link
[  558.102981][   T30] audit: type=1400 audit(1755076207.129:21): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10624 comm="syz.4.1380" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  558.263977][T10617] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1379'.
[  558.273735][T10617] bond3: entered promiscuous mode
[  558.278892][T10617] bond4: entered promiscuous mode
[  558.284212][T10617] bond3: entered allmulticast mode
[  558.289429][T10617] bond4: entered allmulticast mode
[  558.295660][T10617] 8021q: adding VLAN 0 to HW filter on device bond3
[  561.167234][T10654] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  563.168889][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  563.175385][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  565.072839][ T6026] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  565.391528][T10685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1395'.
[  565.403554][   T30] audit: type=1400 audit(1755076215.099:22): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10680 comm="syz.4.1395" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  565.403815][ T6026] usb 3-1: device descriptor read/64, error -71
[  565.665053][ T6026] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  565.884191][ T6026] usb 3-1: device descriptor read/64, error -71
[  566.553906][ T6026] usb usb3-port1: attempt power cycle
[  566.893332][ T6026] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  566.943711][ T6026] usb 3-1: device descriptor read/8, error -71
[  567.993082][ T6026] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  568.618548][ T6026] usb 3-1: device descriptor read/8, error -71
[  569.369766][ T6026] usb usb3-port1: unable to enumerate USB device
[  570.463094][ T6026] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  572.364322][ T6026] usb 4-1: no configurations
[  572.369009][ T6026] usb 4-1: can't read configurations, error -22
[  573.232881][ T6026] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  574.546584][T10768] netlink: 'syz.4.1416': attribute type 1 has an invalid length.
[  574.771654][T10771] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1416'.
[  575.578799][T10770] 8021q: adding VLAN 0 to HW filter on device bond5
[  575.614443][T10770] bond4: (slave bond5): making interface the new active one
[  575.762632][T10770] bond4: (slave bond5): Enslaving as an active interface with an up link
[  575.774913][T10771] bond4: entered promiscuous mode
[  575.780066][T10771] bond5: entered promiscuous mode
[  575.807763][T10771] bond4: entered allmulticast mode
[  575.849743][T10771] bond5: entered allmulticast mode
[  575.868738][T10771] 8021q: adding VLAN 0 to HW filter on device bond4
[  577.362819][ T5955] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  578.176357][ T5955] usb 5-1: no configurations
[  578.181580][ T5955] usb 5-1: can't read configurations, error -22
[  578.426388][ T5955] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  578.627903][   T30] audit: type=1400 audit(1755076228.209:23): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10799 comm="syz.3.1423" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  578.705661][ T5955] usb 5-1: no configurations
[  578.712557][ T5955] usb 5-1: can't read configurations, error -22
[  578.882997][ T5955] usb usb5-port1: attempt power cycle
[  579.973706][ T5955] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[  580.779179][ T5955] usb 5-1: device not accepting address 40, error -71
[  580.961212][T10826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1430'.
[  581.673935][   T30] audit: type=1400 audit(1755076230.689:24): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10821 comm="syz.4.1430" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  581.892265][T10830] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  585.183199][   T30] audit: type=1400 audit(1755076234.869:25): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10850 comm="syz.1.1437" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  587.326949][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.345167][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.364603][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.386941][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.405609][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.485405][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.503717][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.523714][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.571745][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  587.583689][    C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  589.843284][ T5843] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  590.632803][ T5843] usb 1-1: Using ep0 maxpacket: 8
[  590.640348][ T5843] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  590.661125][ T5843] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  590.700964][ T5843] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  590.715542][ T5843] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  590.729321][ T5843] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  590.751109][ T5843] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  590.793547][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.103005][   T30] audit: type=1400 audit(1755076240.759:26): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10890 comm="syz.4.1448" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  591.919191][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  591.937822][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  591.980373][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  591.993772][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1
[  592.031041][ T5843] usb 1-1: usb_control_msg returned -32
[  592.044139][T10897] bond0: (slave batadv0): Releasing backup interface
[  592.059534][ T5843] usbtmc 1-1:16.0: can't read capabilities
[  593.446012][ T6026] usb 1-1: USB disconnect, device number 29
[  593.462895][ T5843] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  593.782894][ T5843] usb 5-1: Using ep0 maxpacket: 8
[  593.801261][ T5843] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  593.893943][T10919] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1456'.
[  594.649408][   T30] audit: type=1400 audit(1755076243.689:27): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10915 comm="syz.0.1456" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  594.712792][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.829373][ T5843] pvrusb2: Hardware description: Terratec Grabster AV400
[  594.836852][ T5843] pvrusb2: **********
[  594.841050][ T5843] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  594.851443][ T5843] pvrusb2: Important functionality might not be entirely working.
[  594.859367][ T5843] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  594.874941][ T5843] pvrusb2: **********
[  596.102038][T10930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1459'.
[  596.131223][   T30] audit: type=1400 audit(1755076245.819:28): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=10926 comm="syz.0.1459" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  597.043360][ T2342] pvrusb2: Invalid write control endpoint
[  597.077612][ T5843] usb 5-1: USB disconnect, device number 42
[  597.141632][T10946] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  598.247662][ T2342] pvrusb2: Invalid write control endpoint
[  598.932303][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  599.011239][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  599.072425][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  599.172153][ T2342] pvrusb2: Device being rendered inoperable
[  599.192843][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  599.226091][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c)
[  599.312923][ T2342] pvrusb2: Attached sub-driver cx25840
[  599.338033][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  599.392791][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  599.638090][T10968] netlink: 'syz.4.1468': attribute type 1 has an invalid length.
[  600.126813][T10970] 8021q: adding VLAN 0 to HW filter on device bond7
[  600.176762][T10970] bond6: (slave bond7): making interface the new active one
[  600.208803][T10970] bond6: (slave bond7): Enslaving as an active interface with an up link
[  601.369779][T10967] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1468'.
[  601.379510][T10967] bond6: entered promiscuous mode
[  601.384663][T10967] bond7: entered promiscuous mode
[  601.389934][T10967] bond6: entered allmulticast mode
[  601.395088][T10967] bond7: entered allmulticast mode
[  601.401151][T10967] 8021q: adding VLAN 0 to HW filter on device bond6
[  601.408377][ T6026] usb 3-1: new full-speed USB device number 47 using dummy_hcd
[  601.566679][ T6026] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  601.688777][ T6026] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  602.478918][ T6026] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  602.590673][ T6026] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  602.633528][ T6026] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.766028][ T6026] usb 3-1: Product: syz
[  602.770249][ T6026] usb 3-1: Manufacturer: syz
[  602.775014][ T6026] usb 3-1: SerialNumber: syz
[  602.814466][ T6026] usb 3-1: config 0 descriptor??
[  602.830721][T10981] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  602.994648][T10981] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  603.196502][ T6026] usb 3-1: ucan: probing device on interface #0
[  603.707639][ T6026] usb 3-1: ucan: could not read protocol version, ret=-71
[  603.725588][ T6026] usb 3-1: ucan: probe failed; try to update the device firmware
[  603.767861][ T6026] usb 3-1: USB disconnect, device number 47
[  604.093193][T11009] netlink: 'syz.2.1479': attribute type 1 has an invalid length.
[  604.762654][T11011] 8021q: adding VLAN 0 to HW filter on device bond4
[  604.812493][T11020] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  604.824343][T11011] bond3: (slave bond4): making interface the new active one
[  605.030752][T11011] bond3: (slave bond4): Enslaving as an active interface with an up link
[  606.043294][T11008] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1479'.
[  606.060366][T11008] bond3: entered promiscuous mode
[  606.065624][T11008] bond4: entered promiscuous mode
[  606.070999][T11008] bond3: entered allmulticast mode
[  606.076148][T11008] bond4: entered allmulticast mode
[  606.082072][T11008] 8021q: adding VLAN 0 to HW filter on device bond3
[  609.372763][ T6026] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  609.532867][ T6026] usb 1-1: device descriptor read/64, error -71
[  609.823206][ T6026] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  610.012949][ T6026] usb 1-1: device descriptor read/64, error -71
[  610.213523][ T6026] usb usb1-port1: attempt power cycle
[  610.583074][ T6026] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  610.686471][ T6026] usb 1-1: device descriptor read/8, error -71
[  610.983091][ T6026] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  611.077861][ T6026] usb 1-1: device descriptor read/8, error -71
[  611.386092][ T6026] usb usb1-port1: unable to enumerate USB device
[  618.527849][T11125] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  621.973143][   T30] audit: type=1400 audit(1755076271.619:29): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11143 comm="syz.0.1512" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  622.847968][T11154] netlink: 'syz.3.1514': attribute type 1 has an invalid length.
[  623.346566][ T6026] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  623.516751][ T6026] usb 4-1: device descriptor read/64, error -71
[  623.804914][ T6026] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[  623.947603][ T6026] usb 4-1: device descriptor read/64, error -71
[  624.066657][ T6026] usb usb4-port1: attempt power cycle
[  624.413145][ T6026] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  624.451868][ T6026] usb 4-1: device descriptor read/8, error -71
[  624.607704][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  624.615443][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  624.705443][ T6026] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[  624.735503][ T6026] usb 4-1: device descriptor read/8, error -71
[  624.853117][ T6026] usb usb4-port1: unable to enumerate USB device
[  625.895650][T11168] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  626.472986][ T6026] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  626.613136][ T6026] usb 5-1: device descriptor read/64, error -71
[  626.853008][ T6026] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  627.122896][ T6026] usb 5-1: device descriptor read/64, error -71
[  627.385591][ T6026] usb usb5-port1: attempt power cycle
[  629.633418][ T6026] usb usb5-port1: Cannot enable. Maybe the USB cable is bad?
[  630.547925][ T6026] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  630.562904][ T5955] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  630.593949][ T6026] usb 5-1: device descriptor read/8, error -71
[  630.745341][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  630.747360][ T6026] usb usb5-port1: unable to enumerate USB device
[  630.772768][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  630.794211][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  630.861384][ T5955] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  630.883429][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.915815][ T5955] usb 2-1: Product: syz
[  630.920173][ T5955] usb 2-1: Manufacturer: syz
[  630.932736][ T5955] usb 2-1: SerialNumber: syz
[  631.362893][T11223] netlink: 'syz.3.1538': attribute type 1 has an invalid length.
[  631.484785][ T5955] usb 2-1: config 0 descriptor??
[  631.490581][T11207] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  631.499176][T11207] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  631.585976][ T5955] usb 2-1: ucan: probing device on interface #0
[  632.534824][   T30] audit: type=1400 audit(1755076281.509:30): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11224 comm="syz.0.1537" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  632.562889][ T6026] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  632.855583][ T5955] usb 2-1: ucan: could not read protocol version, ret=-110
[  632.881864][ T5955] usb 2-1: ucan: probe failed; try to update the device firmware
[  633.684529][T11236] fuse: Bad value for 'fd'
[  633.712845][ T6026] usb 4-1: device descriptor read/64, error -71
[  633.745302][   T30] audit: type=1800 audit(1755076283.439:31): pid=11236 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1540" name="/" dev="9p" ino=2 res=0 errno=0
[  633.782875][ T5843] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  633.962874][ T5843] usb 3-1: device descriptor read/64, error -71
[  633.962918][ T6026] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  634.216359][ T5955] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[  634.362832][ T5843] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  635.113527][ T5955] usb 5-1: config 0 has no interfaces?
[  635.119861][ T5955] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  635.140581][ T2072] usb 2-1: USB disconnect, device number 41
[  635.202725][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.254517][ T5955] usb 5-1: config 0 descriptor??
