last executing test programs:

15.611509873s ago: executing program 4 (id=966):
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00"], 0x254}}, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r4, 0x10c, 0x3, &(0x7f0000000040), 0x4)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r5, &(0x7f0000000000)={0x1a, 0x101, 0x1, 0xfd, 0x3e, 0x10, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)

11.898180796s ago: executing program 4 (id=969):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_DYNSET_OP={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_DYNSET_FLAGS={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz1\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r5, 0x10000000005, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000711225080000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x1ff)

7.02760899s ago: executing program 2 (id=980):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x2000, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)

6.260108987s ago: executing program 3 (id=982):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

6.067756631s ago: executing program 2 (id=983):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000040)={0x4000000})
io_uring_setup(0x14897, &(0x7f0000000340)={0x0, 0xfcd3, 0x8000, 0x40001, 0xfffffffe})
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r4 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0x0, 0x87}, {0x0, 0x0, 0x5, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x10000000, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x21, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="840000001200050100000000000000"], 0x84}, 0x1, 0x0, 0x0, 0x40}, 0x20040810)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xffffffffffffffff}]}, &(0x7f0000000000)='syzkaller\x00', 0x1}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26)
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "410100", 0x48, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "d902b268700bc42a6cc571585bf1f1a7314a3ff9622eb8a2", "c71702b0466d3d54dbfb68403570003a4d4b1c41186582ad307c553d7275af97"}}}}}}}, 0x0)

5.99148983s ago: executing program 4 (id=984):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec00000001090212"], 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) (async)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
io_setup(0x2, 0x0) (async)
io_setup(0x2, 0x0)
io_submit(0x0, 0x0, 0x0) (async)
io_submit(0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_open_dev$vbi(0x0, 0x0, 0x2) (async)
r3 = syz_open_dev$vbi(0x0, 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x3) (async)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x3)
mkdirat(r2, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, 0x0, 0x0)
r6 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r6, 0x0)
r7 = fsopen(&(0x7f0000000240)='xfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x2, 0x0, &(0x7f0000000200)='\x00', 0x1)
r8 = syz_clone(0x85240000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8) (async)
ptrace(0x10, r8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket(0x10, 0x803, 0x0) (async)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xfffffffffffffef7)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)

5.921708851s ago: executing program 3 (id=985):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000100)=0x1, 0x4)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
cachestat(r2, &(0x7f0000000080)={0xffff, 0x2fdd}, 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000340)={@random="d803f32e4445", @broadcast, @val={@void, {0x8100, 0x7, 0x1, 0x4}}, {@canfd={0xd, {{0x2, 0x0, 0x0, 0x1}, 0x35, 0x2, 0x0, 0x0, "fa626a5a1a5ede3b512453729ca4fa7fabc7d57ca50df4c4c4325d809a22848207ee42dee687e007c56604ea233439405a84a7336808c56b9be7538386b8a698"}}}}, &(0x7f0000000040)={0x0, 0x3, [0xd4e, 0xe19, 0x5d9, 0x611]})
r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
write$UHID_INPUT(r7, &(0x7f0000000d00)={0x8, {"3f87ca9a07307ed618b8ec7bba46c5f28f64434a2999943ae8f0ffe3db34f9c4e944023c7d75fe5e4ead3574d05d010940faa93829a80c05b505da305370b437c5f3ba99ddffdaaf70daa4dfc815815a77182882f77b99f44e18c989eb9e965d1a7ea66bca9ea5990b785473471b8b7609b9f3a4f82efe5d9726fb5aecc16cddb8559897b2e7e226b9f69dbbdd31fa3cdbea29b481aec81c2a37c8e7d4cb7e91a49700bbc3ddaa61673eb822b6b5a3353d29142f77a0c2ff0f5691b0711ffd56b4658dd5f6be90016a35363ad90bc12f0fa96ee22dfc03f79bc4c8962b4787764a969223f3937beee6fb52a3b13a40f2616dbdd1b6dd190b4d746c8709c0559217844aa935916141320375903a475cae3e20061b7d0377087871bce3406b2c5b2cb1cf75d2491cc9623307c357a778b594695e07bc84a24d7064b13c1930a830d86449574c4d9e0031fed362d840d5e88284ac55b392a43ff8d4616f30d2164a068fa2485a1993592a9f439b0dc0435d4aa61a170b257217ad54412d0c327406d00bed0541a1b7f1d07f1c0a12ed45dec579d56c29245ab77b08830f009017028ad8ea675a07ef3b3b35ebd7a774bfe0cc60a6706901dd331173dac5ecf5f4c961b49cc9dcc359f12e42c0d6c552d2bfd1c624eff7e508579a9d877d6af5f5e0989d9ed30d195a422acb50a44e343783afdb0b88e5756895e0af5fbd09e602fb54213e722c6782be33f4d18ff499c17e8cacc090f747561b8dfb411c4db39cada3f112a4c79be6d15be02c64f4cd7f8e604f3be0bd964c54f275fd6d3c1352361f62ba1e087af404e5bf642d3c3175c0f09e9ba122265886ec743a9c3d593f15704c1fb3863169bdf7e44f1cb5f6c5a5ae4adacce2ef537b4a29821ed007852ca14de2978d0983c0c4e2c9128b0d3bb501794417ad4ea76cf7abaf6f7ac6240bd28013b36b03d3ca921fe84b2481eb8e1ab35be2e3f4fc3e5305bed7763dd1da5e72cc710f0f9be8ac65e722e1786cfd83555894f8da20f0172a9dad9731308b146a5ed6d6da0cc14e375964af6431d0cac2521f82d536847af3b32570cdc5dc1aaf97ce668fd6cfd398d21672ac1b3f246950b513ef669215c4a442aff1ef76e31a81b74e8748c051c4351b280fe3ab5611d340a1cb928196237757ab7b43c924f2732f743884334f4518aea77d05b3a3dc3370fc2185427851476eee92c48c443b48d03384678b89620475e499077e3576689cb7fd39e12eb3c89087e252f1577ec0ac15feb9b5af51eddac648bd199600549e1c2f57f425751fe342343e13194ad090644c4ed86bca0d88af4fafa78f7ed6c6461042cb9ef48e181d3bccf21ebcfbb5fc764d26dd97a0cc98b99b1c807889d7968126493cee93f454557e3c09715a9936afccf1703334af9bdd10f605ead687fb309287cad1475af5c667bca8b529ac27711171ba66cb5a992fad913cc12000d043c3e743ae5dbe0b67757df3c1322c786ce094d4d59a699581b1c03d0709789d57dfe35ed8429f101def7c49f4e5e15afb0dbd4ce6c8c68be3fef3a5307b58a4dccd65e2af022194a9795ad4e14e60d77fe0b83649e13b07af10503805cb401889a0f586cb7e52298047aa70481b30379dcf94c25b18bc5d0770b240925e7d436253ab2bacbe2aed197edc7b501f5d1910343db389a35c14b7f42eb2b4ecf3b6bdd23a4ca5674be1ef651ff3af325cf8afcd39b0ee11440ee2e07a3df989dea54ff2985060b570d31de63d6a631016e11942ea2c06001e018f0a80b54d8807e8dd1cc39d20a2ae76bfe8e376199d428bcefb24a6b21c6cdce055816f04980ca123af6576793d41986b090b0408322f0f6c2b6f4d2ad03f367765f9d34c562b07995df7bf7283319bc50dc52b9cdee053a9192e1ab73cf10442eeb93e9c1467b7907f88b0ff0c389351bf19a23cffe2e77aaca1fdb4c575cdb0e99ec32597614f3e11f57dda8b902df626f36bbabc1ac7614af1babce7a7610c2c9ebc4389bcfbca1e65b839b3c338a1d194a5b3c1d3b5c896a3f1435a66a7f3cc21b8afc01b7e9e52ac8efaf791eed8443869fa851f771e485c9c511b4be5e86e9a965b4be95a3191fced797e982661d437f8fda69fdc5f05a1e93e3a7cb890367c3dbf022c46380d67604be943523fa224ca86deec5436b6878eaba852fe256778624ce0e452ce9a9a1935cb3aa7a8d2743e6bb99483ee4a8dfc1645d5fb338789848ee0c8b135b5685ee01e2594b5b36e6a2de68cdad38bcd2bf3211e0facbb12b00224d911e530e3ff611232b76bfe976e67493bd9c8023aee7c5aa56841e3fcdac23dcf25ab62f0505b73d1dc432edc60f65210ce2fd3e6cb17442012dfb763fb74335972a644a9cafc5bf8c550897592a225e3b808876b4c81003fa7379476c4210c65af832d7852f365ef10214ea103070f989a5e5788f57036fe41fe297d3d353a9da81814ce281ba444cc2c93dee3b28b828729c653570635dba0961315ca577ae901300b304da8682895376cb2cc5c1c1b3c7a75c1f104a7fdfb476e55d9b67994a92770032df5f68a4263455a2794a9d89320084b882a79da1d88220f6dc7495fe475879aedb28718f2e170f1ed94a4c1e1f320e16e5fff20b49f3569bcf235ce6af79629edcda197def78f322c4e44afa80c0ad7961ccdee120ded6e9b0774ea5e892e78b32bbdf210714de8050cf24c3c511baf1a219aa949413c0129b62159aa2b2792584e49dfe620a5e2ffda5486028cd45f6107ed603ab40ac711a70adc743790386b58b99391675036b3c403f4e05c252a2d186833a0f9bf11c79a685ed6ab54d463810164f467f29438fa5002fff30acf8a0fc30551f8ca50226c6e864da68f7f8d0ac96d7c712bb9c98b2a30b198d3fc74a70f0f1c625924628d789bba8f2704bbe89595d53f80d84f5ed5f1b3f2840d544841dc72b0fedcb6737e030a251cf5c406c3a03bf1c01b0d136626bee91670d9282f3fa9295dadb1efc1ebfaef5b812d57a2526057c300f09adf8904207e24d4961fa0bd4570f17f0c32977d43a7230c61577596e5812bd9559bf7d8a8162b8ff801b82698fbd276e6d4a382f1ba799039462f5ffdb0a72e1043fc2d35f95285796d588ba23355e523b3666c336fd4c07339a5cc394b792f5be2e4a576727fb4c6fe21d574642af9f093299f424c7586a1e94577cfd61f0819ab368ea9911feca7a21343accbee096b53c2a9439cd4cbe6088856da6e5df2474f278fd411dc008d4971a511e8f0dad5f0dab4de1125efda971f316a045c2b712513fa12171c75f2e7d794ffbdbd0e8afc7e09c8c1ac29f88d0e08068fe18e42f5052dd17874fbfae263364e078a7387fc6856c91a63194150c47715dc2a0acd0afd6670b04c86d4559d9acfac9cb6692f89b07523ab1acb20620302a0988528e5c6b8858e2f4d863b74fdb9f5eef323b4806c604303de1611f39a968ae8671ba8b697a3d329d8905afbce95666c9964dfadf3c45fe72027114b501ad45fa329d35c73760a05f18e614cb2b9a7e780a445406dd3ef25aa72b80f93235d6936eb3dd07bbaf26797204b3286b4d0ffd629735562b63cea6d35878834e88fcac85ef2564f7ea2fddcb947423c60a28004fd23c45f200d7d34ba21dad8f5479bb4dec9d037d9093e3e580e3818f07ccbf794d0fbbe4ee67b9e7656dc3e8793f5b85f8cfb7213974bbcecfede06d356b24dfdc943abbc50067fc5685fd56207d0159db7ae0029c58f0b28516d27d03a3eb78368c58c8d756c341c6a2bdd1aa8fcfb8c5be37b348378f45ba7931301df570b042befebd57b533611267666bdd402025949736982d01c2b0d56bb1df8443bd72807a2a6f22400817be3bb539295560778ede4ce71e8337d40c7ce90c10b536bd6c1519f1a9917674803f73133e5803d1c9b1ee984ff7f1eab2bdfa78ef5d4500a8ebfc1363483a1dd50aa2f365bff101926a08b5b08c163da8e122b673e74ee7cc45e89be526370155e137b88dad2dbe7e1c93ad19fc24332dbf74f3c1f408c48086913834f8fdf279d8507ee0f85e5a2cb5fa5506dd322408a9a8809759c610b22353e0ee86232c47455b9753149f99d245918bd995194c9360d70bd52e2a506786b8c114fb469a34882d72b2d66b0dd9662d7a4a9ea5e1cf3ff2a9bd7b786f70b65ab3ce1ac708169b09aa2e26d99010a59c16449774d18755dc56d47478afec2a03c84e5ea5d7cd1cdd0fa224f09e2256d13563fabd5d6187d8b002e4cc037029e59f11d03ff9ea2cad13159917c519c79d62e4ae79da2bd01b02722d8a4f29c087e2d88dd96309fc57632775ceff8c12562955f0d13fcd81e3f96a3f463efc71964ea4229e97526df2d00c6e19dc2d837d494c444f2d16210cc226f5a7620284f9d2af64a34fc426f1aada6552bc918842306ebe6b02b5a2339d8eee5af58f72d15e13bdb09aac9be8317d43dfa536171b4e10cc41c7907b0b65cf536461d618379253acd0bb6a40e02b85907c16fd7af4596508d0d77db617254f624fb81d855b1be204861b5f83187bd908f1613f27d7943889e996f607083f054306a6344b616126ac93cb5784abfcd3e5de542acc2c90213f113afe9f89d0b39dad271a7b2fa88c373c74001f69733fc29d91c1a7dd3dd69115ea631b5ccb0886596a741874e528180f8c31823be842a2431ed65068a4f4ab3eaecebbdbdba6e4f84f69b67188795e088f7b72cb0d5edaa6d51d3958b4d1ec069b043b7a0395332b75f1377526eac2c8df6c99344b1a3ad76113f11d39caa15f65fdbe9fe0f81f660ba88d9ba58898dc400d58a5a94d8feffd5f982891ea39eb697bcf425c18bc3babeb2eb3007457cda7a8c8238902ed11d28e79c5419e77d00e7adf44b21f8e54fc9d8ea33952530b5aafde35082d9dcc7c6e17ea51e914388ec50803bfc5af19b3849318c61a6ba630ec419e6b53a4ece8ebc5c73af63ff9273c2e80812afe4635dad39d419b77d945b31c124ca72e9b768d47f57a4732290ba402b916feb8320e481c6bab58ada93c856cb57af1e2266a00102eb98c9ce996d21de9106ccb422f48da28a7039a830bcbabcb7e00a7731aa64aebe57326bb7a174422cdf21ade16ff02c86a8501d5e0b7b15e8facbcf8354d9eaa59c5549ce4af779bb668a479f121abd3f5b7940459625511c756c70ef22e0eb6f19659d899d1f1521fd893bedc6ee5e6dcb478c13dc77e9f4eca3298692f68680f54b374e3c8b59a5a8eaa4f2457784c74b631c7a4256c8a1f17724ae674dfcf01f7bd65b10cd37bb3e688834bef4f660e0fa9aed51abd397103a5445fdaafd129826c2346abe7a75dceb816c30123682ae7c6fb53682c4a0611971533a0df3cf25a7c4f56fbca4161bef6d6b90bd853d77ecd5d888ecc7e922ff01971362fa0942532349f339dabcacdf8885ab5617155661068311b8e0abcf63b1f6cfb757a49e624c571ab557c7f0badce9d95d5e3781cbfaacb8970c762909fac9fcedc40af0baafc38fc148c6715f6177c4db283c271d4e0de76eb5fee58abc350519a50c890f642c3053e20c8bc4f1678a89f87204faed9440c9d0ea0ea7f78dc05b7aac8b8bb03d57931823481e5b88990a48f42c21d82d17d0cf0b495561b631574a2071605a7c552c54d722e7d8df3741085479ac3fd7319b27cc933d675d2e417d15037fb032a946d19423d3f413f7e9da045715013cc0edf70aa4ad08a953cd67506a2c7d56632acde69947683a2c254188f5555c6ef2530d26eff7b6", 0x1000}}, 0x1006)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r9, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
ioctl$BTRFS_IOC_ADD_DEV(r10, 0x8008b705, 0x0)
r11 = socket$kcm(0x10, 0x2, 0x4)
recvmsg$kcm(r11, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2002)
sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b6080000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.622435943s ago: executing program 3 (id=986):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={<r2=>r1})
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000180)={r1})
r3 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f00000001c0)={r2})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="54000000100003052cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000002002c0012800c0001006d6163766c616e001c0002800800010008000000080003000139"], 0x54}, 0x1, 0x0, 0x0, 0x44800}, 0x0)

4.411052052s ago: executing program 3 (id=988):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x47c301, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x3, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0]})
r3 = inotify_init()
inotify_add_watch(r3, 0x0, 0x44000268)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRESDEC], 0x78)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICE(r7, 0x0, 0x34, 0x0, &(0x7f0000000180))
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000045bf05a5320730edc8310c6ed58b86da", @ANYRES16=0x0, @ANYBLOB="000225bd7000f8ffffff3e000000"], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan1\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

3.348349446s ago: executing program 3 (id=989):
r0 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000940)=<r1=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0x7c80, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0xc7}, @code={0x1, 0x57, {"0f20d835080000000f22d8b9c3020000b8d7804c1eba45e4757a0f302e2e260fc73cc9c4e3195d7771ff0fc76dfd470f01c32ef30fc7b66ba98f17410fc729660f38820e14d4"}}, @cpuid={0x2, 0x18, {0x5, 0xc2}}, @uexit={0x0, 0x18, 0xd4}, @cpuid={0x2, 0x18, {0xfffffffc, 0x81a3}}, @code={0x1, 0x7b, {"f2f30f215f0f20c035080000000f22c066baa100ed3e3664400fc7b8003000000f09c74424002e000000c7442402e6e74f8bff2c2448b812300000000000000f23c80f21f8350c00a0000f23f8b974080000b82dc2571abae7d8bc690f30260f32f3420f019fc4f6b10b"}}, @code={0x1, 0x83, {"48b80a00c0fe000000000f23c00f21f83501000b000f23f8410f01c4c4e30d7c18063e410fc770fb48b879000000000000000f23c80f21f8350000c0000f23f846f6f9650f01c2c744240000000000c744240200300000c7442406000000000f01142466ba4000b000ee650fc72d00000100"}}, @uexit={0x0, 0x18, 0x5c7}], 0x1cd})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x3, 0x0, [{0x22b, 0x0, 0x34}, {0x91c, 0x0, 0xd}, {0xba9, 0x0, 0x2}]})
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000540)=""/102400, 0x19000)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
pread64(r4, 0x0, 0x0, 0x4000000000000f3)
sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x2200000c)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x10121, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x35, &(0x7f0000000100)=0x1e7b, 0x4)

3.199600811s ago: executing program 1 (id=991):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)

3.193488086s ago: executing program 4 (id=992):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x1c, 0x5, 0xd})
setsockopt(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000002c0)="1a00000002", 0x5)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ae0000000090a0500000000000000000005000009380011800b0001006f626a7265660000280002800900020073797a32000000000800034000000008080001400000000608000340000000120900020073797a31000000000900020073797a31000000000c0010400000000000000004080005400000002d080006400000000060"], 0x124}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.079528728s ago: executing program 2 (id=993):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000040)={0x4000000})
io_uring_setup(0x14897, &(0x7f0000000340)={0x0, 0xfcd3, 0x8000, 0x40001, 0xfffffffe})
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r4 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0x0, 0x87}, {0x0, 0x0, 0x5, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x10000000, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x21, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="840000001200050100000000000000"], 0x84}, 0x1, 0x0, 0x0, 0x40}, 0x20040810)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xffffffffffffffff}]}, &(0x7f0000000000)='syzkaller\x00', 0x1}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "410100", 0x48, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "d902b268700bc42a6cc571585bf1f1a7314a3ff9622eb8a2", "c71702b0466d3d54dbfb68403570003a4d4b1c41186582ad307c553d7275af97"}}}}}}}, 0x0)