[  635.469448][T10238] usb 5-1: USB disconnect, device number 47
[  636.605364][   T30] audit: type=1400 audit(1755076286.299:32): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11264 comm="syz.1.1550" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  640.113216][T11298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1553'.
[  640.174049][   T30] audit: type=1400 audit(1755076289.869:33): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11278 comm="syz.3.1553" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  640.529937][T11304] netlink: 'syz.4.1559': attribute type 1 has an invalid length.
[  641.262824][ T5843] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  641.426677][ T5843] usb 1-1: config 0 has no interfaces?
[  641.451419][ T5843] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  641.462827][ T6026] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[  641.481465][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.524227][ T5843] usb 1-1: config 0 descriptor??
[  641.612759][ T6026] usb 5-1: device descriptor read/64, error -71
[  641.835844][T10238] usb 1-1: USB disconnect, device number 34
[  641.962508][   T30] audit: type=1400 audit(1755076291.649:34): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11312 comm="syz.1.1562" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  642.722943][ T6026] usb 5-1: new full-speed USB device number 49 using dummy_hcd
[  642.884633][ T6026] usb 5-1: device descriptor read/64, error -71
[  642.933692][T11322] netlink: 'syz.2.1564': attribute type 1 has an invalid length.
[  643.034714][ T6026] usb usb5-port1: attempt power cycle
[  643.553041][T10238] usb 3-1: new full-speed USB device number 50 using dummy_hcd
[  643.589412][T11329] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  643.722300][T10238] usb 3-1: device descriptor read/64, error -71
[  644.149754][T10238] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  645.272814][T10238] usb 3-1: device descriptor read/64, error -71
[  645.386555][T10238] usb usb3-port1: attempt power cycle
[  645.496497][ T6026] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  645.642853][ T6026] usb 2-1: device descriptor read/64, error -71
[  645.824844][T10238] usb 3-1: new full-speed USB device number 52 using dummy_hcd
[  646.012854][ T6026] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  646.029787][T10238] usb 3-1: device descriptor read/8, error -71
[  649.087805][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1575'.
[  649.190466][   T30] audit: type=1400 audit(1755076298.859:35): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11359 comm="syz.2.1575" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  649.934477][T11373] fuse: Bad value for 'fd'
[  649.956214][   T30] audit: type=1800 audit(1755076299.639:36): pid=11373 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1578" name="/" dev="9p" ino=2 res=0 errno=0
[  650.148121][T11376] netlink: 'syz.3.1579': attribute type 1 has an invalid length.
[  650.692774][ T5926] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  651.272802][ T5926] usb 4-1: device descriptor read/64, error -71
[  651.906004][T11386] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  652.170481][ T6026] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  652.273209][ T5926] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  652.512920][ T6026] usb 5-1: device descriptor read/64, error -71
[  652.806449][ T5926] usb 4-1: device descriptor read/64, error -71
[  652.903148][ T6026] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  653.053464][ T5926] usb usb4-port1: attempt power cycle
[  653.102787][ T6026] usb 5-1: device descriptor read/64, error -71
[  653.344747][ T6026] usb usb5-port1: attempt power cycle
[  655.816541][T11417] fuse: Bad value for 'fd'
[  656.166099][   T30] audit: type=1800 audit(1755076305.729:37): pid=11420 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1591" name="/" dev="9p" ino=2 res=0 errno=0
[  657.989681][T11434] netlink: 'syz.4.1596': attribute type 1 has an invalid length.
[  658.405980][ T6026] usb 5-1: new full-speed USB device number 54 using dummy_hcd
[  658.597064][ T6026] usb 5-1: device descriptor read/64, error -71
[  658.776069][T11442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  658.783863][T11442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  658.837405][T11442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  658.845570][T11442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  658.853214][ T6026] usb 5-1: new full-speed USB device number 55 using dummy_hcd
[  658.938687][T11442] bond0: (slave batadv0): Releasing backup interface
[  658.997290][ T6026] usb 5-1: device descriptor read/64, error -71
[  659.139376][ T6026] usb usb5-port1: attempt power cycle
[  659.842792][ T5926] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  659.872799][ T6026] usb 5-1: new full-speed USB device number 56 using dummy_hcd
[  659.893546][ T6026] usb 5-1: device descriptor read/8, error -71
[  659.991182][ T5926] usb 1-1: device descriptor read/64, error -71
[  660.632832][ T5926] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  660.774047][ T5926] usb 1-1: device descriptor read/64, error -71
[  660.868320][T11467] fuse: Bad value for 'fd'
[  660.886121][   T30] audit: type=1800 audit(1755076310.579:38): pid=11467 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1606" name="/" dev="9p" ino=2 res=0 errno=0
[  660.916050][ T5926] usb usb1-port1: attempt power cycle
[  661.052777][ T6026] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  661.753482][ T6026] usb 5-1: device descriptor read/8, error -71
[  661.873318][ T6026] usb usb5-port1: unable to enumerate USB device
[  662.015685][ T5926] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  662.062961][ T5843] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  662.514740][ T5926] usb 1-1: device descriptor read/8, error -71
[  662.563137][ T6026] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  662.572841][ T5843] usb 3-1: Using ep0 maxpacket: 8
[  662.580296][ T5843] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  662.590495][ T5843] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  662.618545][ T5843] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  662.638285][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.732759][ T6026] usb 4-1: device descriptor read/64, error -71
[  662.973012][ T5926] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  662.980903][ T6026] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  663.006137][ T5926] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.017977][ T5926] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  663.032996][ T5926] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  663.062809][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.193980][ T6026] usb 4-1: device descriptor read/64, error -71
[  663.246372][ T5926] usb 1-1: config 0 descriptor??
[  663.368154][ T6026] usb usb4-port1: attempt power cycle
[  663.601429][T11494] netlink: 'syz.4.1613': attribute type 1 has an invalid length.
[  664.004295][T10238] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[  664.062814][ T6026] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  664.108261][ T6026] usb 4-1: device descriptor read/8, error -71
[  664.232777][T10238] usb 5-1: device descriptor read/64, error -71
[  664.352843][ T6026] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  664.373903][ T6026] usb 4-1: device descriptor read/8, error -71
[  664.472785][T10238] usb 5-1: new full-speed USB device number 59 using dummy_hcd
[  664.483455][ T6026] usb usb4-port1: unable to enumerate USB device
[  664.928457][T10238] usb 5-1: device descriptor read/64, error -71
[  665.044417][T10238] usb usb5-port1: attempt power cycle
[  665.219576][T11507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'.
[  665.254399][ T5843] usb 3-1: USB disconnect, device number 54
[  665.298278][T11510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'.
[  665.317577][T11510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'.
[  665.392759][T10238] usb 5-1: new full-speed USB device number 60 using dummy_hcd
[  665.413627][T10238] usb 5-1: device descriptor read/8, error -71
[  665.743179][T10238] usb 5-1: new full-speed USB device number 61 using dummy_hcd
[  665.798454][T10238] usb 5-1: device descriptor read/8, error -71
[  665.913128][T10238] usb usb5-port1: unable to enumerate USB device
[  665.951039][T11515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1614'.
[  665.961964][   T30] audit: type=1400 audit(1755076315.649:39): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11502 comm="syz.1.1614" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  666.167368][T10238] usb 1-1: USB disconnect, device number 38
[  668.382859][T10238] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  668.730262][T10238] usb 4-1: device descriptor read/64, error -71
[  669.017986][T11553] qnx6: unable to read the first superblock
[  669.422836][T10238] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  669.774801][T10238] usb 4-1: device descriptor read/64, error -71
[  669.782765][ T6026] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  670.153300][T10238] usb usb4-port1: attempt power cycle
[  670.245213][T11558] 9pnet_fd: Insufficient options for proto=fd
[  671.598729][T11575] capability: warning: `syz.1.1640' uses deprecated v2 capabilities in a way that may be insecure
[  671.636438][T11579] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  672.967403][T11599] 9pnet_fd: Insufficient options for proto=fd
[  673.852720][   T30] audit: type=1400 audit(1755076322.759:40): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11594 comm="syz.1.1646" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  673.929994][T11602] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  674.393101][T11613] Bluetooth: MGMT ver 1.23
[  675.359926][ T5926] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  676.353670][ T5926] usb 1-1: Using ep0 maxpacket: 8
[  676.376266][ T5926] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  676.513135][ T5926] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  676.618002][ T5926] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  676.679631][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.866267][ T6026] usb 4-1: new full-speed USB device number 55 using dummy_hcd
[  677.051016][ T5926] usb 1-1: USB disconnect, device number 40
[  677.464202][ T6026] usb 4-1: device descriptor read/64, error -71
[  678.252771][ T2072] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  678.946714][ T6026] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[  678.970517][ T2072] usb 3-1: Using ep0 maxpacket: 8
[  678.995441][ T2072] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 149, changing to 11
[  679.022105][ T2072] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  679.039380][ T2072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.092616][ T2072] usb 3-1: config 0 descriptor??
[  679.173850][ T6026] usb 4-1: device descriptor read/64, error -71
[  679.316003][ T6026] usb usb4-port1: attempt power cycle
[  679.372775][ T5969] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  679.512043][ T2072] usbhid 3-1:0.0: can't add hid device: -71
[  679.524048][ T2072] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  679.552797][ T5969] usb 1-1: Using ep0 maxpacket: 32
[  679.558462][ T2072] usb 3-1: USB disconnect, device number 55
[  679.695789][ T5969] usb 1-1: New USB device found, idVendor=050d, idProduct=0121, bcdDevice= 6.59
[  679.721890][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.730495][ T5969] usb 1-1: Product: syz
[  680.597390][ T5969] usb 1-1: Manufacturer: syz
[  680.602193][ T5969] usb 1-1: SerialNumber: syz
[  680.651469][ T5969] usb 1-1: config 0 descriptor??
[  681.606123][ T5969] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[  681.705605][ T5969] usb 1-1: USB disconnect, device number 41
[  682.242758][ T5926] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  683.548756][ T5926] usb 5-1: Using ep0 maxpacket: 8
[  683.946977][ T5926] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  683.968013][ T5926] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  683.982170][ T5926] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  684.141192][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.284653][   T30] audit: type=1400 audit(1755076333.979:41): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=11679 comm="syz.2.1672" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  685.006524][ T2072] usb 5-1: USB disconnect, device number 62
[  685.912932][ T5926] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  685.916963][ T2072] usb 3-1: new full-speed USB device number 56 using dummy_hcd
[  686.047245][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  686.728306][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  686.756602][ T2072] usb 3-1: config 5 has an invalid interface number: 123 but max is 0
[  686.765008][ T2072] usb 3-1: config 5 has no interface number 0
[  686.771490][ T2072] usb 3-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  686.775317][ T5926] usb 1-1: device descriptor read/64, error -71
[  686.813594][ T2072] usb 3-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0
[  686.849689][ T2072] usb 3-1: config 5 interface 123 has no altsetting 0
[  686.883376][ T2072] usb 3-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  687.361481][ T2072] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.384618][ T2072] usb 3-1: Product: syz
[  687.389144][ T2072] usb 3-1: Manufacturer: syz
[  687.395012][ T2072] usb 3-1: SerialNumber: syz
[  687.412789][ T5926] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  687.517711][T11702] 8021q: adding VLAN 0 to HW filter on device bond0
[  687.552792][ T5926] usb 1-1: device descriptor read/64, error -71
[  687.577637][T11702] bond0: (slave rose0): Enslaving as an active interface with an up link
[  687.635075][T11686] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  687.665394][ T5926] usb usb1-port1: attempt power cycle
[  687.725937][T11686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1675'.
[  687.762599][T11686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1675'.
[  688.052358][ T5926] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  688.170551][ T5926] usb 1-1: device descriptor read/8, error -71
[  688.259063][ T2072] ni6501 3-1:5.123: driver 'ni6501' failed to auto-configure device.
[  688.323172][ T2072] usb 3-1: USB disconnect, device number 56
[  688.400376][T11722] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  689.031360][T11725] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1683'.
[  692.005656][T11768] usb usb8: usbfs: process 11768 (syz.3.1690) did not claim interface 0 before use
[  693.003206][T10238] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  693.150121][T11778] FAULT_INJECTION: forcing a failure.
[  693.150121][T11778] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  693.192818][T10238] usb 2-1: device descriptor read/64, error -71
[  693.274469][T11778] CPU: 1 UID: 0 PID: 11778 Comm: syz.3.1692 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  693.274499][T11778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  693.274511][T11778] Call Trace:
[  693.274520][T11778]  <TASK>
[  693.274529][T11778]  dump_stack_lvl+0x189/0x250
[  693.274558][T11778]  ? __pfx____ratelimit+0x10/0x10
[  693.274581][T11778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  693.274605][T11778]  ? __pfx__printk+0x10/0x10
[  693.274647][T11778]  should_fail_ex+0x414/0x560
[  693.274675][T11778]  _copy_to_user+0x31/0xb0
[  693.274706][T11778]  simple_read_from_buffer+0xe1/0x170
[  693.274743][T11778]  proc_fail_nth_read+0x1df/0x250
[  693.274772][T11778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  693.274801][T11778]  ? rw_verify_area+0x258/0x650
[  693.274831][T11778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  693.274858][T11778]  vfs_read+0x200/0x980
[  693.274896][T11778]  ? __pfx___mutex_lock+0x10/0x10
[  693.274920][T11778]  ? __pfx_vfs_read+0x10/0x10
[  693.274953][T11778]  ? __fget_files+0x2a/0x420
[  693.274982][T11778]  ? __fget_files+0x3a0/0x420
[  693.275004][T11778]  ? __fget_files+0x2a/0x420
[  693.275038][T11778]  ksys_read+0x145/0x250
[  693.275056][T11778]  ? __fget_files+0x3a0/0x420
[  693.275079][T11778]  ? __pfx_ksys_read+0x10/0x10
[  693.275106][T11778]  ? do_syscall_64+0xbe/0x3b0
[  693.275134][T11778]  do_syscall_64+0xfa/0x3b0
[  693.275154][T11778]  ? lockdep_hardirqs_on+0x9c/0x150
[  693.275175][T11778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.275195][T11778]  ? clear_bhb_loop+0x60/0xb0
[  693.275221][T11778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.275240][T11778] RIP: 0033:0x7f702d18d5fc
[  693.275260][T11778] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  693.275278][T11778] RSP: 002b:00007f702e0d0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  693.275301][T11778] RAX: ffffffffffffffda RBX: 00007f702d3b5fa0 RCX: 00007f702d18d5fc
[  693.275316][T11778] RDX: 000000000000000f RSI: 00007f702e0d00a0 RDI: 0000000000000004
[  693.275329][T11778] RBP: 00007f702e0d0090 R08: 0000000000000000 R09: 0000000000000000
[  693.275340][T11778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.275352][T11778] R13: 00007f702d3b6038 R14: 00007f702d3b5fa0 R15: 00007ffe04c825d8
[  693.275386][T11778]  </TASK>
[  693.932833][T10238] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[  694.082869][T10238] usb 2-1: device descriptor read/64, error -71
[  694.204567][T10238] usb usb2-port1: attempt power cycle
[  694.555671][T10238] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  694.659817][T10238] usb 2-1: device descriptor read/8, error -71
[  694.943241][T10238] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  694.993243][T10238] usb 2-1: device descriptor read/8, error -71
[  695.103750][T10238] usb usb2-port1: unable to enumerate USB device
[  701.935567][T10238] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  702.282890][T10238] usb 1-1: Using ep0 maxpacket: 8
[  702.290481][T10238] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  702.303157][T10238] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  702.339254][T10238] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  702.388413][T10238] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  702.438446][T10238] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  702.481911][T10238] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  702.513725][T10238] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  702.530387][T10238] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.592038][T10238] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  702.715765][ T5926] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  702.978016][T11897] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  703.044465][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  703.182227][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  703.367972][ T5926] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  703.627643][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.879128][ T5926] usb 4-1: config 0 descriptor??
[  704.720164][ T5926] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  704.894388][ T5926] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  704.931662][ T2072] usb 1-1: USB disconnect, device number 46
[  704.990515][ T5926] cp2112 0003:10C4:EA90.0001: error requesting version
[  705.047187][ T5926] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -71
[  705.129107][ T5926] usb 4-1: USB disconnect, device number 58
[  705.526573][T11912] fido_id[11912]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  707.259202][T11951] comedi comedi2: aio_aio12_8: I/O port conflict (0x3,32)
[  707.323395][ T5969] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  707.532701][ T5969] usb 2-1: Using ep0 maxpacket: 8
[  707.565963][ T5969] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  707.582574][ T5969] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  707.606566][ T5969] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  707.646473][ T5969] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  707.747391][ T5969] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  707.776537][ T5969] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  707.841611][ T5969] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  707.861946][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.896784][ T5969] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22
[  708.008241][T11968] netlink: 'syz.0.1738': attribute type 21 has an invalid length.
[  708.017922][T11968] netlink: 'syz.0.1738': attribute type 1 has an invalid length.
[  708.026246][T11968] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1738'.
[  708.049214][T11968] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.112295][T11966] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1733'.
[  708.781391][T11983] FAULT_INJECTION: forcing a failure.
[  708.781391][T11983] name failslab, interval 1, probability 0, space 0, times 1
[  708.794713][T11983] CPU: 1 UID: 0 PID: 11983 Comm: syz.3.1742 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  708.794742][T11983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  708.794755][T11983] Call Trace:
[  708.794763][T11983]  <TASK>
[  708.794772][T11983]  dump_stack_lvl+0x189/0x250
[  708.794801][T11983]  ? __pfx____ratelimit+0x10/0x10
[  708.794825][T11983]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.794848][T11983]  ? __pfx__printk+0x10/0x10
[  708.794878][T11983]  ? __pfx___might_resched+0x10/0x10
[  708.794902][T11983]  ? fs_reclaim_acquire+0x7d/0x100
[  708.794932][T11983]  should_fail_ex+0x414/0x560
[  708.794962][T11983]  should_failslab+0xa8/0x100
[  708.794987][T11983]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  708.795009][T11983]  ? smb3_fs_context_parse_param+0x56bd/0x7e80
[  708.795047][T11983]  kstrdup+0x42/0x100
[  708.795075][T11983]  smb3_fs_context_parse_param+0x56bd/0x7e80
[  708.795109][T11983]  ? __pfx_smack_fs_context_parse_param+0x10/0x10
[  708.795149][T11983]  ? __pfx_smb3_fs_context_parse_param+0x10/0x10
[  708.795186][T11983]  ? static_key_count+0x41/0x70
[  708.795218][T11983]  vfs_parse_fs_param+0x1a9/0x420
[  708.795247][T11983]  __se_sys_fsconfig+0x78e/0x8d0
[  708.795282][T11983]  ? __pfx___se_sys_fsconfig+0x10/0x10
[  708.795306][T11983]  ? ksys_write+0x22a/0x250
[  708.795330][T11983]  ? __pfx_ksys_write+0x10/0x10
[  708.795347][T11983]  ? rcu_is_watching+0x15/0xb0
[  708.795376][T11983]  ? do_syscall_64+0xbe/0x3b0
[  708.795397][T11983]  ? __x64_sys_fsconfig+0x20/0xc0
[  708.795427][T11983]  do_syscall_64+0xfa/0x3b0
[  708.795457][T11983]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.795479][T11983]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.795499][T11983]  ? clear_bhb_loop+0x60/0xb0
[  708.795525][T11983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.795545][T11983] RIP: 0033:0x7f702d18ebe9
[  708.795564][T11983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.795581][T11983] RSP: 002b:00007f702e08e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  708.795604][T11983] RAX: ffffffffffffffda RBX: 00007f702d3b6180 RCX: 00007f702d18ebe9
[  708.795619][T11983] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000003
[  708.795631][T11983] RBP: 00007f702e08e090 R08: 0000000000000000 R09: 0000000000000000
[  708.795643][T11983] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  708.795656][T11983] R13: 00007f702d3b6218 R14: 00007f702d3b6180 R15: 00007ffe04c825d8
[  708.795697][T11983]  </TASK>
[  709.049534][T11983] CIFS: VFS: OOM when copying UNC string
[  709.710446][   T30] audit: type=1800 audit(1755076359.399:42): pid=11989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1744" name="/" dev="9p" ino=2 res=0 errno=0
[  709.833557][ T5969] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  710.132871][ T2072] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  710.178700][ T5969] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  710.238375][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.302766][ T2072] usb 3-1: Using ep0 maxpacket: 8
[  710.746405][ T6026] usb 2-1: USB disconnect, device number 48
[  710.772089][ T2072] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  710.861644][ T5969] usb 1-1: config 0 descriptor??
[  710.872782][ T2072] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  710.895203][ T2072] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  710.921726][ T2072] usb 3-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  710.961866][ T5969] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  710.972691][ T2072] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  711.007083][ T2072] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  711.017489][ T2072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.526280][ T2072] usbtmc 3-1:16.0: bulk endpoints not found
[  711.780327][T12014] 9pnet_fd: Insufficient options for proto=fd
[  712.614229][ T5969] usb 1-1: USB disconnect, device number 47
[  712.819675][T12034] snd_dummy snd_dummy.0: control 3:4:-2:syz0:2147483647 is already present
[  713.660350][T12045] usb usb8: usbfs: process 12045 (syz.0.1758) did not claim interface 1 before use
[  714.665936][ T5969] usb 3-1: USB disconnect, device number 57
[  714.845821][T12060] syz.1.1764 uses obsolete (PF_INET,SOCK_PACKET)
[  715.454536][T12065] xt_CT: You must specify a L4 protocol and not use inversions on it
[  716.752818][ T5926] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  716.893693][ T5926] usb 1-1: device descriptor read/64, error -71
[  717.704970][ T6026] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  717.763122][ T5926] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  717.922714][ T6026] usb 2-1: Using ep0 maxpacket: 8
[  718.208598][ T6026] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  718.211597][T12096] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.239584][ T6026] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  718.252929][ T5926] usb 1-1: device descriptor read/64, error -71
[  718.260936][ T6026] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  718.271107][ T6026] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  718.331272][ T6026] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  718.353966][ T6026] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  718.363667][ T5926] usb usb1-port1: attempt power cycle
[  718.369507][ T6026] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  718.399977][ T6026] usbtmc 2-1:16.0: bulk endpoints not found
[  718.425292][T12102] capability: warning: `syz.2.1778' uses 32-bit capabilities (legacy support in use)
[  718.531156][T12103] binder: 12101:12103 ioctl 4140 0 returned -22
[  718.744095][ T5926] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  718.969756][ T5926] usb 1-1: device descriptor read/8, error -71
[  719.963317][T12118] pimreg: entered allmulticast mode
[  720.282595][ T6026] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  720.468604][ T6026] usb 5-1: New USB device found, idVendor=045e, idProduct=02bf, bcdDevice=7b.41
[  720.488136][ T6026] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.507089][ T6026] usb 5-1: Product: syz
[  720.517120][ T6026] usb 5-1: Manufacturer: syz
[  720.541670][ T6026] usb 5-1: SerialNumber: syz
[  720.553098][ T6026] usb 5-1: config 0 descriptor??