3.015622689s ago: executing program 1 (id=994):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x64002)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000440)={0x51, @time={0xfffffffb, 0x2}, 0x6, {0xf, 0x6}, 0x6, 0x0, 0x3})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x480000, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004000000060018000010"], 0x4c}}, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "d19a69ead4f3c7313bb6297b196eb4c01cd34ad286832262956ed7e4ba8f591ac5716db779e2768259aa99763adcd94f097d35d44bd64256e7435e49b0756a09", 0x33}, 0x48, r7)
ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000480)=ANY=[@ANYBLOB="050000000000000002"])
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r8, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

1.973828533s ago: executing program 1 (id=996):
r0 = fsopen(&(0x7f0000000140)='tracefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)

1.911409281s ago: executing program 3 (id=997):
syz_usb_connect$uac1(0x0, 0xb1, &(0x7f0000000000)=ANY=[@ANYBLOB="a0"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x20, r2, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x5f3a, 0x4)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc})
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000000101040000000000000900022000002400028014000180f7860100e000000108000200e00000010c0002800500010000000000"], 0x38}}, 0x0)
setns(r6, 0x24020000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r10 = dup(r9)
write$FUSE_BMAP(r10, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r10, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB="2c6e6f78617474722c6331505331c6feae6bafa468652c616e616d653d402c70726976706f72742c63616368657461673d2f6465762f7474795333002c6b"])
umount2(&(0x7f0000000540)='.\x00', 0x2)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r11, 0x0, 0xc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x22)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r11, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x3}, 0x1e)

1.910944436s ago: executing program 4 (id=998):
r0 = fsopen(&(0x7f0000000140)='tracefs\x00', 0x1)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000300)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x10, 0xd, 0x3, 0x8, 0x35aa, 0xfffffffa, 0x6, 0x0, 0x40800}})
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x2202, 0x0)
fchdir(r2)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)

1.819859958s ago: executing program 1 (id=999):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r5], 0x4c}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@local, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r3})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@ipv6_newroute={0x1c, 0x18, 0x111, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)

1.805194705s ago: executing program 0 (id=1000):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x47c301, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x3, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0]})
r3 = inotify_init()
inotify_add_watch(r3, 0x0, 0x44000268)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRESDEC], 0x78)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICE(r7, 0x0, 0x34, 0x0, &(0x7f0000000180))
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000045bf05a5320730edc8310c6ed58b86da", @ANYRES16=0x0, @ANYBLOB="000225bd7000f8ffffff3e000000"], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan1\x00'})

1.747516799s ago: executing program 4 (id=1001):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0x4)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
pipe(&(0x7f00000001c0)={<r6=>0xffffffffffffffff})
splice(r6, 0x0, 0xffffffffffffffff, 0x0, 0x80, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xd, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000080000000000000000000000180900002020702500000000002020207b1af8ff00000000bda004000000000027000000f8ffffffb702000008000000b7030000000004002500f8ff0600000095"], &(0x7f0000000000)='syzkaller\x00', 0x3}, 0x94)

1.593567822s ago: executing program 2 (id=1002):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r1, &(0x7f0000001700)=[{{0x0, 0x0, 0x0}, 0xf}], 0x1, 0x40000004, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000170a0101"], 0x20}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffda3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e0000000040000280060001000000000004000480280003805600010040000000060000000c0001000004000000000000d8fd010006000000090000000600050088a8000008000a00", @ANYRES32=r5, @ANYBLOB="08000500", @ANYRES32=r5], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)

1.589182272s ago: executing program 1 (id=1003):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0xf2c})

293.453265ms ago: executing program 0 (id=1004):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x3000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mount_setattr(0xffffffffffffffff, 0x0, 0x10800, 0x0, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000580)=0xf, 0x4)

291.620131ms ago: executing program 1 (id=1005):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x101)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000140)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, 0xdededede})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00'}, 0x94)
pipe2$9p(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121042, 0x18)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
r6 = fanotify_init(0x81, 0x0)
fanotify_mark(r6, 0x105, 0x40001032, r5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r3}})
splice(r2, 0x0, r4, 0x0, 0x200000000001, 0x0)

291.360764ms ago: executing program 0 (id=1006):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
writev(r0, &(0x7f00000000c0), 0x0)

290.443566ms ago: executing program 2 (id=1007):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/disk', 0x169a82, 0x18c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000044)
timer_create(0x2, &(0x7f0000000040)={0x0, 0x2e, 0x1, @thr={0x0, &(0x7f0000000140)="a3e50e778ede12f92a3622754a72ac4c1e6a1209095b88139e5f99b4c409df1956bcb1dd"}}, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4140aecd, &(0x7f0000000080))
sendfile(r1, r1, 0x0, 0xb)
write$cgroup_pressure(r1, &(0x7f0000000040)={'full', 0x20, 0x8, 0x20, 0x4}, 0x2f)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x0)
setresgid(0xee00, 0xee01, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
accept4$ax25(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r5 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_pidfd_open(r5, 0x0)
pidfd_getfd(r6, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000000100)=""/75, 0x4b}], 0x1)

277.158515ms ago: executing program 0 (id=1008):
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6}) (fail_nth: 2)

25.27403ms ago: executing program 0 (id=1009):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x6, 0x4)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x0, 0xfffffff8}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x1}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x80, 0x8})
mount(&(0x7f0000000100)=@md0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='smb3\x00', 0x8, &(0x7f00000001c0)='$-$:/\f\x00')
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000200)={<r2=>r0, 0xa921, 0x3, 0x8})
setxattr$security_evm(&(0x7f0000000240)='\x00', &(0x7f0000000280), &(0x7f00000002c0)=@v2={0x3, 0x2, 0x13, 0x6, 0xcd, "aa72c0553150b5953e71874e1f4f7f2e87d62df182ca42d40fc45df7bf7f53d4b8eddf24ee643a912e5198604742b86d16dacbfd0bce2fef55d6578aaf149ee94e812cc70e9ab5f340bfaa48b7f0397ce55643fc937cac3b9031e4bcb9b7fa31f3bea42662ca49d751c739f79759a766b71fcaf45e8c21918ffa81c8cd3fa9fc8e1453c6f55b008a2c270960f29ac8bd9f03d4a340d53d6d644fba0556c384b4dfc990a7a2087b85d151c60d555fd0898dfe91f96613c20bce95ae715502190f9a9bb1c62aa4898be6f64786cc"}, 0xd6, 0x3)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000003c0)=@assoc_value={<r3=>0x0}, &(0x7f0000000400)=0x8)
mount_setattr(r2, &(0x7f0000000440)='./file0\x00', 0x1000, &(0x7f0000000480)={0x0, 0x10007d, 0x180000, {r1}}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000004c0)={r3, 0xfffffff6}, 0xc)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000500)={0x1, 0x9}, 0x8)
sendmsg$nl_xfrm(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=@getspdinfo={0x14, 0x25, 0x400, 0x70bd2b, 0x25dfdbfe, 0xfffffffd, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004010)
timer_create(0x1, &(0x7f0000000800)={0x0, 0x30, 0x1, @thr={&(0x7f0000000640)="e37ce4382c59919226f89baa77ed53438bad5e6d3c9b05ce84cbb540c443e73e9bb4cd11e1a7beb8e8cc1b2998e6aa12458cd5d9a0fe06c90f6dcd4dbcc91d338ca1688e896432d22f64a5da4515e033e5f73227733dc40b70018a5092cb589dd707ff5b99d3a6fb53ef1bd15c5b05a5f308cf437d52c9fefe19ad5f6a49065abc90c2284930cf6c443a5a240bca65b8c36df889cb2fca7b94d6b4d793443643adf6422e4e856ec4b751d13c7560028e812c925e247c3acd347e660273e23eb93a8b0faae8665823ccba9a14386a88fda3a033a4e7792f090524fc6e8d2fdfc80c9c3fb3cf36483797527e", &(0x7f0000000740)="4697c653175c50807d74a6c7635142a3e1606cb95b5266cddbb9393307db0986d44a2479f7d0ab2e88591bbf4e02fb9d12b611e28f8101ae11d97232d386bb9788c89c1e644475b4ea2344893993287ef7b7339f441ece3fb3c11198a51c3ea2bee32cce27522fb92eeebeb825ac2ca6ee3f5ced63d24ed241e513ab324ab28b09e7fe6e3106343ff7599d7d87c41876786f2eef0fb7f5d7d19998623e69dc215aff"}}, &(0x7f0000000840)=<r4=>0x0)
clock_gettime(0x0, &(0x7f0000000880)={<r5=>0x0, <r6=>0x0})
timer_settime(r4, 0x1, &(0x7f00000008c0)={{0x0, 0x989680}, {r5, r6+60000000}}, &(0x7f0000000900))
accept4$vsock_stream(r1, &(0x7f0000000940)={0x28, 0x0, 0x2711, @hyper}, 0x10, 0x0)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000980)=0x3, 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000009c0)={0x5, 0x5, 0x8, 0x2, 'syz0\x00', 0x9})
r7 = creat(&(0x7f0000000a00)='./file0\x00', 0x80)
syz_open_dev$sg(&(0x7f0000000a40), 0x1, 0x101040)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000a80)={0x7, "2b57d0af25444dbe6de52441a1e838fb0c9aca3b9daa18fa0c80bd14582ce721", <r8=>0xffffffffffffffff})
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
ioctl$VIDIOC_QBUF(r9, 0xc058560f, &(0x7f0000000b40)=@userptr={0x0, 0xb, 0x4, 0x2, 0x4e3, {0x77359400}, {0x1, 0x1, 0x7f, 0x4, 0x2, 0x6, "b0416998"}, 0x9, 0x2, {&(0x7f0000000b00)}, 0x9, 0x0, r2})
connect$unix(r1, &(0x7f0000000bc0)=@file={0x1, './file0/file0\x00'}, 0x6e)
ppoll(&(0x7f0000000c40)=[{r1}, {r7, 0x6a9}, {r8, 0xa0b2}, {0xffffffffffffffff, 0x410}], 0x4, &(0x7f0000000c80)={0x0, 0x989680}, &(0x7f0000000cc0)={[0xfffffffffffffffd]}, 0x8)
mkdirat(r7, &(0x7f0000000d00)='./file0\x00', 0x84)
r10 = gettid()
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000d40)={'\x00', 0x6, 0x2, 0x48, 0x4, 0x40, r10})
rename(&(0x7f0000000dc0)='./file0/file0\x00', &(0x7f0000000e00)='./file0/file0\x00')

298.375µs ago: executing program 2 (id=1010):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 0 (id=1011):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x40, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

kernel console output (not intermixed with test programs):

ing ep0 maxpacket: 16
[  194.321672][ T5907] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.332545][ T5907] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.347459][ T5907] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.361662][ T5907] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  194.548051][ T6929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.286'.
[  194.925255][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.932248][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.946198][ T5907] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  195.114728][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  195.127949][ T5907] usb 5-1: SerialNumber: syz
[  195.175715][ T5907] cdc_acm 5-1:1.0: skipping garbage
[  195.407650][ T6940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.451877][ T6940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.511598][ T6940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.537648][ T6941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.556283][ T5820] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  195.567291][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: kworker/u9:2 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  195.567312][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.567320][ T5820] Workqueue: hci4 hci_rx_work
[  195.567341][ T5820] Call Trace:
[  195.567347][ T5820]  <TASK>
[  195.567353][ T5820]  dump_stack_lvl+0x189/0x250
[  195.567374][ T5820]  ? kernfs_path_from_node+0x2c/0x260
[  195.567391][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.567408][ T5820]  ? __pfx__printk+0x10/0x10
[  195.567422][ T5820]  ? kernfs_path_from_node+0x2c/0x260
[  195.567437][ T5820]  ? kernfs_path_from_node+0x2c/0x260
[  195.567454][ T5820]  ? kernfs_path_from_node+0x22c/0x260
[  195.567469][ T5820]  ? kernfs_path_from_node+0x2c/0x260
[  195.567487][ T5820]  sysfs_create_dir_ns+0x259/0x280
[  195.567505][ T5820]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  195.567521][ T5820]  ? do_raw_spin_unlock+0x122/0x240
[  195.567538][ T5820]  kobject_add_internal+0x59f/0xb40
[  195.567555][ T5820]  kobject_add+0x155/0x220
[  195.567576][ T5820]  ? __pfx_kobject_add+0x10/0x10
[  195.567594][ T5820]  ? _raw_spin_unlock+0x28/0x50
[  195.567612][ T5820]  ? get_device_parent+0x366/0x3a0
[  195.567626][ T5820]  device_add+0x408/0xb50
[  195.567646][ T5820]  hci_conn_add_sysfs+0xd5/0x1e0
[  195.567664][ T5820]  le_conn_complete_evt+0xc3a/0x1220
[  195.567685][ T5820]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  195.567698][ T5820]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  195.567713][ T5820]  ? __asan_memcpy+0x40/0x70
[  195.567727][ T5820]  ? __pfx___mutex_lock+0x10/0x10
[  195.567744][ T5820]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  195.567760][ T5820]  ? skb_pull_data+0xfb/0x200
[  195.567779][ T5820]  hci_le_conn_complete_evt+0x187/0x450
[  195.567796][ T5820]  hci_event_packet+0x78f/0x1200
[  195.567814][ T5820]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  195.567835][ T5820]  ? __pfx_hci_event_packet+0x10/0x10
[  195.567852][ T5820]  ? kcov_remote_start+0x4d3/0x7f0
[  195.567866][ T5820]  ? warn_bogus_irq_restore+0x30/0x40
[  195.567883][ T5820]  ? hci_send_to_monitor+0xe2/0x570
[  195.567904][ T5820]  hci_rx_work+0x46a/0xe80
[  195.567927][ T5820]  ? process_scheduled_works+0x9ef/0x17b0
[  195.567945][ T5820]  process_scheduled_works+0xade/0x17b0
[  195.567981][ T5820]  ? __pfx_process_scheduled_works+0x10/0x10
[  195.568018][ T5820]  worker_thread+0x8a0/0xda0
[  195.568053][ T5820]  kthread+0x70e/0x8a0
[  195.568067][ T5820]  ? __pfx_worker_thread+0x10/0x10
[  195.568083][ T5820]  ? __pfx_kthread+0x10/0x10
[  195.568097][ T5820]  ? _raw_spin_unlock_irq+0x23/0x50
[  195.568111][ T5820]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.568125][ T5820]  ? __pfx_kthread+0x10/0x10
[  195.568137][ T5820]  ret_from_fork+0x3fc/0x770
[  195.568155][ T5820]  ? __pfx_ret_from_fork+0x10/0x10
[  195.568178][ T5820]  ? __switch_to_asm+0x39/0x70
[  195.568189][ T5820]  ? __switch_to_asm+0x33/0x70
[  195.568199][ T5820]  ? __pfx_kthread+0x10/0x10
[  195.568211][ T5820]  ret_from_fork_asm+0x1a/0x30
[  195.568234][ T5820]  </TASK>
[  195.568274][ T5820] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  195.627060][ T6940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.628958][ T5898] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  195.684051][ T5820] Bluetooth: hci4: failed to register connection device
[  195.708097][ T6941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.900875][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.020108][ T6940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.038862][ T6940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.072510][ T5898] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  196.095243][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.108537][ T5898] usb 4-1: Product: syz
[  196.112981][ T5898] usb 4-1: Manufacturer: syz
[  196.119895][ T5898] usb 4-1: SerialNumber: syz
[  196.161928][ T5898] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  196.198545][ T5907] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  196.415935][   T43] usb 4-1: USB disconnect, device number 3
[  197.008333][   T10] usb 5-1: USB disconnect, device number 9
[  197.331003][ T5907] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  197.339942][ T5907] ath9k_htc: Failed to initialize the device
[  197.374513][   T43] usb 4-1: ath9k_htc: USB layer deinitialized
[  197.970358][ T6969] FAULT_INJECTION: forcing a failure.
[  197.970358][ T6969] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  197.994414][ T6969] CPU: 1 UID: 0 PID: 6969 Comm: syz.0.297 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  197.994445][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  197.994456][ T6969] Call Trace:
[  197.994463][ T6969]  <TASK>
[  197.994472][ T6969]  dump_stack_lvl+0x189/0x250
[  197.994504][ T6969]  ? __pfx____ratelimit+0x10/0x10
[  197.994531][ T6969]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.994558][ T6969]  ? __pfx__printk+0x10/0x10
[  197.994577][ T6969]  ? __might_fault+0xb0/0x130
[  197.994612][ T6969]  should_fail_ex+0x414/0x560
[  197.994732][ T6969]  _copy_from_user+0x2d/0xb0
[  197.994753][ T6969]  futex_parse_waitv+0xf4/0x410
[  197.994769][ T6969]  ? __pfx_futex_wake_mark+0x10/0x10
[  197.994783][ T6969]  ? __pfx_futex_parse_waitv+0x10/0x10
[  197.994797][ T6969]  ? rcu_is_watching+0x15/0xb0
[  197.994813][ T6969]  ? trace_kmalloc+0x1f/0xd0
[  197.994827][ T6969]  ? __se_sys_futex_waitv+0x17d/0x280
[  197.994842][ T6969]  __se_sys_futex_waitv+0x19f/0x280
[  197.994857][ T6969]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[  197.994874][ T6969]  ? __pfx_ksys_write+0x10/0x10
[  197.994886][ T6969]  ? rcu_is_watching+0x15/0xb0
[  197.994905][ T6969]  ? do_syscall_64+0xbe/0x3b0
[  197.994930][ T6969]  ? __x64_sys_futex_waitv+0x20/0xc0
[  197.994945][ T6969]  do_syscall_64+0xfa/0x3b0
[  197.994960][ T6969]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.994976][ T6969]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.994987][ T6969]  ? clear_bhb_loop+0x60/0xb0
[  197.995001][ T6969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.995013][ T6969] RIP: 0033:0x7f97c1d8e929
[  197.995029][ T6969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.995039][ T6969] RSP: 002b:00007f97c2b79038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[  197.995053][ T6969] RAX: ffffffffffffffda RBX: 00007f97c1fb6080 RCX: 00007f97c1d8e929
[  197.995062][ T6969] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000180
[  197.995070][ T6969] RBP: 00007f97c2b79090 R08: 0000000000000001 R09: 0000000000000000
[  197.995077][ T6969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.995083][ T6969] R13: 0000000000000000 R14: 00007f97c1fb6080 R15: 00007fff37a085a8
[  197.995101][ T6969]  </TASK>
[  198.855521][ T6979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.300'.
[  199.709784][ T6986] delete_channel: no stack
[  199.841313][ T6989] FAULT_INJECTION: forcing a failure.
[  199.841313][ T6989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.854848][ T6989] CPU: 0 UID: 0 PID: 6989 Comm: syz.3.303 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  199.854876][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  199.854886][ T6989] Call Trace:
[  199.854893][ T6989]  <TASK>
[  199.854902][ T6989]  dump_stack_lvl+0x189/0x250
[  199.854925][ T6989]  ? __pfx____ratelimit+0x10/0x10
[  199.854942][ T6989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.854959][ T6989]  ? __pfx__printk+0x10/0x10
[  199.854979][ T6989]  should_fail_ex+0x414/0x560
[  199.854996][ T6989]  strncpy_from_user+0x36/0x290
[  199.855011][ T6989]  getname_flags+0xf3/0x540
[  199.855030][ T6989]  do_sys_openat2+0xbc/0x1c0
[  199.855049][ T6989]  ? __pfx_do_sys_openat2+0x10/0x10
[  199.855067][ T6989]  ? ksys_write+0x22a/0x250
[  199.855081][ T6989]  ? __pfx_ksys_write+0x10/0x10
[  199.855096][ T6989]  __x64_sys_openat+0x138/0x170
[  199.855117][ T6989]  do_syscall_64+0xfa/0x3b0
[  199.855134][ T6989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.855145][ T6989]  ? asm_sysvec_call_function_single+0x1a/0x20
[  199.855156][ T6989]  ? clear_bhb_loop+0x60/0xb0
[  199.855170][ T6989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.855181][ T6989] RIP: 0033:0x7f798ef8e929
[  199.855193][ T6989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.855203][ T6989] RSP: 002b:00007f798fe63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  199.855216][ T6989] RAX: ffffffffffffffda RBX: 00007f798f1b6080 RCX: 00007f798ef8e929
[  199.855225][ T6989] RDX: 000000000008417f RSI: 0000200000000140 RDI: ffffffffffffff9c
[  199.855233][ T6989] RBP: 00007f798fe63090 R08: 0000000000000000 R09: 0000000000000000
[  199.855240][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.855247][ T6989] R13: 0000000000000000 R14: 00007f798f1b6080 R15: 00007ffd0d538cb8
[  199.855272][ T6989]  </TASK>
[  201.043304][ T7000] FAULT_INJECTION: forcing a failure.
[  201.043304][ T7000] name failslab, interval 1, probability 0, space 0, times 0
[  201.056438][ T7000] CPU: 0 UID: 0 PID: 7000 Comm: syz.4.305 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  201.056465][ T7000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.056476][ T7000] Call Trace:
[  201.056484][ T7000]  <TASK>
[  201.056493][ T7000]  dump_stack_lvl+0x189/0x250
[  201.056526][ T7000]  ? __pfx____ratelimit+0x10/0x10
[  201.056553][ T7000]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.056581][ T7000]  ? __pfx__printk+0x10/0x10
[  201.056608][ T7000]  ? __pfx___might_resched+0x10/0x10
[  201.056641][ T7000]  should_fail_ex+0x414/0x560
[  201.056668][ T7000]  ? __pfx_proc_alloc_inode+0x10/0x10
[  201.056695][ T7000]  should_failslab+0xa8/0x100
[  201.056720][ T7000]  ? __pfx_proc_alloc_inode+0x10/0x10
[  201.056745][ T7000]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  201.056767][ T7000]  ? proc_alloc_inode+0x2a/0xc0
[  201.056798][ T7000]  ? __pfx_proc_alloc_inode+0x10/0x10
[  201.056824][ T7000]  proc_alloc_inode+0x2a/0xc0
[  201.056851][ T7000]  alloc_inode+0x6a/0x1b0
[  201.056877][ T7000]  new_inode+0x22/0x170
[  201.056907][ T7000]  proc_sys_make_inode+0x4c/0x500
[  201.056925][ T7000]  ? __init_waitqueue_head+0xa9/0x150
[  201.056946][ T7000]  ? d_set_d_op+0x25f/0x380
[  201.056977][ T7000]  proc_sys_fill_cache+0x321/0x410
[  201.057009][ T7000]  ? __pfx_proc_sys_fill_cache+0x10/0x10
[  201.057044][ T7000]  ? _raw_spin_unlock+0x3f/0x50
[  201.057067][ T7000]  ? sysctl_follow_link+0x3bb/0x4a0
[  201.057104][ T7000]  proc_sys_link_fill_cache+0x143/0x1e0
[  201.057130][ T7000]  proc_sys_readdir+0x825/0x9e0
[  201.057160][ T7000]  iterate_dir+0x5af/0x770
[  201.057188][ T7000]  __se_sys_getdents64+0xe4/0x260
[  201.057214][ T7000]  ? __pfx___se_sys_getdents64+0x10/0x10
[  201.057233][ T7000]  ? ksys_write+0x22a/0x250
[  201.057251][ T7000]  ? __pfx_filldir64+0x10/0x10
[  201.057275][ T7000]  ? __pfx_ksys_write+0x10/0x10
[  201.057303][ T7000]  ? do_syscall_64+0xbe/0x3b0
[  201.057334][ T7000]  do_syscall_64+0xfa/0x3b0
[  201.057359][ T7000]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.057383][ T7000]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.057402][ T7000]  ? clear_bhb_loop+0x60/0xb0
[  201.057426][ T7000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.057445][ T7000] RIP: 0033:0x7f6440f8e929
[  201.057462][ T7000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.057478][ T7000] RSP: 002b:00007f6441d84038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  201.057499][ T7000] RAX: ffffffffffffffda RBX: 00007f64411b6160 RCX: 00007f6440f8e929
[  201.057513][ T7000] RDX: 0000000000001000 RSI: 00002000000000c0 RDI: 0000000000000006
[  201.057526][ T7000] RBP: 00007f6441d84090 R08: 0000000000000000 R09: 0000000000000000
[  201.057538][ T7000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.057550][ T7000] R13: 0000000000000000 R14: 00007f64411b6160 R15: 00007ffff100f5c8
[  201.057584][ T7000]  </TASK>
[  201.728662][ T7003] input: syz0 as /devices/virtual/input/input6
[  202.074176][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  202.074198][   T30] audit: type=1800 audit(1751107806.016:72): pid=7004 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.310" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  204.115948][ T7038] netlink: 'syz.0.315': attribute type 1 has an invalid length.
[  204.123743][ T7038] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.315'.
[  205.208336][ T7055] netlink: 'syz.4.322': attribute type 1 has an invalid length.
[  205.217102][ T7055] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.322'.
[  205.521691][ T7059] input: syz0 as /devices/virtual/input/input7
[  207.006893][ T5907] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  207.261356][ T7087] netlink: 24 bytes leftover after parsing attributes in process `syz.0.330'.
[  207.270876][ T7087] netlink: 24 bytes leftover after parsing attributes in process `syz.0.330'.
[  207.794121][ T5907] usb 2-1: Using ep0 maxpacket: 8
[  207.816660][ T5907] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.858729][ T5907] usb 2-1: config 0 has no interfaces?
[  207.882683][ T5907] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  207.903205][ T5907] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  207.915156][ T5907] usb 2-1: Product: syz
[  207.925826][ T5907] usb 2-1: Manufacturer: syz
[  208.076443][ T5907] usb 2-1: SerialNumber: syz
[  208.739319][ T5907] usb 2-1: config 0 descriptor??
[  209.780833][ T7096] delete_channel: no stack
[  209.962917][ T7102] Cannot find set identified by id 0 to match
[  210.175256][ T5898] usb 2-1: USB disconnect, device number 7
[  210.302427][   T30] audit: type=1800 audit(1751107814.246:73): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.339" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  210.804039][ T5898] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  210.845253][ T5891] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  210.976111][ T5898] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  210.987233][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.005317][ T5898] usb 1-1: config 0 descriptor??
[  211.007309][ T5891] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  211.013230][ T5898] cp210x 1-1:0.0: cp210x converter detected
[  211.362200][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.383055][ T5891] usb 4-1: config 0 descriptor??
[  211.617081][ T7129] delete_channel: no stack
[  211.649658][ T5898] usb 1-1: cp210x converter now attached to ttyUSB0
[  212.044956][ T5820] Bluetooth: hci3: command 0x0406 tx timeout
[  212.072677][ T5891] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0
[  212.081898][ T5891] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0
[  212.089540][ T5891] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0
[  212.097231][ T5891] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0
[  212.104751][ T5891] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0
[  212.120454][ T5891] magicmouse 0003:05AC:0269.0004: hidraw0: USB HID v0.04 Device [HID 05ac:0269] on usb-dummy_hcd.3-1/input0
[  212.159981][ T7136] Cannot find set identified by id 0 to match
[  212.241627][ T7132] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  212.431144][ T7116] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  212.542195][ T5907] usb 4-1: USB disconnect, device number 4
[  212.686779][ T7138] fido_id[7138]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  212.822424][ T7149] FAULT_INJECTION: forcing a failure.
[  212.822424][ T7149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.836203][ T7149] CPU: 1 UID: 0 PID: 7149 Comm: syz.1.352 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  212.836230][ T7149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.836241][ T7149] Call Trace:
[  212.836250][ T7149]  <TASK>
[  212.836258][ T7149]  dump_stack_lvl+0x189/0x250
[  212.836291][ T7149]  ? __pfx____ratelimit+0x10/0x10
[  212.836318][ T7149]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.836346][ T7149]  ? __pfx__printk+0x10/0x10
[  212.836367][ T7149]  ? __might_fault+0xb0/0x130
[  212.836404][ T7149]  should_fail_ex+0x414/0x560
[  212.836432][ T7149]  _copy_from_user+0x2d/0xb0
[  212.836461][ T7149]  do_ip6t_set_ctl+0x69f/0xce0
[  212.836494][ T7149]  ? rcu_is_watching+0x15/0xb0
[  212.836522][ T7149]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  212.836569][ T7149]  ? __pfx___mutex_lock+0x10/0x10
[  212.836598][ T7149]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  212.836624][ T7149]  ? smc_setsockopt+0x181/0xab0
[  212.836654][ T7149]  ? __pfx___mutex_lock+0x10/0x10
[  212.836678][ T7149]  ? rcu_read_lock_any_held+0xb3/0x120
[  212.836708][ T7149]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  212.836740][ T7149]  ? vfs_write+0x8d8/0xa90
[  212.836764][ T7149]  nf_setsockopt+0x26f/0x290
[  212.836790][ T7149]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  212.836821][ T7149]  smc_setsockopt+0x22f/0xab0
[  212.836853][ T7149]  ? __pfx_smc_setsockopt+0x10/0x10
[  212.836884][ T7149]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  212.836906][ T7149]  ? __pfx_smc_setsockopt+0x10/0x10
[  212.836933][ T7149]  do_sock_setsockopt+0x257/0x3e0
[  212.836958][ T7149]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  212.836985][ T7149]  ? __fget_files+0x2a/0x420
[  212.837020][ T7149]  __x64_sys_setsockopt+0x18b/0x220
[  212.837049][ T7149]  do_syscall_64+0xfa/0x3b0
[  212.837083][ T7149]  ? lockdep_hardirqs_on+0x9c/0x150
[  212.837108][ T7149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.837127][ T7149]  ? clear_bhb_loop+0x60/0xb0
[  212.837151][ T7149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.837169][ T7149] RIP: 0033:0x7f3f3e38e929
[  212.837189][ T7149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.837204][ T7149] RSP: 002b:00007f3f3f21e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  212.837226][ T7149] RAX: ffffffffffffffda RBX: 00007f3f3e5b6080 RCX: 00007f3f3e38e929
[  212.837240][ T7149] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 000000000000000c