[  721.854769][ T5969] usb 2-1: USB disconnect, device number 49
[  723.235934][ T6026] gspca_main: kinect-2.14.0 probing 045e:02bf
[  723.380577][ T6026] usb 5-1: USB disconnect, device number 63
[  723.502829][ T5926] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  723.580014][T12162] fuse: Bad value for 'group_id'
[  723.586379][T12162] fuse: Bad value for 'group_id'
[  723.676732][ T5926] usb 1-1: device descriptor read/64, error -71
[  723.785772][T12165] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1797'.
[  723.877757][T12169] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1797'.
[  724.020010][T12171] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  724.120865][T12175] netlink: 'syz.4.1798': attribute type 3 has an invalid length.
[  724.129101][T12175] netlink: 368 bytes leftover after parsing attributes in process `syz.4.1798'.
[  724.758758][ T5926] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  725.362862][ T5926] usb 1-1: device descriptor read/64, error -71
[  725.502918][ T5926] usb usb1-port1: attempt power cycle
[  726.224909][T12184] comedi comedi2: aio_aio12_8: I/O port conflict (0x3,32)
[  727.658271][T12209] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1806'.
[  727.667697][T12209] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1806'.
[  727.679016][T12209] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (808482864)
[  728.547240][T12213] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  728.723201][ T2072] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  728.885097][ T2072] usb 2-1: config 0 has no interfaces?
[  729.658961][ T2072] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  729.678705][ T2072] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.692031][ T2072] usb 2-1: Product: syz
[  729.701552][ T2072] usb 2-1: Manufacturer: syz
[  729.712757][ T2072] usb 2-1: SerialNumber: syz
[  729.731368][ T2072] usb 2-1: config 0 descriptor??
[  731.003032][ T5926] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  731.044736][T12239] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0
[  731.143166][ T5926] usb 1-1: device descriptor read/64, error -71
[  731.870340][ T5926] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  732.332798][ T5926] usb 1-1: device descriptor read/64, error -71
[  732.473795][ T5926] usb usb1-port1: attempt power cycle
[  733.089401][ T2072] usb 2-1: USB disconnect, device number 50
[  733.284029][ T5926] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  733.486458][T12258] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  733.602839][ T5926] usb 1-1: device not accepting address 57, error -71
[  734.350729][T12266] netlink: 'syz.1.1822': attribute type 2 has an invalid length.
[  737.552049][T12302] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1830'.
[  739.617011][   T10] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  739.694317][T12318] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  739.822839][   T10] usb 1-1: device descriptor read/64, error -71
[  740.602798][T12325] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1836'.
[  740.782890][   T10] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  741.923255][   T10] usb 1-1: device descriptor read/64, error -71
[  742.009700][T12330] netlink: 'syz.3.1838': attribute type 4 has an invalid length.
[  742.492771][   T10] usb usb1-port1: attempt power cycle
[  742.506757][T12341] FAULT_INJECTION: forcing a failure.
[  742.506757][T12341] name failslab, interval 1, probability 0, space 0, times 0
[  742.521333][T12330] netlink: 'syz.3.1838': attribute type 17 has an invalid length.
[  742.544184][T12341] CPU: 0 UID: 0 PID: 12341 Comm: syz.0.1841 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  742.544206][T12341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  742.544214][T12341] Call Trace:
[  742.544219][T12341]  <TASK>
[  742.544225][T12341]  dump_stack_lvl+0x189/0x250
[  742.544244][T12341]  ? __pfx____ratelimit+0x10/0x10
[  742.544258][T12341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.544272][T12341]  ? __pfx__printk+0x10/0x10
[  742.544291][T12341]  ? __pfx___might_resched+0x10/0x10
[  742.544303][T12341]  ? fs_reclaim_acquire+0x7d/0x100
[  742.544321][T12341]  should_fail_ex+0x414/0x560
[  742.544337][T12341]  should_failslab+0xa8/0x100
[  742.544352][T12341]  __kmalloc_cache_noprof+0x70/0x3d0
[  742.544364][T12341]  ? snd_seq_queue_alloc+0x5d/0x790
[  742.544382][T12341]  snd_seq_queue_alloc+0x5d/0x790
[  742.544400][T12341]  ? __pfx_snd_seq_ioctl_create_port+0x10/0x10
[  742.544416][T12341]  snd_seq_ioctl_create_queue+0x7f/0x3c0
[  742.544431][T12341]  snd_seq_oss_open+0x5e0/0xea0
[  742.544450][T12341]  ? __pfx_snd_seq_oss_open+0x10/0x10
[  742.544471][T12341]  ? __lock_acquire+0xab9/0xd20
[  742.544497][T12341]  ? rcu_is_watching+0x15/0xb0
[  742.544518][T12341]  ? trace_contention_end+0x39/0x120
[  742.544545][T12341]  ? __pfx___mutex_lock+0x10/0x10
[  742.544562][T12341]  ? __pfx_snd_seq_oss_event_input+0x10/0x10
[  742.544575][T12341]  ? __pfx_free_devinfo+0x10/0x10
[  742.544586][T12341]  ? do_raw_spin_unlock+0x122/0x240
[  742.544605][T12341]  ? soundcore_open+0x2da/0x490
[  742.544620][T12341]  odev_open+0x67/0xa0
[  742.544633][T12341]  chrdev_open+0x4c9/0x5e0
[  742.544649][T12341]  ? __pfx_chrdev_open+0x10/0x10
[  742.544668][T12341]  ? __pfx_chrdev_open+0x10/0x10
[  742.544680][T12341]  do_dentry_open+0xdf0/0x1970
[  742.544707][T12341]  vfs_open+0x3b/0x340
[  742.544720][T12341]  ? path_openat+0x2ecd/0x3830
[  742.544738][T12341]  path_openat+0x2ee5/0x3830
[  742.544754][T12341]  ? arch_stack_walk+0xfc/0x150
[  742.544793][T12341]  ? __pfx_path_openat+0x10/0x10
[  742.544808][T12341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.544833][T12341]  do_filp_open+0x1fa/0x410
[  742.544849][T12341]  ? __lock_acquire+0xab9/0xd20
[  742.544861][T12341]  ? __pfx_do_filp_open+0x10/0x10
[  742.544892][T12341]  ? _raw_spin_unlock+0x28/0x50
[  742.544909][T12341]  ? alloc_fd+0x64c/0x6c0
[  742.544929][T12341]  do_sys_openat2+0x121/0x1c0
[  742.544952][T12341]  ? __pfx_do_sys_openat2+0x10/0x10
[  742.544968][T12341]  ? ksys_write+0x22a/0x250
[  742.544981][T12341]  ? __pfx_ksys_write+0x10/0x10
[  742.544992][T12341]  ? rcu_is_watching+0x15/0xb0
[  742.545016][T12341]  __x64_sys_open+0x11e/0x150
[  742.545046][T12341]  do_syscall_64+0xfa/0x3b0
[  742.545066][T12341]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.545086][T12341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.545106][T12341]  ? clear_bhb_loop+0x60/0xb0
[  742.545129][T12341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.545147][T12341] RIP: 0033:0x7f8e5b58ebe9
[  742.545165][T12341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.545182][T12341] RSP: 002b:00007f8e5c3d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  742.545203][T12341] RAX: ffffffffffffffda RBX: 00007f8e5b7b5fa0 RCX: 00007f8e5b58ebe9
[  742.545217][T12341] RDX: 0000000000000067 RSI: 0000000000000000 RDI: 00002000000001c0
[  742.545229][T12341] RBP: 00007f8e5c3d7090 R08: 0000000000000000 R09: 0000000000000000
[  742.545241][T12341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.545253][T12341] R13: 00007f8e5b7b6038 R14: 00007f8e5b7b5fa0 R15: 00007ffcd3701298
[  742.545286][T12341]  </TASK>
[  742.945273][T12332] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1838'.
[  743.363219][T12348] Driver unsupported XDP return value 0 on prog  (id 271) dev N/A, expect packet loss!
[  744.422798][   T10] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  745.247742][   T10] usb 1-1: config 0 has no interfaces?
[  745.262862][   T10] usb 1-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=54.63
[  745.271968][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.296154][   T10] usb 1-1: config 0 descriptor??
[  745.559460][ T5969] usb 1-1: USB disconnect, device number 61
[  746.511296][   T30] audit: type=1800 audit(1755076396.189:43): pid=12378 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1852" name="/" dev="9p" ino=2 res=0 errno=0
[  747.297158][T12388] FAULT_INJECTION: forcing a failure.
[  747.297158][T12388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.311477][T12388] CPU: 1 UID: 0 PID: 12388 Comm: syz.1.1853 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  747.311505][T12388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  747.311518][T12388] Call Trace:
[  747.311526][T12388]  <TASK>
[  747.311535][T12388]  dump_stack_lvl+0x189/0x250
[  747.311566][T12388]  ? __pfx____ratelimit+0x10/0x10
[  747.311590][T12388]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.311614][T12388]  ? __pfx__printk+0x10/0x10
[  747.311656][T12388]  should_fail_ex+0x414/0x560
[  747.311683][T12388]  _copy_to_user+0x31/0xb0
[  747.311714][T12388]  simple_read_from_buffer+0xe1/0x170
[  747.311743][T12388]  proc_fail_nth_read+0x1df/0x250
[  747.311772][T12388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.311799][T12388]  ? rw_verify_area+0x258/0x650
[  747.311830][T12388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.311857][T12388]  vfs_read+0x200/0x980
[  747.311895][T12388]  ? __pfx___mutex_lock+0x10/0x10
[  747.311921][T12388]  ? __pfx_vfs_read+0x10/0x10
[  747.311954][T12388]  ? __fget_files+0x2a/0x420
[  747.311984][T12388]  ? __fget_files+0x3a0/0x420
[  747.312006][T12388]  ? __fget_files+0x2a/0x420
[  747.312038][T12388]  ksys_read+0x145/0x250
[  747.312061][T12388]  ? __pfx_ksys_read+0x10/0x10
[  747.312096][T12388]  do_syscall_64+0xfa/0x3b0
[  747.312118][T12388]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.312138][T12388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.312159][T12388]  ? clear_bhb_loop+0x60/0xb0
[  747.312186][T12388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.312206][T12388] RIP: 0033:0x7f8d7e98d5fc
[  747.312225][T12388] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  747.312243][T12388] RSP: 002b:00007f8d7f860030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  747.312267][T12388] RAX: ffffffffffffffda RBX: 00007f8d7ebb6090 RCX: 00007f8d7e98d5fc
[  747.312282][T12388] RDX: 000000000000000f RSI: 00007f8d7f8600a0 RDI: 000000000000000a
[  747.312294][T12388] RBP: 00007f8d7f860090 R08: 0000000000000000 R09: 0000000000000000
[  747.312307][T12388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.312319][T12388] R13: 00007f8d7ebb6128 R14: 00007f8d7ebb6090 R15: 00007ffce9acb328
[  747.312354][T12388]  </TASK>
[  747.602690][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.609305][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  747.680033][T12393] netlink: 212364 bytes leftover after parsing attributes in process `syz.4.1856'.
[  747.690220][T12393] openvswitch: netlink: Message has 5 unknown bytes.
[  747.697223][   T10] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  747.918290][   T10] usb 1-1: device descriptor read/64, error -71
[  749.733924][   T10] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  750.739716][T12408] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  751.173756][T12403] bond8 (unregistering): Released all slaves
[  751.259292][T12409] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1859'.
[  751.332419][ T5926] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  752.628251][ T5926] usb 4-1: config 0 has no interfaces?
[  752.645639][ T5926] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  752.669694][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  752.845857][ T5926] usb 4-1: Product: syz
[  752.850257][ T5926] usb 4-1: Manufacturer: syz
[  752.855975][ T5926] usb 4-1: SerialNumber: syz
[  752.878344][ T5926] usb 4-1: config 0 descriptor??