[  212.837252][ T7149] RBP: 00007f3f3f21e090 R08: 0000000000000380 R09: 0000000000000000
[  212.837265][ T7149] R10: 0000200000000fc0 R11: 0000000000000246 R12: 0000000000000001
[  212.837277][ T7149] R13: 0000000000000000 R14: 00007f3f3e5b6080 R15: 00007ffe4fd88d48
[  212.837311][ T7149]  </TASK>
[  214.044367][ T5907] usb 1-1: USB disconnect, device number 9
[  214.680257][ T5907] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  214.887245][ T5907] cp210x 1-1:0.0: device disconnected
[  214.929192][ T7164] delete_channel: no stack
[  215.068693][ T7172] Cannot find set identified by id 0 to match
[  216.046544][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.362'.
[  217.166299][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  217.172972][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[  218.142449][ T7205] delete_channel: no stack
[  218.200559][ T7217] Cannot find set identified by id 0 to match
[  218.326677][ T5898] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  218.484172][ T5898] usb 4-1: Using ep0 maxpacket: 32
[  218.499377][ T5898] usb 4-1: config 0 has an invalid interface number: 153 but max is 0
[  218.518710][ T5898] usb 4-1: config 0 has no interface number 0
[  218.550489][ T5898] usb 4-1: too many endpoints for config 0 interface 153 altsetting 255: 255, using maximum allowed: 30
[  218.641274][ T5898] usb 4-1: config 0 interface 153 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  218.660717][ T5898] usb 4-1: config 0 interface 153 has no altsetting 0
[  218.769356][ T7234] fuse: Bad value for 'user_id'
[  218.774362][ T7234] fuse: Bad value for 'user_id'
[  218.926180][   T43] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  219.457666][ T5898] usb 4-1: New USB device found, idVendor=1199, idProduct=6852, bcdDevice=6c.d5
[  219.467292][ T5898] usb 4-1: New USB device strings: Mfr=208, Product=45, SerialNumber=3
[  219.488669][ T5898] usb 4-1: Product: syz
[  219.529069][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  219.555804][   T43] usb 2-1: config 0 has no interfaces?
[  219.571711][   T43] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  219.608335][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.625514][ T5898] usb 4-1: Manufacturer: syz
[  219.630307][ T5898] usb 4-1: SerialNumber: syz
[  219.638833][ T5898] usb 4-1: config 0 descriptor??
[  219.656074][   T43] usb 2-1: config 0 descriptor??
[  219.746644][ T7236] syz.2.384 uses obsolete (PF_INET,SOCK_PACKET)
[  220.680148][ T7248] overlay: Unknown parameter 'fsuuid'
[  222.297409][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  222.656874][ T7244] delete_channel: no stack
[  222.780159][ T7251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.837335][ T7251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.921615][ T5898] sierra 4-1:0.153: Sierra USB modem converter detected
[  222.955535][ T5898] usb 4-1: USB disconnect, device number 5
[  222.962248][ T5898] sierra 4-1:0.153: device disconnected
[  223.114403][ T1210] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  223.141799][ T7260] Cannot find set identified by id 0 to match
[  223.287120][ T1210] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFE, changing to 0x8E
[  223.325433][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 7012, setting to 64
[  223.431743][ T1210] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  223.447350][ T1210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.467094][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  223.532519][ T1210] usb 1-1: config 0 descriptor??
[  223.711517][ T5891] usb 2-1: USB disconnect, device number 8
[  223.735283][   T43] usb 4-1: Using ep0 maxpacket: 32
[  223.763987][ T1210] ath6kl: Failed to submit usb control message: -71
[  223.781760][   T43] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  223.802454][ T1210] ath6kl: unable to send the bmi data to the device: -71
[  223.826445][   T43] usb 4-1: config 0 has no interface number 0
[  223.832750][   T43] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  223.861814][ T1210] ath6kl: Unable to send get target info: -71
[  223.877813][ T1210] ath6kl: Failed to init ath6kl core: -71
[  223.883773][   T43] usb 4-1: config 0 interface 85 has no altsetting 0
[  223.893145][ T1210] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  223.905534][   T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  223.934407][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.949395][ T1210] usb 1-1: USB disconnect, device number 10
[  223.977700][   T43] usb 4-1: Product: syz
[  223.993672][   T43] usb 4-1: Manufacturer: syz
[  224.011335][   T43] usb 4-1: SerialNumber: syz
[  224.032703][   T43] usb 4-1: config 0 descriptor??
[  225.137099][   T43] appletouch 4-1:0.85: Failed to read mode from device.
[  225.161398][   T43] appletouch 4-1:0.85: probe with driver appletouch failed with error -5
[  225.225194][   T43] usb 4-1: USB disconnect, device number 6
[  225.560578][ T7288] delete_channel: no stack
[  225.658437][ T7294] binfmt_misc: register: failed to install interpreter file ./file0
[  226.034371][ T7298] =======================================================
[  226.034371][ T7298] WARNING: The mand mount option has been deprecated and
[  226.034371][ T7298]          and is ignored by this kernel. Remove the mand
[  226.034371][ T7298]          option from the mount to silence this warning.
[  226.034371][ T7298] =======================================================
[  226.117986][ T7301] mmap: syz.1.401 (7301) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  226.128428][ T7298] ISOFS: Unable to identify CD-ROM format.
[  226.145288][ T7303] FAULT_INJECTION: forcing a failure.
[  226.145288][ T7303] name failslab, interval 1, probability 0, space 0, times 0
[  226.182766][ T7300] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.404'.
[  226.199734][ T7303] CPU: 0 UID: 0 PID: 7303 Comm: syz.3.406 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  226.199764][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  226.199775][ T7303] Call Trace:
[  226.199784][ T7303]  <TASK>
[  226.199793][ T7303]  dump_stack_lvl+0x189/0x250
[  226.199828][ T7303]  ? __pfx____ratelimit+0x10/0x10
[  226.199856][ T7303]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.199884][ T7303]  ? __pfx__printk+0x10/0x10
[  226.199911][ T7303]  ? __pfx___might_resched+0x10/0x10
[  226.199944][ T7303]  should_fail_ex+0x414/0x560
[  226.199972][ T7303]  should_failslab+0xa8/0x100
[  226.200001][ T7303]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  226.200026][ T7303]  ? __alloc_skb+0x112/0x2d0
[  226.200051][ T7303]  __alloc_skb+0x112/0x2d0
[  226.200076][ T7303]  tcp_stream_alloc_skb+0x3d/0x340
[  226.200108][ T7303]  tcp_sendmsg_locked+0x1fa8/0x56f0
[  226.200158][ T7303]  ? __might_fault+0xb0/0x130
[  226.200222][ T7303]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  226.200249][ T7303]  ? __local_bh_enable_ip+0x12d/0x1c0
[  226.200281][ T7303]  ? __local_bh_enable_ip+0x12d/0x1c0
[  226.200323][ T7303]  tcp_sendmsg+0x2f/0x50
[  226.200351][ T7303]  __sock_sendmsg+0x19c/0x270
[  226.200383][ T7303]  __sys_sendto+0x3bd/0x520
[  226.200406][ T7303]  ? __pfx___sys_sendto+0x10/0x10
[  226.200422][ T7303]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  226.200464][ T7303]  ? __fget_files+0x3a0/0x420
[  226.200503][ T7303]  ? ksys_write+0x22a/0x250
[  226.200527][ T7303]  ? __pfx_ksys_write+0x10/0x10
[  226.200546][ T7303]  ? rcu_is_watching+0x15/0xb0
[  226.200581][ T7303]  __x64_sys_sendto+0xde/0x100
[  226.200605][ T7303]  do_syscall_64+0xfa/0x3b0
[  226.200632][ T7303]  ? lockdep_hardirqs_on+0x9c/0x150
[  226.200658][ T7303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.200687][ T7303]  ? clear_bhb_loop+0x60/0xb0
[  226.200712][ T7303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.200730][ T7303] RIP: 0033:0x7f798ef8e929
[  226.200749][ T7303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.200766][ T7303] RSP: 002b:00007f798fe84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  226.200788][ T7303] RAX: ffffffffffffffda RBX: 00007f798f1b5fa0 RCX: 00007f798ef8e929
[  226.200802][ T7303] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  226.200814][ T7303] RBP: 00007f798fe84090 R08: 0000000000000000 R09: 0000000000000000
[  226.200826][ T7303] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000001
[  226.200838][ T7303] R13: 0000000000000000 R14: 00007f798f1b5fa0 R15: 00007ffd0d538cb8
[  226.200871][ T7303]  </TASK>
[  226.463410][    C0] vkms_vblank_simulate: vblank timer overrun
[  227.480292][   T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  227.690657][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  227.941971][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  227.964062][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.972157][   T10] usb 5-1: Product: syz
[  227.982395][   T10] usb 5-1: Manufacturer: syz
[  227.987180][   T10] usb 5-1: SerialNumber: syz
[  228.070054][ T7336] netlink: 'syz.2.417': attribute type 1 has an invalid length.
[  228.077926][ T7336] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.417'.
[  229.017104][ T7340] netlink: 14528 bytes leftover after parsing attributes in process `syz.2.421'.
[  229.390178][ T7342] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.420'.
[  233.514091][   T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  233.563368][ T7364] netlink: 24 bytes leftover after parsing attributes in process `syz.2.427'.
[  233.572769][ T7364] netlink: 24 bytes leftover after parsing attributes in process `syz.2.427'.
[  234.233017][ T7367] netlink: 'syz.0.426': attribute type 10 has an invalid length.
[  234.269415][ T7367] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.374607][   T43] usb 1-1: Using ep0 maxpacket: 16
[  234.405334][ T7367] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  234.567874][   T43] usb 1-1: unable to get BOS descriptor or descriptor too short
[  234.761052][   T43] usb 1-1: config 108 has an invalid interface number: 14 but max is 0
[  234.890722][   T43] usb 1-1: config 108 has no interface number 0
[  234.979469][   T43] usb 1-1: config 108 interface 14 altsetting 6 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  235.146603][   T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  235.177316][   T43] usb 1-1: config 108 interface 14 has no altsetting 0
[  236.251293][ T7371] ipvlan2: entered promiscuous mode
[  236.506376][   T10] usb 5-1: USB disconnect, device number 10
[  236.524944][   T10] usblp0: removed
[  236.535881][ T7371] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  236.556572][ T7371] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  236.639913][ T7379] netlink: 'syz.2.430': attribute type 1 has an invalid length.
[  236.647933][ T7379] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.430'.
[  237.302866][ T7381] openvswitch: netlink: VXLAN extension message has 8 unknown bytes.
[  237.307693][ T5818] udevd[5818]: setting owner of /dev/bus/usb/005/010 to uid=0, gid=7 failed: No such file or directory
[  237.343302][ T7378] FAULT_INJECTION: forcing a failure.
[  237.343302][ T7378] name failslab, interval 1, probability 0, space 0, times 0
[  237.402301][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.1.431 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  237.402331][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  237.402341][ T7378] Call Trace:
[  237.402349][ T7378]  <TASK>
[  237.402359][ T7378]  dump_stack_lvl+0x189/0x250
[  237.402393][ T7378]  ? __pfx____ratelimit+0x10/0x10
[  237.402418][ T7378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.402442][ T7378]  ? __pfx__printk+0x10/0x10
[  237.402457][ T7378]  ? __pfx___might_resched+0x10/0x10
[  237.402484][ T7378]  should_fail_ex+0x414/0x560
[  237.402508][ T7378]  should_failslab+0xa8/0x100
[  237.402544][ T7378]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  237.402567][ T7378]  ? __alloc_skb+0x112/0x2d0
[  237.402590][ T7378]  __alloc_skb+0x112/0x2d0
[  237.402606][ T7378]  netlink_sendmsg+0x5c6/0xb30
[  237.402625][ T7378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.402643][ T7378]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  237.402664][ T7378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.402686][ T7378]  __sock_sendmsg+0x21c/0x270
[  237.402720][ T7378]  ____sys_sendmsg+0x505/0x830
[  237.402747][ T7378]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.402770][ T7378]  ? import_iovec+0x74/0xa0
[  237.402790][ T7378]  ___sys_sendmsg+0x21f/0x2a0
[  237.402808][ T7378]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.402870][ T7378]  ? __fget_files+0x2a/0x420
[  237.402892][ T7378]  ? __fget_files+0x3a0/0x420
[  237.402916][ T7378]  __x64_sys_sendmsg+0x19b/0x260
[  237.402931][ T7378]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  237.402951][ T7378]  ? __pfx_ksys_write+0x10/0x10
[  237.402967][ T7378]  ? rcu_is_watching+0x15/0xb0
[  237.402999][ T7378]  ? do_syscall_64+0xbe/0x3b0
[  237.403028][ T7378]  do_syscall_64+0xfa/0x3b0
[  237.403052][ T7378]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.403068][ T7378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.403080][ T7378]  ? clear_bhb_loop+0x60/0xb0
[  237.403094][ T7378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.403105][ T7378] RIP: 0033:0x7f3f3e38e929
[  237.403121][ T7378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.403137][ T7378] RSP: 002b:00007f3f3f23f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.403158][ T7378] RAX: ffffffffffffffda RBX: 00007f3f3e5b5fa0 RCX: 00007f3f3e38e929
[  237.403172][ T7378] RDX: 0000000004000000 RSI: 0000200000000000 RDI: 0000000000000004
[  237.403183][ T7378] RBP: 00007f3f3f23f090 R08: 0000000000000000 R09: 0000000000000000
[  237.403194][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.403205][ T7378] R13: 0000000000000000 R14: 00007f3f3e5b5fa0 R15: 00007ffe4fd88d48
[  237.403224][ T7378]  </TASK>
[  237.817448][   T43] usb 1-1: string descriptor 0 read error: -71
[  237.850685][   T43] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=d8.65
[  237.914027][ T1210] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  237.946473][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.974160][ T7371] syz.4.429 (7371) used greatest stack depth: 19712 bytes left
[  238.054225][   T43] usb 1-1: can't set config #108, error -71
[  238.076400][ T1210] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  238.097118][ T1210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.110027][   T43] usb 1-1: USB disconnect, device number 11
[  238.141390][ T1210] usb 2-1: Product: syz
[  238.150255][ T1210] usb 2-1: Manufacturer: syz
[  238.165035][ T1210] usb 2-1: SerialNumber: syz
[  238.175108][ T7389] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  238.228132][ T7387] FAULT_INJECTION: forcing a failure.
[  238.228132][ T7387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.251538][ T7387] CPU: 0 UID: 0 PID: 7387 Comm: syz.3.435 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  238.251569][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  238.251580][ T7387] Call Trace:
[  238.251589][ T7387]  <TASK>
[  238.251598][ T7387]  dump_stack_lvl+0x189/0x250
[  238.251632][ T7387]  ? __pfx____ratelimit+0x10/0x10
[  238.251660][ T7387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.251688][ T7387]  ? __pfx__printk+0x10/0x10
[  238.251709][ T7387]  ? __might_fault+0xb0/0x130
[  238.251746][ T7387]  should_fail_ex+0x414/0x560
[  238.251784][ T7387]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  238.251821][ T7387]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  238.251851][ T7387]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  238.251892][ T7387]  ? __lock_acquire+0xab9/0xd20
[  238.251926][ T7387]  ? fpu__alloc_mathframe+0xad/0x130
[  238.251952][ T7387]  get_sigframe+0x58d/0x7d0
[  238.251982][ T7387]  ? __pfx_get_sigframe+0x10/0x10
[  238.252021][ T7387]  x64_setup_rt_frame+0x15c/0xd40
[  238.252051][ T7387]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.252080][ T7387]  ? _raw_spin_unlock_irq+0x2e/0x50
[  238.252103][ T7387]  ? get_signal+0x1122/0x1310
[  238.252139][ T7387]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  238.252175][ T7387]  arch_do_signal_or_restart+0x3dc/0x750
[  238.252207][ T7387]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  238.252249][ T7387]  ? exit_to_user_mode_loop+0x40/0x110
[  238.252281][ T7387]  exit_to_user_mode_loop+0x75/0x110
[  238.252307][ T7387]  do_syscall_64+0x2bd/0x3b0
[  238.252334][ T7387]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.252359][ T7387]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.252378][ T7387]  ? clear_bhb_loop+0x60/0xb0
[  238.252403][ T7387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.252422][ T7387] RIP: 0033:0x7f798ef8e927
[  238.252440][ T7387] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  238.252456][ T7387] RSP: 002b:00007f798fe84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  238.252478][ T7387] RAX: 0000000000000049 RBX: 00007f798f1b5fa0 RCX: 00007f798ef8e929
[  238.252491][ T7387] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000004
[  238.252503][ T7387] RBP: 00007f798fe84090 R08: 0000000000000000 R09: 0000000000000000
[  238.252515][ T7387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.252526][ T7387] R13: 0000000000000000 R14: 00007f798f1b5fa0 R15: 00007ffd0d538cb8
[  238.252558][ T7387]  </TASK>
[  238.384227][ T1210] usb 2-1: config 0 descriptor??
[  238.577635][ T7393] netlink: 20 bytes leftover after parsing attributes in process `syz.0.433'.
[  238.578751][ T1210] gspca_main: sunplus-2.14.0 probing 055f:c230
[  238.954213][   T43] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  239.126422][   T43] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  239.154155][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.203504][   T43] usb 5-1: config 0 descriptor??
[  239.275325][ T1210] gspca_sunplus: reg_r err -110
[  239.280807][ T1210] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[  239.296111][ T1612] usb 4-1: new low-speed USB device number 7 using dummy_hcd
[  239.460298][ T1612] usb 4-1: config 0 interface 0 has no altsetting 0
[  239.500536][ T7406] netlink: 24 bytes leftover after parsing attributes in process `syz.2.440'.
[  239.509598][ T7406] netlink: 24 bytes leftover after parsing attributes in process `syz.2.440'.
[  239.561162][ T1612] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  239.666757][ T1612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.846517][ T1612] usb 4-1: config 0 descriptor??
[  240.110340][ T7407] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  240.165141][   T43] magicmouse 0003:05AC:0269.0005: unknown main item tag 0x0
[  240.306375][   T43] magicmouse 0003:05AC:0269.0005: unknown main item tag 0x0
[  240.314633][   T43] magicmouse 0003:05AC:0269.0005: unknown main item tag 0x0
[  240.321999][   T43] magicmouse 0003:05AC:0269.0005: unknown main item tag 0x0
[  240.331289][   T43] magicmouse 0003:05AC:0269.0005: unknown main item tag 0x0
[  240.347644][   T43] magicmouse 0003:05AC:0269.0005: hidraw0: USB HID v0.04 Device [HID 05ac:0269] on usb-dummy_hcd.4-1/input0
[  240.376818][ T5907] usb 2-1: USB disconnect, device number 9
[  240.417223][ T5898] usb 5-1: USB disconnect, device number 11
[  240.679727][ T7410] fido_id[7410]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  240.769654][ T1612] usbhid 4-1:0.0: can't add hid device: -71
[  240.784156][ T1612] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  240.866606][ T7419] netlink: 'syz.2.442': attribute type 1 has an invalid length.
[  240.874489][ T7419] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.442'.
[  241.190236][ T1612] usb 4-1: USB disconnect, device number 7
[  243.264247][ T7435] delete_channel: no stack
[  243.313074][ T7433] delete_channel: no stack
[  243.702562][ T7452] netlink: 24 bytes leftover after parsing attributes in process `syz.2.452'.
[  243.711747][ T7452] netlink: 24 bytes leftover after parsing attributes in process `syz.2.452'.
[  244.275721][ T1210] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  244.450027][ T7457] IPVS: set_ctl: invalid protocol: 44 172.30.1.1:20004
[  244.478016][ T1210] usb 2-1: Using ep0 maxpacket: 16
[  244.512658][ T1210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.580382][ T1210] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  244.625530][ T1210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.684889][ T1210] usb 2-1: config 0 descriptor??
[  245.341516][ T1210] apple 0003:05AC:024B.0006: fixing up MacBook JIS keyboard report descriptor
[  245.728172][ T1612] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  245.812429][ T1210] apple 0003:05AC:024B.0006: item fetching failed at offset 2/69
[  245.824091][ T1210] apple 0003:05AC:024B.0006: parse failed
[  245.831238][ T1210] apple 0003:05AC:024B.0006: probe with driver apple failed with error -22
[  245.996660][ T1612] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  246.094958][ T1612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.157378][ T1612] usb 4-1: config 0 descriptor??
[  246.288639][ T1210] usb 2-1: USB disconnect, device number 10
[  246.830094][ T7460] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  246.844321][ T1612] magicmouse 0003:05AC:0269.0007: unknown main item tag 0x0
[  246.855457][ T1612] magicmouse 0003:05AC:0269.0007: unknown main item tag 0x0
[  246.869471][ T1612] magicmouse 0003:05AC:0269.0007: unknown main item tag 0x0
[  246.912398][ T1612] magicmouse 0003:05AC:0269.0007: unknown main item tag 0x0
[  246.942787][ T1612] magicmouse 0003:05AC:0269.0007: unknown main item tag 0x0
[  247.001349][ T1612] magicmouse 0003:05AC:0269.0007: hidraw0: USB HID v0.04 Device [HID 05ac:0269] on usb-dummy_hcd.3-1/input0
[  247.128267][ T1612] usb 4-1: USB disconnect, device number 8
[  247.323546][ T7473] fido_id[7473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  247.354863][ T7481] netlink: 'syz.0.460': attribute type 10 has an invalid length.
[  247.376732][ T7481] macvlan0: entered allmulticast mode
[  248.289976][ T7481] veth1_vlan: entered allmulticast mode
[  248.351343][ T7481] team0: Port device macvlan0 added
[  248.487344][ T7486] veth0_macvtap: left promiscuous mode
[  248.738633][ T7491] process 'syz.1.464' launched '/dev/fd/3' with NULL argv: empty string added
[  249.115258][ T7496] netlink: 24 bytes leftover after parsing attributes in process `syz.0.465'.
[  249.124298][ T7496] netlink: 24 bytes leftover after parsing attributes in process `syz.0.465'.
[  249.752351][ T7501] pim6reg: entered allmulticast mode
[  249.776996][ T7500] pim6reg: left allmulticast mode
[  249.781887][ T7509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.472'.
[  250.625437][ T7513] delete_channel: no stack
[  250.636594][ T7509] dummy0: entered promiscuous mode
[  250.656534][ T7509] macvtap1: entered promiscuous mode
[  250.662192][ T7509] macvtap1: entered allmulticast mode
[  250.673590][ T7509] dummy0: entered allmulticast mode
[  251.360935][ T7530] netlink: 'syz.2.478': attribute type 1 has an invalid length.
[  251.368860][ T7530] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.478'.
[  255.512229][ T7558] delete_channel: no stack
[  256.054964][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  256.063537][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  256.189897][ T1210] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  256.368121][ T7578] netlink: 'syz.0.489': attribute type 1 has an invalid length.
[  256.376062][ T7578] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.489'.
[  257.085854][ T1210] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.106052][ T1210] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  257.115419][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.138552][ T1210] usb 4-1: Product: syz
[  257.143420][ T1210] usb 4-1: Manufacturer: syz
[  257.152621][ T1210] usb 4-1: SerialNumber: syz
[  257.381431][ T7585] FAULT_INJECTION: forcing a failure.
[  257.381431][ T7585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.395255][ T7585] CPU: 0 UID: 0 PID: 7585 Comm: syz.0.492 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  257.395283][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.395307][ T7585] Call Trace:
[  257.395315][ T7585]  <TASK>
[  257.395324][ T7585]  dump_stack_lvl+0x189/0x250
[  257.395355][ T7585]  ? __pfx____ratelimit+0x10/0x10
[  257.395379][ T7585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.395396][ T7585]  ? __pfx__printk+0x10/0x10
[  257.395416][ T7585]  ? __might_fault+0xb0/0x130
[  257.395453][ T7585]  should_fail_ex+0x414/0x560
[  257.395481][ T7585]  _copy_from_iter+0x1db/0x16f0
[  257.395505][ T7585]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[  257.395528][ T7585]  ? __pfx__copy_from_iter+0x10/0x10
[  257.395546][ T7585]  ? policy_nodemask+0x27c/0x720
[  257.395573][ T7585]  ? page_copy_sane+0x4e/0x280
[  257.395600][ T7585]  copy_page_from_iter+0xdd/0x170
[  257.395630][ T7585]  anon_pipe_write+0x99a/0x1360
[  257.395670][ T7585]  ? __pfx_anon_pipe_write+0x10/0x10
[  257.395684][ T7585]  ? rcu_read_lock_any_held+0xb3/0x120
[  257.395702][ T7585]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  257.395727][ T7585]  ? bpf_lsm_file_permission+0x9/0x20
[  257.395750][ T7585]  ? security_file_permission+0x75/0x290
[  257.395783][ T7585]  vfs_write+0x54b/0xa90
[  257.395809][ T7585]  ? __pfx_anon_pipe_write+0x10/0x10
[  257.395825][ T7585]  ? __pfx_vfs_write+0x10/0x10
[  257.395845][ T7585]  ? __fget_files+0x2a/0x420
[  257.395868][ T7585]  ksys_write+0x145/0x250
[  257.395891][ T7585]  ? __pfx_ksys_write+0x10/0x10
[  257.395909][ T7585]  ? rcu_is_watching+0x15/0xb0
[  257.395940][ T7585]  ? do_syscall_64+0xbe/0x3b0
[  257.395968][ T7585]  do_syscall_64+0xfa/0x3b0
[  257.395985][ T7585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.395995][ T7585]  ? asm_sysvec_call_function_single+0x1a/0x20
[  257.396006][ T7585]  ? clear_bhb_loop+0x60/0xb0
[  257.396022][ T7585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.396039][ T7585] RIP: 0033:0x7f97c1d8e929
[  257.396057][ T7585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.396073][ T7585] RSP: 002b:00007f97c2b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.396093][ T7585] RAX: ffffffffffffffda RBX: 00007f97c1fb6160 RCX: 00007f97c1d8e929
[  257.396106][ T7585] RDX: 0000000000011000 RSI: 0000200000000340 RDI: 0000000000000005
[  257.396118][ T7585] RBP: 00007f97c2b58090 R08: 0000000000000000 R09: 0000000000000000
[  257.396125][ T7585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.396132][ T7585] R13: 0000000000000000 R14: 00007f97c1fb6160 R15: 00007fff37a085a8
[  257.396151][ T7585]  </TASK>
[  258.222308][ T7593] netlink: 'syz.1.494': attribute type 16 has an invalid length.
[  258.233165][ T7593] netlink: 'syz.1.494': attribute type 3 has an invalid length.
[  258.259546][ T7593] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.494'.
[  258.272461][ T7595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.496'.
[  258.649298][ T7598] netlink: 24 bytes leftover after parsing attributes in process `syz.4.493'.
[  258.658774][ T7598] netlink: 24 bytes leftover after parsing attributes in process `syz.4.493'.
[  259.196254][ T7599] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present
[  260.335358][ T1210] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  260.342379][ T1210] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  260.402758][ T1210] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  260.411382][ T1210] cdc_ncm 4-1:1.0: setting tx_max = 184
[  260.451474][ T1210] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  260.569764][ T7611] FAULT_INJECTION: forcing a failure.
[  260.569764][ T7611] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.602523][ T7611] CPU: 1 UID: 0 PID: 7611 Comm: syz.0.501 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  260.602552][ T7611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.602564][ T7611] Call Trace:
[  260.602573][ T7611]  <TASK>
[  260.602581][ T7611]  dump_stack_lvl+0x189/0x250
[  260.602614][ T7611]  ? __pfx____ratelimit+0x10/0x10
[  260.602641][ T7611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.602668][ T7611]  ? __pfx__printk+0x10/0x10
[  260.602688][ T7611]  ? __might_fault+0xb0/0x130
[  260.602723][ T7611]  should_fail_ex+0x414/0x560
[  260.602753][ T7611]  _copy_from_iter+0x1db/0x16f0
[  260.602791][ T7611]  ? policy_nodemask+0x27c/0x720
[  260.602814][ T7611]  ? __pfx__copy_from_iter+0x10/0x10
[  260.602848][ T7611]  ? set_page_refcounted+0xa0/0x1e0
[  260.602872][ T7611]  ? page_copy_sane+0x4e/0x280
[  260.602899][ T7611]  copy_page_from_iter+0xdd/0x170
[  260.602928][ T7611]  tun_get_user+0x1c4d/0x3ce0
[  260.602955][ T7611]  ? tun_get_user+0x693/0x3ce0
[  260.602995][ T7611]  ? __pfx_tun_get_user+0x10/0x10
[  260.603027][ T7611]  ? __lock_acquire+0xab9/0xd20
[  260.603058][ T7611]  ? ref_tracker_alloc+0x318/0x460
[  260.603081][ T7611]  ? __lock_acquire+0xab9/0xd20
[  260.603108][ T7611]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  260.603138][ T7611]  ? tun_get+0x1c/0x2f0
[  260.603170][ T7611]  ? tun_get+0x1c/0x2f0
[  260.603195][ T7611]  ? tun_get+0x1c/0x2f0
[  260.603226][ T7611]  tun_chr_write_iter+0x113/0x200
[  260.603256][ T7611]  vfs_write+0x54b/0xa90
[  260.603285][ T7611]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  260.603321][ T7611]  ? __pfx_vfs_write+0x10/0x10
[  260.603355][ T7611]  ? __fget_files+0x2a/0x420
[  260.603391][ T7611]  ksys_write+0x145/0x250
[  260.603416][ T7611]  ? __pfx_ksys_write+0x10/0x10
[  260.603445][ T7611]  ? do_syscall_64+0xbe/0x3b0
[  260.603477][ T7611]  do_syscall_64+0xfa/0x3b0
[  260.603503][ T7611]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.603529][ T7611]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.603548][ T7611]  ? clear_bhb_loop+0x60/0xb0
[  260.603573][ T7611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.603591][ T7611] RIP: 0033:0x7f97c1d8d3df
[  260.603610][ T7611] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  260.603628][ T7611] RSP: 002b:00007f97c2b9a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  260.603651][ T7611] RAX: ffffffffffffffda RBX: 00007f97c1fb5fa0 RCX: 00007f97c1d8d3df
[  260.603666][ T7611] RDX: 000000000000003a RSI: 0000200000000580 RDI: 00000000000000c8
[  260.603679][ T7611] RBP: 00007f97c2b9a090 R08: 0000000000000000 R09: 0000000000000000
[  260.603692][ T7611] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[  260.603705][ T7611] R13: 0000000000000001 R14: 00007f97c1fb5fa0 R15: 00007fff37a085a8
[  260.603738][ T7611]  </TASK>
[  260.878724][    C1] vkms_vblank_simulate: vblank timer overrun
[  261.248666][ T5907] usb 4-1: USB disconnect, device number 9
[  261.278150][ T1612] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  261.307712][ T5907] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[  261.467990][ T1612] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  261.519681][ T1612] usb 5-1: config 0 has no interface number 0
[  261.553131][ T1612] usb 5-1: config 0 interface 51 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  261.581649][ T1612] usb 5-1: New USB device found, idVendor=12d1, idProduct=8869, bcdDevice=3b.15
[  261.595885][ T7628] netlink: 12 bytes leftover after parsing attributes in process `syz.0.504'.
[  261.619168][ T1612] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.646410][ T7624] netlink: 12 bytes leftover after parsing attributes in process `syz.0.504'.
[  261.655722][ T1612] usb 5-1: Product: syz
[  261.664042][ T1612] usb 5-1: Manufacturer: syz
[  261.673073][ T1612] usb 5-1: SerialNumber: syz
[  261.687394][ T7624] netlink: 36 bytes leftover after parsing attributes in process `syz.0.504'.
[  261.748370][ T7624] bridge0: port 3(vlan1) entered blocking state
[  261.763202][ T7624] bridge0: port 3(vlan1) entered disabled state
[  261.785467][ T1612] usb 5-1: config 0 descriptor??
[  261.802710][ T7624] vlan1: entered allmulticast mode
[  262.687227][ T1612] huawei_cdc_ncm 5-1:0.51: CDC Union missing and no IAD found
[  262.713851][ T1612] huawei_cdc_ncm 5-1:0.51: bind() failure
[  262.771739][ T7624] bridge0: entered allmulticast mode
[  262.918052][ T7624] vlan1: left allmulticast mode
[  262.951124][ T7624] bridge0: left allmulticast mode
[  262.982828][ T1612] usb 5-1: USB disconnect, device number 12
[  263.781218][ T7645] delete_channel: no stack
[  264.741788][ T7663] bridge0: port 3(gretap0) entered blocking state
[  264.773857][ T7663] bridge0: port 3(gretap0) entered disabled state
[  264.780830][ T7663] gretap0: entered allmulticast mode
[  264.818083][ T7663] gretap0: entered promiscuous mode
[  264.836075][ T7663] bridge0: port 3(gretap0) entered blocking state
[  264.843687][ T7663] bridge0: port 3(gretap0) entered forwarding state
[  264.882733][ T7670] gretap0: left allmulticast mode
[  264.918785][ T7670] gretap0: left promiscuous mode
[  264.935554][ T7670] bridge0: port 3(gretap0) entered disabled state
[  265.087534][ T7675] syz.0.516: attempt to access beyond end of device
[  265.087534][ T7675] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  265.101043][ T7675] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  265.674238][ T5898] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  265.856617][ T5898] usb 1-1: Using ep0 maxpacket: 8
[  265.875937][ T5898] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  265.894054][ T5898] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  265.905110][ T5898] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  265.915410][ T5898] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  265.944084][ T5898] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  266.014001][ T5898] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  266.040006][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.072646][ T5898] usbtmc 1-1:16.0: bulk endpoints not found
[  266.396890][ T7691] usb usb8: usbfs: process 7691 (syz.1.520) did not claim interface 0 before use
[  266.454226][ T5898] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  266.581003][ T7699] delete_channel: no stack
[  266.614875][ T5898] usb 4-1: too many configurations: 151, using maximum allowed: 8
[  266.647183][ T5898] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  266.660908][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  266.674823][ T5898] usb 4-1: Product: syz
[  266.679663][ T5898] usb 4-1: Manufacturer: syz
[  266.689994][ T5898] usb 4-1: SerialNumber: syz
[  266.699093][ T5898] usb 4-1: config 0 descriptor??
[  266.950250][ T7684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.961575][ T7684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.743417][ T5891] usb 1-1: USB disconnect, device number 12
[  269.171196][ T7739] FAULT_INJECTION: forcing a failure.
[  269.171196][ T7739] name failslab, interval 1, probability 0, space 0, times 0
[  269.184449][ T7739] CPU: 1 UID: 0 PID: 7739 Comm: syz.4.532 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  269.184476][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  269.184495][ T7739] Call Trace:
[  269.184503][ T7739]  <TASK>
[  269.184512][ T7739]  dump_stack_lvl+0x189/0x250
[  269.184546][ T7739]  ? __pfx____ratelimit+0x10/0x10
[  269.184574][ T7739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.184602][ T7739]  ? __pfx__printk+0x10/0x10
[  269.184630][ T7739]  ? __pfx___might_resched+0x10/0x10
[  269.184656][ T7739]  ? fs_reclaim_acquire+0x7d/0x100
[  269.184689][ T7739]  should_fail_ex+0x414/0x560
[  269.184719][ T7739]  should_failslab+0xa8/0x100
[  269.184747][ T7739]  __kmalloc_noprof+0xcb/0x4f0
[  269.184768][ T7739]  ? drm_atomic_state_init+0x9c/0x310
[  269.184802][ T7739]  drm_atomic_state_init+0x9c/0x310
[  269.184834][ T7739]  drm_atomic_state_alloc+0xbc/0x100
[  269.184864][ T7739]  drm_client_modeset_commit_atomic+0xe2/0x760
[  269.184894][ T7739]  ? rcu_is_watching+0x15/0xb0
[  269.184926][ T7739]  ? __mutex_lock+0x330/0xe80
[  269.184954][ T7739]  ? __mutex_lock+0x330/0xe80
[  269.184981][ T7739]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  269.185005][ T7739]  ? trace_contention_end+0x39/0x120
[  269.185066][ T7739]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  269.185100][ T7739]  drm_client_modeset_commit+0x4a/0x70
[  269.185126][ T7739]  drm_fb_helper_lastclose+0xa4/0x1c0
[  269.185152][ T7739]  drm_fbdev_client_restore+0x34/0x40
[  269.185179][ T7739]  drm_client_dev_restore+0x139/0x270
[  269.185212][ T7739]  drm_release+0x318/0x3f0
[  269.185241][ T7739]  ? __pfx_drm_release+0x10/0x10
[  269.185262][ T7739]  __fput+0x449/0xa70
[  269.185307][ T7739]  task_work_run+0x1d1/0x260
[  269.185333][ T7739]  ? __pfx_task_work_run+0x10/0x10
[  269.185362][ T7739]  ? exit_to_user_mode_loop+0x40/0x110
[  269.185393][ T7739]  exit_to_user_mode_loop+0xec/0x110
[  269.185418][ T7739]  do_syscall_64+0x2bd/0x3b0
[  269.185448][ T7739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.185466][ T7739]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  269.185491][ T7739]  ? clear_bhb_loop+0x60/0xb0
[  269.185517][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.185535][ T7739] RIP: 0033:0x7f6440f8e929
[  269.185554][ T7739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.185570][ T7739] RSP: 002b:00007f6441d84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
[  269.185591][ T7739] RAX: 0000000000000003 RBX: 00007f64411b6160 RCX: 00007f6440f8e929
[  269.185604][ T7739] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  269.185615][ T7739] RBP: 00007f6441d84090 R08: 0000000000000000 R09: 0000000000000000
[  269.185626][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.185637][ T7739] R13: 0000000000000000 R14: 00007f64411b6160 R15: 00007ffff100f5c8
[  269.185672][ T7739]  </TASK>
[  269.674846][ T5898] usb 4-1: bad CDC descriptors
[  269.715064][ T5898] usb 4-1: USB disconnect, device number 10
[  269.919926][   T30] audit: type=1326 audit(1751107873.876:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7743 comm="syz.3.536" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f798ef8e929 code=0x0
[  270.277316][ T7746] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  270.284478][ T7746] [U] J"—e:ÀÆ"