[  753.165896][ T5969] usb 4-1: USB disconnect, device number 59
[  753.861681][   T30] audit: type=1800 audit(1755076403.549:44): pid=12424 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1863" name="/" dev="9p" ino=2 res=0 errno=0
[  754.327882][T12434] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1866'.
[  754.343639][   T30] audit: type=1400 audit(1755076404.039:45): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=12427 comm="syz.4.1866" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  755.266383][T12440] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1869'.
[  755.678475][ T5969] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  755.912704][ T5969] usb 1-1: Using ep0 maxpacket: 8
[  756.314334][ T5969] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  756.358046][ T5969] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  756.359072][   T10] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  756.370662][ T5969] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  756.448359][ T5969] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  756.729936][ T5969] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  756.856405][ T5969] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  756.913328][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.963300][   T10] usb 5-1: device descriptor read/64, error -71
[  757.050161][ T5969] usbtmc 1-1:16.0: bulk endpoints not found
[  757.321080][T12463] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1872'.
[  757.367651][T12461] bond5 (unregistering): Released all slaves
[  757.592781][   T10] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  757.832763][   T10] usb 5-1: device descriptor read/64, error -71
[  757.945524][   T10] usb usb5-port1: attempt power cycle
[  758.374608][   T10] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  758.405996][   T10] usb 5-1: device descriptor read/8, error -71
[  759.332849][ T5969] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  759.852265][ T5969] usb 4-1: config 0 has no interfaces?
[  760.254321][ T5969] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  760.263966][ T5969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.272276][ T5969] usb 4-1: Product: syz
[  760.277621][ T5969] usb 4-1: Manufacturer: syz
[  760.282870][ T5969] usb 4-1: SerialNumber: syz
[  760.314561][ T5969] usb 4-1: config 0 descriptor??
[  760.449821][ T5955] usb 1-1: USB disconnect, device number 64
[  760.488252][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1878'.
[  760.506153][   T30] audit: type=1400 audit(1755076410.199:46): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=12488 comm="syz.1.1878" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  760.784173][T12472] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1875'.
[  760.920267][T12495] mkiss: ax0: crc mode is auto.
[  761.483646][T12504] netlink: 'syz.4.1883': attribute type 1 has an invalid length.
[  761.508412][T12504] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1883'.
[  761.707371][ T5955] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  761.928933][ T5955] usb 2-1: config 6 has an invalid interface number: 223 but max is 1
[  761.939574][ T5955] usb 2-1: config 6 has an invalid interface number: 168 but max is 1
[  761.960162][ T5955] usb 2-1: config 6 has no interface number 0
[  761.962897][T12510] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1883'.
[  761.967020][ T5955] usb 2-1: config 6 has no interface number 1
[  762.560461][ T5955] usb 2-1: config 6 interface 223 has no altsetting 0
[  762.569248][ T5955] usb 2-1: config 6 interface 168 has no altsetting 0
[  762.580565][ T5955] usb 2-1: New USB device found, idVendor=04c8, idProduct=0720, bcdDevice=93.a4
[  762.606914][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.617967][   T10] usb 4-1: USB disconnect, device number 60
[  762.651917][ T5955] usb 2-1: Product: syz
[  762.684323][ T5955] usb 2-1: Manufacturer: syz
[  762.689056][ T5955] usb 2-1: SerialNumber: syz
[  762.937249][T12516] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1885'.
[  763.420172][ T5955] usb 2-1: USB disconnect, device number 51
[  764.575351][T12526] netlink: 'syz.0.1888': attribute type 4 has an invalid length.
[  765.788167][T12534] netlink: 'syz.2.1890': attribute type 10 has an invalid length.
[  765.796528][T12534] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1890'.
[  765.827486][T12534] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  766.050511][   T10] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  766.373662][T12546] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1892'.
[  766.385611][   T30] audit: type=1400 audit(1755076416.079:47): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=12543 comm="syz.4.1892" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  766.405713][   T10] usb 2-1: Using ep0 maxpacket: 8
[  766.414891][ T5955] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  766.415154][   T10] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  766.432126][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  766.453954][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  766.478943][   T10] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  766.506487][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  766.537592][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  766.603004][ T5955] usb 1-1: Using ep0 maxpacket: 16
[  766.654121][ T5955] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.808142][ T5955] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  766.812728][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.171083][ T5955] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  767.314702][ T5955] usb 1-1: config 0 interface 0 has no altsetting 0
[  767.334018][ T5955] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  767.350471][   T10] usbtmc 2-1:16.0: bulk endpoints not found
[  767.360279][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.392157][ T5955] usb 1-1: config 0 descriptor??
[  767.662909][   T10] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  767.825104][T12539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  767.863498][T12539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  767.877378][   T10] usb 5-1: config 0 has no interfaces?
[  767.919188][   T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  767.995506][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  768.038716][   T10] usb 5-1: Product: syz
[  768.079063][   T10] usb 5-1: Manufacturer: syz
[  768.105892][   T10] usb 5-1: SerialNumber: syz
[  768.144051][   T10] usb 5-1: config 0 descriptor??
[  768.225571][ T5955] usb 1-1: USB disconnect, device number 65
[  768.380784][   T30] audit: type=1326 audit(1755076418.069:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12556 comm="syz.3.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702d18ebe9 code=0x7fc00000
[  768.402596][    C0] vkms_vblank_simulate: vblank timer overrun
[  768.426974][T12552] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1895'.
[  769.973387][   T10] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  770.054219][T12582] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  770.057145][ T5955] usb 2-1: USB disconnect, device number 52
[  770.450208][ T5926] usb 5-1: USB disconnect, device number 68
[  770.472897][   T10] usb 1-1: device descriptor read/64, error -71
[  770.588130][T12586] mmap: syz.1.1903 (12586) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  770.812269][T12589] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  770.841494][T12591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1905'.
[  770.851403][   T10] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  770.868410][   T30] audit: type=1400 audit(1755076420.559:49): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=12588 comm="syz.3.1905" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  770.994424][   T10] usb 1-1: device descriptor read/64, error -71
[  771.194253][   T10] usb usb1-port1: attempt power cycle
[  771.215478][T12594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1906'.
[  771.628606][   T10] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  771.673833][   T10] usb 1-1: device descriptor read/8, error -71
[  771.897094][T12604] FAULT_INJECTION: forcing a failure.
[  771.897094][T12604] name failslab, interval 1, probability 0, space 0, times 0
[  771.910856][T12604] CPU: 0 UID: 0 PID: 12604 Comm: syz.2.1909 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  771.910885][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  771.910897][T12604] Call Trace:
[  771.910906][T12604]  <TASK>
[  771.910915][T12604]  dump_stack_lvl+0x189/0x250
[  771.910948][T12604]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.910973][T12604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  771.911006][T12604]  ? dump_stack+0x9/0x20
[  771.911037][T12604]  should_fail_ex+0x414/0x560
[  771.911066][T12604]  ? hash_ipport_create+0x78d/0x1410
[  771.911094][T12604]  should_failslab+0xa8/0x100
[  771.911121][T12604]  __kvmalloc_node_noprof+0x161/0x5f0
[  771.911145][T12604]  ? hash_ipport_create+0x78d/0x1410
[  771.911171][T12604]  ? hash_ipport_create+0x6d5/0x1410
[  771.911203][T12604]  hash_ipport_create+0x78d/0x1410
[  771.911231][T12604]  ? __lock_acquire+0xab9/0xd20
[  771.911270][T12604]  ? __pfx_hash_ipport_create+0x10/0x10
[  771.911302][T12604]  ? __nla_parse+0x40/0x60
[  771.911328][T12604]  ? __pfx_hash_ipport_create+0x10/0x10
[  771.911360][T12604]  ip_set_create+0xa94/0x1940
[  771.911385][T12604]  ? ip_set_create+0x4a2/0x1940
[  771.911424][T12604]  ? __pfx_ip_set_create+0x10/0x10
[  771.911501][T12604]  nfnetlink_rcv_msg+0xb4d/0x1130
[  771.911526][T12604]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  771.911575][T12604]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  771.911630][T12604]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.911663][T12604]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  771.911688][T12604]  ? netlink_rcv_skb+0x1e0/0x470
[  771.911725][T12604]  netlink_rcv_skb+0x205/0x470
[  771.911755][T12604]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  771.911781][T12604]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  771.911824][T12604]  ? bpf_lsm_capable+0x9/0x20
[  771.911849][T12604]  ? security_capable+0x7e/0x2e0
[  771.911885][T12604]  nfnetlink_rcv+0x26a/0x2520
[  771.911909][T12604]  ? preempt_schedule_common+0x83/0xd0
[  771.911932][T12604]  ? preempt_schedule+0xae/0xc0
[  771.911953][T12604]  ? __pfx_preempt_schedule+0x10/0x10
[  771.911995][T12604]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  771.912028][T12604]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  771.912062][T12604]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  771.912095][T12604]  ? rcu_preempt_deferred_qs_irqrestore+0x851/0xc40
[  771.912147][T12604]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  771.912190][T12604]  ? rcu_is_watching+0x15/0xb0
[  771.912217][T12604]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  771.912244][T12604]  ? skb_clone+0x246/0x3a0
[  771.912272][T12604]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  771.912300][T12604]  ? netlink_deliver_tap+0x2e/0x1b0
[  771.912337][T12604]  ? netlink_deliver_tap+0x2e/0x1b0
[  771.912377][T12604]  netlink_unicast+0x75c/0x8e0
[  771.912418][T12604]  netlink_sendmsg+0x805/0xb30
[  771.912460][T12604]  ? __pfx___calc_delta+0x10/0x10
[  771.912500][T12604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  771.912539][T12604]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  771.912560][T12604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  771.912595][T12604]  __sock_sendmsg+0x21c/0x270
[  771.912624][T12604]  ____sys_sendmsg+0x505/0x830
[  771.912664][T12604]  ? __pfx_____sys_sendmsg+0x10/0x10
[  771.912704][T12604]  ? import_iovec+0x74/0xa0
[  771.912738][T12604]  ___sys_sendmsg+0x21f/0x2a0
[  771.912773][T12604]  ? __pfx____sys_sendmsg+0x10/0x10
[  771.912849][T12604]  ? __fget_files+0x2a/0x420
[  771.912873][T12604]  ? __fget_files+0x3a0/0x420
[  771.912911][T12604]  __x64_sys_sendmsg+0x19b/0x260
[  771.912939][T12604]  ? schedule+0x165/0x360
[  771.912961][T12604]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  771.913022][T12604]  do_syscall_64+0xfa/0x3b0
[  771.913047][T12604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.913067][T12604]  ? asm_sysvec_call_function_single+0x1a/0x20
[  771.913087][T12604]  ? clear_bhb_loop+0x60/0xb0
[  771.913113][T12604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.913134][T12604] RIP: 0033:0x7f33d838ebe9
[  771.913154][T12604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  771.913172][T12604] RSP: 002b:00007f33d9247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  771.913195][T12604] RAX: ffffffffffffffda RBX: 00007f33d85b6090 RCX: 00007f33d838ebe9
[  771.913211][T12604] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  771.913225][T12604] RBP: 00007f33d9247090 R08: 0000000000000000 R09: 0000000000000000
[  771.913238][T12604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.913252][T12604] R13: 00007f33d85b6128 R14: 00007f33d85b6090 R15: 00007ffe7829b5b8
[  771.913288][T12604]  </TASK>
[  772.359347][    C0] vkms_vblank_simulate: vblank timer overrun
[  772.842755][   T10] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  773.052991][   T10] usb 1-1: device not accepting address 69, error -71
[  773.061736][   T10] usb usb1-port1: unable to enumerate USB device
[  774.742784][   T10] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  774.982894][ T5955] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  775.062751][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  775.069456][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  775.069478][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  775.069491][   T10] usb 1-1: Product: syz
[  775.069501][   T10] usb 1-1: Manufacturer: syz
[  775.069510][   T10] usb 1-1: SerialNumber: syz
[  775.201094][ T5955] usb 3-1: Using ep0 maxpacket: 8
[  775.211333][ T5955] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  775.211408][ T5955] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  775.211433][ T5955] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  775.211459][ T5955] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  775.211484][ T5955] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  775.211530][ T5955] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  775.211556][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.312139][   T10] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 70 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  775.451086][ T5955] usb 3-1: usb_control_msg returned -32
[  775.854912][ T5955] usbtmc 3-1:16.0: can't read capabilities
[  775.922862][ T5847] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  776.033308][   T10] usb 1-1: USB disconnect, device number 70
[  776.057944][   T10] usblp0: removed
[  777.534369][T12645] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1920'.