[  270.959232][ T7752] netlink: 14528 bytes leftover after parsing attributes in process `syz.4.538'.
[  271.094000][   T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  271.322851][   T10] usb 1-1: Using ep0 maxpacket: 8
[  271.332469][   T10] usb 1-1: config 0 has an invalid descriptor of length 161, skipping remainder of the config
[  271.353692][   T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  271.377830][   T10] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  271.393764][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.434034][ T5898] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  271.541887][   T10] usb 1-1: Product: syz
[  271.551327][   T10] usb 1-1: Manufacturer: syz
[  271.561183][   T10] usb 1-1: SerialNumber: syz
[  271.578487][   T10] usb 1-1: config 0 descriptor??
[  271.663225][ T7770] netlink: 'syz.1.541': attribute type 1 has an invalid length.
[  271.673240][ T7770] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.541'.
[  272.364073][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  272.372577][ T7753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.394786][ T7753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.397034][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[  272.423048][ T5898] usb 4-1: unable to read config index 0 descriptor/start: -61
[  272.431694][ T5898] usb 4-1: can't read configurations, error -61
[  272.440877][   T10] usb 1-1: USB disconnect, device number 13
[  272.574538][ T5898] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  272.643255][ T7778] 9pnet_virtio: no channels available for device syz
[  272.754119][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  272.776403][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[  272.808386][ T5898] usb 4-1: unable to read config index 0 descriptor/start: -61
[  272.820090][ T5898] usb 4-1: can't read configurations, error -61
[  272.837572][ T5898] usb usb4-port1: attempt power cycle
[  272.959567][ T7783] netlink: 'syz.4.547': attribute type 72 has an invalid length.
[  273.194590][ T5898] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  273.323842][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  273.566370][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[  274.435944][ T5898] usb 4-1: unable to read config index 0 descriptor/start: -61
[  274.443650][ T5898] usb 4-1: can't read configurations, error -61
[  274.799907][ T5898] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  275.277092][ T7808] netlink: 'syz.2.553': attribute type 1 has an invalid length.
[  275.284890][ T7808] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.553'.
[  275.371654][ T5898] usb 4-1: device not accepting address 14, error -71
[  275.482045][ T5898] usb usb4-port1: unable to enumerate USB device
[  275.637623][ T7809] trusted_key: encrypted_key: insufficient parameters specified
[  276.195164][ T7814] FAULT_INJECTION: forcing a failure.
[  276.195164][ T7814] name failslab, interval 1, probability 0, space 0, times 0
[  276.231485][ T7814] CPU: 1 UID: 0 PID: 7814 Comm: syz.1.555 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  276.231517][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.231529][ T7814] Call Trace:
[  276.231537][ T7814]  <TASK>
[  276.231546][ T7814]  dump_stack_lvl+0x189/0x250
[  276.231580][ T7814]  ? __pfx____ratelimit+0x10/0x10
[  276.231609][ T7814]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.231637][ T7814]  ? __pfx__printk+0x10/0x10
[  276.231665][ T7814]  ? __pfx___might_resched+0x10/0x10
[  276.231699][ T7814]  should_fail_ex+0x414/0x560
[  276.231729][ T7814]  should_failslab+0xa8/0x100
[  276.231757][ T7814]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  276.231783][ T7814]  ? __alloc_skb+0x112/0x2d0
[  276.231808][ T7814]  __alloc_skb+0x112/0x2d0
[  276.231833][ T7814]  netlink_sendmsg+0x5c6/0xb30
[  276.231867][ T7814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.231898][ T7814]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  276.231921][ T7814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.231944][ T7814]  __sock_sendmsg+0x21c/0x270
[  276.231975][ T7814]  ____sys_sendmsg+0x505/0x830
[  276.232004][ T7814]  ? __pfx_____sys_sendmsg+0x10/0x10
[  276.232039][ T7814]  ? import_iovec+0x74/0xa0
[  276.232073][ T7814]  ___sys_sendmsg+0x21f/0x2a0
[  276.232098][ T7814]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.232172][ T7814]  ? __fget_files+0x2a/0x420
[  276.232197][ T7814]  ? __fget_files+0x3a0/0x420
[  276.232235][ T7814]  __x64_sys_sendmsg+0x19b/0x260
[  276.232260][ T7814]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  276.232295][ T7814]  ? __pfx_ksys_write+0x10/0x10
[  276.232316][ T7814]  ? rcu_is_watching+0x15/0xb0
[  276.232350][ T7814]  ? do_syscall_64+0xbe/0x3b0
[  276.232383][ T7814]  do_syscall_64+0xfa/0x3b0
[  276.232408][ T7814]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.232434][ T7814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.232454][ T7814]  ? clear_bhb_loop+0x60/0xb0
[  276.232478][ T7814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.232497][ T7814] RIP: 0033:0x7f3f3e38e929
[  276.232516][ T7814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.232533][ T7814] RSP: 002b:00007f3f3f23f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.232555][ T7814] RAX: ffffffffffffffda RBX: 00007f3f3e5b5fa0 RCX: 00007f3f3e38e929
[  276.232570][ T7814] RDX: 0000000000004000 RSI: 0000200000000240 RDI: 0000000000000003
[  276.232583][ T7814] RBP: 00007f3f3f23f090 R08: 0000000000000000 R09: 0000000000000000
[  276.232595][ T7814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.232607][ T7814] R13: 0000000000000000 R14: 00007f3f3e5b5fa0 R15: 00007ffe4fd88d48
[  276.232640][ T7814]  </TASK>
[  277.934600][ T7834] netlink: 24 bytes leftover after parsing attributes in process `syz.1.559'.
[  277.943711][ T7834] netlink: 24 bytes leftover after parsing attributes in process `syz.1.559'.
[  278.586017][ T7835] FAULT_INJECTION: forcing a failure.
[  278.586017][ T7835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.599438][ T7835] CPU: 0 UID: 0 PID: 7835 Comm: syz.3.560 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  278.599468][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  278.599480][ T7835] Call Trace:
[  278.599488][ T7835]  <TASK>
[  278.599498][ T7835]  dump_stack_lvl+0x189/0x250
[  278.599531][ T7835]  ? __pfx____ratelimit+0x10/0x10
[  278.599559][ T7835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.599585][ T7835]  ? __pfx__printk+0x10/0x10
[  278.599606][ T7835]  ? __might_fault+0xb0/0x130
[  278.599641][ T7835]  should_fail_ex+0x414/0x560
[  278.599673][ T7835]  _copy_from_user+0x2d/0xb0
[  278.599697][ T7835]  snd_rawmidi_kernel_write1+0x3ab/0x650
[  278.599743][ T7835]  snd_rawmidi_write+0x5ad/0xbd0
[  278.599773][ T7835]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  278.599788][ T7835]  ? __asan_memset+0x22/0x50
[  278.599802][ T7835]  ? __import_iovec+0x5d4/0x7f0
[  278.599831][ T7835]  ? bpf_lsm_file_permission+0x9/0x20
[  278.599851][ T7835]  ? security_file_permission+0x75/0x290
[  278.599872][ T7835]  ? rw_verify_area+0x258/0x650
[  278.599893][ T7835]  vfs_writev+0x4b6/0x960
[  278.599917][ T7835]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  278.599936][ T7835]  ? __pfx_vfs_writev+0x10/0x10
[  278.599970][ T7835]  ? __fget_files+0x2a/0x420
[  278.599995][ T7835]  ? __fget_files+0x3a0/0x420
[  278.600013][ T7835]  ? __fget_files+0x2a/0x420
[  278.600050][ T7835]  do_writev+0x14d/0x2d0
[  278.600074][ T7835]  ? __pfx_do_writev+0x10/0x10
[  278.600094][ T7835]  ? rcu_is_watching+0x15/0xb0
[  278.600121][ T7835]  ? do_syscall_64+0xbe/0x3b0
[  278.600147][ T7835]  do_syscall_64+0xfa/0x3b0
[  278.600170][ T7835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.600185][ T7835]  ? asm_sysvec_call_function_single+0x1a/0x20
[  278.600201][ T7835]  ? clear_bhb_loop+0x60/0xb0
[  278.600220][ T7835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.600235][ T7835] RIP: 0033:0x7f798ef8e929
[  278.600250][ T7835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.600263][ T7835] RSP: 002b:00007f798fe63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  278.600281][ T7835] RAX: ffffffffffffffda RBX: 00007f798f1b6080 RCX: 00007f798ef8e929
[  278.600294][ T7835] RDX: 0000000000000001 RSI: 0000200000000840 RDI: 0000000000000006
[  278.600304][ T7835] RBP: 00007f798fe63090 R08: 0000000000000000 R09: 0000000000000000
[  278.600313][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.600322][ T7835] R13: 0000000000000000 R14: 00007f798f1b6080 R15: 00007ffd0d538cb8
[  278.600348][ T7835]  </TASK>
[  280.661003][ T7855] fuse: Bad value for 'fd'
[  282.665069][   T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  282.967380][   T43] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  283.041783][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.122538][   T43] usb 1-1: Product: syz
[  283.165827][   T43] usb 1-1: Manufacturer: syz
[  283.209366][   T43] usb 1-1: SerialNumber: syz
[  283.412896][   T43] usb 1-1: config 0 descriptor??
[  283.472813][   T43] gspca_main: sunplus-2.14.0 probing 055f:c230
[  283.824024][ T5891] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  283.986447][ T5891] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  284.001446][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.022874][ T5891] usb 2-1: config 0 descriptor??
[  284.457446][ T5891] magicmouse 0003:05AC:0269.0008: unknown main item tag 0x0
[  284.465749][ T5891] magicmouse 0003:05AC:0269.0008: unknown main item tag 0x0
[  284.475601][ T5891] magicmouse 0003:05AC:0269.0008: unknown main item tag 0x0
[  284.483522][ T5891] magicmouse 0003:05AC:0269.0008: unknown main item tag 0x0
[  284.502388][ T5891] magicmouse 0003:05AC:0269.0008: unknown main item tag 0x0
[  284.544765][ T5891] magicmouse 0003:05AC:0269.0008: hidraw0: USB HID v0.04 Device [HID 05ac:0269] on usb-dummy_hcd.1-1/input0
[  284.718199][ T5891] usb 1-1: USB disconnect, device number 14
[  284.738033][ T7893] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  284.814386][   T43] usb 2-1: USB disconnect, device number 11
[  285.792156][ T7911] delete_channel: no stack
[  287.886136][ T5820] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  287.899180][ T5820] Bluetooth: hci1: Injecting HCI hardware error event
[  287.996268][ T5830] Bluetooth: hci1: hardware error 0x00
[  288.329131][ T7939] delete_channel: no stack
[  288.372836][ T7943] fuse: Bad value for 'fd'
[  288.388373][ T7943] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  288.416064][ T5898] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  288.614161][ T5898] usb 2-1: Using ep0 maxpacket: 32
[  288.625500][ T5898] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  288.669726][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.728906][ T5898] usb 2-1: config 1 interface 2 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  288.783282][ T5898] usb 2-1: Duplicate descriptor for config 1 interface 2 altsetting 0, skipping
[  288.820299][ T5898] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  288.834730][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.864256][ T5898] usb 2-1: Product: syz
[  288.876399][ T5898] usb 2-1: Manufacturer: syz
[  288.885104][ T5898] usb 2-1: SerialNumber: syz
[  288.964496][   T43] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  289.036512][ T7961] delete_channel: no stack
[  289.116933][   T30] audit: type=1326 audit(1751107894.074:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7937 comm="syz.1.592" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f3e38e929 code=0x0
[  289.153074][   T43] usb 4-1: Using ep0 maxpacket: 8
[  289.195587][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  289.231092][   T43] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  289.233337][ T7971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.275160][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.291593][ T7971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.315689][   T43] usb 4-1: config 0 descriptor??
[  289.748127][   T43] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  289.776842][   T43] usb 4-1: USB disconnect, device number 15
[  290.204418][ T5830] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  290.329665][ T7989] veth0: entered promiscuous mode
[  290.337693][ T7989] veth0: left promiscuous mode
[  290.748609][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f343400: rx timeout, send abort
[  290.759102][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f343800: rx timeout, send abort
[  290.961970][ T7995] netlink: 14528 bytes leftover after parsing attributes in process `syz.4.608'.
[  291.257990][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f343400: abort rx timeout. Force session deactivation
[  291.268932][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f343800: abort rx timeout. Force session deactivation
[  291.569055][ T5898] usb 2-1: USB disconnect, device number 12
[  292.076271][ T7572] udevd[7572]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  292.616354][ T8015] netlink: 24 bytes leftover after parsing attributes in process `syz.0.612'.
[  292.625437][ T8015] netlink: 24 bytes leftover after parsing attributes in process `syz.0.612'.
[  293.504345][ T5936] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  293.640675][ T8023] netlink: 'syz.0.615': attribute type 9 has an invalid length.
[  293.710352][ T8022] Cannot find add_set index 0 as target
[  293.825801][ T5936] usb 2-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a
[  293.933314][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.368222][ T5936] usb 2-1: config 0 descriptor??
[  294.441026][ T5936] gspca_main: xirlink-cit-2.14.0 probing 0545:800d
[  294.518021][ T5936] input: xirlink-cit as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10
[  294.604158][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  294.842673][ T5936] usb 2-1: USB disconnect, device number 13
[  295.994523][ T5898] IPVS: starting estimator thread 0...
[  296.094292][ T8041] IPVS: using max 28 ests per chain, 67200 per kthread
[  297.893317][ T8078] netlink: 'syz.4.628': attribute type 1 has an invalid length.
[  297.901362][ T8078] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.628'.
[  298.943580][ T8081] netlink: 28 bytes leftover after parsing attributes in process `syz.0.629'.
[  299.431512][ T8086] netlink: 'syz.2.631': attribute type 1 has an invalid length.
[  299.439253][ T8086] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.631'.
[  300.123058][ T8090] usb usb8: usbfs: process 8090 (syz.4.633) did not claim interface 0 before use
[  300.159029][ T8093] netlink: 36 bytes leftover after parsing attributes in process `syz.2.634'.
[  300.631050][ T8107] syz.3.638: attempt to access beyond end of device
[  300.631050][ T8107] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  300.655607][ T8107] syz.3.638: attempt to access beyond end of device
[  300.655607][ T8107] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  300.670422][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  300.688143][ T8107] syz.3.638: attempt to access beyond end of device
[  300.688143][ T8107] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  300.701672][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  300.729598][ T8107] syz.3.638: attempt to access beyond end of device
[  300.729598][ T8107] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  300.748116][ T8107] syz.3.638: attempt to access beyond end of device
[  300.748116][ T8107] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  300.767307][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  300.780307][ T8107] syz.3.638: attempt to access beyond end of device
[  300.780307][ T8107] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  300.794643][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  300.811579][ T8107] syz.3.638: attempt to access beyond end of device
[  300.811579][ T8107] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  300.827728][ T8107] syz.3.638: attempt to access beyond end of device
[  300.827728][ T8107] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  300.843561][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  300.859611][ T8107] syz.3.638: attempt to access beyond end of device
[  300.859611][ T8107] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  300.873811][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  300.886423][ T8107] syz.3.638: attempt to access beyond end of device
[  300.886423][ T8107] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  300.900661][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  300.912119][ T8107] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  300.928451][ T8107] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  301.632284][ T8121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.640'.
[  301.646082][ T8116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.640'.
[  301.680225][ T8116] netlink: 36 bytes leftover after parsing attributes in process `syz.2.640'.
[  302.225957][ T8118] delete_channel: no stack
[  302.240947][ T8126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.643'.
[  302.259977][ T8132] fuse: Bad value for 'user_id'
[  302.275902][ T8132] fuse: Bad value for 'user_id'
[  302.306241][ T8126] IPVS: Error joining to the multicast group
[  303.628516][ T8154] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  303.732889][ T8154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.655'.
[  303.788417][ T8162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.657'.
[  303.820256][ T8161] netlink: 12 bytes leftover after parsing attributes in process `syz.3.657'.
[  303.836831][ T8161] netlink: 36 bytes leftover after parsing attributes in process `syz.3.657'.
[  303.882307][ T8154] veth1_vlan (unregistering): left allmulticast mode
[  303.894109][ T1210] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  303.952396][ T8154] team0: Port device macvlan0 removed
[  304.046212][ T1210] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  304.063054][ T1210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.144392][ T1210] usb 5-1: config 0 descriptor??
[  304.175500][ T1210] gspca_main: cpia1-2.14.0 probing 0813:0001
[  304.624824][ T5936] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  304.803694][ T8155] netlink: 277 bytes leftover after parsing attributes in process `syz.4.654'.
[  304.984470][ T5936] usb 4-1: Using ep0 maxpacket: 8
[  305.006155][ T5936] usb 4-1: config 254 has an invalid interface number: 240 but max is 0
[  305.049701][ T5936] usb 4-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  305.070373][ T5936] usb 4-1: config 254 has no interface number 0
[  305.079720][ T5936] usb 4-1: config 254 interface 240 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  305.106842][ T5936] usb 4-1: New USB device found, idVendor=17ef, idProduct=3069, bcdDevice=3e.9b
[  305.131198][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.147663][ T5936] usb 4-1: Product: syz
[  305.152295][ T5936] usb 4-1: Manufacturer: syz
[  305.169666][ T5936] usb 4-1: SerialNumber: syz
[  305.187450][ T5936] r8152-cfgselector 4-1: Unknown version 0x0000
[  305.205968][ T1210] cpia1 5-1:0.0: unexpected state after lo power cmd: 01
[  305.299592][ T8178] netlink: 14528 bytes leftover after parsing attributes in process `syz.1.663'.
[  305.964493][ T5820] Bluetooth: hci4: command 0x0406 tx timeout
[  306.452201][ T8188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.666'.
[  306.461535][ T8188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.666'.
[  307.212928][ T1210] gspca_cpia1: usb_control_msg 05, error -71
[  307.250122][ T5898] r8152-cfgselector 4-1: USB disconnect, device number 16
[  307.281925][ T1210] cpia1 5-1:0.0: unexpected systemstate: 01
[  307.322250][ T1210] usb 5-1: USB disconnect, device number 13
[  307.371386][ T8191] veth0_to_team: entered promiscuous mode
[  307.380675][ T8191] veth0_to_team: entered allmulticast mode
[  307.962323][ T8196] delete_channel: no stack
[  308.803978][ T5898] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  309.390722][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  311.262260][ T5898] usb 2-1: unable to get BOS descriptor or descriptor too short
[  311.486528][ T8210] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  311.586111][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  311.596254][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  312.449324][ T5898] usb 2-1: unable to read config index 0 descriptor/start: -71
[  312.457067][ T5898] usb 2-1: can't read configurations, error -71
[  313.200099][ T8237] netlink: 24 bytes leftover after parsing attributes in process `syz.1.679'.
[  313.209314][ T8237] netlink: 24 bytes leftover after parsing attributes in process `syz.1.679'.
[  313.784435][ T5830] Bluetooth: hci3: command 0x0406 tx timeout
[  314.038472][ T8210] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  314.049846][ T8234] netlink: 328 bytes leftover after parsing attributes in process `syz.2.678'.
[  314.054130][ T8210] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  314.082796][ T8210] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  314.096144][ T8210] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  314.111433][ T8210] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  314.933969][ T5898] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  315.330462][ T8249] delete_channel: no stack
[  315.356577][ T5898] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  315.420254][ T5898] usb 1-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40
[  315.450817][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.464931][ T5898] usb 1-1: Product: syz
[  315.478760][ T5898] usb 1-1: Manufacturer: syz
[  315.494341][ T5898] usb 1-1: SerialNumber: syz
[  315.539859][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input11
[  315.584114][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  315.741190][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  315.933498][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.124197][ T5820] Bluetooth: hci3: command 0x0406 tx timeout
[  316.130681][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  316.150608][   T10] usb 2-1: too many configurations: 151, using maximum allowed: 8
[  316.189660][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.245136][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.255598][   T10] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  316.290558][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.314336][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  316.325558][   T10] usb 2-1: Product: syz
[  316.329898][   T10] usb 2-1: Manufacturer: syz
[  316.335280][   T10] usb 2-1: SerialNumber: syz
[  316.336238][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.343613][   T10] usb 2-1: config 0 descriptor??
[  316.384463][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.403029][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.413121][ T8262] delete_channel: no stack
[  316.445469][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.464836][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.520615][ T8267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.691'.
[  316.545798][ T5173] bcm5974 1-1:1.0: could not read from device
[  316.902338][ T8276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.692'.
[  316.911504][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.4.692'.
[  317.724828][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.731327][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.778039][ T5173] bcm5974 1-1:1.0: could not read from device
[  317.824722][ T8252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.833656][ T8252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.205329][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  318.220530][ T5898] usb 1-1: USB disconnect, device number 15
[  318.224222][ T5173] bcm5974 1-1:1.0: could not read from device
[  318.664236][ T8277] netlink: 14528 bytes leftover after parsing attributes in process `syz.3.693'.
[  319.093685][ T8290] netlink: 'syz.0.695': attribute type 10 has an invalid length.
[  319.192712][ T8290] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.202058][ T8290] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.238886][ T8290] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.246305][ T8290] bridge0: port 2(bridge_slave_1) entered forwarding state
[  319.254677][ T8290] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.261885][ T8290] bridge0: port 1(bridge_slave_0) entered forwarding state
[  319.301772][   T10] usb 2-1: bad CDC descriptors
[  319.312439][   T10] usb 2-1: USB disconnect, device number 16
[  319.337863][ T8290] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  320.020686][ T8297] delete_channel: no stack
[  320.178949][ T8301] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  320.284620][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  320.293607][ T8301] openvswitch: netlink: IPv4 tunnel dst address is zero
[  320.539672][ T8320] netlink: 260 bytes leftover after parsing attributes in process `syz.2.705'.
[  320.581093][ T8322] FAULT_INJECTION: forcing a failure.
[  320.581093][ T8322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.124906][ T8322] CPU: 1 UID: 0 PID: 8322 Comm: syz.1.706 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  321.124937][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  321.124949][ T8322] Call Trace:
[  321.124956][ T8322]  <TASK>
[  321.124965][ T8322]  dump_stack_lvl+0x189/0x250
[  321.124997][ T8322]  ? __pfx____ratelimit+0x10/0x10
[  321.125024][ T8322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.125051][ T8322]  ? __pfx__printk+0x10/0x10
[  321.125070][ T8322]  ? __might_fault+0xb0/0x130
[  321.125105][ T8322]  should_fail_ex+0x414/0x560
[  321.125133][ T8322]  _copy_from_user+0x2d/0xb0
[  321.125162][ T8322]  ___sys_recvmsg+0x12e/0x510
[  321.125193][ T8322]  ? __pfx____sys_recvmsg+0x10/0x10
[  321.125243][ T8322]  ? __fget_files+0x3a0/0x420
[  321.125280][ T8322]  do_recvmmsg+0x307/0x770
[  321.125312][ T8322]  ? __pfx_do_recvmmsg+0x10/0x10
[  321.125349][ T8322]  ? _copy_from_user+0x94/0xb0
[  321.125395][ T8322]  __x64_sys_recvmmsg+0x1af/0x240
[  321.125421][ T8322]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  321.125443][ T8322]  ? rcu_is_watching+0x15/0xb0
[  321.125476][ T8322]  ? do_syscall_64+0xbe/0x3b0
[  321.125507][ T8322]  do_syscall_64+0xfa/0x3b0
[  321.125532][ T8322]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.125557][ T8322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.125575][ T8322]  ? clear_bhb_loop+0x60/0xb0
[  321.125599][ T8322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.125617][ T8322] RIP: 0033:0x7f3f3e38e929
[  321.125634][ T8322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.125651][ T8322] RSP: 002b:00007f3f3f23f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  321.125672][ T8322] RAX: ffffffffffffffda RBX: 00007f3f3e5b5fa0 RCX: 00007f3f3e38e929
[  321.125686][ T8322] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  321.125699][ T8322] RBP: 00007f3f3f23f090 R08: 0000200000003700 R09: 0000000000000000
[  321.125712][ T8322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.125723][ T8322] R13: 0000000000000000 R14: 00007f3f3e5b5fa0 R15: 00007ffe4fd88d48
[  321.125754][ T8322]  </TASK>
[  321.560150][ T8327] FAULT_INJECTION: forcing a failure.
[  321.560150][ T8327] name failslab, interval 1, probability 0, space 0, times 0
[  321.573491][ T8327] CPU: 1 UID: 0 PID: 8327 Comm: syz.3.708 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  321.573519][ T8327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  321.573530][ T8327] Call Trace:
[  321.573538][ T8327]  <TASK>
[  321.573547][ T8327]  dump_stack_lvl+0x189/0x250
[  321.573580][ T8327]  ? __pfx____ratelimit+0x10/0x10
[  321.573607][ T8327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.573634][ T8327]  ? __pfx__printk+0x10/0x10
[  321.573652][ T8327]  ? __pfx___might_resched+0x10/0x10
[  321.573678][ T8327]  ? fs_reclaim_acquire+0x7d/0x100
[  321.573712][ T8327]  should_fail_ex+0x414/0x560
[  321.573741][ T8327]  should_failslab+0xa8/0x100
[  321.573768][ T8327]  __kmalloc_noprof+0xcb/0x4f0
[  321.573791][ T8327]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  321.573826][ T8327]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  321.573867][ T8327]  genl_family_rcv_msg_doit+0xb8/0x300
[  321.573911][ T8327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  321.573940][ T8327]  ? rcu_is_watching+0x15/0xb0
[  321.573968][ T8327]  ? cap_capable+0x11f/0x460
[  321.573991][ T8327]  ? safesetid_security_capable+0xa9/0x1a0
[  321.574017][ T8327]  ? bpf_lsm_capable+0x9/0x20
[  321.574044][ T8327]  ? security_capable+0x7e/0x2e0
[  321.574079][ T8327]  genl_rcv_msg+0x60e/0x790
[  321.574113][ T8327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.574136][ T8327]  ? ref_tracker_free+0x63a/0x7d0
[  321.574158][ T8327]  ? __pfx_ip_vs_genl_set_cmd+0x10/0x10
[  321.574188][ T8327]  ? __pfx_ref_tracker_free+0x10/0x10
[  321.574223][ T8327]  netlink_rcv_skb+0x208/0x470
[  321.574245][ T8327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.574273][ T8327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  321.574315][ T8327]  ? down_read+0x1ad/0x2e0
[  321.574337][ T8327]  genl_rcv+0x28/0x40
[  321.574359][ T8327]  netlink_unicast+0x75b/0x8d0
[  321.574403][ T8327]  netlink_sendmsg+0x805/0xb30
[  321.574436][ T8327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.574468][ T8327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  321.574491][ T8327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.574514][ T8327]  __sock_sendmsg+0x21c/0x270
[  321.574547][ T8327]  ____sys_sendmsg+0x505/0x830
[  321.574578][ T8327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  321.574613][ T8327]  ? import_iovec+0x74/0xa0
[  321.574645][ T8327]  ___sys_sendmsg+0x21f/0x2a0
[  321.574672][ T8327]  ? __pfx____sys_sendmsg+0x10/0x10
[  321.574742][ T8327]  ? __fget_files+0x2a/0x420
[  321.574766][ T8327]  ? __fget_files+0x3a0/0x420
[  321.574805][ T8327]  __x64_sys_sendmsg+0x19b/0x260
[  321.574831][ T8327]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  321.574865][ T8327]  ? __pfx_ksys_write+0x10/0x10
[  321.574892][ T8327]  ? rcu_is_watching+0x15/0xb0
[  321.574924][ T8327]  ? do_syscall_64+0xbe/0x3b0
[  321.574956][ T8327]  do_syscall_64+0xfa/0x3b0
[  321.574981][ T8327]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.575007][ T8327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.575027][ T8327]  ? clear_bhb_loop+0x60/0xb0
[  321.575052][ T8327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.575071][ T8327] RIP: 0033:0x7f798ef8e929
[  321.575089][ T8327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.575106][ T8327] RSP: 002b:00007f798fe84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  321.575129][ T8327] RAX: ffffffffffffffda RBX: 00007f798f1b5fa0 RCX: 00007f798ef8e929
[  321.575143][ T8327] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  321.575156][ T8327] RBP: 00007f798fe84090 R08: 0000000000000000 R09: 0000000000000000
[  321.575169][ T8327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.575180][ T8327] R13: 0000000000000000 R14: 00007f798f1b5fa0 R15: 00007ffd0d538cb8
[  321.575214][ T8327]  </TASK>
[  323.109909][ T1210] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  323.414337][ T1210] usb 2-1: device descriptor read/64, error -71
[  323.764347][ T1210] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  323.914113][ T1210] usb 2-1: device descriptor read/64, error -71
[  324.160658][ T8345] delete_channel: no stack
[  324.256037][ T1210] usb usb2-port1: attempt power cycle
[  325.251802][ T8361] netlink: 24 bytes leftover after parsing attributes in process `syz.4.717'.
[  325.286552][ T8356] tty tty2: ldisc open failed (-12), clearing slot 1
[  326.755921][ T8387] netlink: 14528 bytes leftover after parsing attributes in process `syz.3.725'.
[  326.974031][ T8384] netlink: 24 bytes leftover after parsing attributes in process `syz.2.724'.
[  327.916967][ T8397] delete_channel: no stack
[  328.062712][ T8406] delete_channel: no stack
[  330.824273][ T8436] fuse: Bad value for 'fd'
[  331.222456][ T8443] delete_channel: no stack
[  331.566429][ T5936] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  331.756942][ T5936] usb 1-1: Using ep0 maxpacket: 8
[  331.772023][ T5936] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  331.788540][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.798268][ T5936] usb 1-1: Product: syz
[  331.802583][ T5936] usb 1-1: Manufacturer: syz
[  331.858570][ T5936] usb 1-1: SerialNumber: syz
[  331.875014][ T5936] usb 1-1: config 0 descriptor??
[  332.093532][ T5936] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  332.289801][ T8475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.750'.
[  332.514833][ T8470] netlink: 12 bytes leftover after parsing attributes in process `syz.4.750'.
[  332.554931][ T8470] netlink: 36 bytes leftover after parsing attributes in process `syz.4.750'.
[  332.610854][ T8470] bridge0: port 3(vlan2) entered blocking state
[  332.618315][ T8470] bridge0: port 3(vlan2) entered disabled state
[  332.624996][ T8470] vlan2: entered allmulticast mode
[  332.630428][ T8470] bridge0: entered allmulticast mode
[  332.638937][ T8470] vlan2: left allmulticast mode
[  332.644020][ T5878] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  332.644404][ T8470] bridge0: left allmulticast mode
[  333.426672][ T5878] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[  333.451669][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  333.461830][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  333.472140][ T5936] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  333.514285][ T5936] usb 1-1: USB disconnect, device number 16
[  333.529188][ T5878] usb 4-1: config 0 has no interface number 0
[  333.560355][ T5878] usb 4-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  333.606532][ T5878] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  333.663795][ T5878] usb 4-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  333.744740][ T5878] usb 4-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  333.776941][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.810910][ T5878] usb 4-1: Product: syz
[  333.831177][ T5878] usb 4-1: Manufacturer: syz
[  333.858819][ T5878] usb 4-1: SerialNumber: syz
[  333.918221][ T5878] usb 4-1: config 0 descriptor??
[  333.989899][ T5878] HFC-S_USB 4-1:0.117: probe with driver HFC-S_USB failed with error -5
[  335.311609][ T8500] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  335.681057][ T5830] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  336.644829][ T5907] usb 4-1: USB disconnect, device number 17
[  336.811402][ T8513] delete_channel: no stack
[  337.081660][ T8528] netlink: 16 bytes leftover after parsing attributes in process `syz.1.768'.
[  337.300292][ T5907] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  337.526552][ T5907] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  337.545284][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.713731][ T5907] usb 4-1: config 0 descriptor??
[  338.475927][ T5907] cp210x 4-1:0.0: cp210x converter detected
[  339.306035][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[  339.335894][ T8519] netlink: 20 bytes leftover after parsing attributes in process `syz.4.765'.
[  339.348225][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[  339.348303][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[  339.385172][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[  339.385201][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.773'.
[  339.958892][ T8568] 9pnet_fd: Insufficient options for proto=fd
[  340.755339][ T5907] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  340.762970][ T5907] cp210x 4-1:0.0: querying part number failed
[  340.795100][ T5907] usb 4-1: cp210x converter now attached to ttyUSB0
[  340.914142][ T5907] usb 4-1: USB disconnect, device number 18
[  341.131576][ T5907] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  341.176430][ T8576] delete_channel: no stack
[  341.197731][ T5907] cp210x 4-1:0.0: device disconnected
[  341.277396][ T8581] bio_check_eod: 2 callbacks suppressed
[  341.277417][ T8581] syz.0.782: attempt to access beyond end of device
[  341.277417][ T8581] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0
[  341.344330][ T8581] qnx6: unable to read the first superblock
[  341.451403][ T8581] syz.0.782: attempt to access beyond end of device
[  341.451403][ T8581] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  341.533029][ T8581] qnx6: unable to read the first superblock
[  341.539229][ T8581] qnx6: unable to read the first superblock
[  341.790471][ T8590] netlink: 24 bytes leftover after parsing attributes in process `syz.2.783'.
[  342.554276][ T5878] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  342.742267][ T5878] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  342.767539][ T5878] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  342.792956][ T5878] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  342.802543][ T5878] usb 2-1: config 1 has no interface number 1
[  342.815432][ T5878] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  342.832400][ T5878] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  342.857025][ T5878] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  342.888329][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.911850][ T5878] usb 2-1: Product: syz
[  342.923312][ T5878] usb 2-1: Manufacturer: syz
[  342.972199][ T5878] usb 2-1: SerialNumber: syz
[  343.171518][ T8605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.787'.
[  344.689514][ T5878] usb 2-1: No endpoint at altset 1, falling back to MIDI 1.0
[  344.699425][ T5878] usb 2-1: MIDIStreaming interface descriptor not found
[  345.048438][ T5878] usb 2-1: USB disconnect, device number 20
[  345.156310][ T8619] delete_channel: no stack
[  345.402603][ T8635] udevd[8635]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  346.696162][ T8650] FAULT_INJECTION: forcing a failure.
[  346.696162][ T8650] name failslab, interval 1, probability 0, space 0, times 0
[  346.732174][ T8650] CPU: 1 UID: 0 PID: 8650 Comm: syz.3.802 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  346.732206][ T8650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  346.732217][ T8650] Call Trace:
[  346.732225][ T8650]  <TASK>
[  346.732234][ T8650]  dump_stack_lvl+0x189/0x250
[  346.732269][ T8650]  ? __pfx____ratelimit+0x10/0x10
[  346.732296][ T8650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.732322][ T8650]  ? __pfx__printk+0x10/0x10
[  346.732349][ T8650]  ? __pfx___might_resched+0x10/0x10
[  346.732385][ T8650]  ? fs_reclaim_acquire+0x7d/0x100
[  346.732418][ T8650]  should_fail_ex+0x414/0x560
[  346.732448][ T8650]  should_failslab+0xa8/0x100
[  346.732476][ T8650]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  346.732499][ T8650]  ? __d_alloc+0x31/0x6f0
[  346.732534][ T8650]  __d_alloc+0x31/0x6f0
[  346.732567][ T8650]  d_alloc+0x4b/0x190
[  346.732593][ T8650]  ? lookup_one_qstr_excl_raw+0xb4/0x280
[  346.732623][ T8650]  lookup_one_qstr_excl_raw+0xc8/0x280
[  346.732655][ T8650]  do_renameat2+0x470/0xc50
[  346.732698][ T8650]  ? __pfx_do_renameat2+0x10/0x10
[  346.732734][ T8650]  ? strncpy_from_user+0x150/0x290
[  346.732758][ T8650]  ? getname_flags+0x1e5/0x540
[  346.732782][ T8650]  ? trace_sys_enter+0x25/0x120
[  346.732807][ T8650]  __x64_sys_rename+0x82/0x90
[  346.732830][ T8650]  do_syscall_64+0xfa/0x3b0
[  346.732856][ T8650]  ? lockdep_hardirqs_on+0x9c/0x150
[  346.732881][ T8650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.732899][ T8650]  ? clear_bhb_loop+0x60/0xb0
[  346.732922][ T8650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.732941][ T8650] RIP: 0033:0x7f798ef8e929
[  346.732959][ T8650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.732975][ T8650] RSP: 002b:00007f798fe84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  346.732996][ T8650] RAX: ffffffffffffffda RBX: 00007f798f1b5fa0 RCX: 00007f798ef8e929
[  346.733010][ T8650] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000200000000080
[  346.733023][ T8650] RBP: 00007f798fe84090 R08: 0000000000000000 R09: 0000000000000000
[  346.733035][ T8650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.733047][ T8650] R13: 0000000000000000 R14: 00007f798f1b5fa0 R15: 00007ffd0d538cb8
[  346.733078][ T8650]  </TASK>
[  347.057713][ T5898] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  348.068498][ T5898] usb 5-1: Using ep0 maxpacket: 16
[  348.606791][ T5898] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  348.669152][ T5898] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  349.941052][ T8666] delete_channel: no stack
[  350.026850][ T8669] tipc: Started in network mode
[  350.044276][ T5898] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  350.060622][ T8669] tipc: Node identity 2d0b50e1d8a655f0002e, cluster identity 4711
[  350.063267][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.320098][ T5898] usb 5-1: can't set config #1, error -71
[  350.382236][ T5898] usb 5-1: USB disconnect, device number 14
[  352.775206][ T8700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.814'.
[  352.997320][ T8699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.813'.
[  353.881804][ T8705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.812'.
[  354.501614][ T8709] veth1_to_bond: entered allmulticast mode
[  354.533447][ T8709] veth1_to_bond: entered promiscuous mode
[  354.599112][ T8708] veth1_to_bond: left promiscuous mode
[  354.615332][ T8708] veth1_to_bond: left allmulticast mode
[  354.624807][ T8711] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  355.176100][ T8719] delete_channel: no stack
[  355.201981][ T8715] netlink: 14528 bytes leftover after parsing attributes in process `syz.0.818'.
[  356.364406][ T5907] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  356.527768][ T5907] usb 2-1: too many configurations: 151, using maximum allowed: 8
[  356.553510][ T5907] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  356.565643][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  356.581525][ T5907] usb 2-1: Product: syz
[  356.590655][ T5907] usb 2-1: Manufacturer: syz
[  356.597390][ T5907] usb 2-1: SerialNumber: syz
[  356.605946][ T5907] usb 2-1: config 0 descriptor??
[  356.830429][   T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  356.840910][ T8726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.881121][ T8726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.930296][ T5907] usb 2-1: bad CDC descriptors
[  356.971787][ T5907] usb 2-1: USB disconnect, device number 21
[  356.995718][ T8739] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'.
[  357.026188][ T8739] IPVS: Error joining to the multicast group
[  357.176205][ T8745] netlink: 20 bytes leftover after parsing attributes in process `syz.2.828'.
[  357.214008][   T43] usb 5-1: Using ep0 maxpacket: 32
[  358.109251][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[  358.136294][   T43] usb 5-1: config 7 has an invalid interface number: 111 but max is 0
[  358.154335][   T43] usb 5-1: config 7 has no interface number 0
[  358.167307][   T43] usb 5-1: New USB device found, idVendor=0481, idProduct=9f2e, bcdDevice=75.5b
[  358.188508][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.204158][   T43] usb 5-1: Product: syz
[  358.213455][   T43] usb 5-1: Manufacturer: syz
[  358.253505][   T43] usb 5-1: SerialNumber: syz
[  358.846372][   T43] usb 5-1: bad CDC descriptors
[  358.884970][   T43] usb 5-1: USB disconnect, device number 15
[  358.908549][ T8757] delete_channel: no stack
[  359.065358][ T8768] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  359.074470][ T8768] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  359.584328][ T8779] netlink: 12 bytes leftover after parsing attributes in process `syz.3.835'.
[  359.643970][ T8779] netlink: 20 bytes leftover after parsing attributes in process `syz.3.835'.
[  362.927391][ T5934] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  363.607153][ T5934] usb 4-1: too many configurations: 151, using maximum allowed: 8
[  364.203271][ T5934] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  364.236405][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  364.249734][ T5934] usb 4-1: Product: syz
[  364.255219][ T5934] usb 4-1: Manufacturer: syz
[  364.261229][ T8805] delete_channel: no stack
[  364.272559][ T5934] usb 4-1: SerialNumber: syz
[  364.324623][ T5934] usb 4-1: config 0 descriptor??
[  364.795792][ T8794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.084561][ T8794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.251789][ T5934] usb 4-1: bad CDC descriptors
[  365.274370][ T5934] usb 4-1: USB disconnect, device number 19
[  366.654469][ T5898] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  367.017469][ T8835] netlink: 'syz.1.853': attribute type 10 has an invalid length.
[  367.051861][ T8835] netlink: 2 bytes leftover after parsing attributes in process `syz.1.853'.
[  367.067779][ T8835] team0: entered promiscuous mode
[  367.074147][ T8835] team_slave_0: entered promiscuous mode
[  367.084244][ T5898] usb 1-1: No LPM exit latency info found, disabling LPM.
[  367.113051][ T8835] team_slave_1: entered promiscuous mode
[  367.120439][ T8835] bridge0: port 3(team0) entered blocking state
[  367.127335][ T8835] bridge0: port 3(team0) entered disabled state
[  367.185762][ T5898] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  367.198411][ T5898] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  367.217564][ T5898] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  367.338496][ T8835] team0: entered allmulticast mode
[  367.343764][ T8835] team_slave_0: entered allmulticast mode
[  367.377806][ T8835] team_slave_1: entered allmulticast mode
[  368.223995][ T5898] usb 1-1: string descriptor 0 read error: -22
[  368.244215][ T5898] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  368.257036][ T8835] bridge0: port 3(team0) entered blocking state
[  368.263585][ T8835] bridge0: port 3(team0) entered forwarding state
[  368.270315][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.572461][ T5898] usb 1-1: can't set config #1, error -71
[  368.617750][ T5898] usb 1-1: USB disconnect, device number 17
[  368.920180][   T65] Bluetooth: hci5: Frame reassembly failed (-84)
[  369.261870][ T8866] netlink: 116 bytes leftover after parsing attributes in process `syz.2.861'.
[  369.573736][ T8875] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  370.450094][ T8878] netlink: 14528 bytes leftover after parsing attributes in process `syz.2.867'.
[  370.559652][ T8887] netlink: 16 bytes leftover after parsing attributes in process `syz.4.870'.
[  370.925073][ T5820] Bluetooth: hci5: command 0x1003 tx timeout
[  370.931507][ T5830] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  370.949983][ T8895] Cannot find add_set index 0 as target
[  371.981450][ T8915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.879'.
[  372.031874][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.879'.
[  372.064269][ T8918] netlink: 36 bytes leftover after parsing attributes in process `syz.0.879'.
[  372.127910][ T8918] bridge0: port 3(vlan0) entered blocking state
[  372.157593][ T8918] bridge0: port 3(vlan0) entered disabled state
[  372.180367][ T8916] netlink: 116 bytes leftover after parsing attributes in process `syz.3.878'.
[  372.194498][ T8918] vlan0: entered allmulticast mode
[  372.254062][ T8918] bridge0: entered allmulticast mode
[  372.276135][ T8922] netlink: 'syz.2.881': attribute type 1 has an invalid length.
[  372.299520][ T8918] vlan0: left allmulticast mode
[  372.307712][ T8918] bridge0: left allmulticast mode
[  372.398686][ T8926] Bluetooth: MGMT ver 1.23
[  372.421724][ T8926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.880'.
[  372.430828][ T8926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.880'.
[  373.132637][ T8922] 8021q: adding VLAN 0 to HW filter on device bond1
[  373.156150][ T8925] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2)
[  373.185347][ T8926] bridge0: entered promiscuous mode
[  373.191258][ T8926] macsec1: entered allmulticast mode
[  373.196656][ T8926] bridge0: entered allmulticast mode
[  373.381639][ T8927] vlan2: entered allmulticast mode
[  373.399123][ T8927] veth1: entered allmulticast mode
[  373.469443][ T8927] bond1: (slave vlan2): making interface the new active one
[  373.485631][ T8927] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  373.694197][ T5898] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  373.914083][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  374.008891][ T5898] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  374.419945][ T5898] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  374.430406][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  374.440679][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  374.451522][ T5898] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  374.465014][ T5898] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  374.474500][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.492943][ T5820] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  374.871286][ T5898] usb 4-1: GET_CAPABILITIES returned 0