[  777.668198][T12648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1920'.
[  777.953284][ T5955] usb 3-1: USB disconnect, device number 58
[  780.141901][T12640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1918'.
[  780.155265][T12647] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  780.161309][T12652] FAULT_INJECTION: forcing a failure.
[  780.161309][T12652] name failslab, interval 1, probability 0, space 0, times 0
[  781.002888][T12652] CPU: 1 UID: 0 PID: 12652 Comm: syz.2.1922 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  781.002919][T12652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  781.002927][T12652] Call Trace:
[  781.002932][T12652]  <TASK>
[  781.002939][T12652]  dump_stack_lvl+0x189/0x250
[  781.002969][T12652]  ? __pfx____ratelimit+0x10/0x10
[  781.002992][T12652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  781.003015][T12652]  ? __pfx__printk+0x10/0x10
[  781.003052][T12652]  should_fail_ex+0x414/0x560
[  781.003070][T12652]  should_failslab+0xa8/0x100
[  781.003085][T12652]  kmem_cache_alloc_noprof+0x73/0x3c0
[  781.003097][T12652]  ? skb_clone+0x212/0x3a0
[  781.003112][T12652]  skb_clone+0x212/0x3a0
[  781.003126][T12652]  __netlink_deliver_tap+0x404/0x850
[  781.003152][T12652]  ? netlink_deliver_tap+0x2e/0x1b0
[  781.003169][T12652]  netlink_deliver_tap+0x19c/0x1b0
[  781.003186][T12652]  netlink_sendskb+0x68/0x140
[  781.003203][T12652]  netlink_rcv_skb+0x28c/0x470
[  781.003220][T12652]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  781.003237][T12652]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  781.003262][T12652]  ? netlink_deliver_tap+0x2e/0x1b0
[  781.003278][T12652]  ? netlink_deliver_tap+0x2e/0x1b0
[  781.003297][T12652]  netlink_unicast+0x75c/0x8e0
[  781.003319][T12652]  netlink_sendmsg+0x805/0xb30
[  781.003342][T12652]  ? __pfx_netlink_sendmsg+0x10/0x10
[  781.003365][T12652]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  781.003377][T12652]  ? __pfx_netlink_sendmsg+0x10/0x10
[  781.003402][T12652]  __sock_sendmsg+0x21c/0x270
[  781.003419][T12652]  ____sys_sendmsg+0x505/0x830
[  781.003441][T12652]  ? __pfx_____sys_sendmsg+0x10/0x10
[  781.003465][T12652]  ? import_iovec+0x74/0xa0
[  781.003484][T12652]  ___sys_sendmsg+0x21f/0x2a0
[  781.003504][T12652]  ? __pfx____sys_sendmsg+0x10/0x10
[  781.003545][T12652]  ? __fget_files+0x2a/0x420
[  781.003559][T12652]  ? __fget_files+0x3a0/0x420
[  781.003579][T12652]  __x64_sys_sendmsg+0x19b/0x260
[  781.003599][T12652]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  781.003623][T12652]  ? __pfx_ksys_write+0x10/0x10
[  781.003633][T12652]  ? rcu_is_watching+0x15/0xb0
[  781.003653][T12652]  ? do_syscall_64+0xbe/0x3b0
[  781.003669][T12652]  do_syscall_64+0xfa/0x3b0
[  781.003682][T12652]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.003694][T12652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.003706][T12652]  ? clear_bhb_loop+0x60/0xb0
[  781.003721][T12652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.003733][T12652] RIP: 0033:0x7f33d838ebe9
[  781.003745][T12652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  781.003756][T12652] RSP: 002b:00007f33d9268038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  781.003770][T12652] RAX: ffffffffffffffda RBX: 00007f33d85b5fa0 RCX: 00007f33d838ebe9
[  781.003780][T12652] RDX: 000000000004c0c8 RSI: 0000200000000000 RDI: 0000000000000003
[  781.003787][T12652] RBP: 00007f33d9268090 R08: 0000000000000000 R09: 0000000000000000
[  781.003795][T12652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  781.003802][T12652] R13: 00007f33d85b6038 R14: 00007f33d85b5fa0 R15: 00007ffe7829b5b8
[  781.003821][T12652]  </TASK>
[  781.761657][T12674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1928'.
[  782.667178][T12685] FAULT_INJECTION: forcing a failure.
[  782.667178][T12685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  782.692761][T12685] CPU: 1 UID: 0 PID: 12685 Comm: syz.1.1931 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  782.692784][T12685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  782.692792][T12685] Call Trace:
[  782.692798][T12685]  <TASK>
[  782.692803][T12685]  dump_stack_lvl+0x189/0x250
[  782.692823][T12685]  ? __pfx____ratelimit+0x10/0x10
[  782.692837][T12685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  782.692850][T12685]  ? __pfx__printk+0x10/0x10
[  782.692866][T12685]  ? __might_fault+0xb0/0x130
[  782.692886][T12685]  should_fail_ex+0x414/0x560
[  782.692903][T12685]  _copy_from_user+0x2d/0xb0
[  782.692921][T12685]  csum_and_copy_from_iter_full+0x1e1/0x1eb0
[  782.692953][T12685]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  782.692980][T12685]  ? trace_kmalloc+0x1f/0xd0
[  782.692993][T12685]  ip_generic_getfrag+0x12f/0x2b0
[  782.693011][T12685]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  782.693026][T12685]  ? skb_put+0x11b/0x210
[  782.693045][T12685]  __ip6_append_data+0x3846/0x3de0
[  782.693082][T12685]  ? __pfx_raw6_getfrag+0x10/0x10
[  782.693109][T12685]  ? __pfx___ip6_append_data+0x10/0x10
[  782.693124][T12685]  ? __pfx_ip6_mtu+0x10/0x10
[  782.693147][T12685]  ip6_append_data+0x1c4/0x380
[  782.693167][T12685]  ? __pfx_raw6_getfrag+0x10/0x10
[  782.693181][T12685]  rawv6_sendmsg+0x124b/0x17f0
[  782.693203][T12685]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  782.693219][T12685]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  782.693250][T12685]  ? sock_rps_record_flow+0x19/0x410
[  782.693266][T12685]  ? inet_sendmsg+0x2f4/0x370
[  782.693278][T12685]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  782.693293][T12685]  __sock_sendmsg+0x19c/0x270
[  782.693309][T12685]  sock_write_iter+0x258/0x330
[  782.693325][T12685]  ? __pfx_sock_write_iter+0x10/0x10
[  782.693345][T12685]  ? __lock_acquire+0xab9/0xd20
[  782.693363][T12685]  do_iter_readv_writev+0x56b/0x7f0
[  782.693378][T12685]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  782.693394][T12685]  ? bpf_lsm_file_permission+0x9/0x20
[  782.693407][T12685]  ? security_file_permission+0x75/0x290
[  782.693422][T12685]  ? rw_verify_area+0x258/0x650
[  782.693446][T12685]  vfs_writev+0x31a/0x960
[  782.693463][T12685]  ? __lock_acquire+0xab9/0xd20
[  782.693476][T12685]  ? __pfx_vfs_writev+0x10/0x10
[  782.693500][T12685]  ? __fget_files+0x2a/0x420
[  782.693516][T12685]  ? __fget_files+0x3a0/0x420
[  782.693528][T12685]  ? __fget_files+0x2a/0x420
[  782.693547][T12685]  do_writev+0x14d/0x2d0
[  782.693563][T12685]  ? __pfx_do_writev+0x10/0x10
[  782.693576][T12685]  ? rcu_is_watching+0x15/0xb0
[  782.693593][T12685]  ? do_syscall_64+0xbe/0x3b0
[  782.693609][T12685]  do_syscall_64+0xfa/0x3b0
[  782.693620][T12685]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.693634][T12685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.693648][T12685]  ? clear_bhb_loop+0x60/0xb0
[  782.693663][T12685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.693674][T12685] RIP: 0033:0x7f8d7e98ebe9
[  782.693693][T12685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  782.693704][T12685] RSP: 002b:00007f8d7f881038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  782.693721][T12685] RAX: ffffffffffffffda RBX: 00007f8d7ebb5fa0 RCX: 00007f8d7e98ebe9
[  782.693734][T12685] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  782.693746][T12685] RBP: 00007f8d7f881090 R08: 0000000000000000 R09: 0000000000000000
[  782.693758][T12685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  782.693770][T12685] R13: 00007f8d7ebb6038 R14: 00007f8d7ebb5fa0 R15: 00007ffce9acb328
[  782.693803][T12685]  </TASK>
[  783.058303][T12684] FAULT_INJECTION: forcing a failure.
[  783.058303][T12684] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  783.071853][T12684] CPU: 1 UID: 0 PID: 12684 Comm: syz.0.1930 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  783.071871][T12684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  783.071879][T12684] Call Trace:
[  783.071884][T12684]  <TASK>
[  783.071889][T12684]  dump_stack_lvl+0x189/0x250
[  783.071908][T12684]  ? __pfx____ratelimit+0x10/0x10
[  783.071923][T12684]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.071936][T12684]  ? __pfx__printk+0x10/0x10
[  783.071953][T12684]  ? fs_reclaim_acquire+0x7d/0x100
[  783.071974][T12684]  should_fail_ex+0x414/0x560
[  783.071990][T12684]  prepare_alloc_pages+0x213/0x610
[  783.072010][T12684]  __alloc_frozen_pages_noprof+0x123/0x370
[  783.072028][T12684]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  783.072050][T12684]  ? policy_nodemask+0x27c/0x720
[  783.072067][T12684]  alloc_pages_mpol+0x232/0x4a0
[  783.072083][T12684]  alloc_pages_noprof+0xa9/0x190
[  783.072097][T12684]  pte_alloc_one+0x21/0x170
[  783.072112][T12684]  __do_fault+0xd1/0x390
[  783.072127][T12684]  __handle_mm_fault+0x198b/0x5620
[  783.072144][T12684]  ? __lock_acquire+0xab9/0xd20
[  783.072168][T12684]  ? __pfx___handle_mm_fault+0x10/0x10
[  783.072186][T12684]  ? lock_vma_under_rcu+0xf8/0x710
[  783.072206][T12684]  ? lock_vma_under_rcu+0xf8/0x710
[  783.072219][T12684]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  783.072237][T12684]  handle_mm_fault+0x2d5/0x7f0
[  783.072262][T12684]  do_user_addr_fault+0xa81/0x1390
[  783.072284][T12684]  ? rcu_is_watching+0x15/0xb0
[  783.072298][T12684]  ? trace_page_fault_user+0x84/0x1e0
[  783.072318][T12684]  exc_page_fault+0x76/0xf0
[  783.072333][T12684]  asm_exc_page_fault+0x26/0x30
[  783.072344][T12684] RIP: 0033:0x7f8e5b55696d
[  783.072356][T12684] Code: 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 48 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 <c5> fe 7f 07 c5 fe 7f 4f 20 c5 fe 7f 54 17 e0 c5 fe 7f 5c 17 c0 e9
[  783.072366][T12684] RSP: 002b:00007f8e5c3b6028 EFLAGS: 00010283
[  783.072379][T12684] RAX: 0000200000ffb020 RBX: 00007f8e5b7b6090 RCX: 0000000000000048
[  783.072388][T12684] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000200000ffb020
[  783.072401][T12684] RBP: 00007f8e5c3b6090 R08: 0000000000000048 R09: 0000000000000000
[  783.072413][T12684] R10: 0000200000ffb000 R11: 0000200000000180 R12: 0000000000000001
[  783.072426][T12684] R13: 00007f8e5b7b6128 R14: 00007f8e5b7b6090 R15: 00007ffcd3701298
[  783.072470][T12684]  </TASK>
[  783.305661][T12684] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  784.672728][ T2072] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  785.052136][ T2072] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  785.097130][ T2072] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  785.589517][T12719] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  787.622885][ T2072] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  787.643150][ T2072] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.667121][T12707] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  787.680864][ T2072] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  788.123625][T12728] fuse: Unknown parameter 'group_id00000000000000000000'
[  788.138626][T12729] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  788.174620][   T30] audit: type=1800 audit(1755076437.869:50): pid=12728 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1942" name="/" dev="9p" ino=2 res=0 errno=0
[  789.612771][ T2072] usb 2-1: USB disconnect, device number 53
[  790.210672][T12746] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1946'.