[  374.877751][ T5898] usbtmc 4-1:16.0: can't read capabilities
[  375.137145][ T8937] overlayfs: invalid origin (0000)
[  375.186807][ T5898] usb 4-1: USB disconnect, device number 20
[  375.519967][ T8956] netlink: 16 bytes leftover after parsing attributes in process `syz.2.892'.
[  375.712551][ T8960] netlink: 'syz.4.893': attribute type 11 has an invalid length.
[  378.346276][ T5820] Bluetooth: hci4: connection err: -111
[  378.594217][ T8995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.905'.
[  378.861478][ T8994] veth0: entered promiscuous mode
[  378.894815][ T8990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.905'.
[  378.970619][ T8990] netlink: 36 bytes leftover after parsing attributes in process `syz.3.905'.
[  378.986187][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.993454][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  379.046652][ T8990] bridge0: port 3(vlan2) entered blocking state
[  379.053208][ T8990] bridge0: port 3(vlan2) entered disabled state
[  379.094234][ T8990] vlan2: entered allmulticast mode
[  379.099450][ T8990] bridge0: entered allmulticast mode
[  380.055097][ T8990] vlan2: left allmulticast mode
[  380.060228][ T8990] bridge0: left allmulticast mode
[  380.263355][ T8987] veth0: left promiscuous mode
[  381.237297][ T9020] netlink: 16 bytes leftover after parsing attributes in process `syz.0.912'.
[  381.547612][ T5898] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  381.926748][ T5898] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  382.702377][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.719733][ T5898] usb 2-1: config 0 descriptor??
[  383.051192][ T9058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.923'.
[  383.102024][ T9057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.923'.
[  383.144026][ T9057] netlink: 36 bytes leftover after parsing attributes in process `syz.0.923'.
[  383.729123][ T9057] bridge0: port 3(vlan0) entered blocking state
[  383.748195][ T9057] bridge0: port 3(vlan0) entered disabled state
[  383.774163][ T9057] vlan0: entered allmulticast mode
[  383.793995][ T9057] bridge0: entered allmulticast mode
[  383.946285][ T5898] magicmouse 0003:05AC:0269.0009: unknown main item tag 0x0
[  383.953680][ T5898] magicmouse 0003:05AC:0269.0009: unknown main item tag 0x0
[  383.968180][ T5898] magicmouse 0003:05AC:0269.0009: unknown main item tag 0x0
[  383.975691][ T5898] magicmouse 0003:05AC:0269.0009: unknown main item tag 0x0
[  383.983045][ T5898] magicmouse 0003:05AC:0269.0009: unknown main item tag 0x0
[  383.996293][ T9057] vlan0: left allmulticast mode
[  384.023245][ T5898] magicmouse 0003:05AC:0269.0009: hidraw0: USB HID v0.04 Device [HID 05ac:0269] on usb-dummy_hcd.1-1/input0
[  384.025776][ T9057] bridge0: left allmulticast mode
[  384.111277][ T9021] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  384.143605][ T5898] usb 2-1: USB disconnect, device number 22
[  384.188448][ T9065] fido_id[9065]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  387.306958][ T9098] netlink: 32 bytes leftover after parsing attributes in process `syz.3.933'.
[  388.606065][   T30] audit: type=1107 audit(1751107993.044:76): pid=9101 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  388.979781][ T9114] netlink: 12 bytes leftover after parsing attributes in process `syz.0.935'.
[  390.064441][ T9102] netlink: 12 bytes leftover after parsing attributes in process `syz.0.935'.
[  390.079437][ T9102] netlink: 36 bytes leftover after parsing attributes in process `syz.0.935'.
[  390.109061][ T9102] bridge0: port 3(vlan0) entered blocking state
[  390.121646][ T9102] bridge0: port 3(vlan0) entered disabled state
[  390.275859][ T9102] vlan0: entered allmulticast mode
[  390.479093][ T9102] bridge0: entered allmulticast mode
[  390.732424][ T9102] vlan0: left allmulticast mode
[  390.739203][ T9102] bridge0: left allmulticast mode
[  393.003965][ T9157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.948'.
[  393.269159][ T5934] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  393.515660][ T5934] usb 4-1: Using ep0 maxpacket: 16
[  393.541728][ T5934] usb 4-1: config index 0 descriptor too short (expected 59154, got 18)
[  393.583931][ T5934] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[  393.889479][ T5934] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  394.796281][ T5934] usb 4-1: string descriptor 0 read error: -71
[  394.849584][ T5934] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  394.930444][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.995058][ T5934] usb 4-1: config 0 descriptor??
[  395.017315][ T5934] usb 4-1: can't set config #0, error -71
[  395.063357][ T5934] usb 4-1: USB disconnect, device number 21
[  395.169461][ T9176] netlink: 116 bytes leftover after parsing attributes in process `syz.1.951'.
[  396.307429][ T9195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.957'.
[  396.444554][ T9197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.957'.
[  396.453550][ T9197] netlink: 36 bytes leftover after parsing attributes in process `syz.1.957'.
[  396.525223][ T9200] netlink: 16 bytes leftover after parsing attributes in process `syz.4.958'.
[  397.263615][ T9197] bridge0: port 4(vlan2) entered blocking state
[  397.532024][ T9197] bridge0: port 4(vlan2) entered disabled state
[  397.539617][ T9197] vlan2: entered allmulticast mode
[  397.559741][ T9197] vlan2: left allmulticast mode
[  398.741536][   T30] audit: type=1107 audit(1751108003.684:77): pid=9209 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=')r0	¾ßú%λ'
[  402.492718][ T9226] netlink: 12 bytes leftover after parsing attributes in process `syz.4.966'.
[  403.639349][ T9236] delete_channel: no stack
[  403.674531][ T9240] netlink: 36 bytes leftover after parsing attributes in process `syz.1.970'.
[  403.923990][ T1210] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  404.106541][ T1210] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  404.143345][ T1210] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  404.233736][ T1210] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  404.300861][ T1210] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  404.362954][ T1210] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  404.456457][ T1210] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  404.506547][ T1210] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  404.563918][ T1210] usb 2-1: Product: syz
[  404.578239][ T1210] usb 2-1: Manufacturer: syz
[  404.682667][ T1210] cdc_wdm 2-1:1.0: skipping garbage
[  404.723903][ T1210] cdc_wdm 2-1:1.0: skipping garbage
[  404.754304][ T1210] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  404.760291][ T1210] cdc_wdm 2-1:1.0: Unknown control protocol
[  404.853442][ T1210] usb 2-1: USB disconnect, device number 23
[  404.926423][   T30] audit: type=1326 audit(1751108009.874:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f97c1d858e7 code=0x7ffc0000
[  404.994992][   T30] audit: type=1326 audit(1751108009.874:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97c1d2ab19 code=0x7ffc0000
[  405.021448][ T5188] udevd[5188]: worker [9243] terminated by signal 33 (Unknown signal 33)
[  405.050355][ T9254] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  405.057335][ T9254] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  405.074148][   T30] audit: type=1326 audit(1751108009.874:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f97c1d858e7 code=0x7ffc0000
[  405.128847][ T9254] netlink: 36 bytes leftover after parsing attributes in process `syz.0.973'.
[  405.159369][   T30] audit: type=1326 audit(1751108009.874:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97c1d2ab19 code=0x7ffc0000
[  405.228388][   T30] audit: type=1326 audit(1751108009.874:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f97c1d858e7 code=0x7ffc0000
[  405.269516][   T30] audit: type=1326 audit(1751108009.874:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97c1d2ab19 code=0x7ffc0000
[  405.388423][   T30] audit: type=1326 audit(1751108009.874:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f97c1d858e7 code=0x7ffc0000
[  405.461823][   T30] audit: type=1326 audit(1751108009.874:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97c1d2ab19 code=0x7ffc0000
[  405.484517][   T30] audit: type=1326 audit(1751108009.874:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f97c1d858e7 code=0x7ffc0000
[  406.496257][   T30] audit: type=1326 audit(1751108009.874:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97c1d2ab19 code=0x7ffc0000
[  409.018410][ T9279] netlink: 12 bytes leftover after parsing attributes in process `syz.0.981'.
[  409.032256][ T9279] bridge0: port 3(vlan0) entered blocking state
[  409.038735][ T9279] bridge0: port 3(vlan0) entered disabled state
[  409.045167][ T9279] vlan0: entered allmulticast mode
[  409.050392][ T9279] bridge0: entered allmulticast mode
[  409.066157][ T9279] vlan0: left allmulticast mode
[  409.071134][ T9279] bridge0: left allmulticast mode
[  409.625987][ T9288] netlink: 'syz.4.984': attribute type 1 has an invalid length.
[  410.604716][ T9289] netlink: 'syz.4.984': attribute type 1 has an invalid length.
[  410.629975][ T9292] netlink: 116 bytes leftover after parsing attributes in process `syz.2.983'.
[  410.712757][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.3.986'.
[  410.722515][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.3.986'.
[  412.201879][ T9314] ptrace attach of "./syz-executor exec"[5816] was attempted by ""[9314]
[  412.539787][ T9321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'.
[  413.414442][ T9316] netlink: 116 bytes leftover after parsing attributes in process `syz.2.993'.
[  413.564850][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  413.724299][   T10] usb 4-1: device descriptor read/64, error -71
[  413.914366][ T9345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1002'.
[  414.552338][ T9345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1002'.
[  414.570839][ T9345] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1002'.
[  414.604481][ T9345] bridge0: port 3(vlan3) entered blocking state
[  414.611964][ T9345] bridge0: port 3(vlan3) entered disabled state
[  414.621967][ T9345] vlan3: entered allmulticast mode
[  414.628021][ T9345] bridge0: entered allmulticast mode
[  414.667944][ T9345] vlan3: left allmulticast mode
[  414.696612][ T9345] bridge0: left allmulticast mode
[  414.753972][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  414.914004][   T10] usb 4-1: device descriptor read/64, error -71
[  415.026020][   T10] usb usb4-port1: attempt power cycle
[  520.007927][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  520.016061][    C0] rcu: 	1-...!: (0 ticks this GP) idle=297c/1/0x4000000000000000 softirq=34452/34452 fqs=10
[  520.027886][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9353/1:b..l
[  520.036022][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=31205, q=269 ncpus=2)
[  520.044086][    C0] Sending NMI from CPU 0 to CPUs 1:
[  520.044121][    C1] NMI backtrace for cpu 1
[  520.044135][    C1] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  520.044154][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  520.044174][    C1] Workqueue: bat_events batadv_nc_worker
[  520.044205][    C1] RIP: 0010:__lock_acquire+0x74/0xd20
[  520.044227][    C1] Code: c1 31 c9 48 3d 30 73 5d 93 41 0f 45 c8 89 4c 24 0c 8b 0d 3f de 06 18 85 c9 0f 95 c0 83 fe 08 0f 92 c2 08 c2 0f 84 55 01 00 00 <44> 89 cd 83 fe 01 48 89 3c 24 77 0c 89 f0 48 8b 44 c3 08 48 85 c0
[  520.044241][    C1] RSP: 0018:ffffc90000a08b40 EFLAGS: 00000002
[  520.044255][    C1] RAX: ffffffff99a92a00 RBX: ffffffff8e13ee60 RCX: 0000000000000000
[  520.044267][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888026f63c00
[  520.044277][    C1] RBP: ffffffff897f7ad8 R08: 0000000000000000 R09: 0000000000000001
[  520.044287][    C1] R10: dffffc0000000000 R11: ffffed100f343e5e R12: 0000000000000002
[  520.044298][    C1] R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000000
[  520.044309][    C1] FS:  0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  520.044322][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  520.044334][    C1] CR2: 0000200000324030 CR3: 000000000df38000 CR4: 00000000003526f0
[  520.044383][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  520.044392][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  520.044403][    C1] Call Trace:
[  520.044412][    C1]  <IRQ>
[  520.044423][    C1]  ? advance_sched+0x9f8/0xc90
[  520.044440][    C1]  lock_acquire+0x120/0x360
[  520.044458][    C1]  ? advance_sched+0x9f8/0xc90
[  520.044478][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  520.044493][    C1]  ? advance_sched+0x9f8/0xc90
[  520.044511][    C1]  advance_sched+0xa14/0xc90
[  520.044527][    C1]  ? advance_sched+0x9f8/0xc90
[  520.044548][    C1]  ? __pfx_advance_sched+0x10/0x10
[  520.044565][    C1]  __hrtimer_run_queues+0x529/0xc60
[  520.044593][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  520.044613][    C1]  ? read_tsc+0x9/0x20
[  520.044633][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  520.044663][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  520.044685][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  520.044708][    C1]  </IRQ>
[  520.044713][    C1]  <TASK>
[  520.044719][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  520.044736][    C1] RIP: 0010:lock_acquire+0x58/0x360
[  520.044755][    C1] Code: 8b 05 6c 9f fb 10 48 89 44 24 58 0f 1f 44 00 00 65 8b 05 6f 9f fb 10 83 f8 08 0f 83 b8 01 00 00 89 c0 48 0f a3 05 18 bf 01 0e <73> 16 e8 51 f1 08 00 84 c0 75 0d f6 05 1e b3 eb 0d 01 0f 84 d7 01
[  520.044768][    C1] RSP: 0018:ffffc90003b7f910 EFLAGS: 00000297
[  520.044782][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002
[  520.044791][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e13ee60
[  520.044802][    C1] RBP: ffffffff8b2e1bba R08: 0000000000000000 R09: 0000000000000000
[  520.044811][    C1] R10: dffffc0000000000 R11: fffffbfff1f3fbff R12: 0000000000000002
[  520.044822][    C1] R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000000
[  520.044834][    C1]  ? batadv_nc_process_nc_paths+0xba/0x3a0
[  520.044860][    C1]  ? batadv_nc_process_nc_paths+0xba/0x3a0
[  520.044879][    C1]  ? __pfx_batadv_nc_fwd_flush+0x10/0x10
[  520.044899][    C1]  batadv_nc_process_nc_paths+0xdb/0x3a0
[  520.044918][    C1]  ? batadv_nc_process_nc_paths+0xba/0x3a0
[  520.044938][    C1]  ? batadv_nc_process_nc_paths+0xba/0x3a0
[  520.044959][    C1]  batadv_nc_worker+0x429/0x610
[  520.044978][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  520.045000][    C1]  process_scheduled_works+0xade/0x17b0
[  520.045030][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  520.045056][    C1]  worker_thread+0x8a0/0xda0
[  520.045078][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  520.045100][    C1]  ? __kthread_parkme+0x7b/0x200
[  520.045124][    C1]  kthread+0x70e/0x8a0
[  520.045141][    C1]  ? __pfx_worker_thread+0x10/0x10
[  520.045161][    C1]  ? __pfx_kthread+0x10/0x10
[  520.045176][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  520.045194][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  520.045213][    C1]  ? __pfx_kthread+0x10/0x10
[  520.045227][    C1]  ret_from_fork+0x3fc/0x770
[  520.045247][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  520.045267][    C1]  ? __switch_to_asm+0x39/0x70
[  520.045282][    C1]  ? __switch_to_asm+0x33/0x70
[  520.045295][    C1]  ? __pfx_kthread+0x10/0x10
[  520.045310][    C1]  ret_from_fork_asm+0x1a/0x30
[  520.045330][    C1]  </TASK>
[  520.046118][    C0] task:syz.1.1005      state:R  running task     stack:25352 pid:9353  tgid:9352  ppid:5815   task_flags:0x40054c flags:0x00004000
[  520.507993][    C0] Call Trace:
[  520.511325][    C0]  <TASK>
[  520.514388][    C0]  __schedule+0x16a2/0x4cb0
[  520.518957][    C0]  ? preempt_schedule_common+0x83/0xd0
[  520.524497][    C0]  ? __pfx___schedule+0x10/0x10
[  520.529423][    C0]  ? do_raw_spin_lock+0x121/0x290
[  520.534518][    C0]  ? preempt_schedule+0xae/0xc0
[  520.539439][    C0]  preempt_schedule_common+0x83/0xd0
[  520.544770][    C0]  preempt_schedule+0xae/0xc0
[  520.549655][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[  520.555071][    C0]  preempt_schedule_thunk+0x16/0x30
[  520.560319][    C0]  _raw_spin_unlock+0x3f/0x50
[  520.565154][    C0]  unmap_page_range+0x3842/0x41c0
[  520.570286][    C0]  ? __pfx_unmap_page_range+0x10/0x10
[  520.575712][    C0]  ? unmap_vmas+0x144/0x580
[  520.580256][    C0]  unmap_vmas+0x399/0x580
[  520.584640][    C0]  ? __pfx_unmap_vmas+0x10/0x10
[  520.589561][    C0]  exit_mmap+0x248/0xb50
[  520.593832][    C0]  ? uprobe_clear_state+0x20f/0x290
[  520.599063][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  520.603959][    C0]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  520.609657][    C0]  ? __pfx_exit_aio+0x10/0x10
[  520.614390][    C0]  ? uprobe_clear_state+0x274/0x290
[  520.619627][    C0]  ? mm_update_next_owner+0xa7/0x870
[  520.625044][    C0]  __mmput+0x118/0x420
[  520.629152][    C0]  exit_mm+0x1da/0x2c0
[  520.633339][    C0]  ? __pfx_exit_mm+0x10/0x10
[  520.637969][    C0]  ? rcu_is_watching+0x15/0xb0
[  520.642778][    C0]  do_exit+0x648/0x22e0
[  520.646971][    C0]  ? do_raw_spin_lock+0x121/0x290
[  520.652027][    C0]  ? __pfx_do_exit+0x10/0x10
[  520.656763][    C0]  do_group_exit+0x21c/0x2d0
[  520.661381][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  520.666620][    C0]  get_signal+0x125e/0x1310
[  520.671274][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  520.677168][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  520.683475][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  520.689173][    C0]  exit_to_user_mode_loop+0x75/0x110
[  520.694510][    C0]  do_syscall_64+0x2bd/0x3b0
[  520.699135][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  520.704574][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.710679][    C0]  ? clear_bhb_loop+0x60/0xb0
[  520.715386][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.721494][    C0] RIP: 0033:0x7f3f3e38e929
[  520.726021][    C0] RSP: 002b:00007f3f3f23f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  520.734551][    C0] RAX: fffffffffffffe00 RBX: 00007f3f3e5b5fa8 RCX: 00007f3f3e38e929
[  520.742546][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3f3e5b5fa8
[  520.750544][    C0] RBP: 00007f3f3e5b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  520.758535][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f3e5b5fac
[  520.766539][    C0] R13: 0000000000000000 R14: 00007ffe4fd88c60 R15: 00007ffe4fd88d48
[  520.774651][    C0]  </TASK>
[  520.777692][    C0] rcu: rcu_preempt kthread starved for 10482 jiffies! g31205 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  520.789085][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  520.799190][    C0] rcu: RCU grace-period kthread stack dump:
[  520.805096][    C0] task:rcu_preempt     state:R  running task     stack:26792 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  520.818720][    C0] Call Trace:
[  520.822025][    C0]  <TASK>
[  520.824995][    C0]  __schedule+0x16a2/0x4cb0
[  520.829548][    C0]  ? schedule+0x165/0x360
[  520.834010][    C0]  ? __pfx___schedule+0x10/0x10
[  520.838924][    C0]  ? schedule+0x91/0x360
[  520.843291][    C0]  schedule+0x165/0x360
[  520.847480][    C0]  schedule_timeout+0x12b/0x270
[  520.852361][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  520.857761][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  520.863688][    C0]  ? __pfx_process_timeout+0x10/0x10
[  520.869274][    C0]  ? prepare_to_swait_event+0x341/0x380
[  520.874858][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  520.879761][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  520.886035][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  520.891346][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  520.896595][    C0]  ? finish_swait+0xcd/0x1f0
[  520.901270][    C0]  rcu_gp_kthread+0x99/0x390
[  520.905910][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  520.911246][    C0]  ? __kthread_parkme+0x7b/0x200
[  520.916402][    C0]  ? __kthread_parkme+0x1a1/0x200
[  520.921554][    C0]  kthread+0x70e/0x8a0
[  520.925832][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  520.931060][    C0]  ? __pfx_kthread+0x10/0x10
[  520.935865][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  520.941127][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  520.946380][    C0]  ? __pfx_kthread+0x10/0x10
[  520.951005][    C0]  ret_from_fork+0x3fc/0x770
[  520.956067][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  520.961313][    C0]  ? __switch_to_asm+0x39/0x70
[  520.966276][    C0]  ? __switch_to_asm+0x33/0x70
[  520.971080][    C0]  ? __pfx_kthread+0x10/0x10
[  520.975790][    C0]  ret_from_fork_asm+0x1a/0x30
[  520.980597][    C0]  </TASK>
[  520.983639][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  520.989980][    C0] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) 
[  521.002247][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  521.012331][    C0] Workqueue: events_unbound toggle_allocation_gate
[  521.018919][    C0] RIP: 0010:smp_call_function_many_cond+0xf67/0x12d0
[  521.025644][    C0] Code: 00 00 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 b0 79 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 5b 75 0b 00 eb 37 <f3> 90 43 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 40
[  521.045294][    C0] RSP: 0018:ffffc90000ac76a0 EFLAGS: 00000293
[  521.051432][    C0] RAX: ffffffff81b4d830 RBX: ffff8880b863b040 RCX: ffff888143ae9e00
[  521.059429][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  521.067429][    C0] RBP: ffffc90000ac7800 R08: ffffffff8f9fdff7 R09: 1ffffffff1f3fbfe
[  521.075462][    C0] R10: dffffc0000000000 R11: fffffbfff1f3fbff R12: 1ffff110170e7f2d
[  521.083507][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b873f968
[  521.091588][    C0] FS:  0000000000000000(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000
[  521.100541][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  521.107158][    C0] CR2: 00007f97c2ae56c0 CR3: 000000000df38000 CR4: 00000000003526f0
[  521.115161][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  521.123341][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  521.131430][    C0] Call Trace:
[  521.134907][    C0]  <TASK>
[  521.137882][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  521.144247][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  521.149773][    C0]  ? kmem_cache_alloc_bulk_noprof+0x148/0x790
[  521.155899][    C0]  ? __pfx___text_poke+0x10/0x10
[  521.160877][    C0]  ? rcu_is_watching+0x15/0xb0
[  521.165680][    C0]  ? trace_contention_end+0x39/0x120
[  521.171004][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  521.176143][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  521.181294][    C0]  smp_text_poke_batch_finish+0x5e0/0x1100
[  521.187197][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  521.192259][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  521.198530][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[  521.204894][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  521.211076][    C0]  static_key_disable_cpuslocked+0xc5/0x1b0
[  521.217000][    C0]  static_key_disable+0x1a/0x20
[  521.221882][    C0]  toggle_allocation_gate+0x1a1/0x240
[  521.227284][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  521.233307][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  521.239421][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  521.245276][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  521.251298][    C0]  process_scheduled_works+0xade/0x17b0
[  521.256914][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  521.263061][    C0]  worker_thread+0x8a0/0xda0
[  521.267792][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  521.274157][    C0]  ? __kthread_parkme+0x7b/0x200
[  521.279141][    C0]  kthread+0x70e/0x8a0
[  521.283239][    C0]  ? __pfx_worker_thread+0x10/0x10
[  521.288410][    C0]  ? __pfx_kthread+0x10/0x10
[  521.293202][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  521.298429][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  521.303660][    C0]  ? __pfx_kthread+0x10/0x10
[  521.308276][    C0]  ret_from_fork+0x3fc/0x770
[  521.312918][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  521.318068][    C0]  ? __switch_to_asm+0x39/0x70
[  521.322856][    C0]  ? __switch_to_asm+0x33/0x70
[  521.327729][    C0]  ? __pfx_kthread+0x10/0x10
[  521.332362][    C0]  ret_from_fork_asm+0x1a/0x30
[  521.337171][    C0]  </TASK>