[  790.336250][T12748] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1946'.
[  790.914591][T12746] bond8 (unregistering): Released all slaves
[  792.602864][ T5969] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  792.822785][ T5969] usb 1-1: Using ep0 maxpacket: 8
[  792.864057][ T5969] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  792.903629][ T5969] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  792.916749][ T5969] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  792.941259][ T5969] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  793.005092][ T5969] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  793.069672][ T5969] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  793.092656][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.229942][T12778] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  793.337910][ T5969] usb 1-1: usb_control_msg returned -32
[  793.362745][ T5969] usbtmc 1-1:16.0: can't read capabilities
[  794.735623][T12788] FAULT_INJECTION: forcing a failure.
[  794.735623][T12788] name failslab, interval 1, probability 0, space 0, times 0
[  794.749317][T12788] CPU: 0 UID: 0 PID: 12788 Comm: syz.2.1960 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  794.749344][T12788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  794.749355][T12788] Call Trace:
[  794.749363][T12788]  <TASK>
[  794.749372][T12788]  dump_stack_lvl+0x189/0x250
[  794.749412][T12788]  ? __pfx____ratelimit+0x10/0x10
[  794.749436][T12788]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.749459][T12788]  ? __pfx__printk+0x10/0x10
[  794.749493][T12788]  ? __pfx___might_resched+0x10/0x10
[  794.749516][T12788]  ? fs_reclaim_acquire+0x7d/0x100
[  794.749547][T12788]  should_fail_ex+0x414/0x560
[  794.749583][T12788]  should_failslab+0xa8/0x100
[  794.749608][T12788]  __kmalloc_cache_noprof+0x70/0x3d0
[  794.749629][T12788]  ? rfcomm_dev_ioctl+0xa7a/0x1d40
[  794.749663][T12788]  rfcomm_dev_ioctl+0xa7a/0x1d40
[  794.749694][T12788]  ? kasan_quarantine_put+0xdd/0x220
[  794.749729][T12788]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  794.749761][T12788]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  794.749786][T12788]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  794.749808][T12788]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  794.749828][T12788]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  794.749852][T12788]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  794.749871][T12788]  ? smack_log+0xef/0x3f0
[  794.749911][T12788]  sock_do_ioctl+0xdc/0x300
[  794.749938][T12788]  ? __pfx_sock_do_ioctl+0x10/0x10
[  794.749960][T12788]  ? smk_tskacc+0x2fc/0x370
[  794.749994][T12788]  ? smack_file_ioctl+0x24a/0x340
[  794.750022][T12788]  sock_ioctl+0x576/0x790
[  794.750048][T12788]  ? __pfx_sock_ioctl+0x10/0x10
[  794.750071][T12788]  ? __fget_files+0x2a/0x420
[  794.750093][T12788]  ? __fget_files+0x3a0/0x420
[  794.750114][T12788]  ? __fget_files+0x2a/0x420
[  794.750141][T12788]  ? bpf_lsm_file_ioctl+0x9/0x20
[  794.750165][T12788]  ? __pfx_sock_ioctl+0x10/0x10
[  794.750187][T12788]  __se_sys_ioctl+0xfc/0x170
[  794.750220][T12788]  do_syscall_64+0xfa/0x3b0
[  794.750249][T12788]  ? lockdep_hardirqs_on+0x9c/0x150
[  794.750271][T12788]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.750291][T12788]  ? clear_bhb_loop+0x60/0xb0
[  794.750317][T12788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.750337][T12788] RIP: 0033:0x7f33d838ebe9
[  794.750357][T12788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.750374][T12788] RSP: 002b:00007f33d9226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  794.750397][T12788] RAX: ffffffffffffffda RBX: 00007f33d85b6180 RCX: 00007f33d838ebe9
[  794.750427][T12788] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 000000000000000a
[  794.750441][T12788] RBP: 00007f33d9226090 R08: 0000000000000000 R09: 0000000000000000
[  794.750455][T12788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  794.750468][T12788] R13: 00007f33d85b6218 R14: 00007f33d85b6180 R15: 00007ffe7829b5b8
[  794.750504][T12788]  </TASK>
[  795.285982][T12791] usbtmc 1-1:16.0: usb_control_msg returned -32
[  795.654939][T12798] overlay: ./bus is not a directory
[  796.747779][ T5969] usb 1-1: USB disconnect, device number 71
[  798.522771][ T5926] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  799.218997][ T5926] usb 5-1: device descriptor read/64, error -71
[  799.225869][   T10] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  799.702785][ T5926] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  799.775819][   T10] usb 3-1: device descriptor read/64, error -71
[  799.942112][ T5926] usb 5-1: device descriptor read/64, error -71
[  800.072843][   T10] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  800.164147][ T5926] usb usb5-port1: attempt power cycle
[  801.082935][   T10] usb 3-1: device descriptor read/64, error -71
[  801.223931][   T10] usb usb3-port1: attempt power cycle
[  801.846677][ T5926] usb usb5-port1: Cannot enable. Maybe the USB cable is bad?
[  801.903710][   T10] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  801.993129][ T5926] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  802.063435][ T5926] usb 5-1: device descriptor read/8, error -71
[  802.152697][   T10] usb 3-1: device not accepting address 61, error -71
[  802.193207][ T5926] usb usb5-port1: unable to enumerate USB device
[  802.996938][   T10] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  803.023501][   T10] usb 3-1: Using ep0 maxpacket: 16
[  803.031785][   T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  803.043797][   T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  803.072677][   T10] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  803.090461][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  803.111608][   T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  803.546574][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.712198][   T10] usb 3-1: config 0 descriptor??
[  804.564340][T12855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.611816][T12855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.821266][   T10] usb 3-1: USB disconnect, device number 62
[  806.287038][ T6026] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  806.323231][T12892] =======================================================
[  806.323231][T12892] WARNING: The mand mount option has been deprecated and
[  806.323231][T12892]          and is ignored by this kernel. Remove the mand
[  806.323231][T12892]          option from the mount to silence this warning.
[  806.323231][T12892] =======================================================
[  806.359753][T12892] tmpfs: Bad value for 'mpol'
[  806.642809][ T6026] usb 4-1: Using ep0 maxpacket: 8
[  806.679007][ T6026] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  806.759572][ T6026] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  806.852284][ T6026] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  806.893852][ T6026] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  806.936949][ T6026] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  806.968907][ T6026] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  806.990076][ T6026] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.325005][ T6026] usb 4-1: usb_control_msg returned -32
[  808.384032][ T6026] usbtmc 4-1:16.0: can't read capabilities
[  808.944033][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  809.102707][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  809.110597][T12914] usbtmc 4-1:16.0: usb_control_msg returned -32
[  809.663621][ T5969] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  809.799532][T12924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1997'.
[  809.812846][ T5969] usb 3-1: device descriptor read/64, error -71
[  809.985055][T12923] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1997'.
[  810.051411][T12926] bond3 (unregistering): Released all slaves
[  810.147442][ T5969] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  810.343586][ T2072] usb 4-1: USB disconnect, device number 61
[  810.442842][ T5969] usb 3-1: device descriptor read/64, error -71
[  810.510155][T12929] fuse: Bad value for 'user_id'
[  810.521805][T12929] fuse: Bad value for 'user_id'
[  810.672990][ T5969] usb usb3-port1: attempt power cycle
[  810.680618][   T30] audit: type=1800 audit(1755076460.239:51): pid=12929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1998" name="/" dev="9p" ino=2 res=0 errno=0
[  810.753341][ T6026] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  811.132734][ T6026] usb 5-1: Using ep0 maxpacket: 16
[  811.426237][ T5969] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  811.433950][ T6026] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  811.457181][ T6026] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  811.464174][ T5969] usb 3-1: device descriptor read/8, error -71
[  811.478824][ T6026] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  811.563151][ T6026] usb 5-1: config 0 interface 0 has no altsetting 0
[  811.716588][ T6026] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  811.732913][ T5969] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  811.783572][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.930744][ T6026] usb 5-1: config 0 descriptor??
[  811.940271][ T5969] usb 3-1: device descriptor read/8, error -71
[  812.695065][ T5969] usb usb3-port1: unable to enumerate USB device
[  812.892716][   T10] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  813.205986][T12951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2004'.
[  813.269940][   T30] audit: type=1400 audit(1755076462.909:52): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=12944 comm="syz.0.2004" path="/dev/dri/card1" dev="devtmpfs" ino=628
[  813.966790][   T10] usb 4-1: New USB device found, idVendor=1235, idProduct=000e, bcdDevice=f0.ee
[  814.303390][T12958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  814.320528][T12958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  814.460072][T12952] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.724610][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.752169][   T10] usb 4-1: config 0 descriptor??
[  814.757946][ T6026] usb 5-1: USB disconnect, device number 73
[  814.793512][   T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  814.895971][   T10] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  814.925272][T12964] dummy0: entered promiscuous mode
[  814.940161][T12316] udevd[12316]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  814.958473][T12964] dummy0: left promiscuous mode
[  815.017554][ T6026] usb 4-1: USB disconnect, device number 62
[  815.081899][T10238] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  815.397951][T10238] usb 2-1: Using ep0 maxpacket: 8
[  815.558935][T10238] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  815.610259][T10238] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  815.714720][T10238] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  815.763508][T10238] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  815.803214][T10238] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  815.830546][T10238] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  816.314381][T10238] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.693402][ T6026] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  816.909022][T10238] usb 2-1: usb_control_msg returned -32
[  817.043820][   T30] audit: type=1326 audit(1755076466.719:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12976 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2b8ebe9 code=0x7ffc0000
[  817.679943][   T30] audit: type=1326 audit(1755076466.719:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12976 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ad2b8ebe9 code=0x7ffc0000
[  817.693380][ T6026] usb 3-1: device descriptor read/64, error -71
[  817.707694][   T30] audit: type=1326 audit(1755076466.739:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12976 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f2ad2b8ebe9 code=0x7ffc0000
[  817.718054][T10238] usbtmc 2-1:16.0: can't read capabilities
[  817.731076][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.123627][ T6026] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  818.878656][T10238] usb 2-1: USB disconnect, device number 54
[  820.491593][ T6026] usb 3-1: device descriptor read/64, error -71
[  820.563211][T13008] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  820.570758][T13008] batman_adv: batadv0: Removing interface: batadv_slave_0
[  821.483710][ T6026] usb usb3-port1: attempt power cycle
[  821.492181][T13008] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  821.501609][T13008] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.377131][T13016] virtio-fs: tag </dev/md0> not found
[  822.444752][T13016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2021'.
[  822.762991][ T6026] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  822.814681][T13018] FAULT_INJECTION: forcing a failure.
[  822.814681][T13018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  822.827970][T13018] CPU: 0 UID: 0 PID: 13018 Comm: syz.4.2020 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  822.827997][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  822.828009][T13018] Call Trace:
[  822.828018][T13018]  <TASK>
[  822.828026][T13018]  dump_stack_lvl+0x189/0x250
[  822.828055][T13018]  ? __pfx____ratelimit+0x10/0x10
[  822.828077][T13018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  822.828099][T13018]  ? __pfx__printk+0x10/0x10
[  822.828126][T13018]  ? __might_fault+0xb0/0x130
[  822.828160][T13018]  should_fail_ex+0x414/0x560
[  822.828188][T13018]  _copy_from_user+0x2d/0xb0
[  822.828218][T13018]  snd_seq_ioctl+0x1d8/0x420
[  822.828239][T13018]  ? smk_tskacc+0x2fc/0x370
[  822.828273][T13018]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  822.828292][T13018]  ? smack_file_ioctl+0x24a/0x340
[  822.828333][T13018]  ? __fget_files+0x3a0/0x420
[  822.828354][T13018]  ? __fget_files+0x2a/0x420
[  822.828380][T13018]  ? bpf_lsm_file_ioctl+0x9/0x20
[  822.828404][T13018]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  822.828437][T13018]  __se_sys_ioctl+0xfc/0x170
[  822.828470][T13018]  do_syscall_64+0xfa/0x3b0
[  822.828492][T13018]  ? lockdep_hardirqs_on+0x9c/0x150
[  822.828514][T13018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  822.828533][T13018]  ? clear_bhb_loop+0x60/0xb0
[  822.828559][T13018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  822.828579][T13018] RIP: 0033:0x7f2ad2b8ebe9
[  822.828598][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  822.828615][T13018] RSP: 002b:00007f2ad3a7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  822.828637][T13018] RAX: ffffffffffffffda RBX: 00007f2ad2db6180 RCX: 00007f2ad2b8ebe9
[  822.828652][T13018] RDX: 00002000000000c0 RSI: 000000004040534e RDI: 0000000000000006
[  822.828664][T13018] RBP: 00007f2ad3a7d090 R08: 0000000000000000 R09: 0000000000000000
[  822.828676][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  822.828688][T13018] R13: 00007f2ad2db6218 R14: 00007f2ad2db6180 R15: 00007ffc913f0868
[  822.828722][T13018]  </TASK>
[  823.432790][ T6026] usb 3-1: device descriptor read/8, error -71
[  823.824575][ T2072] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  823.835592][T13026] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2023'.
[  824.002987][ T2072] usb 1-1: Using ep0 maxpacket: 16
[  824.063479][ T2072] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  824.152798][ T2072] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  824.168522][ T2072] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  824.182397][ T2072] usb 1-1: config 0 interface 0 has no altsetting 0
[  824.202448][ T2072] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  824.212268][ T2072] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.245079][ T2072] usb 1-1: config 0 descriptor??
[  824.606046][T13031] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  824.666916][T13020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  824.681619][T13020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  824.736459][T13031] loop7: detected capacity change from 0 to 7
[  824.753529][ T2072] usbhid 1-1:0.0: can't add hid device: -71
[  824.759746][ T2072] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  824.827440][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  824.852928][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.861822][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  824.873524][ T2072] usb 1-1: USB disconnect, device number 72
[  824.905523][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.925671][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  824.963170][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.991054][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.016033][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.129614][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.146607][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.516140][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.613197][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.652883][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.723183][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.732801][T13031] ldm_validate_partition_table(): Disk read failed.
[  825.782875][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.804982][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.846934][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  825.878157][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  826.033004][T13031] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  826.042222][T13031] Buffer I/O error on dev loop7, logical block 0, async page read
[  826.116959][T13031] Dev loop7: unable to read RDB block 0
[  826.171730][T13031]  loop7: unable to read partition table
[  826.199870][T13031] loop7: partition table beyond EOD, truncated
[  826.812723][   T10] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  826.890146][T13031] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  827.033053][   T10] usb 1-1: Using ep0 maxpacket: 8
[  827.040797][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  827.052908][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  827.186358][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  827.973561][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  827.983817][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  828.029666][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  828.053378][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.457148][T13061] netlink: 'syz.3.2033': attribute type 1 has an invalid length.
[  829.667144][   T10] usb 1-1: usb_control_msg returned -71
[  829.694466][   T10] usbtmc 1-1:16.0: can't read capabilities
[  829.763052][   T10] usb 1-1: USB disconnect, device number 73
[  830.202769][   T10] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  830.587783][   T10] usb 1-1: Using ep0 maxpacket: 8
[  830.603667][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  830.612028][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  830.625609][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  830.635501][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  830.646302][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  830.713203][T13074] BUG: assuming non migratable context at ./include/linux/filter.h:703
[  830.721909][T13074] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 13074, name: syz.1.2036
[  830.732468][T13074] 4 locks held by syz.1.2036/13074:
[  830.737869][T13074]  #0: ffff888057ee8ed8 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_stream_connect+0x51/0xa0
[  830.748185][T13074]  #1: ffff88807e9ee0d8 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: mptcp_connect+0x49a/0x790
[  830.758302][T13074]  #2: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: inet6_csk_xmit+0x1c5/0x720
[  830.776960][T13074]  #3: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0x9d/0x380
[  830.777260][T13074] CPU: 1 UID: 0 PID: 13074 Comm: syz.1.2036 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  830.777285][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  830.777298][T13074] Call Trace:
[  830.777306][T13074]  <TASK>
[  830.777317][T13074]  dump_stack_lvl+0x189/0x250
[  830.777349][T13074]  ? __pfx_dump_stack_lvl+0x10/0x10
[  830.777384][T13074]  ? print_lock_name+0xde/0x100
[  830.777427][T13074]  __cant_migrate+0x238/0x2e0
[  830.777457][T13074]  ? __pfx___cant_migrate+0x10/0x10
[  830.777487][T13074]  ? ip6table_mangle_hook+0x2a2/0x6c0
[  830.777521][T13074]  ? nf_nat_ipv6_fn+0xe7/0x2d0
[  830.777551][T13074]  nf_hook_run_bpf+0x8f/0x1f0
[  830.777574][T13074]  ? __pfx_ip6table_mangle_hook+0x10/0x10
[  830.777607][T13074]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[  830.777635][T13074]  ? nf_nat_ipv6_out+0x21d/0x380
[  830.777659][T13074]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[  830.777682][T13074]  nf_hook_slow+0xc5/0x220
[  830.777718][T13074]  nf_hook+0x217/0x380
[  830.777754][T13074]  ? nf_hook+0x9d/0x380
[  830.777784][T13074]  ? __pfx_nf_hook+0x10/0x10
[  830.777811][T13074]  ? nf_hook+0x2f2/0x380
[  830.777843][T13074]  ? __pfx_ip6_finish_output+0x10/0x10
[  830.777886][T13074]  ip6_output+0x27d/0x3e0
[  830.777911][T13074]  ? __pfx_ip6_finish_output+0x10/0x10
[  830.777949][T13074]  ip6_xmit+0x107a/0x1840
[  830.777994][T13074]  ? __pfx_ip6_xmit+0x10/0x10
[  830.778032][T13074]  ? inet6_csk_xmit+0x1c5/0x720
[  830.778078][T13074]  inet6_csk_xmit+0x473/0x720
[  830.778105][T13074]  ? inet6_csk_xmit+0x1c5/0x720
[  830.778126][T13074]  ? __pfx_inet6_csk_xmit+0x10/0x10
[  830.778159][T13074]  ? __pfx_tcp_v6_send_check+0x10/0x10
[  830.778194][T13074]  ? __pfx_inet6_csk_xmit+0x10/0x10
[  830.778215][T13074]  __tcp_transmit_skb+0x1db8/0x3680
[  830.778260][T13074]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  830.778298][T13074]  ? __pfx___tcp_transmit_skb+0x10/0x10
[  830.778334][T13074]  ? __asan_memset+0x22/0x50
[  830.778365][T13074]  ? tcp_rbtree_insert+0x11e/0x170
[  830.778385][T13074]  ? tcp_connect+0x1e69/0x4ef0
[  830.778416][T13074]  tcp_connect+0x1f76/0x4ef0
[  830.778486][T13074]  ? __pfx_tcp_connect+0x10/0x10
[  830.778530][T13074]  ? __asan_memset+0x22/0x50
[  830.778567][T13074]  ? __pfx_tcp_fastopen_defer_connect+0x10/0x10
[  830.778612][T13074]  ? inet6_hash_connect+0xd8/0x170
[  830.778645][T13074]  tcp_v6_connect+0x1202/0x1880
[  830.778687][T13074]  ? __pfx_tcp_v6_connect+0x10/0x10
[  830.778732][T13074]  ? __local_bh_enable_ip+0x12d/0x1c0
[  830.778755][T13074]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  830.778793][T13074]  mptcp_connect+0x52d/0x790
[  830.778824][T13074]  __inet_stream_connect+0x2ab/0xe80
[  830.778864][T13074]  ? __local_bh_enable_ip+0x12d/0x1c0
[  830.778886][T13074]  ? __pfx___inet_stream_connect+0x10/0x10
[  830.778913][T13074]  ? __local_bh_enable_ip+0x12d/0x1c0
[  830.778934][T13074]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  830.778973][T13074]  inet_stream_connect+0x66/0xa0
[  830.779002][T13074]  __sys_connect+0x316/0x440
[  830.779035][T13074]  ? __pfx___sys_connect+0x10/0x10
[  830.779083][T13074]  ? rcu_is_watching+0x15/0xb0
[  830.779118][T13074]  __x64_sys_connect+0x7a/0x90
[  830.779149][T13074]  do_syscall_64+0xfa/0x3b0
[  830.779172][T13074]  ? lockdep_hardirqs_on+0x9c/0x150
[  830.779194][T13074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.779216][T13074]  ? clear_bhb_loop+0x60/0xb0
[  830.779243][T13074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.779264][T13074] RIP: 0033:0x7f8d7e98ebe9
[  830.779284][T13074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  830.779302][T13074] RSP: 002b:00007f8d7f83f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  830.779324][T13074] RAX: ffffffffffffffda RBX: 00007f8d7ebb6180 RCX: 00007f8d7e98ebe9
[  830.779339][T13074] RDX: 000000000000001c RSI: 0000200000002940 RDI: 0000000000000005
[  830.779353][T13074] RBP: 00007f8d7ea11e19 R08: 0000000000000000 R09: 0000000000000000
[  830.779367][T13074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  830.779379][T13074] R13: 00007f8d7ebb6218 R14: 00007f8d7ebb6180 R15: 00007ffce9acb328
[  830.779426][T13074]  </TASK>
[  831.043290][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  831.374456][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.603170][   T10] usb 1-1: usb_control_msg returned -32
[  831.612738][   T10] usbtmc 1-1:16.0: can't read capabilities
[  832.493535][T13081] usbtmc 1-1:16.0: usb_control_msg returned -32
[  832.639854][   T10] usb 1-1: USB disconnect, device number 74